aboutsummaryrefslogtreecommitdiff
path: root/id/server/modules
diff options
context:
space:
mode:
Diffstat (limited to 'id/server/modules')
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java8
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java408
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java14
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java178
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java210
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java302
-rw-r--r--id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml11
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java1
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java37
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java40
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java8
-rw-r--r--id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml4
-rw-r--r--id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java25
-rw-r--r--id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml14
-rw-r--r--id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml2
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java3
-rw-r--r--id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml13
-rw-r--r--id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java4
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/pom.xml12
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java15
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java48
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java7
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java16
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java124
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java51
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java6
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java15
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java196
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java221
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java93
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java309
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java136
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml4
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml18
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java51
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java43
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java41
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java439
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java326
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java147
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml18
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml90
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CADbin0 -> 1279 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26bin0 -> 914 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7bin0 -> 1614 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100bin0 -> 1169 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62Abin0 -> 1169 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27bin0 -> 1171 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4bin0 -> 1045 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914bin0 -> 1028 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DEbin0 -> 1029 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8Dbin0 -> 914 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5bin0 -> 1264 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1bin0 -> 1209 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8Cbin0 -> 791 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716bin0 -> 1486 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8Ebin0 -> 1506 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3bin0 -> 1403 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FAbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8bin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3bin0 -> 1366 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4bin0 -> 1130 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8bin0 -> 1391 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734Fbin0 -> 930 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3bin0 -> 933 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217Dbin0 -> 997 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358Ebin0 -> 1465 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8Ebin0 -> 1169 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208bin0 -> 1169 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8Cbin0 -> 997 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926bin0 -> 930 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623bin0 -> 1028 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2bin0 -> 1151 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85Ebin0 -> 1133 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01bin0 -> 1171 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02bin0 -> 1485 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4bin0 -> 1176 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1bin0 -> 1366 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01bin0 -> 1533 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3Fbin0 -> 1053 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526bin0 -> 870 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830bin0 -> 1141 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8bin0 -> 1058 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0Fbin0 -> 1057 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540Dbin0 -> 1058 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687bin0 -> 1058 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76bin0 -> 1057 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FAbin0 -> 1103 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419bin0 -> 734 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25bin0 -> 969 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92Ebin0 -> 1159 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03bin0 -> 1159 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206bin0 -> 1252 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878bin0 -> 835 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506Bbin0 -> 1076 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923Ebin0 -> 1747 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9Ebin0 -> 1298 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317bin0 -> 1262 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8bin0 -> 1049 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44bin0 -> 1068 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CEbin0 -> 1067 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDAbin0 -> 1068 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123Dbin0 -> 1068 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724Abin0 -> 1111 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7Abin0 -> 1110 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515bin0 -> 1111 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92bin0 -> 1110 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8Fbin0 -> 861 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AEbin0 -> 865 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7bin0 -> 864 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733bin0 -> 864 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6bin0 -> 860 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0bin0 -> 1546 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622Cbin0 -> 893 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BEbin0 -> 758 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9bin0 -> 984 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2Abin0 -> 901 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2Bbin0 -> 901 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38bin0 -> 704 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7Dbin0 -> 820 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02bin0 -> 1199 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088Dbin0 -> 922 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0Fbin0 -> 1997 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0bin0 -> 1931 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9Cbin0 -> 704 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9bin0 -> 1959 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19bin0 -> 2048 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3bin0 -> 1416 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201bin0 -> 1385 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929bin0 -> 1867 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BBbin0 -> 1065 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980bin0 -> 1065 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92Bbin0 -> 1066 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0Bbin0 -> 1066 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6bin0 -> 1185 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8bin0 -> 1425 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCBbin0 -> 1174 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1Ebin0 -> 1170 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BAbin0 -> 1159 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018Bbin0 -> 1159 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799bin0 -> 1505 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357bin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918bin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6bin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1bin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120bin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2bin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CEbin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0Abin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1bin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BDbin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099bin0 -> 1127 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710bin0 -> 806 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DEbin0 -> 1563 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4bin0 -> 1501 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112bin0 -> 1605 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958bin0 -> 1000 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25Bbin0 -> 1159 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADAbin0 -> 1313 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAEbin0 -> 1218 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344bin0 -> 1217 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683bin0 -> 1218 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65bin0 -> 1218 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24Bbin0 -> 1586 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5Ebin0 -> 982 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDCbin0 -> 2050 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703bin0 -> 1067 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43bin0 -> 955 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356Cbin0 -> 1337 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18bin0 -> 924 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25bin0 -> 786 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517bin0 -> 802 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03bin0 -> 1205 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580bin0 -> 1594 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35bin0 -> 1546 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5Dbin0 -> 1587 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6bin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748Ebin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BAbin0 -> 1165 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799bin0 -> 1014 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374bin0 -> 1167 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14bin0 -> 1167 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3Abin0 -> 1264 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7bin0 -> 1943 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9bin0 -> 991 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25bin0 -> 991 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6Cbin0 -> 990 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22bin0 -> 1185 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169bin0 -> 1191 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6Abin0 -> 1256 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13bin0 -> 846 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDCbin0 -> 1068 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239bin0 -> 1068 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378Abin0 -> 1067 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537bin0 -> 1068 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186bin0 -> 1442 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBEbin0 -> 1159 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97Bbin0 -> 1159 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCCbin0 -> 1159 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913bin0 -> 1136 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BCbin0 -> 1136 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04bin0 -> 700 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941bin0 -> 991 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5bin0 -> 919 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0bin0 -> 1018 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233bin0 -> 987 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28bin0 -> 880 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1Bbin0 -> 1237 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BDbin0 -> 1333 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75Ebin0 -> 979 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2bin0 -> 979 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630bin0 -> 1018 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522Fbin0 -> 990 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35bin0 -> 1087 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286bin0 -> 1851 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22bin0 -> 1147 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200bin0 -> 958 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEAbin0 -> 1018 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826Bbin0 -> 1384 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8Fbin0 -> 1300 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6bin0 -> 1030 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8Bbin0 -> 932 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0Bbin0 -> 999 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221Cbin0 -> 994 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330bin0 -> 995 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907Cbin0 -> 1272 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29bin0 -> 2278 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FFbin0 -> 996 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml8
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml8
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml11
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cerbin0 -> 1111 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cerbin0 -> 1111 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin0 -> 1485 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt34
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cerbin0 -> 860 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cerbin0 -> 861 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cerbin0 -> 865 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt37
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cerbin0 -> 1028 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cerbin0 -> 1029 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cerbin0 -> 1029 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt24
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt36
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cerbin0 -> 991 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cerbin0 -> 995 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer23
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cerbin0 -> 901 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cerbin0 -> 1110 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cerbin0 -> 1111 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cerbin0 -> 1111 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin0 -> 1485 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cerbin0 -> 860 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cerbin0 -> 861 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cerbin0 -> 864 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cerbin0 -> 865 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.derbin0 -> 1747 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cerbin0 -> 2278 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cerbin0 -> 975 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer23
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin0 -> 979 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cerbin0 -> 1272 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.derbin0 -> 1205 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cerbin0 -> 1205 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt42
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt31
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cerbin0 -> 1385 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cerbin0 -> 1147 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cerbin0 -> 1167 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cerbin0 -> 1167 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cerbin0 -> 1171 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.derbin0 -> 1171 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cerbin0 -> 1185 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt27
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cerbin0 -> 2278 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cerbin0 -> 1205 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cerbin0 -> 1385 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cerbin0 -> 1167 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cerbin0 -> 1171 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jksbin0 -> 9894 bytes
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json6
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json6
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json8
-rw-r--r--id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json6
-rw-r--r--id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java6
-rw-r--r--id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java3
-rw-r--r--id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java6
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java17
-rw-r--r--id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java2
311 files changed, 2772 insertions, 1300 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 6156ba6b4..34567131b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -39,7 +39,6 @@ import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder;
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
@@ -56,6 +55,7 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
@@ -312,7 +312,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
verifyXMLSignatureResponse,
authConfig.getIdentityLinkX509SubjectNames(),
VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
- oaParam);
+ oaParam,
+ authConfig);
session.setIdentityLink(identityLink);
// now validate the extended infoboxes
@@ -1000,7 +1001,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
// validates the <VerifyXMLSignatureResponse>
VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,
null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK,
- oaParam);
+ oaParam,
+ authConfig);
// Compare AuthBlock Data with information stored in session, especially
// date and time
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
deleted file mode 100644
index 2c8127e2d..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java
+++ /dev/null
@@ -1,408 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.builder;
-
-import java.util.List;
-
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
-
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * Builder for the <code>&lt;VerifyXMLSignatureRequestBuilder&gt;</code> structure
- * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP.
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class VerifyXMLSignatureRequestBuilder {
-
- /** shortcut for XMLNS namespace URI */
- private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI;
- /** shortcut for MOA namespace URI */
- private static final String MOA_NS_URI = Constants.MOA_NS_URI;
- /** The DSIG-Prefix */
- private static final String DSIG = Constants.DSIG_PREFIX + ":";
-
- /** The document containing the <code>VerifyXMLsignatureRequest</code> */
- private Document requestDoc_;
- /** the <code>VerifyXMLsignatureRequest</code> root element */
- private Element requestElem_;
-
-
- /**
- * Builds the body for a <code>VerifyXMLsignatureRequest</code> including the root
- * element and namespace declarations.
- *
- * @throws BuildException If an error occurs on building the document.
- */
- public VerifyXMLSignatureRequestBuilder() throws BuildException {
- try {
- DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder();
- requestDoc_ = docBuilder.newDocument();
- requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest");
- requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI);
- requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI);
- requestDoc_.appendChild(requestElem_);
- } catch (Throwable t) {
- throw new BuildException(
- "builder.00",
- new Object[] {"VerifyXMLSignatureRequest", t.toString()},
- t);
- }
- }
-
-
- /**
- * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
- * from an IdentityLink with a known trustProfileID which
- * has to exist in MOA-SP
- * @param identityLink - The IdentityLink
- * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
- *
- * @return Element - The complete request as Dom-Element
- *
- * @throws ParseException
- */
- public Element build(IIdentityLink identityLink, String trustProfileID)
- throws ParseException
- {
- try {
- // build the request
- Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
- requestElem_.appendChild(dateTimeElem);
- Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
- dateTimeElem.appendChild(dateTime);
- Element verifiySignatureInfoElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
- requestElem_.appendChild(verifiySignatureInfoElem);
- Element verifySignatureEnvironmentElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
- verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
- Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
- verifySignatureEnvironmentElem.appendChild(base64ContentElem);
- // insert the base64 encoded identity link SAML assertion
- String serializedAssertion = identityLink.getSerializedSamlAssertion();
- String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8"));
- //replace all '\r' characters by no char.
- StringBuffer replaced = new StringBuffer();
- for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
- char c = base64EncodedAssertion.charAt(i);
- if (c != '\r') {
- replaced.append(c);
- }
- }
- base64EncodedAssertion = replaced.toString();
- Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
- base64ContentElem.appendChild(base64Content);
- // specify the signature location
- Element verifySignatureLocationElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
- verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
- Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
- verifySignatureLocationElem.appendChild(signatureLocation);
- // signature manifest params
- Element signatureManifestCheckParamsElem =
- requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
- requestElem_.appendChild(signatureManifestCheckParamsElem);
- signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
- // add the transforms
- Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
- signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
- Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
-
- for (int i = 0; i < dsigTransforms.length; i++) {
- Element verifyTransformsInfoProfileElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
- referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
- verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));
- }
- Element returnHashInputDataElem =
- requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
- requestElem_.appendChild(returnHashInputDataElem);
- Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
- trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
- requestElem_.appendChild(trustProfileIDElem);
- } catch (Throwable t) {
- throw new ParseException("builder.00",
- new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
- }
-
- return requestElem_;
- }
-
- /**
- * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
- * from an IdentityLink with a known trustProfileID which
- * has to exist in MOA-SP
- * @param identityLink - The IdentityLink
- * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
- *
- * @return Element - The complete request as Dom-Element
- *
- * @throws ParseException
- */
- public Element build(byte[]mandate, String trustProfileID)
- throws ParseException
- {
- try {
- // build the request
-// Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime");
-// requestElem_.appendChild(dateTimeElem);
-// Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant());
-// dateTimeElem.appendChild(dateTime);
- Element verifiySignatureInfoElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
- requestElem_.appendChild(verifiySignatureInfoElem);
- Element verifySignatureEnvironmentElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
- verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
- Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content");
- verifySignatureEnvironmentElem.appendChild(base64ContentElem);
- // insert the base64 encoded identity link SAML assertion
- //String serializedAssertion = identityLink.getSerializedSamlAssertion();
- //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8"));
- String base64EncodedAssertion = Base64Utils.encode(mandate);
- //replace all '\r' characters by no char.
- StringBuffer replaced = new StringBuffer();
- for (int i = 0; i < base64EncodedAssertion.length(); i ++) {
- char c = base64EncodedAssertion.charAt(i);
- if (c != '\r') {
- replaced.append(c);
- }
- }
- base64EncodedAssertion = replaced.toString();
- Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion);
- base64ContentElem.appendChild(base64Content);
- // specify the signature location
- Element verifySignatureLocationElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
- verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
- Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
- verifySignatureLocationElem.appendChild(signatureLocation);
- // signature manifest params
- Element signatureManifestCheckParamsElem =
- requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
- requestElem_.appendChild(signatureManifestCheckParamsElem);
- signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false");
-// // add the transforms
-// Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
-// signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
-// Element[] dsigTransforms = identityLink.getDsigReferenceTransforms();
-//
-// for (int i = 0; i < dsigTransforms.length; i++) {
-// Element verifyTransformsInfoProfileElem =
-// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile");
-// referenceInfoElem.appendChild(verifyTransformsInfoProfileElem);
-// verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true));
-// }
- Element returnHashInputDataElem =
- requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
- requestElem_.appendChild(returnHashInputDataElem);
- Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
- trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
- requestElem_.appendChild(trustProfileIDElem);
- } catch (Throwable t) {
- throw new ParseException("builder.00",
- new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t);
- }
-
- return requestElem_;
- }
-
-
- /**
- * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
- * from the signed AUTH-Block with a known trustProfileID which
- * has to exist in MOA-SP
- * @param csr - signed AUTH-Block
- * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID
- * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
- * @return Element - The complete request as Dom-Element
- * @throws ParseException
- */
- public Element build(
- CreateXMLSignatureResponse csr,
- List<String> verifyTransformsInfoProfileID,
- String trustProfileID)
- throws BuildException { //samlAssertionObject
-
- try {
- // build the request
-// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:"
-// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
- Element verifiySignatureInfoElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
- requestElem_.appendChild(verifiySignatureInfoElem);
- Element verifySignatureEnvironmentElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
- verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
- Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
- verifySignatureEnvironmentElem.appendChild(xmlContentElem);
- xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
- // insert the SAML assertion
- xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true));
- // specify the signature location
- Element verifySignatureLocationElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
- verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
- Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature");
- verifySignatureLocationElem.appendChild(signatureLocation);
- // signature manifest params
- Element signatureManifestCheckParamsElem =
- requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
- requestElem_.appendChild(signatureManifestCheckParamsElem);
- signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
- // add the transform profile IDs
- Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
- signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
-
-// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) {
-//
-// Element verifyTransformsInfoProfileIDElem =
-// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
-// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
-// verifyTransformsInfoProfileIDElem.appendChild(
-// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i]));
-// }
-
- for (String element : verifyTransformsInfoProfileID) {
-
- Element verifyTransformsInfoProfileIDElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID");
- referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem);
- verifyTransformsInfoProfileIDElem.appendChild(
- requestDoc_.createTextNode(element));
- }
-
- Element returnHashInputDataElem =
- requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
- requestElem_.appendChild(returnHashInputDataElem);
- Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
- trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
- requestElem_.appendChild(trustProfileIDElem);
-
- } catch (Throwable t) {
- throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
- }
-
- return requestElem_;
- }
-
- /**
- * Builds a <code>&lt;VerifyXMLSignatureRequest&gt;</code>
- * from the signed data with a known trustProfileID which
- * has to exist in MOA-SP
- * @param csr - signed AUTH-Block
- * @param trustProfileID - a preconfigured TrustProfile at MOA-SP
- * @return Element - The complete request as Dom-Element
- * @throws ParseException
- */
- public Element buildDsig(
- CreateXMLSignatureResponse csr,
- String trustProfileID)
- throws BuildException { //samlAssertionObject
-
- try {
- // build the request
-// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:"
-// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI);
-
- Element verifiySignatureInfoElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo");
- requestElem_.appendChild(verifiySignatureInfoElem);
- Element verifySignatureEnvironmentElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment");
- verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem);
-
- Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent");
- verifySignatureEnvironmentElem.appendChild(xmlContentElem);
- xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve");
-
- // insert the dsig:Signature
- xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true));
- // specify the signature location
- Element verifySignatureLocationElem =
- requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation");
- verifiySignatureInfoElem.appendChild(verifySignatureLocationElem);
- Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature");
- verifySignatureLocationElem.appendChild(signatureLocation);
- // signature manifest params
- Element signatureManifestCheckParamsElem =
- requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams");
- requestElem_.appendChild(signatureManifestCheckParamsElem);
- signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true");
- // add the transform profile IDs
- Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo");
- signatureManifestCheckParamsElem.appendChild(referenceInfoElem);
-
- Element returnHashInputDataElem =
- requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData");
- requestElem_.appendChild(returnHashInputDataElem);
- Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID");
-
- trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID));
- requestElem_.appendChild(trustProfileIDElem);
-
- } catch (Throwable t) {
- throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t);
- }
-
- return requestElem_;
- }
-
-}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
index 5bf0bc422..1962d6c82 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java
@@ -26,10 +26,16 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule {
if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
performBKUSelection = (boolean) performBKUSelectionObj;
- if ( (StringUtils.isBlank((String) context.get("ccc")) &&
- StringUtils.isBlank((String) context.get("CCC")) ) &&
- StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) &&
- !performBKUSelection)
+ if ( (StringUtils.isBlank((String) context.get("ccc"))
+ && StringUtils.isBlank((String) context.get("CCC"))
+// && ( StringUtils.isBlank((String) context.get("useeIDAS"))
+// || ( StringUtils.isNotBlank((String) context.get("useeIDAS"))
+// && !Boolean.parseBoolean((String) context.get("useeIDAS"))
+// )
+// )
+ )
+ && StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && !performBKUSelection )
+
return "DefaultAuthentication";
else
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
index d345aa208..ef9ddc1cd 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java
@@ -1,43 +1,18 @@
package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
-import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE;
-import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.security.cert.CertificateException;
-import java.util.Map;
-
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.xml.transform.TransformerException;
-import org.apache.commons.fileupload.FileUploadException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
-import org.w3c.dom.Element;
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
-import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
-import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.ParseException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
-import at.gv.egovernment.moa.id.client.SZRGWClientException;
-import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.logging.Logger;
-import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
/**
* Evaluates the {@code CreateXMLSignatureResponse}, extracts signature and certificate and asks the SZR Gateway for an identity link.<p/>
@@ -72,84 +47,87 @@ public class GetForeignIDTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp)
throws TaskExecutionException {
-
- Logger.debug("POST GetForeignIDServlet");
-
- Map<String, String> parameters;
-
try {
- parameters = getParameters(req);
-
- } catch (FileUploadException | IOException e) {
- Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
- throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
- }
-
- try {
- //check if response exists
- String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE);
- if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) {
- throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
-
- }
- Logger.debug(xmlCreateXMLSignatureResponse);
-
- //execute default task initialization
- AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
-
- CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse)
- .parseResponseDsig();
-
- try {
- String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature());
- moasession.setAuthBlock(serializedAssertion);
+ throw new MOAIDException("auth.36", new Object[]{"Foreign authentication IS ONLY supported by using eIDAS"});
- } catch (TransformerException e) {
- throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
-
- } catch (IOException e) {
- throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
-
- }
-
- Element signature = csresp.getDsigSignature();
-
- try {
- moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
-
- } catch (CertificateException e) {
- Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
- throw new MOAIDException("auth.14", null);
- }
-
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
- // make SZR request to the identity link
- CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature);
-
- if (null != response.getErrorResponse()) {
- // TODO fix exception parameter
- throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(),
- (String) response.getErrorResponse().getInfo());
- } else {
- IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
- response.getIdentityLink()));
- IIdentityLink identitylink = ilParser.parseIdentityLink();
- moasession.setIdentityLink(identitylink);
-
- // set QAA Level four in case of card authentifcation
- moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
-
- authServer.getForeignAuthenticationData(moasession);
-
- revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
-
- //store pending request
- pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
- requestStoreage.storePendingRequest(pendingReq);
-
-
- }
+// Logger.debug("POST GetForeignIDServlet");
+//
+// Map<String, String> parameters;
+//
+//
+// parameters = getParameters(req);
+//
+// } catch (FileUploadException | IOException e) {
+// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage());
+// throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage()));
+// }
+//
+// try {
+// //check if response exists
+// String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE);
+// if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) {
+// throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12");
+//
+// }
+// Logger.debug(xmlCreateXMLSignatureResponse);
+//
+// //execute default task initialization
+// AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+//
+// CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse)
+// .parseResponseDsig();
+//
+// try {
+// String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature());
+// moasession.setAuthBlock(serializedAssertion);
+//
+// } catch (TransformerException e) {
+// throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
+//
+// } catch (IOException e) {
+// throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE });
+//
+// }
+//
+// Element signature = csresp.getDsigSignature();
+//
+// try {
+// moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature));
+//
+// } catch (CertificateException e) {
+// Logger.error("Could not extract certificate from CreateXMLSignatureResponse");
+// throw new MOAIDException("auth.14", null);
+// }
+//
+// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED);
+//
+// // make SZR request to the identity link
+// CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature);
+//
+// if (null != response.getErrorResponse()) {
+// // TODO fix exception parameter
+// throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(),
+// (String) response.getErrorResponse().getInfo());
+// } else {
+// IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream(
+// response.getIdentityLink()));
+// IIdentityLink identitylink = ilParser.parseIdentityLink();
+// moasession.setIdentityLink(identitylink);
+//
+// // set QAA Level four in case of card authentifcation
+// moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH);
+//
+// authServer.getForeignAuthenticationData(moasession);
+//
+// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED);
+//
+// //store pending request
+// pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
+// requestStoreage.storePendingRequest(pendingReq);
+//
+//
+// }
} catch (MOAIDException ex) {
throw new TaskExecutionException(pendingReq, ex.getMessage(), ex);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
deleted file mode 100644
index 604d224eb..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java
+++ /dev/null
@@ -1,210 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.validator;
-
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.IdentityLink;
-import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
-import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.util.Constants;
-
-/**
- * This class is used to validate an {@link IdentityLink}
- * returned by the security layer
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class IdentityLinkValidator implements Constants {
-
- //
- // XPath namespace prefix shortcuts
- //
- /** Xpath prefix for reaching PersonData Namespaces */
- private static final String PDATA = PD_PREFIX + ":";
- /** Xpath prefix for reaching SAML Namespaces */
- private static final String SAML = SAML_PREFIX + ":";
- /** Xpath prefix for reaching XML-DSIG Namespaces */
- private static final String DSIG = DSIG_PREFIX + ":";
- /** Xpath prefix for reaching ECDSA Namespaces */
- private static final String ECDSA = ECDSA_PREFIX + ":";
- /** Xpath expression to the root element */
- private static final String ROOT = "";
- /** Xpath expression to the SAML:SubjectConfirmationData element */
- private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH =
- ROOT
- + SAML
- + "AttributeStatement/"
- + SAML
- + "Subject/"
- + SAML
- + "SubjectConfirmation/"
- + SAML
- + "SubjectConfirmationData";
-/** Xpath expression to the PersonData:Person element */
- private static final String PERSON_XPATH =
- SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person";
- /** Xpath expression to the SAML:Attribute element */
- private static final String ATTRIBUTE_XPATH =
- ROOT + SAML + "AttributeStatement/" + SAML + "Attribute";
-// /** Xpath expression to the SAML:AttributeName attribute */
-// private static final String ATTRIBUTE_NAME_XPATH =
-// ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName";
-// /** Xpath expression to the SAML:AttributeNamespace attribute */
-// private static final String ATTRIBUTE_NAMESPACE_XPATH =
-// ROOT
-// + SAML
-// + "AttributeStatement/"
-// + SAML
-// + "Attribute/@AttributeNamespace";
-// /** Xpath expression to the SAML:AttributeValue element */
-// private static final String ATTRIBUTE_VALUE_XPATH =
-// ROOT
-// + SAML
-// + "AttributeStatement/"
-// + SAML
-// + "Attribute/"
-// + SAML
-// + "AttributeValue";
-
- /** Singleton instance. <code>null</code>, if none has been created. */
- private static IdentityLinkValidator instance;
-
- /**
- * Constructor for a singleton IdentityLinkValidator.
- * @return a new IdentityLinkValidator instance
- * @throws ValidateException if no instance can be created
- */
- public static synchronized IdentityLinkValidator getInstance()
- throws ValidateException {
- if (instance == null) {
- instance = new IdentityLinkValidator();
- }
- return instance;
- }
-
- /**
- * Method validate. Validates the {@link IdentityLink}
- * @param identityLink The identityLink to validate
- * @throws ValidateException on any validation error
- */
- public void validate(IIdentityLink identityLink) throws ValidateException {
-
- Element samlAssertion = identityLink.getSamlAssertion();
- //Search the SAML:ASSERTION Object (A2.054)
- if (samlAssertion == null) {
- throw new ValidateException("validator.00", null);
- }
-
- // Check how many saml:Assertion/saml:AttributeStatement/
- // saml:Subject/ saml:SubjectConfirmation/
- // saml:SubjectConfirmationData/pr:Person of type
- // PhysicalPersonType exist (A2.056)
- NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH);
- // If we have just one Person-Element we don't need to check the attributes
- int counterPhysicalPersonType = 0;
- if (nl.getLength() > 1)
- for (int i = 0; i < nl.getLength(); i++) {
- String xsiType =
- ((Element) nl.item(i))
- .getAttributeNodeNS(
- "http://www.w3.org/2001/XMLSchema-instance",
- "type")
- .getNodeValue();
- // We have to check if xsiType contains "PhysicalPersonType"
- // An equal-check will fail because of the Namespace-prefix of the attribute value
- if (xsiType.indexOf("PhysicalPersonType") > -1)
- counterPhysicalPersonType++;
- }
- if (counterPhysicalPersonType > 1)
- throw new ValidateException("validator.01", null);
-
- //Check the SAML:ATTRIBUTES
- nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH);
- for (int i = 0; i < nl.getLength(); i++) {
- String attributeName =
- XPathUtils.getAttributeValue(
- (Element) nl.item(i),
- "@AttributeName",
- null);
- String attributeNS =
- XPathUtils.getAttributeValue(
- (Element) nl.item(i),
- "@AttributeNamespace",
- null);
- if (attributeName.equals("CitizenPublicKey")) {
-
- if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") ||
- attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) {
- Element attributeValue =
- (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue");
- if (attributeValue==null)
- attributeValue =
- (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue");
- if (attributeValue==null)
- attributeValue =
- (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue");
- if (attributeValue == null)
- throw new ValidateException("validator.02", null);
-
- }
- else
- throw new ValidateException("validator.03", new Object [] {attributeNS} );
- }
- else
- throw new ValidateException("validator.04", new Object [] {attributeName} );
- }
-
- //Check if dsig:Signature exists
- Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature");
- if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"});
- }
-
-}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
deleted file mode 100644
index 17d487e79..000000000
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java
+++ /dev/null
@@ -1,302 +0,0 @@
-/*******************************************************************************
- * Copyright 2014 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- ******************************************************************************/
-/*
- * Copyright 2003 Federal Chancellery Austria
- * MOA-ID has been developed in a cooperation between BRZ, the Federal
- * Chancellery Austria - ICT staff unit, and Graz University of Technology.
- *
- * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
- * http://www.osor.eu/eupl/
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- */
-
-
-package at.gv.egovernment.moa.id.auth.validator;
-
-import java.security.InvalidKeyException;
-import java.security.PublicKey;
-import java.security.interfaces.RSAPublicKey;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.Set;
-
-import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.auth.exception.ValidateException;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
-import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
-import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
-import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
-import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
-import at.gv.egovernment.moa.logging.Logger;
-import iaik.asn1.structures.Name;
-import iaik.security.ec.common.ECPublicKey;
-import iaik.utils.RFC2253NameParserException;
-import iaik.x509.X509Certificate;
-import iaik.x509.X509ExtensionInitException;
-
-/**
- * This class is used to validate an {@link VerifyXMLSignatureResponse}
- * returned by MOA-SPSS
- *
- * @author Stefan Knirsch
- * @version $Id$
- */
-public class VerifyXMLSignatureResponseValidator {
-
- /** Identification string for checking identity link */
- public static final String CHECK_IDENTITY_LINK = "IdentityLink";
- /** Identification string for checking authentication block */
- public static final String CHECK_AUTH_BLOCK = "AuthBlock";
-
- /** Singleton instance. <code>null</code>, if none has been created. */
- private static VerifyXMLSignatureResponseValidator instance;
-
- /**
- * Constructor for a singleton VerifyXMLSignatureResponseValidator.
- */
- public static synchronized VerifyXMLSignatureResponseValidator getInstance()
- throws ValidateException {
- if (instance == null) {
- instance = new VerifyXMLSignatureResponseValidator();
- }
- return instance;
- }
-
- /**
- * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS.
- *
- * @param verifyXMLSignatureResponse the <code>&lt;VerifyXMLSignatureResponse&gt;</code>
- * @param identityLinkSignersSubjectDNNames subject names configured
- * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated
- * @param oaParam specifies whether the validation result of the
- * manifest has to be ignored (identityLink validation if
- * the OA is a business service) or not
- * @throws ValidateException on any validation error
- * @throws ConfigurationException
- */
- public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
- List<String> identityLinkSignersSubjectDNNames,
- String whatToCheck,
- IOAAuthParameters oaParam)
- throws ValidateException, ConfigurationException {
-
- if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0)
- throw new ValidateException("validator.06", null);
-
- if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) {
- String checkFailedReason ="";
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null);
- if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5)
- checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null);
-
-// TEST CARDS
- if (whatToCheck.equals(CHECK_IDENTITY_LINK))
- throw new ValidateException("validator.07", new Object[] { checkFailedReason } );
- else
- throw new ValidateException("validator.19", new Object[] { checkFailedReason } );
- }
-
- //check QC
- if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() &&
- !whatToCheck.equals(CHECK_IDENTITY_LINK) &&
- !verifyXMLSignatureResponse.isQualifiedCertificate()) {
-
- //check if testcards are active and certificate has an extension for test credentials
- if (oaParam.isTestCredentialEnabled()) {
- boolean foundTestCredentialOID = false;
- try {
- X509Certificate signerCert = verifyXMLSignatureResponse.getX509certificate();
-
- List<String> validOIDs = new ArrayList<String>();
- if (oaParam.getTestCredentialOIDs() != null)
- validOIDs.addAll(oaParam.getTestCredentialOIDs());
- else
- validOIDs.add(MOAIDAuthConstants.TESTCREDENTIALROOTOID);
-
- Set<String> extentsions = signerCert.getCriticalExtensionOIDs();
- extentsions.addAll(signerCert.getNonCriticalExtensionOIDs());
- Iterator<String> extit = extentsions.iterator();
- while(extit.hasNext()) {
- String certOID = extit.next();
- for (String el : validOIDs) {
- if (certOID.startsWith(el))
- foundTestCredentialOID = true;
- }
- }
-
- } catch (Exception e) {
- Logger.warn("Test credential OID extraction FAILED.", e);
-
- }
- //throw Exception if not TestCredentialOID is found
- if (!foundTestCredentialOID)
- throw new ValidateException("validator.72", null);
-
- } else
- throw new ValidateException("validator.71", null);
- }
-
- // if OA is type is business service the manifest validation result has
- // to be ignored
- boolean ignoreManifestValidationResult = false;
- if (whatToCheck.equals(CHECK_IDENTITY_LINK))
- ignoreManifestValidationResult = (oaParam.hasBaseIdInternalProcessingRestriction()) ? true
- : false;
-
- if (ignoreManifestValidationResult) {
- Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result");
- } else {
- if (verifyXMLSignatureResponse.isXmlDSIGManigest())
- if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0)
- throw new ValidateException("validator.08", null);
- }
-
-
- // Check the signature manifest only when verifying the signed AUTHBlock
- if (whatToCheck.equals(CHECK_AUTH_BLOCK)) {
- if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) {
- throw new ValidateException("validator.50", null);
- }
- }
-
- //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not
- if (identityLinkSignersSubjectDNNames != null) {
- String subjectDN = "";
- X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate();
- try {
- subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String();
- }
- catch (RFC2253NameParserException e) {
- throw new ValidateException("validator.17", null);
- }
- //System.out.println("subjectDN: " + subjectDN);
- // check the authorisation to sign the identity link
- if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) {
- // subject DN check failed, try OID check:
- try {
- if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) {
- throw new ValidateException("validator.18", new Object[] { subjectDN });
- } else {
- Logger.debug("Identity link signer cert accepted for signing identity link: " +
- "subjectDN check failed, but OID check successfully passed.");
- }
- } catch (X509ExtensionInitException e) {
- throw new ValidateException("validator.49", null);
- }
- } else {
- Logger.debug("Identity link signer cert accepted for signing identity link: " +
- "subjectDN check successfully passed.");
- }
-
- }
- }
-
- /**
- * Method validateCertificate.
- * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse
- * @param idl The Identitylink
- * @throws ValidateException
- */
- public void validateCertificate(
- IVerifiyXMLSignatureResponse verifyXMLSignatureResponse,
- IIdentityLink idl)
- throws ValidateException {
-
- X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate();
- PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey();
-
- PublicKey pubKeySignature = x509Response.getPublicKey();
-
- boolean found = false;
- for (int i = 0; i < pubKeysIdentityLink.length; i++) {
-
- //compare RSAPublicKeys
- if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) &&
- (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) {
-
- RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature;
- RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i];
-
- if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus())
- && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent()))
- found = true;
- }
-
- //compare ECDSAPublicKeys
- if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) ||
- (idl.getPublicKey()[i] instanceof ECPublicKey)) &&
- ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) ||
- (pubKeySignature instanceof ECPublicKey) ) ) {
-
- try {
- ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded());
- ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded());
-
- if(ecdsakey.equals(ecdsaPubKeySignature))
- found = true;
-
- } catch (InvalidKeyException e) {
- Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e);
- throw new ValidateException("validator.09", null);
- }
-
-
-
- }
-
-// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName()
-// + " Resp-Pubkey=" + pubKeySignature.getClass().getName());
-
- }
-
- if (!found) {
-
- throw new ValidateException("validator.09", null);
-
- }
- }
-
-}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
index 74792ed72..48c7b6a07 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml
@@ -15,7 +15,8 @@
<pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" />
<pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" />
<pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
- <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
+ <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
+ <pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
@@ -39,13 +40,15 @@
<pd:Transition from="verifyCertificate" to="getForeignID" />
<pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" />
- <pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" />
+ <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" />
<pd:Transition from="prepareGetMISMandate" to="getMISMandate" />
- <pd:Transition from="getMISMandate" to="finalizeAuthentication" />
- <pd:Transition from="getForeignID" to="finalizeAuthentication" />
+ <pd:Transition from="getMISMandate" to="userRestrictionTask" />
+ <pd:Transition from="getForeignID" to="userRestrictionTask" />
+
+ <pd:Transition from="userRestrictionTask" to="finalizeAuthentication" />
<pd:Transition from="finalizeAuthentication" to="end" />
<pd:EndEvent id="end" />
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
index 0f4f81122..19950a078 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -77,6 +77,7 @@ public class EidasCentralAuthConstants {
add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true));
add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, true));
+ add(Trible.newInstance(PVPConstants.EID_IDENTITY_LINK_NAME, PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME, false));
}
});
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
index f1bec9dac..821a200c7 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
@@ -42,6 +42,8 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
@Autowired(required=true) private AuthenticationManager authManager;
+ private int priority = 0;
+
@PostConstruct
protected void initalCentralEidasAuthentication() {
//parameter to whiteList
@@ -55,8 +57,7 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
*/
@Override
public int getPriority() {
- // TODO Auto-generated method stub
- return 0;
+ return priority;
}
/* (non-Javadoc)
@@ -65,20 +66,23 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
@Override
public String selectProcess(ExecutionContext context) {
Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION);
- if (paramObj instanceof String) {
- String param = (String)paramObj;
- if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
- Logger.debug("Centrial eIDAS authentication process selected ");
- return "centrialEidasAuthentication";
+ if (paramObj != null ) {
+ if (paramObj instanceof String) {
+ String param = (String)paramObj;
+ if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
+ Logger.debug("Centrial eIDAS authentication process selected ");
+ return "centrialEidasAuthentication";
+ } else
+ Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION
+ + " is empty or has value: " + Boolean.parseBoolean(param));
+
} else
- Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION
- + " is empty or has value: " + Boolean.parseBoolean(param));
+ Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION
+ + "' of type: " + paramObj.getClass().getName());
+ }
+ return null;
- } else
- Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION
- + "' of type: " + paramObj.getClass().getName());
- return null;
}
/* (non-Javadoc)
@@ -89,4 +93,11 @@ public class EidasCentralAuthModuleImpl implements AuthModule {
return new String[] { "classpath:eIDAS_central_node_auth.process.xml" };
}
+ /**
+ * @param priority the priority to set
+ */
+ public void setPriority(int priority) {
+ this.priority = priority;
+
+ }
}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index e312299f8..c3c3331e1 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.apache.commons.lang3.StringUtils;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -39,9 +40,11 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
@@ -51,6 +54,7 @@ import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthCo
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.logging.Logger;
@@ -87,9 +91,10 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
- // get entityID for central ms-specific eIDAS node
- String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
-
+ // get entityID for central ms-specific eIDAS node
+ String msNodeEntityID = getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration());
+
+
if (MiscUtil.isEmpty(msNodeEntityID)) {
Logger.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!");
throw new MOAIDException("NO EntityID for central eIDAS node FOUND", null);
@@ -157,6 +162,35 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
}
}
+ private String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration) {
+ //load from service-provider configuration
+ String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
+
+ if (StringUtils.isEmpty(msNodeEntityID)) {
+ Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
+ if (authConfig instanceof AuthConfiguration) {
+ AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;
+ List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+ moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
+
+ if (configuratedEntityIDs.size() > 0)
+ msNodeEntityID = configuratedEntityIDs.get(0);
+ else
+ Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
+
+ } else
+ Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
+ + "' Switch to generic Type ... ");
+
+
+ if (StringUtils.isEmpty(msNodeEntityID))
+ msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+
+ }
+
+ return msNodeEntityID;
+ }
+
private List<EAAFRequestedAttribute> buildRequestedAttributes() {
List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>();
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index 214a23f88..c034dc95e 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -114,8 +114,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
if (MiscUtil.isEmpty(msg.getEntityID())) {
throw new InvalidProtocolRequestException("sp.pvp2.04",
- new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING},
- "NO configuration for SP entityID: " + msg.getEntityID());
+ new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
}
@@ -240,7 +239,10 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
revisionsLogger.logEvent(pendingReq,
MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);
throw new AuthnResponseValidationException("sp.pvp2.05",
- new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue()});
+ new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING,
+ samlResp.getIssuer().getValue(),
+ samlResp.getStatus().getStatusCode().getValue(),
+ samlResp.getStatus().getStatusMessage().getMessage()});
}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
index 9c6ee3c67..f57d4a94b 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
@@ -18,7 +18,9 @@
class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthMetadataController"/>
<bean id="EidasCentralAuthModuleImpl"
- class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl"/>
+ class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl">
+ <property name="priority" value="2" />
+ </bean>
<bean id="EidasCentralAuthSignalController"
class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthSignalController"/>
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 1269229d0..b17f0c121 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -45,19 +45,20 @@ import at.gv.egovernment.moa.util.MiscUtil;
*/
public class BKAMobileAuthModule implements AuthModule {
- private int priority = 1;
+ private int priority = 2;
@Autowired(required=true) protected AuthConfiguration authConfig;
@Autowired(required=true) private IAuthenticationManager authManager;
private List<String> uniqueIDsDummyAuthEnabled = new ArrayList<String>();
+ private String noAuthHeaderValue = null;
/* (non-Javadoc)
* @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
*/
@Override
public int getPriority() {
- return priority;
+ return priority;
}
/**
@@ -67,11 +68,13 @@ public class BKAMobileAuthModule implements AuthModule {
public void setPriority(int priority) {
this.priority = priority;
}
-
@PostConstruct
public void initialDummyAuthWhiteList() {
String sensitiveSpIdentifier = authConfig.getBasicConfiguration("modules.bkamobileAuth.entityID");
+ noAuthHeaderValue = authConfig.getBasicConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0");
+ Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue);
+
if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) {
uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier));
@@ -84,6 +87,8 @@ public class BKAMobileAuthModule implements AuthModule {
//parameter to whiteList
authManager.addParameterNameToWhiteList(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW);
+// authManager.addHeaderNameToWhiteList("SL2ClientType");
+// authManager.addHeaderNameToWhiteList("X-MOA-VDA");
}
/* (non-Javadoc)
@@ -92,12 +97,22 @@ public class BKAMobileAuthModule implements AuthModule {
@Override
public String selectProcess(ExecutionContext context) {
String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID);
- if (MiscUtil.isNotEmpty(spEntityID)) {
- if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) {
+ String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase());
+ String sl20VDATypeHeader = (String) context.get("X-MOA-VDA".toLowerCase());
+ if (MiscUtil.isNotEmpty(spEntityID)) {
+ Logger.trace("Check dummy-auth for SP: " + spEntityID);
+
+
+ if ( (uniqueIDsDummyAuthEnabled.contains(spEntityID))) {
String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW);
if (eIDBlob != null && MiscUtil.isNotEmpty(eIDBlob.trim())) {
return "BKAMobileAuthentication";
+ } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader)
+ && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals(noAuthHeaderValue)) {
+ Logger.info("Find dummy-auth request for oe.gv.at demos ... ");
+ return "BKAMobileAuthentication";
+
} else {
Logger.debug("Dummy-auth are enabled for " + spEntityID + " but no '"
+ FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW + "' req. parameter available.");
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml
index 6f41f347a..07faeae88 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml
@@ -5,17 +5,17 @@
STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures.
-->
<pd:Task id="firstStep" class="FirstBKAMobileAuthTask" />
- <pd:Task id="secondStep" class="SecondBKAMobileAuthTask" async="true" />
- <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
+ <pd:Task id="secondStep" class="SecondBKAMobileAuthTask" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
<!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. -->
<pd:StartEvent id="start" />
- <pd:Transition from="start" to="firstStep" />
- <!-- pd:Transition from="firstStep" to="secondStep"/>
- <pd:Transition from="secondStep" to="finalizeAuthentication" /-->
-
- <pd:Transition from="firstStep" to="finalizeAuthentication" />
+ <pd:Transition from="start" to="secondStep" />
+ <pd:Transition from="secondStep" to="finalizeAuthentication" />
+
+<!-- <pd:Transition from="firstStep" to="secondStep"/> -->
+ <!-- <pd:Transition from="firstStep" to="finalizeAuthentication" /> -->
<pd:Transition from="finalizeAuthentication" to="end" />
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml
index ef13b0348..79f29e08c 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml
@@ -10,7 +10,7 @@
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
<bean id="BKAMobileAuthModule" class="at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.BKAMobileAuthModule">
- <property name="priority" value="1" />
+ <property name="priority" value="4" />
</bean>
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index ce5f654da..25f303816 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -113,8 +113,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
if (MiscUtil.isEmpty(msg.getEntityID())) {
throw new InvalidProtocolRequestException("sp.pvp2.04",
- new Object[] {ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING},
- "No service-provider with EntityId: " + msg.getEntityID() + " in configuration");
+ new Object[] {ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING});
}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
index d41e8a017..60fd120d0 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml
@@ -17,6 +17,8 @@
<pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
<pd:Task id="getForeignID" class="GetForeignIDTask" async="true" />
+ <pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
+
<!-- ELGA Mandate-Service Tasks -->
<pd:Task id="redirectToMandateSelectionTask" class="RedirectToMandateSelectionTask" />
<pd:Task id="selectMandateServiceTask" class="SelectMandateServiceTask" async="true"/>
@@ -47,7 +49,7 @@
<pd:Transition from="verifyCertificate" to="getForeignID" />
<pd:Transition from="verifyAuthBlock" to="redirectToMandateSelectionTask" conditionExpression="ctx['useMandate']" />
- <pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" />
+ <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" />
<pd:Transition from="redirectToMandateSelectionTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" />
<pd:Transition from="redirectToMandateSelectionTask" to="selectMandateServiceTask" />
@@ -60,13 +62,14 @@
<pd:Transition from="requestELGAMandateTask" to="receiveElgaMandateResponseTask" />
- <pd:Transition from="receiveElgaMandateResponseTask" to="finalizeAuthentication" />
+ <pd:Transition from="receiveElgaMandateResponseTask" to="userRestrictionTask" />
<pd:Transition from="prepareGetMISMandate" to="getMISMandate" />
- <pd:Transition from="getMISMandate" to="finalizeAuthentication" />
-
- <pd:Transition from="getForeignID" to="finalizeAuthentication" />
+ <pd:Transition from="getMISMandate" to="userRestrictionTask" />
+ <pd:Transition from="getForeignID" to="userRestrictionTask" />
+
+ <pd:Transition from="userRestrictionTask" to="finalizeAuthentication" />
<pd:Transition from="finalizeAuthentication" to="end" />
<pd:EndEvent id="end" />
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 98f6f2d5c..30e89d15a 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -83,7 +83,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
} catch (EAAFException e) {
Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
- throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e);
+ throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e);
}
@@ -117,7 +117,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
} catch (EAAFException e) {
Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
- throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e);
+ throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e);
}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
index d08e0f0ec..74aa6682b 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml
@@ -57,7 +57,19 @@
<version>0.6.3</version>
</dependency>
+ <dependency>
+ <groupId>org.bouncycastle</groupId>
+ <artifactId>bcprov-jdk15on</artifactId>
+ <version>1.52</version>
+ <!-- <scope>provided</scope> -->
+</dependency>
+
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <scope>test</scope>
+ </dependency>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
index 7a58648cc..f474461bf 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java
@@ -3,11 +3,13 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
public class Constants {
public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl";
+ public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume";
public static final String CONFIG_PROP_PREFIX = "modules.sl20";
- public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint";
+ public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint.";
+ public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = "default";
public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id";
-
+ public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id";
public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path";
public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.keystore.password";
public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias";
@@ -15,6 +17,15 @@ public class Constants {
public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";;
public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password";
+ public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID;
+ public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds.";
+
+ public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable";
+ public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled";
+ public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.required";
+ public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = CONFIG_PROP_PREFIX + ".security.eID.signed.result.required";
+
+ public static final String CONFIG_PROP_IPC_RETURN_URL = CONFIG_PROP_PREFIX + ".ipc.return.url";
public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
index a2b58931e..9c2d47ca7 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java
@@ -22,26 +22,32 @@
*/
package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+import java.util.Arrays;
+import java.util.List;
+
import javax.annotation.PostConstruct;
-import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
/**
* @author tlenz
*
*/
-public class SL20AuthenticationModulImpl implements AuthModule {
-
+public class SL20AuthenticationModulImpl implements AuthModule {
private int priority = 3;
-
+ public static final List<String> VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4");
+
@Autowired(required=true) protected AuthConfiguration authConfig;
@Autowired(required=true) private AuthenticationManager authManager;
@@ -62,6 +68,7 @@ public class SL20AuthenticationModulImpl implements AuthModule {
protected void initalSL20Authentication() {
//parameter to whiteList
authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE);
+ authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE);
}
@@ -71,17 +78,42 @@ public class SL20AuthenticationModulImpl implements AuthModule {
*/
@Override
public String selectProcess(ExecutionContext context) {
- if (StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase())) ||
- StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE))) {
- Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found");
+ ISPConfiguration spConfig = (ISPConfiguration) context.get(EAAFConstants.PROCESSCONTEXT_SP_CONFIG);
+// if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters)
+// spConfig = (IOAAuthParameters)spConfigObj;
+
+ String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase());
+ String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
+
+ if (spConfig != null &&
+ MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)) &&
+ Boolean.valueOf(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) {
+ Logger.debug("SL2.0 is enabled for " + spConfig.getUniqueIdentifier());
+ Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + ": " + sl20ClientTypeHeader);
+ Logger.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE + ": " + sl20VDATypeHeader);
return "SL20Authentication";
} else {
- Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found");
+ Logger.trace("SL2.0 is NOT enabled for " + spConfig.getUniqueIdentifier());
return null;
}
+
+// if ( StringUtils.isNotBlank(sl20ClientTypeHeader)
+//// && (
+//// StringUtils.isNotBlank(sl20VDATypeHeader)
+//// //&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim())
+//// )
+// ) {
+// Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found");
+// return "SL20Authentication";
+//
+// } else {
+// Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found");
+// return null;
+//
+// }
}
/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
index ab7eb0830..87e9e933d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java
@@ -44,11 +44,14 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController {
public SL20SignalServlet() {
super();
Logger.debug("Registering servlet " + getClass().getName() +
- " with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + "'.");
+ " with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL +
+ " and " + Constants.HTTP_ENDPOINT_RESUME +
+ "'.");
}
- @RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL
+ @RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL,
+ Constants.HTTP_ENDPOINT_RESUME
},
method = {RequestMethod.POST, RequestMethod.GET})
public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java
new file mode 100644
index 000000000..957ace0fb
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java
@@ -0,0 +1,16 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions;
+
+public class SL20eIDDataValidationException extends SL20Exception {
+ private static final long serialVersionUID = 1L;
+
+ public SL20eIDDataValidationException(Object[] parameters) {
+ super("sl20.07", parameters);
+
+ }
+
+ public SL20eIDDataValidationException(Object[] parameters, Throwable e) {
+ super("sl20.07", parameters, e);
+
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index 92a08e411..42783468d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -1,10 +1,15 @@
package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
+import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.Enumeration;
import java.util.List;
import javax.annotation.PostConstruct;
@@ -14,6 +19,9 @@ import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
import org.jose4j.jwe.JsonWebEncryption;
import org.jose4j.jws.AlgorithmIdentifiers;
import org.jose4j.jws.JsonWebSignature;
+import org.jose4j.jwx.JsonWebStructure;
+import org.jose4j.keys.X509Util;
+import org.jose4j.keys.resolvers.X509VerificationKeyResolver;
import org.jose4j.lang.JoseException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@@ -34,6 +42,8 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
import at.gv.egovernment.moa.id.commons.utils.X509Utils;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
@Service
public class JsonSecurityUtils implements IJOSETools{
@@ -45,6 +55,8 @@ public class JsonSecurityUtils implements IJOSETools{
private Key encPrivKey = null;
private X509Certificate[] encCertChain = null;
+ private List<X509Certificate> trustedCerts = new ArrayList<X509Certificate>();
+
@PostConstruct
protected void initalize() {
Logger.info("Initialize SL2.0 authentication security constrains ... ");
@@ -68,7 +80,7 @@ public class JsonSecurityUtils implements IJOSETools{
try {
encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
if (encPrivKey != null) {
- Certificate[] certChainEncryption = keyStore.getCertificateChain(getSigningKeyAlias());
+ Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias());
encCertChain = new X509Certificate[certChainEncryption.length];
for (int i=0; i<certChainEncryption.length; i++) {
if (certChainEncryption[i] instanceof X509Certificate) {
@@ -84,6 +96,21 @@ public class JsonSecurityUtils implements IJOSETools{
}
+ //load trusted certificates
+ Enumeration<String> aliases = keyStore.aliases();
+ while(aliases.hasMoreElements()) {
+ String el = aliases.nextElement();
+ Logger.trace("Process TrustStoreEntry: " + el);
+ if (keyStore.isCertificateEntry(el)) {
+ Certificate cert = keyStore.getCertificate(el);
+ if (cert != null && cert instanceof X509Certificate)
+ trustedCerts.add((X509Certificate) cert);
+ else
+ Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString());
+
+ }
+ }
+
//some short validation
if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) {
Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath());
@@ -121,7 +148,10 @@ public class JsonSecurityUtils implements IJOSETools{
//set signing information
jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256);
jws.setKey(signPrivKey);
+
+ //TODO:
jws.setCertificateChainHeaderValue(signCertChain);
+ jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]);
return jws.getCompactSerialization();
@@ -145,18 +175,47 @@ public class JsonSecurityUtils implements IJOSETools{
SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()])));
//load signinc certs
+ Key selectedKey = null;
List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue();
- List<X509Certificate> sortedX5cCerts = null;
- if (x5cCerts == null || x5cCerts.size() < 1) {
- Logger.info("Signed SL2.0 response contains NO signature certificate");
- throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate");
-
- }
+ String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue();
+ if (x5cCerts != null) {
+ Logger.debug("Found x509 certificate in JOSE header ... ");
Logger.trace("Sorting received X509 certificates ... ");
- sortedX5cCerts = X509Utils.sortCertificates(x5cCerts);
+ List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts);
+ if (trustedCerts.contains(sortedX5cCerts.get(0))) {
+ selectedKey = sortedX5cCerts.get(0).getPublicKey();
+
+ } else {
+ Logger.info("Can NOT find JOSE certificate in truststore.");
+ Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString());
+ try {
+ Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
+ } catch (CertificateEncodingException | IOException e) {
+ e.printStackTrace();
+ }
+
+ }
+
+ } else if (MiscUtil.isNotEmpty(x5t256)) {
+ Logger.debug("Found x5t256 fingerprint in JOSE header .... ");
+ X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts);
+ selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList());
+
+ } else {
+ Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
+ throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
+
+ }
+
+ if (selectedKey == null) {
+ Logger.info("Can NOT select verification key for JWS. Signature verification FAILED.");
+ throw new SLCommandoParserException("Can NOT select verification key for JWS. Signature verification FAILED");
+
+ }
+
//set verification key
- jws.setKey(sortedX5cCerts.get(0).getPublicKey());
+ jws.setKey(selectedKey);
//validate signature
boolean valid = jws.verifySignature();
@@ -167,10 +226,12 @@ public class JsonSecurityUtils implements IJOSETools{
}
+
//load payLoad
+ Logger.debug("SL2.0 commando signature validation sucessfull");
JsonElement sl20Req = new JsonParser().parse(jws.getPayload());
- return new VerificationResult(sl20Req.getAsJsonObject(), sortedX5cCerts, valid) ;
+ return new VerificationResult(sl20Req.getAsJsonObject(), null, valid) ;
} catch (JoseException e) {
Logger.warn("SL2.0 commando signature validation FAILED", e);
@@ -183,7 +244,7 @@ public class JsonSecurityUtils implements IJOSETools{
@Override
public JsonElement decryptPayload(String compactSerialization) throws SL20Exception {
- try {
+ try {
JsonWebEncryption receiverJwe = new JsonWebEncryption();
//set security constrains
@@ -196,12 +257,49 @@ public class JsonSecurityUtils implements IJOSETools{
//set payload
receiverJwe.setCompactSerialization(compactSerialization);
+
- //TODO: validate key from header against key from config
+ //validate key from header against key from config
+ List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue();
+ String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue();
+ if (x5cCerts != null) {
+ Logger.debug("Found x509 certificate in JOSE header ... ");
+ Logger.trace("Sorting received X509 certificates ... ");
+ List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts);
- //decrypt payload
+ if (!sortedX5cCerts.get(0).equals(encCertChain[0])) {
+ Logger.info("Certificate from JOSE header does NOT match encryption certificate");
+ Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString());
+
+ try {
+ Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
+ } catch (CertificateEncodingException | IOException e) {
+ e.printStackTrace();
+ }
+ throw new SL20Exception("sl20.05", new Object[]{"Certificate from JOSE header does NOT match encryption certificate"});
+ }
+
+ } else if (MiscUtil.isNotEmpty(x5t256)) {
+ Logger.debug("Found x5t256 fingerprint in JOSE header .... ");
+ String certFingerPrint = X509Util.x5tS256(encCertChain[0]);
+ if (!certFingerPrint.equals(x5t256)) {
+ Logger.info("X5t256 from JOSE header does NOT match encryption certificate");
+ Logger.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint);
+ throw new SL20Exception("sl20.05", new Object[]{"X5t256 from JOSE header does NOT match encryption certificate"});
+
+ }
+
+ } else {
+ Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
+ throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
+
+ }
+
+ //set key
receiverJwe.setKey(encPrivKey);
+
+ //decrypt payload
return new JsonParser().parse(receiverJwe.getPlaintextString());
} catch (JoseException e) {
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
index b855c3cac..645b043ce 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
@@ -8,14 +8,17 @@ import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers;
import org.jose4j.jws.AlgorithmIdentifiers;
public class SL20Constants {
- public static final String CURRENT_SL20_VERSION = "10";
+ public static final int CURRENT_SL20_VERSION = 10;
//http binding parameters
public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand";
+ public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command";
+
public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl";
public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID";
public static final String HTTP_HEADER_SL20_CLIENT_TYPE = "SL2ClientType";
+ public static final String HTTP_HEADER_SL20_VDA_TYPE = "X-MOA-VDA";
public static final String HTTP_HEADER_VALUE_NATIVE = "nativeApp";
@@ -88,7 +91,11 @@ public class SL20Constants {
public static final String SL20_COMMAND_IDENTIFIER_CALL = "call";
public static final String SL20_COMMAND_IDENTIFIER_ERROR = "error";
public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID";
- public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig";
+ //public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig";
+
+ public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate";
+ public static final String SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES = "createCAdES";
+
public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey";
public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert";
@@ -103,6 +110,7 @@ public class SL20Constants {
public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY = "key";
public static final String SL20_COMMAND_PARAM_GENERAL_DATAURL = "dataUrl";
public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE = "x5cEnc";
+ public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK = "jwkEnc";
//Redirect command
public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL = "url";
@@ -127,17 +135,48 @@ public class SL20Constants {
public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes";
public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE";
- public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-FRIENDLYNAME";
- public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-UNIQUEID";
+ public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID";
+ public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME";
+ public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE";
public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+ public static final String SL20_COMMAND_PARAM_EID_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK;
public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK";
public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK";
public static final String SL20_COMMAND_PARAM_EID_RESULT_CCSURL = "EID-CCS-URL";
public static final String SL20_COMMAND_PARAM_EID_RESULT_LOA = "EID-CITIZEN-QAA-LEVEL";
//qualified Signature comamnd
- public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
- public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+// public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+// public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+
+
+ //getCertificate
+ public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_KEYID = "keyId";
+ public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+ public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+ public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK;
+ public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_RESULT_CERTIFICATE = "x5c";
+
+ //createCAdES Signture
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL = "cadesLevel";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK;
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_RESULT_SIGNATURE = "signature";
+
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC = "cAdES";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_T = "cAdES-T";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_C = "cAdES-C";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_X = "cAdES-X";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L";
+ public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A";
+
+
//create binding key command
public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
index cc7137a0f..169cb8e73 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java
@@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
import java.io.IOException;
import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
import java.net.URISyntaxException;
import javax.servlet.http.HttpServletRequest;
@@ -10,6 +9,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
+import org.jose4j.base64url.Base64Url;
import com.google.gson.JsonObject;
@@ -33,7 +33,9 @@ public class SL20HttpBindingUtils {
} else {
Logger.debug("Client request containts is no native client ... ");
URIBuilder clientRedirectURI = new URIBuilder(redirectURL);
- clientRedirectURI.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Forward.toString());
+ clientRedirectURI.addParameter(
+ SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM,
+ Base64Url.encode(sl20Forward.toString().getBytes()));
response.setStatus(307);
response.setHeader("Location", clientRedirectURI.build().toString());
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
index 52d7e1e67..d5dec1fe1 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java
@@ -387,7 +387,7 @@ public class SL20JSONBuilderUtils {
*/
public static JsonObject createGenericRequest(String reqId, String transactionId, JsonElement payLoad, String signedPayload) throws SLCommandoBuildException {
JsonObject req = new JsonObject();
- addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
+ addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true);
addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);
addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD,
@@ -411,7 +411,7 @@ public class SL20JSONBuilderUtils {
JsonElement payLoad, String signedPayload) throws SLCommandoBuildException {
JsonObject req = new JsonObject();
- addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
+ addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true);
addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true);
addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true);
addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false);
@@ -568,6 +568,17 @@ public class SL20JSONBuilderUtils {
}
+ private static void addSingleIntegerElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException {
+ validateParentAndKey(parent, keyId);
+
+ if (isRequired && value == null)
+ throw new SLCommandoBuildException(keyId + " has an empty value");
+
+ else if (value != null)
+ parent.addProperty(keyId, value);
+
+ }
+
private static void addSingleJSONElement(JsonObject parent, String keyId, JsonElement element, boolean isRequired) throws SLCommandoBuildException {
validateParentAndKey(parent, keyId);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
index e01945df0..759d9c838 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
@@ -1,17 +1,20 @@
package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
import java.io.InputStreamReader;
-import java.net.URLDecoder;
+import java.util.ArrayList;
import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
+import java.util.List;
import java.util.Map;
import java.util.Map.Entry;
import org.apache.http.Header;
+import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
import org.apache.http.client.utils.URIBuilder;
import org.apache.log4j.Logger;
+import org.jose4j.base64url.Base64Url;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
@@ -106,45 +109,95 @@ public class SL20JSONExtractorUtils {
}
/**
- * Extract Map of Key/Value pairs from a JSON Array
+ * Extract a List of String elements from a JSON element
*
* @param input
- * @param keyID
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static List<String> getListOfStringElements(JsonElement input) throws SLCommandoParserException {
+ List<String> result = new ArrayList<String>();
+ if (input != null) {
+ if (input.isJsonArray()) {
+ Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator();
+ while(arrayIterator.hasNext()) {
+ JsonElement next = arrayIterator.next();
+ if (next.isJsonPrimitive())
+ result.add(next.getAsString());
+ }
+
+ } else if (input.isJsonPrimitive()) {
+ result.add(input.getAsString());
+
+ } else {
+ log.warn("JSON Element IS NOT a JSON array or a JSON Primitive");
+ throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive");
+
+ }
+ }
+
+ return result;
+ }
+
+ /**
+ * Extract Map of Key/Value pairs from a JSON Element
+ *
+ * @param input parent JSON object
+ * @param keyID KeyId of the child that should be parsed
* @param isRequired
* @return
* @throws SLCommandoParserException
*/
public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
JsonElement internal = getAndCheck(input, keyID, isRequired);
+ return getMapOfStringElements(internal);
+ }
+
+ /**
+ * Extract Map of Key/Value pairs from a JSON Element
+ *
+ * @param input
+ * @return
+ * @throws SLCommandoParserException
+ */
+ public static Map<String, String> getMapOfStringElements(JsonElement input) throws SLCommandoParserException {
Map<String, String> result = new HashMap<String, String>();
- if (internal != null) {
- if (!internal.isJsonArray())
- throw new SLCommandoParserException("JSON Element IS NOT a JSON array");
-
- Iterator<JsonElement> arrayIterator = internal.getAsJsonArray().iterator();
- while(arrayIterator.hasNext()) {
- //JsonObject next = arrayIterator.next().getAsJsonObject();
- //result.put(
- // next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY).getAsString(),
- // next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE).getAsString());
- JsonElement next = arrayIterator.next();
- Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator();
- while (entry.hasNext()) {
- Entry<String, JsonElement> el = entry.next();
- if (result.containsKey(el.getKey()))
- log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
-
- result.put(el.getKey(), el.getValue().getAsString());
+ if (input != null) {
+ if (input.isJsonArray()) {
+ Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator();
+ while(arrayIterator.hasNext()) {
+ JsonElement next = arrayIterator.next();
+ Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator();
+ entitySetToMap(result, entry);
- }
- }
+ }
+
+ } else if (input.isJsonObject()) {
+ Iterator<Entry<String, JsonElement>> objectKeys = input.getAsJsonObject().entrySet().iterator();
+ entitySetToMap(result, objectKeys);
+
+ } else
+ throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object");
+
}
return result;
}
+ private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonElement>> entry) {
+ while (entry.hasNext()) {
+ Entry<String, JsonElement> el = entry.next();
+ if (result.containsKey(el.getKey()))
+ log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... ");
+
+ result.put(el.getKey(), el.getValue().getAsString());
+
+ }
+
+ }
+
public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception {
JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT);
@@ -152,31 +205,39 @@ public class SL20JSONExtractorUtils {
if (result == null && encryptedResult == null)
throw new SLCommandoParserException("NO result OR encryptedResult FOUND.");
-
- else if (result == null && encryptedResult == null)
- throw new SLCommandoParserException("result AND encryptedResultFOUND. Can not used twice");
-
+
else if (encryptedResult == null && mustBeEncrypted)
throw new SLCommandoParserException("result MUST be signed.");
-
- else if (result != null)
- return result;
-
+
else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) {
- /*TODO:
- *
- * Remove dummy code and test real decryption!!!!!
- *
- */
+ try {
+ return decrypter.decryptPayload(encryptedResult.getAsString());
+
+ } catch (Exception e) {
+ log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage());
+ if (!mustBeEncrypted) {
+ log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible");
- //return decrypter.decryptPayload(encryptedResult.getAsString());
+ //dummy code
+ try {
+ String[] signedPayload = encryptedResult.toString().split("\\.");
+ JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
+ return payLoad;
+
+ } catch (Exception e1) {
+ log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ...");
+ throw new SL20Exception(e.getMessage(), null, e);
+
+ }
+
+ } else
+ throw e;
+
+ }
+
+ } else if (result != null) {
+ return result;
- //dummy code
- String[] signedPayload = encryptedResult.toString().split("\\.");
- JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
- return payLoad;
-
-
} else
throw new SLCommandoParserException("Internal build error");
@@ -202,19 +263,16 @@ public class SL20JSONExtractorUtils {
if (sl20Payload == null && sl20SignedPayload == null)
throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND.");
- else if (sl20Payload == null && sl20SignedPayload == null)
- throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice");
-
else if (sl20SignedPayload == null && mustBeSigned)
throw new SLCommandoParserException("payLoad MUST be signed.");
+
+ else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) {
+ return joseTools.validateSignature(sl20SignedPayload.getAsString());
- else if (sl20Payload != null)
+ } else if (sl20Payload != null)
return new VerificationResult(sl20Payload.getAsJsonObject());
- else if (sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) {
- return joseTools.validateSignature(sl20SignedPayload.getAsString());
-
- } else
+ else
throw new SLCommandoParserException("Internal build error");
@@ -237,17 +295,25 @@ public class SL20JSONExtractorUtils {
throw new SLCommandoParserException("Find Redirect statuscode but not Location header");
String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue();
- sl20Resp = new JsonParser().parse(URLDecoder.decode(sl20RespString)).getAsJsonObject();
+ sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject();
} else if (httpResp.getStatusLine().getStatusCode() == 200) {
- if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8"))
- throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());
-
- sl20Resp = new JsonParser().parse(new InputStreamReader(httpResp.getEntity().getContent())).getAsJsonObject();
+ if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json"))
+ throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue());
+ sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
+ } else if ( (httpResp.getStatusLine().getStatusCode() == 500) ||
+ (httpResp.getStatusLine().getStatusCode() == 401) ||
+ (httpResp.getStatusLine().getStatusCode() == 400) ) {
+ log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()
+ + ". Search for error message");
+ sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity());
+
+
} else
throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode());
-
+
+ log.info("Find JSON object in http response");
return sl20Resp;
} catch (Exception e) {
@@ -256,6 +322,22 @@ public class SL20JSONExtractorUtils {
}
}
+ private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception {
+ if (resp != null && resp.getContent() != null) {
+ JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent()));
+ if (sl20Resp != null && sl20Resp.isJsonObject()) {
+ return sl20Resp.getAsJsonObject();
+
+ } else
+ throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object");
+
+
+ } else
+ throw new SLCommandoParserException("Can NOT find content in http response");
+
+ }
+
+
private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException {
JsonElement internal = input.get(keyID);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
new file mode 100644
index 000000000..599a67dfd
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java
@@ -0,0 +1,221 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+
+import org.opensaml.Configuration;
+import org.opensaml.saml2.core.Assertion;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil;
+import at.gv.egovernment.moa.util.Base64Utils;
+
+
+public class QualifiedeIDVerifier {
+ public static void verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException {
+ // validates the identity link
+ IdentityLinkValidator.getInstance().validate(idl);
+
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+ .build(idl, authConfig.getMoaSpIdentityLinkTrustProfileID(oaParam.isUseIDLTestTrustStore()));
+
+ // invokes the call
+ Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance()
+ .verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ // parses the <VerifyXMLSignatureResponse>
+ IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData();
+
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(
+ verifyXMLSignatureResponse,
+ authConfig.getIdentityLinkX509SubjectNames(),
+ VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
+ oaParam,
+ authConfig);
+
+
+ }
+
+ public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException {
+ String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore());
+ List<String> verifyTransformsInfoProfileID =
+ KeyValueUtils.getListOfCSVValues(
+ KeyValueUtils.normalizeCSVValueString(
+ authConfig.getBasicConfiguration(
+ at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID)));
+
+ SignatureVerificationUtils sigVerify = new SignatureVerificationUtils();
+ IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID);
+
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult,
+ null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam, authConfig);
+
+ return sigVerifyResult;
+
+ }
+
+ public static boolean checkConsistencyOfeIDData(String sl20ReqId, IIdentityLink idl, AssertionAttributeExtractor authBlockExtractor, IVerifiyXMLSignatureResponse sigVerifyResult) throws SL20eIDDataValidationException {
+
+ try {
+ // compares the public keys from the identityLink with the AuthBlock
+ VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(sigVerifyResult, idl);
+
+ //compare requestId from SL20 qualifiedeID command to ID from SAML2 assertion
+ String authBlockId = authBlockExtractor.getAssertionID();
+ if (MiscUtil.isEmpty(authBlockId)) {
+ Logger.info("AuthBlock containts no ID, but ID MUST be included");
+ throw new SL20eIDDataValidationException(new Object[] {
+ SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ "AuthBlock containts no ID, but ID MUST be included"
+ });
+ }
+
+ if (!authBlockId.equals(sl20ReqId)) {
+ Logger.info("SL20 'requestId' does NOT match to AuthBlock Id."
+ + " Expected : " + sl20ReqId
+ + " Authblock: " + authBlockId);
+ throw new SL20eIDDataValidationException(new Object[] {
+ SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ "SL20 'requestId' does NOT match to AuthBlock Id."
+ });
+ }
+
+
+ // Compare AuthBlock Data with information stored in session, especially
+ // date and time
+ validateSigningDateTime(sigVerifyResult, authBlockExtractor);
+
+ } catch ( Exception e) {
+ Logger.warn("Validation of eID information FAILED. ", e);
+ throw new SL20eIDDataValidationException(new Object[] {
+ SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
+ e.getMessage()
+ });
+
+ }
+
+
+ return false;
+
+ }
+
+ public static Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException {
+ try {
+ //parse authBlock into SAML2 Assertion
+ byte[] authBlockBytes = Base64Utils.decode(authblockB64, false);
+ Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes));
+
+ UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory();
+ Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM);
+ XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM);
+
+ //validate SAML2 Assertion
+ SAML2Utils.schemeValidation(samlAssertion);
+
+ if (samlAssertion instanceof Assertion)
+ return (Assertion) samlAssertion;
+ else
+ throw new SL20eIDDataValidationException(
+ new Object[] {
+ SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ "AuthBlock is NOT of type SAML2 Assertion"
+ });
+
+ } catch (SL20eIDDataValidationException e) {
+ throw e;
+
+ } catch (SAXException e) {
+ Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage());
+ throw new SL20eIDDataValidationException(
+ new Object[] {
+ SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ e.getMessage()
+ },
+ e);
+
+ } catch (Exception e) {
+ Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage());
+ Logger.trace("FullAuthBlock: " + authblockB64);
+ throw new SL20eIDDataValidationException(
+ new Object[] {
+ SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ e.getMessage()
+ },
+ e);
+
+ }
+
+ }
+
+ private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException {
+ Date signingDate = sigVerifyResult.getSigningDateTime();
+ Date notBefore = authBlockExtractor.getAssertionNotBefore();
+ Date notOrNotAfter = authBlockExtractor.getAssertionNotOnOrAfter();
+
+ if (signingDate == null) {
+ Logger.info("AuthBlock signature contains NO signing data");
+ throw new SL20eIDDataValidationException(new Object[] {
+ SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ "AuthBlock signature contains NO signing data"
+ });
+
+ }
+
+ Logger.debug("AuthBlock signing data: " + signingDate.toString());
+
+ if (notBefore == null || notOrNotAfter == null) {
+ Logger.info("AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates");
+ throw new SL20eIDDataValidationException(new Object[] {
+ SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ "AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates"
+ });
+
+ }
+
+ Logger.debug("AuthBlock valid period."
+ + " NotBefore:" + notBefore.toString()
+ + " NotOrNotAfter:" + notOrNotAfter.toString());
+
+ if ((signingDate.after(notBefore) || signingDate.equals(notBefore))
+ && signingDate.before(notOrNotAfter))
+ Logger.debug("Signing date validation successfull");
+
+
+ else {
+ Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains");
+ throw new SL20eIDDataValidationException(new Object[] {
+ SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ "AuthBlock signing date does NOT match to AuthBlock constrains"
+ });
+
+ }
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index 77ccb0720..fec78d88c 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -1,10 +1,10 @@
package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;
+import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
-import java.util.UUID;
import javax.net.ssl.SSLSocketFactory;
import javax.servlet.http.HttpServletRequest;
@@ -17,6 +17,7 @@ import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.message.BasicNameValuePair;
+import org.jose4j.base64url.Base64Url;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -27,10 +28,14 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils;
@@ -38,6 +43,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport;
import at.gv.egovernment.moa.id.util.SSLUtils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -54,18 +60,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
throws TaskExecutionException {
Logger.debug("Starting SL2.0 authentication process .... ");
-
+
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, "sl20auth");
+
try {
//get service-provider configuration
ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration();
//get basic configuration parameters
- String vdaQualeIDUrl = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID);
+ String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext);
if (MiscUtil.isEmpty(vdaQualeIDUrl)) {
- Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + ")");
+ Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")");
throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});
}
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, vdaQualeIDUrl);
+
String authBlockId = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID);
if (MiscUtil.isEmpty(authBlockId)) {
@@ -81,16 +91,26 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
//build qualifiedeID command
Map<String, String> qualifiedeIDParams = new HashMap<String, String>();
qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getUniqueIdentifier());
- qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName());
+ qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName());
+ qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT");
//qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString());
+
+ X509Certificate encCert = null;
+ if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true))
+ encCert = joseTools.getEncryptionCertificate();
+ else
+ Logger.info("eID data encryption is disabled by configuration");
+
JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters(
authBlockId,
dataURL,
qualifiedeIDParams,
- joseTools.getEncryptionCertificate());
+ encCert
+ );
- String qualeIDReqId = UUID.randomUUID().toString();
+ //String qualeIDReqId = UUID.randomUUID().toString();
+ String qualeIDReqId = SAML2Utils.getSecureIdentifier();
String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools);
JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand);
@@ -102,13 +122,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
sslFactory,
moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true));
- //build post request
+ //build http POST request
HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build());
- httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
List<NameValuePair> parameters = new ArrayList<NameValuePair>();;
- parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Req.toString()));
+ parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())));
httpReq.setEntity(new UrlEncodedFormEntity(parameters ));
+ //build http GET request
+// URIBuilder sl20ReqUri = new URIBuilder(vdaQualeIDUrl);
+// sl20ReqUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()));
+// HttpGet httpReq = new HttpGet(sl20ReqUri.build());
+
+ //set native client header
+ httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE);
+
+ Logger.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes()));
+
//request VDA
HttpResponse httpResp = httpClient.execute(httpReq);
@@ -146,10 +175,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
//TODO: maybe add SL2ClientType Header from execution context
SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL);
+ } else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()
+ .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) {
+ JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false);
+ if (result == null)
+ result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false);
+
+ String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true);
+ String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true);
+
+ Logger.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg);
+ throw new SL20Exception("sl20.08", new Object[]{errorCode, errorMsg});
+
} else {
//TODO: update to add error handling
Logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString());
-
+ throw new SLCommandoParserException("Received an unrecognized command: \" + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()");
}
@@ -166,8 +207,36 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
}
+ }
-
+ private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) {
+ String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS);
+ Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST);
+ if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) {
+ endPointMap.putAll(KeyValueUtils.convertListToMap(
+ KeyValueUtils.getListOfCSVValues(
+ KeyValueUtils.normalizeCSVValueString(spSpecificVDAEndpoints))));
+ Logger.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... ");
+
+ }
+
+ Logger.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... ");
+
+ //selection based on request Header
+ String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase());
+ if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) {
+ String vdaURL = endPointMap.get(sl20VDATypeHeader);
+ if (MiscUtil.isNotEmpty(vdaURL))
+ return vdaURL.trim();
+
+ else
+ Logger.info("Can NOT find VDA with Id: " + sl20VDATypeHeader + ". Use default VDA");
+
+ }
+
+ Logger.info("NO SP specific VDA endpoint found. Use default VDA");
+ return endPointMap.getOrDefault(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT,
+ Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT);
}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 8791da429..a3175713a 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -1,9 +1,8 @@
package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;
-import java.io.ByteArrayInputStream;
+import java.io.IOException;
import java.io.StringWriter;
import java.security.cert.X509Certificate;
-import java.util.Calendar;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -13,6 +12,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.http.entity.ContentType;
+import org.jose4j.base64url.Base64Url;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
@@ -27,8 +27,9 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
+import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
@@ -38,13 +39,11 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils;
import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
-import at.gv.egovernment.moa.util.Base64Utils;
-import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moaspss.logging.Logger;
+
@Component("ReceiveQualeIDTask")
public class ReceiveQualeIDTask extends AbstractAuthServletTask {
@@ -52,98 +51,197 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
- throws TaskExecutionException {
+ throws TaskExecutionException {
+ String sl20Result = null;
- Logger.debug("Receiving SL2.0 response process .... ");
try {
- //get SL2.0 command or result from HTTP request
- Map<String, String> reqParams = getParameters(request);
- String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
- if (MiscUtil.isEmpty(sl20Result)) {
- Logger.info("NO SL2.0 commando or result FOUND.");
- throw new SL20Exception("sl20.04", null);
+ Logger.debug("Receiving SL2.0 response process .... ");
+ JsonObject sl20ReqObj = null;
+ try {
+ //get SL2.0 command or result from HTTP request
+ Map<String, String> reqParams = getParameters(request);
+ sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM);
- }
-
+ if (MiscUtil.isEmpty(sl20Result)) {
+ //Workaround for SIC Handy-Signature, because it sends result in InputStream
+ String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8");
+ if (MiscUtil.isNotEmpty(isReqInput)) {
+ Logger.info("Use SIC Handy-Signature work-around!");
+ sl20Result = isReqInput.substring("slcommand=".length());
+
+ } else {
+ Logger.info("NO SL2.0 commando or result FOUND.");
+ throw new SL20Exception("sl20.04", null);
+ }
+
+ }
+
+ Logger.trace("Received SL2.0 result: " + sl20Result);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, request.getRemoteAddr());
- //parse SL2.0 command/result into JSON
- JsonObject sl20ReqObj = null;
- try {
- JsonParser jsonParser = new JsonParser();
- JsonElement sl20Req = jsonParser.parse(sl20Result);
- sl20ReqObj = sl20Req.getAsJsonObject();
+ //parse SL2.0 command/result into JSON
+ try {
+ JsonParser jsonParser = new JsonParser();
+ JsonElement sl20Req = jsonParser.parse(Base64Url.decodeToUtf8String(sl20Result));
+ sl20ReqObj = sl20Req.getAsJsonObject();
- } catch (JsonSyntaxException e) {
- Logger.warn("SL2.0 command or result is NOT valid JSON.", e);
- Logger.debug("SL2.0 msg: " + sl20Result);
- throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e);
+ } catch (JsonSyntaxException e) {
+ Logger.warn("SL2.0 command or result is NOT valid JSON.", e);
+ Logger.debug("SL2.0 msg: " + sl20Result);
+ throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e);
- }
+ }
- //validate reqId with inResponseTo
- String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
- String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
- if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
- Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
- throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
- }
+ //validate reqId with inResponseTo
+ String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
+ String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
+ if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
+ Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
+ throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
+ }
- //validate signature
- VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true);
- if (payLoadContainer.isValidSigned() == null ||
- !payLoadContainer.isValidSigned()) {
- Logger.info("SL20 result from VDA was not valid signed");
- throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
+ //validate signature
+ VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(
+ sl20ReqObj, joseTools,
+ authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true));
- }
-
- //TODO validate certificate
- List<X509Certificate> sigCertChain = payLoadContainer.getCertChain();
+ if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) {
+ if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) {
+ Logger.info("SL20 result from VDA was not valid signed");
+ throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."});
+
+ } else {
+ Logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!");
+
+ }
+ }
+
+ /*TODO validate certificate by using MOA-SPSS
+ * currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore
+ */
+ List<X509Certificate> sigCertChain = payLoadContainer.getCertChain();
- //extract payloaf
- JsonObject payLoad = payLoadContainer.getPayload();
+ //extract payloaf
+ JsonObject payLoad = payLoadContainer.getPayload();
- //check response type
- if (SL20JSONExtractorUtils.getStringValue(
- payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
- .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) {
- Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... ");
+ //check response type
+ if (SL20JSONExtractorUtils.getStringValue(
+ payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true)
+ .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) {
+ Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... ");
- //TODO: activate decryption in 'SL20JSONExtractorUtils.extractSL20Result'
- JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(payLoad, joseTools, false);
-
- //extract attributes from result
- String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(),
- SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true);
- String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(),
- SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true);
- String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(),
- SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true);
- String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(),
- SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true);
-
-
- //TODO: validate results
-
-
- //add into session
- AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
- moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink());
- moasession.setBkuURL(ccsURL);
- //TODO: from AuthBlock
- moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
- moasession.setQAALevel(LoA);
-
- //mark as authenticated
- moasession.setAuthenticated(true);
- pendingReq.setAuthenticated(true);
+ JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(
+ payLoad, joseTools,
+ authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true));
+
+ //extract attributes from result
+ Map<String, String> eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult);
+ String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
+ String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+ String ccsURL = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL);
+ String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA);
+
+
+
+ if (MiscUtil.isEmpty(idlB64) || MiscUtil.isEmpty(authBlockB64)
+ || MiscUtil.isEmpty(LoA) || MiscUtil.isEmpty(ccsURL)) {
+ Logger.info("SL20 'qualifiedeID' result does NOT contain all required attributes.");
+ throw new SLCommandoParserException("SL20 'qualifiedeID' result does NOT contain all required attributes.");
+
+ }
+
+ //cache qualified eID data into pending request
+ pendingReq.setGenericDataToSession(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
+ idlB64);
+ pendingReq.setGenericDataToSession(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ authBlockB64);
+ pendingReq.setGenericDataToSession(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL,
+ ccsURL);
+ pendingReq.setGenericDataToSession(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA,
+ LoA);
+ } else {
+ Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
+ throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
+ }
+
+
+ } catch (MOAIDException e) {
+ Logger.warn("SL2.0 processing error:", e);
+ if (sl20Result != null)
+ Logger.debug("Received SL2.0 result: " + sl20Result);
+ pendingReq.setGenericDataToSession(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
+ new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
+
+ } catch (Exception e) {
+ Logger.warn("ERROR:", e);
+ Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
+ if (sl20Result != null)
+ Logger.debug("Received SL2.0 result: " + sl20Result);
+ pendingReq.setGenericDataToSession(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
+ new TaskExecutionException(pendingReq, e.getMessage(), e));
+
+ } finally {
//store pending request
- pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
requestStoreage.storePendingRequest(pendingReq);
+ //write SL2.0 response
+ if (sl20ReqObj != null)
+ buildResponse(request, response, sl20ReqObj);
+ else
+ buildErrorResponse(request, response, "2000", "General transport Binding error");
+
+ }
+
+ } catch (Exception e) {
+ //write internal server errror 500 according to SL2.0 specification, chapter https transport binding
+ Logger.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e);
+ if (sl20Result != null)
+ Logger.debug("Received SL2.0 result: " + sl20Result);
+ try {
+ response.sendError(500, "Internal Server Error.");
+
+ } catch (IOException e1) {
+ Logger.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e);
+
+ }
+
+ } finally {
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
+
+ }
+ }
+
+ private void buildErrorResponse(HttpServletRequest request, HttpServletResponse response, String errorCode, String errorMsg) throws Exception {
+ JsonObject error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg);
+ JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest(
+ UUID.randomUUID().toString(),
+ null,
+ error ,
+ null);
+
+ Logger.debug("Client request containts 'native client' header ... ");
+ Logger.trace("SL20 response to VDA: " + respContainer);
+ StringWriter writer = new StringWriter();
+ writer.write(respContainer.toString());
+ final byte[] content = writer.toString().getBytes("UTF-8");
+ response.setStatus(HttpServletResponse.SC_OK);
+ response.setContentLength(content.length);
+ response.setContentType(ContentType.APPLICATION_JSON.toString());
+ response.getOutputStream().write(content);
+
+ }
+
+ private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20ReqObj) throws IOException, SL20Exception {
//create response
Map<String, String> reqParameters = new HashMap<String, String>();
reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId());
@@ -155,7 +253,9 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams);
//build first redirect command for app
- JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true);
+ JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
+ generateICPRedirectURLForDebugging(),
+ callCommand, null, true);
JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams);
//build second redirect command for IDP
@@ -172,9 +272,12 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
redirectTwoCommand,
null);
+ //workaround for A-Trust
if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null &&
- request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) {
- Logger.debug("Client request containts 'native client' header ... ");
+ request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)
+ || true) {
+ Logger.debug("Client request containts 'native client' header ... ");
+ Logger.trace("SL20 response to VDA: " + respContainer);
StringWriter writer = new StringWriter();
writer.write(respContainer.toString());
final byte[] content = writer.toString().getBytes("UTF-8");
@@ -190,36 +293,32 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"});
}
-
- } else {
- Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
- throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result");
}
+
+ /**
+ * Generates a IPC redirect URL that is configured on IDP side
+ *
+ * @return IPC ReturnURL, or null if no URL is configured
+ */
+ private String generateICPRedirectURLForDebugging() {
+ final String PATTERN_PENDING_REQ_ID = "#PENDINGREQID#";
+ String ipcRedirectURLConfig = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL);
+ if (MiscUtil.isNotEmpty(ipcRedirectURLConfig)) {
+ if (ipcRedirectURLConfig.contains(PATTERN_PENDING_REQ_ID)) {
+ Logger.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... ");
+ ipcRedirectURLConfig = ipcRedirectURLConfig.replaceAll(
+ "#PENDINGREQID#",
+ EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + pendingReq.getPendingRequestId());
- } catch (MOAIDException e) {
- Logger.warn("ERROR:", e);
- throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e);
-
- } catch (Exception e) {
- Logger.warn("ERROR:", e);
- Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
- throw new TaskExecutionException(pendingReq, e.getMessage(), e);
-
- } finally {
- TransactionIDUtils.removeTransactionId();
- TransactionIDUtils.removeSessionId();
+ }
+ return ipcRedirectURLConfig;
}
- }
-
- private JsonObject createRedirectCommand() {
-
-
return null;
-
}
+
}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
new file mode 100644
index 000000000..403423e46
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks;
+
+import java.io.ByteArrayInputStream;
+import java.util.Calendar;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.core.Assertion;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moaspss.logging.Logger;
+
+
+@Component("VerifyQualifiedeIDTask")
+public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
+
+ @Override
+ public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+ throws TaskExecutionException {
+
+ Logger.debug("Verify qualified eID data from SL20 response .... ");
+ try {
+ //check if there was an error
+ TaskExecutionException sl20Error = pendingReq.getGenericData(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
+ TaskExecutionException.class);
+ if (sl20Error != null) {
+ Logger.info("Found SL2.0 error after redirect ... ");
+ throw sl20Error;
+
+ }
+
+ //get data from pending request
+ String sl20ReqId = pendingReq.getGenericData(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID,
+ String.class);
+ String idlB64 = pendingReq.getGenericData(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
+ String.class);
+ String authBlockB64 = pendingReq.getGenericData(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK,
+ String.class);
+ String ccsURL = pendingReq.getGenericData(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL,
+ String.class);
+ String LoA = pendingReq.getGenericData(
+ Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA,
+ String.class);
+
+ //parse eID data
+ IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+ IVerifiyXMLSignatureResponse authBlockVerificationResult = null;
+ try {
+ Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
+ AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock);
+
+
+ //validate eID data
+ QualifiedeIDVerifier.verifyIdentityLink(idl,
+ pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class),
+ (AuthConfiguration) authConfig);
+
+ authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(
+ authBlockB64,
+ pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class),
+ (AuthConfiguration) authConfig);
+
+ QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult);
+
+ //TODO: add LoA verification
+
+ } catch (MOAIDException e) {
+ if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) {
+ Logger.warn("SL20 eID data validation IS DISABLED!!");
+ Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e);
+
+ } else
+ throw e;
+
+ }
+
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
+ revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+
+
+
+ //add into session
+ AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+ moasession.setIdentityLink(idl);
+ moasession.setBkuURL(ccsURL);
+ //TODO: from AuthBlock
+ if (authBlockVerificationResult != null)
+ moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime()));
+ else
+ moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance()));
+
+ moasession.setQAALevel(LoA);
+
+ //store pending request
+ requestStoreage.storePendingRequest(pendingReq);
+
+ } catch (MOAIDException e) {
+ Logger.warn("ERROR:", e);
+ throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e);
+
+ } catch (Exception e) {
+ Logger.warn("ERROR:", e);
+ Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
+ throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+
+ } finally {
+ TransactionIDUtils.removeTransactionId();
+ TransactionIDUtils.removeSessionId();
+
+ }
+ }
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml
index 37551b3f5..a9c9bac8e 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml
@@ -29,5 +29,9 @@
<bean id="ReceiveQualeIDResponseTask"
class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.ReceiveQualeIDTask"
scope="prototype"/>
+
+ <bean id="VerifyQualifiedeIDTask"
+ class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.VerifyQualifiedeIDTask"
+ scope="prototype"/>
</beans> \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
index bcd74f84c..673144b06 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml
@@ -3,17 +3,19 @@
<pd:Task id="createQualifiedeIDRequest" class="CreateQualeIDRequestTask" />
<pd:Task id="receiveQualifiedeID" class="ReceiveQualeIDResponseTask" async="true"/>
-
- <!-- <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> -->
+ <pd:Task id="verifyQualifiedeIDTask" class="VerifyQualifiedeIDTask" async="true"/>
+ <pd:Task id="userRestrictionTask" class="UserRestrictionTask" />
+ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" />
<pd:StartEvent id="start" />
<pd:Transition from="start" to="createQualifiedeIDRequest" />
- <pd:Transition from="createQualifiedeIDRequest" to="receiveQualifiedeID" />
- <pd:Transition from="receiveQualifiedeID" to="end" />
-
- <!-- It's only required if we can not use the finalize redirect on SL20 redirect command -->
- <!-- <pd:Transition from="receiveQualifiedeID" to="finalizeAuthentication" />
- <pd:Transition from="finalizeAuthentication" to="end" /> -->
+ <pd:Transition from="createQualifiedeIDRequest" to="receiveQualifiedeID" />
+ <pd:Transition from="receiveQualifiedeID" to="verifyQualifiedeIDTask" />
+ <pd:Transition from="verifyQualifiedeIDTask" to="userRestrictionTask" />
+ <pd:Transition from="userRestrictionTask" to="finalizeAuthentication" />
+ <pd:Transition from="finalizeAuthentication" to="end" />
+
+
<pd:EndEvent id="end" />
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
new file mode 100644
index 000000000..35f1d0052
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
@@ -0,0 +1,51 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.opensaml.xml.ConfigurationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context.xml")
+public class EIDDataVerifier_ATrust extends eIDDataVerifierTest {
+
+ @Autowired IJOSETools joseTools;
+
+
+ @Before
+ public void init() throws IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException, SL20Exception {
+ String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json")));
+ JsonParser jsonParser = new JsonParser();
+ JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject();
+
+ //JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true);
+ VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true);
+// JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true);
+ JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true);
+
+ eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
+ if (eIDData == null || eIDData.isEmpty())
+ throw new SLCommandoParserException("Can not load eID data");
+
+ }
+
+ @Override
+ protected String getSl20ReqId() {
+ return "_2ac94139a4451f7ef0893a5b823aff16";
+ }
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java
new file mode 100644
index 000000000..419142c7d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java
@@ -0,0 +1,43 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.runner.RunWith;
+import org.opensaml.xml.ConfigurationException;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import com.google.gson.JsonElement;
+import com.google.gson.JsonObject;
+import com.google.gson.JsonParser;
+
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({ "/SpringTest-context.xml" })
+public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest {
+
+ @Before
+ public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException {
+ String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json")));
+ JsonParser jsonParser = new JsonParser();
+ JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject();
+ JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getAsJsonObject(), "result", true);
+
+ eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
+ if (eIDData == null || eIDData.isEmpty())
+ throw new SLCommandoParserException("Can not load eID data");
+
+ }
+
+ @Override
+ protected String getSl20ReqId() {
+ return "_57010b7fcc93cc4cf3f2b764389137c2";
+ }
+
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java
new file mode 100644
index 000000000..1c41b22fd
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java
@@ -0,0 +1,41 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+//import java.io.IOException;
+//import java.io.InputStreamReader;
+//
+//import org.apache.commons.io.IOUtils;
+//import org.junit.Before;
+//import org.junit.runner.RunWith;
+//import org.opensaml.xml.ConfigurationException;
+//import org.springframework.test.context.ContextConfiguration;
+//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+//
+//import com.google.gson.JsonElement;
+//import com.google.gson.JsonParser;
+//
+//import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException;
+//import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils;
+
+//@RunWith(SpringJUnit4ClassRunner.class)
+//@ContextConfiguration({ "/SpringTest-context.xml" })
+//public class EIDDataVerifier_SIC extends eIDDataVerifierTest {
+//
+// @Before
+// public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException {
+// String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_sic.json")));
+// JsonParser jsonParser = new JsonParser();
+// JsonElement result = jsonParser.parse(eIDDataString).getAsJsonObject();
+//
+// eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
+// if (eIDData == null || eIDData.isEmpty())
+// throw new SLCommandoParserException("Can not load eID data");
+//
+// }
+//
+// @Override
+// protected String getSl20ReqId() {
+// return "_40972fd777c59da1ebeed2b8d633a300";
+// }
+//
+//
+//}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
new file mode 100644
index 000000000..fe12e9b76
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
@@ -0,0 +1,439 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URL;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
+
+public class DummyAuthConfig implements AuthConfiguration {
+
+ private boolean requireAuthBlockQC = true;
+
+
+
+ public void setRequireAuthBlockQC(boolean requireAuthBlockQC) {
+ this.requireAuthBlockQC = requireAuthBlockQC;
+ }
+
+ @Override
+ public String getRootConfigFileDir() {
+ try {
+ return new java.io.File( "." ).getCanonicalPath();
+
+ } catch (IOException e) {
+ return null;
+
+ }
+ }
+
+ @Override
+ public String getDefaultChainingMode() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getTrustedCACertificates() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isTrustmanagerrevoationchecking() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String[] getActiveProfiles() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Properties getGeneralPVP2ProperiesConfig() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Properties getGeneralOAuth20ProperiesConfig() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ProtocolAllowed getAllowedProtocols() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Map<String, String> getConfigurationWithPrefix(String Prefix) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getConfigurationWithKey(String key) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getBasicConfiguration(String key) {
+ if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID.equals(key))
+ return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN";
+
+ else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key))
+ return "/src/test/resources/sl20.jks";
+
+ else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD.equals(key))
+ return "password";
+
+ else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS.equals(key))
+ return "sl20signing";
+
+ else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD.equals(key))
+ return "password";
+
+ else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS.equals(key))
+ return "sl20encryption";
+
+ else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD.equals(key))
+ return "password";
+
+ else
+ return null;
+ }
+
+ @Override
+ public String getBasicConfiguration(String key, String defaultValue) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public int getTransactionTimeOut() {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public int getSSOCreatedTimeOut() {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public int getSSOUpdatedTimeOut() {
+ // TODO Auto-generated method stub
+ return 0;
+ }
+
+ @Override
+ public String getAlternativeSourceID() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getLegacyAllowedProtocols() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+ if (useTestTrustStore)
+ return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten";
+ else
+ return "MOAIDBuergerkarteAuthentisierungsDaten";
+ }
+
+ @Override
+ public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters)
+ throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+ if (useTestTrustStore)
+ return "MOAIDBuergerkartePersonenbindungMitTestkarten";
+ else
+ return "MOAIDBuergerkartePersonenbindung";
+ }
+
+ @Override
+ public List<String> getTransformsInfos() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getSLRequestTemplates() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getSLRequestTemplates(String type) throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getDefaultBKUURLs() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getDefaultBKUURL(String type) throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getSSOTagetIdentifier() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getSSOFriendlyName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getSSOSpecialText() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMOASessionEncryptionKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMOAConfigurationEncryptionKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isIdentityLinkResigning() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getIdentityLinkResigningKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isMonitoringActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getMonitoringTestIdentityLinkURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getMonitoringMessageSuccess() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isAdvancedLoggingActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<String> getPublicURLPrefix() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isVirtualIDPsEnabled() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isPVP2AssertionEncryptionActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isCertifiacteQCActive() {
+ return this.requireAuthBlockQC;
+ }
+
+ @Override
+ public IStorkConfig getStorkConfig() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getDocumentServiceUrl() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isStorkFakeIdLActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<String> getStorkFakeIdLCountries() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getStorkNoSignatureCountries() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getStorkFakeIdLResigningKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isPVPSchemaValidationActive() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public Map<String, String> getConfigurationWithWildCard(String key) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<Integer> getDefaultRevisionsLogEventCodes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isHTTPAuthAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String[] getRevocationMethodOrder() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public URI getConfigurationFilePath() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public URI getConfigurationRootDirectory() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Properties getFullConfigurationProperties() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public <T> T getServiceProviderConfiguration(String arg0, Class<T> arg1) throws EAAFConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String validateIDPURL(URL arg0) throws EAAFException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
new file mode 100644
index 000000000..69e3e7995
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java
@@ -0,0 +1,326 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata;
+
+import java.security.PrivateKey;
+import java.util.Collection;
+import java.util.List;
+import java.util.Map;
+
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.CPEPS;
+import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute;
+import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+
+public class DummyOA implements IOAAuthParameters {
+
+ @Override
+ public Map<String, String> getFullConfiguration() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getConfigurationValue(String key) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getFriendlyName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getPublicURLPrefix() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isInderfederationIDP() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isSTORKPVPGateway() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isRemovePBKFromAuthBlock() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getKeyBoxIdentifier() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public SAML1ConfigurationParameters getSAML1Parameter() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getTemplateURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getAditionalAuthBlockText() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getBKUURL(String bkutype) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getBKUURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean useSSO() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean useSSOQuestion() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public List<String> getMandateProfiles() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isShowMandateCheckBox() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isOnlyMandateAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isShowStorkLogin() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getQaaLevel() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isRequireConsentForStorkAttributes() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public Collection<StorkAttribute> getRequestedSTORKAttributes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public byte[] getBKUSelectionTemplate() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public byte[] getSendAssertionTemplate() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Collection<CPEPS> getPepsList() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getIDPAttributQueryServiceURL() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isInboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isInterfederationSSOStorageAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isOutboundSSOInterfederationAllowed() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isTestCredentialEnabled() {
+ return true;
+ }
+
+ @Override
+ public List<String> getTestCredentialOIDs() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isUseIDLTestTrustStore() {
+ return true;
+ }
+
+ @Override
+ public boolean isUseAuthBlockTestTestStore() {
+ return true;
+ }
+
+ @Override
+ public PrivateKey getBPKDecBpkDecryptionKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isPassivRequestUsedForInterfederation() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean isPerformLocalAuthenticationOnInterfederationError() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public Collection<StorkAttributeProviderPlugin> getStorkAPs() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<Integer> getReversionsLoggingEventCodes() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> foreignbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean containsConfigurationKey(String arg0) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public String getAreaSpecificTargetIdentifier() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getConfigurationValue(String arg0, String arg1) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getLoAMatchingMode() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getRequiredLoA() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public List<String> getTargetsWithNoBaseIdTransferRestriction() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getUniqueIdentifier() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Boolean isConfigurationValue(String arg0) {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public boolean isConfigurationValue(String arg0, boolean arg1) {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean hasBaseIdInternalProcessingRestriction() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+ @Override
+ public boolean hasBaseIdTransferRestriction() {
+ // TODO Auto-generated method stub
+ return false;
+ }
+
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
new file mode 100644
index 000000000..20ff41fe7
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
@@ -0,0 +1,147 @@
+package at.gv.egovernment.moa.id.auth.modules.sl20_auth;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.util.Map;
+
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.opensaml.DefaultBootstrap;
+import org.opensaml.saml2.core.Assertion;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants;
+import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier;
+import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.Configurator;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.egovernment.moaspss.logging.LoggingContext;
+import at.gv.egovernment.moaspss.logging.LoggingContextManager;
+import iaik.security.ec.provider.ECCelerate;
+import iaik.security.provider.IAIK;
+
+public abstract class eIDDataVerifierTest {
+
+ protected Map<String, String> eIDData = null;
+
+ @Autowired DummyAuthConfig authConfig;
+
+ @BeforeClass
+ public static void moaSPSSInitialize() throws ConfigurationException, org.opensaml.xml.ConfigurationException, IOException {
+ Logger.info("Loading Java security providers.");
+ //System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml");
+ String current = new java.io.File( "." ).getCanonicalPath();
+ System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
+
+ IAIK.addAsProvider();
+ ECCelerate.addAsProvider();
+ DefaultBootstrap.bootstrap();
+
+ try {
+ LoggingContextManager.getInstance().setLoggingContext(
+ new LoggingContext("startup"));
+ Logger.debug("Starting MOA-SPSS initialization process ... ");
+ Configurator.getInstance().init();
+ Logger.info("MOA-SPSS initialization complete ");
+
+ } catch (MOAException e) {
+ Logger.error("MOA-SP initialization FAILED!", e.getWrapped());
+ throw new ConfigurationException("config.10", new Object[] { e
+ .toString() }, e);
+ }
+
+ }
+
+ @Test
+ public void dummyTest() throws Exception {
+
+
+ }
+
+ @Test
+ public void parseIdl() throws Exception {
+ String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
+ if (MiscUtil.isEmpty(idlB64))
+ throw new Exception("NO IDL found");
+
+ IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+ //IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink();
+ if (idl == null)
+ throw new Exception("IDL parsing FAILED");
+
+ }
+
+ @Test
+ public void verifyIdl() throws Exception {
+ String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
+ if (MiscUtil.isEmpty(idlB64))
+ throw new Exception("NO IDL found");
+
+ IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+// IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink();
+
+ if (idl == null)
+ throw new Exception("IDL parsing FAILED");
+
+ IOAAuthParameters dummyOA = new DummyOA();
+ QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , authConfig);
+
+ }
+
+ @Test
+ public void parseAuthBlock() throws Exception {
+ String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+ if (MiscUtil.isEmpty(authBlockB64))
+ throw new Exception("NO AuthBlock found");
+
+ Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
+ new AssertionAttributeExtractor(authBlock);
+
+ }
+
+
+
+ @Test
+ public void verifyAuthBlock() throws Exception {
+ String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+ if (MiscUtil.isEmpty(authBlockB64))
+ throw new Exception("NO AuthBlock found");
+
+ IOAAuthParameters dummyOA = new DummyOA();
+ authConfig.setRequireAuthBlockQC(false);
+ QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , authConfig);
+ authConfig.setRequireAuthBlockQC(true);
+
+ }
+
+ @Test
+ public void checkIDLAgainstAuthblock() throws Exception {
+ String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK);
+ String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL);
+ if (MiscUtil.isEmpty(idlB64))
+ throw new Exception("NO IDL found");
+ if (MiscUtil.isEmpty(authBlockB64))
+ throw new Exception("NO AuthBlock found");
+
+ IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink();
+ Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64);
+ AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock);
+ IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, new DummyOA() , authConfig);
+ QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult);
+
+
+
+ }
+
+ protected abstract String getSl20ReqId();
+}
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml
new file mode 100644
index 000000000..c1f185208
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+
+ <bean id="firstJOSETests"
+ class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.JsonSecurityUtils"/>
+
+ <bean id="DummyAuthConfig"
+ class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig"/>
+</beans>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml
new file mode 100644
index 000000000..0840ecd94
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml
@@ -0,0 +1,90 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper-->
+<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+<cfg:Common>
+ <cfg:PermitExternalUris>
+ <cfg:BlackListUri>
+ <cfg:IP>192.168</cfg:IP>
+ </cfg:BlackListUri>
+ </cfg:PermitExternalUris>
+ </cfg:Common>
+ <cfg:SignatureVerification>
+ <cfg:CertificateValidation>
+ <cfg:PathConstruction>
+ <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
+ <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
+ <cfg:CertificateStore>
+ <cfg:DirectoryStore>
+ <cfg:Location>certstore</cfg:Location>
+ </cfg:DirectoryStore>
+ </cfg:CertificateStore>
+ </cfg:PathConstruction>
+ <cfg:PathValidation>
+ <cfg:ChainingMode>
+ <cfg:DefaultMode>pkix</cfg:DefaultMode>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ <cfg:TrustAnchor>
+ <cfg:Identification>
+ <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName>
+ <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber>
+ </cfg:Identification>
+ <cfg:Mode>chaining</cfg:Mode>
+ </cfg:TrustAnchor>
+ </cfg:ChainingMode>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+ <cfg:TrustProfile>
+ <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
+ <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
+ </cfg:TrustProfile>
+
+ </cfg:PathValidation>
+ <cfg:RevocationChecking>
+ <cfg:EnableChecking>false</cfg:EnableChecking>
+ <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge>
+ <cfg:ServiceOrder>
+ <cfg:Service>CRL</cfg:Service>
+ <cfg:Service>OCSP</cfg:Service>
+ </cfg:ServiceOrder>
+ <cfg:Archiving>
+ <cfg:EnableArchiving>false</cfg:EnableArchiving>
+ <cfg:ArchiveDuration>365</cfg:ArchiveDuration>
+ <cfg:Archive>
+ <cfg:DatabaseArchive>
+ <cfg:JDBCURL>jdbc:url</cfg:JDBCURL>
+ <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName>
+ </cfg:DatabaseArchive>
+ </cfg:Archive>
+ </cfg:Archiving>
+ </cfg:RevocationChecking>
+ </cfg:CertificateValidation>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ <cfg:VerifyTransformsInfoProfile>
+ <cfg:Id>SL20Authblock_v1.0_OWN</cfg:Id>
+ <cfg:Location>profiles/SL20_authblock_v1.0_own.xml</cfg:Location>
+ </cfg:VerifyTransformsInfoProfile>
+ </cfg:SignatureVerification>
+</cfg:MOAConfiguration>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD
new file mode 100644
index 000000000..61bfd22bc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26
new file mode 100644
index 000000000..55707d69f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7
new file mode 100644
index 000000000..815f53d95
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100
new file mode 100644
index 000000000..882753986
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A
new file mode 100644
index 000000000..f28aa4b8e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27
new file mode 100644
index 000000000..5171276f4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4
new file mode 100644
index 000000000..6e17b9db5
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914
new file mode 100644
index 000000000..911640d0e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE
new file mode 100644
index 000000000..1bb449441
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D
new file mode 100644
index 000000000..807fa786c
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5
new file mode 100644
index 000000000..b2a1e145f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1
new file mode 100644
index 000000000..22d64fb5f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C
new file mode 100644
index 000000000..8588ce58a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716
new file mode 100644
index 000000000..7bbf658e9
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
new file mode 100644
index 000000000..2fa45b280
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3
new file mode 100644
index 000000000..c79d3e6b0
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
new file mode 100644
index 000000000..ab9e0cd7d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8
new file mode 100644
index 000000000..01965769d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3
new file mode 100644
index 000000000..5026d395f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4
new file mode 100644
index 000000000..9b2ee0fc6
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8
new file mode 100644
index 000000000..9d2132e7f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F
new file mode 100644
index 000000000..c34d0f380
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3
new file mode 100644
index 000000000..d894e92ca
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D
new file mode 100644
index 000000000..380486f65
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E
new file mode 100644
index 000000000..0f0db03b3
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E
new file mode 100644
index 000000000..39e377edf
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208
new file mode 100644
index 000000000..0a1fcff85
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C
new file mode 100644
index 000000000..61d346a8f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926
new file mode 100644
index 000000000..9ae7ffa0c
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623
new file mode 100644
index 000000000..a68ae2db7
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2
new file mode 100644
index 000000000..28cb48bb0
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E
new file mode 100644
index 000000000..c9da41583
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01
new file mode 100644
index 000000000..28fbdf42f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4
new file mode 100644
index 000000000..24d1795f5
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1
new file mode 100644
index 000000000..6da18c620
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01
new file mode 100644
index 000000000..3a274af3c
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F
new file mode 100644
index 000000000..3beb4529a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526
new file mode 100644
index 000000000..da38ce028
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830
new file mode 100644
index 000000000..7e9fd5b0b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8
new file mode 100644
index 000000000..41dc7c553
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F
new file mode 100644
index 000000000..b596d82e3
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D
new file mode 100644
index 000000000..4adc3b7ec
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687
new file mode 100644
index 000000000..1e4f22777
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76
new file mode 100644
index 000000000..fe561ad6a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA
new file mode 100644
index 000000000..5205ec519
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419
new file mode 100644
index 000000000..10a1f7141
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
new file mode 100644
index 000000000..dae019650
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E
new file mode 100644
index 000000000..b9fe1280c
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03
new file mode 100644
index 000000000..ea1585a6e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206
new file mode 100644
index 000000000..0c2494a4b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878
new file mode 100644
index 000000000..424f849a1
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B
new file mode 100644
index 000000000..06b40aa67
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
new file mode 100644
index 000000000..3be7b6a06
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E
new file mode 100644
index 000000000..b2beddaa5
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317
new file mode 100644
index 000000000..73553b996
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8
new file mode 100644
index 000000000..6368a6cc6
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44
new file mode 100644
index 000000000..08d7b28e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE
new file mode 100644
index 000000000..e47d2b8ba
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA
new file mode 100644
index 000000000..5168e1af0
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D
new file mode 100644
index 000000000..c5bcc42e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
new file mode 100644
index 000000000..3c7775b6e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
new file mode 100644
index 000000000..b6f39e354
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
new file mode 100644
index 000000000..f9fef65fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE
new file mode 100644
index 000000000..efa28178e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7
new file mode 100644
index 000000000..8c434777e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0
new file mode 100644
index 000000000..89cfe44fd
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C
new file mode 100644
index 000000000..d9d633e32
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE
new file mode 100644
index 000000000..c3fc91352
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9
new file mode 100644
index 000000000..640918641
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A
new file mode 100644
index 000000000..ad13d7b28
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
new file mode 100644
index 000000000..d361d919f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38
new file mode 100644
index 000000000..69a8e4872
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D
new file mode 100644
index 000000000..1a3106742
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02
new file mode 100644
index 000000000..558ce15e3
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D
new file mode 100644
index 000000000..0bab77032
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
new file mode 100644
index 000000000..b60dea248
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0
new file mode 100644
index 000000000..ac2e3c2b4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C
new file mode 100644
index 000000000..4dd2c49bf
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9
new file mode 100644
index 000000000..1bfd4d661
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19
new file mode 100644
index 000000000..c478bf0fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3
new file mode 100644
index 000000000..09bd4626c
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
new file mode 100644
index 000000000..592c96230
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929
new file mode 100644
index 000000000..c171b6d31
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB
new file mode 100644
index 000000000..6f97837a2
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980
new file mode 100644
index 000000000..d7799119f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B
new file mode 100644
index 000000000..508f7f076
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B
new file mode 100644
index 000000000..c0feb0d0e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6
new file mode 100644
index 000000000..ebfbce9a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8
new file mode 100644
index 000000000..5c75689fb
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB
new file mode 100644
index 000000000..e08466c5a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E
new file mode 100644
index 000000000..ed5ba194c
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA
new file mode 100644
index 000000000..bc5ed1e62
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B
new file mode 100644
index 000000000..cb519b7eb
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799
new file mode 100644
index 000000000..f2bbe24c8
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357
new file mode 100644
index 000000000..a592bd280
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918
new file mode 100644
index 000000000..6114ab414
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6
new file mode 100644
index 000000000..beff53663
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1
new file mode 100644
index 000000000..60405d6be
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120
new file mode 100644
index 000000000..4132c67c9
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2
new file mode 100644
index 000000000..36c381da7
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE
new file mode 100644
index 000000000..e20156afc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A
new file mode 100644
index 000000000..6f92cf716
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1
new file mode 100644
index 000000000..0cba97eec
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD
new file mode 100644
index 000000000..1de8f2cdf
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099
new file mode 100644
index 000000000..23d9533dc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710
new file mode 100644
index 000000000..a7948e488
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE
new file mode 100644
index 000000000..c4d97cda3
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4
new file mode 100644
index 000000000..a63cd9ad4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112
new file mode 100644
index 000000000..f5e70ea0f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958
new file mode 100644
index 000000000..a5e651f86
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B
new file mode 100644
index 000000000..b15880c29
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA
new file mode 100644
index 000000000..d53dce92b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE
new file mode 100644
index 000000000..5375c57c3
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344
new file mode 100644
index 000000000..7085c5ac9
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683
new file mode 100644
index 000000000..97dc187db
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65
new file mode 100644
index 000000000..ad5d7dea1
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B
new file mode 100644
index 000000000..2bf4ad712
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E
new file mode 100644
index 000000000..c3363a922
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC
new file mode 100644
index 000000000..750c08573
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703
new file mode 100644
index 000000000..069640ffc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
new file mode 100644
index 000000000..391ffc14d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C
new file mode 100644
index 000000000..255c513af
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18
new file mode 100644
index 000000000..6225c0ca7
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25
new file mode 100644
index 000000000..83aeb1fce
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517
new file mode 100644
index 000000000..f8a8957ac
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03
new file mode 100644
index 000000000..376d0753f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580
new file mode 100644
index 000000000..6bbb4b5a3
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35
new file mode 100644
index 000000000..3536bd3cd
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D
new file mode 100644
index 000000000..8e513a9f0
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6
new file mode 100644
index 000000000..36a442b89
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E
new file mode 100644
index 000000000..54f809962
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
new file mode 100644
index 000000000..8ddc7d79b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799
new file mode 100644
index 000000000..c9fd41f7f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374
new file mode 100644
index 000000000..61a7ccb15
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14
new file mode 100644
index 000000000..e4bd48dac
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A
new file mode 100644
index 000000000..f6df0f4fd
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7
new file mode 100644
index 000000000..0668256a9
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
new file mode 100644
index 000000000..cac44093a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25
new file mode 100644
index 000000000..46d4477ab
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C
new file mode 100644
index 000000000..4989f3e73
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22
new file mode 100644
index 000000000..7c6adedf5
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169
new file mode 100644
index 000000000..70f5b7c91
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
new file mode 100644
index 000000000..141b05ef4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13
new file mode 100644
index 000000000..95500f6bd
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC
new file mode 100644
index 000000000..87d8b52d4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239
new file mode 100644
index 000000000..91acd396a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A
new file mode 100644
index 000000000..b5f5fa6ca
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537
new file mode 100644
index 000000000..abeb964dd
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186
new file mode 100644
index 000000000..34c8cf8a5
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE
new file mode 100644
index 000000000..cc35ba691
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B
new file mode 100644
index 000000000..783dd271a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC
new file mode 100644
index 000000000..74c4ce3b8
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913
new file mode 100644
index 000000000..f3cf5e676
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC
new file mode 100644
index 000000000..fc5bd433b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04
new file mode 100644
index 000000000..0a8de4bb9
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941
new file mode 100644
index 000000000..d2e7db667
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5
new file mode 100644
index 000000000..f2f1c6562
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0
new file mode 100644
index 000000000..476a3efb2
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233
new file mode 100644
index 000000000..5c88b668a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28
new file mode 100644
index 000000000..38c2de589
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B
new file mode 100644
index 000000000..f1d7b6a28
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD
new file mode 100644
index 000000000..c1b90c0f4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E
new file mode 100644
index 000000000..3c77b90d2
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630
new file mode 100644
index 000000000..29d93550e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F
new file mode 100644
index 000000000..2a88295a7
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35
new file mode 100644
index 000000000..84a1690d2
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286
new file mode 100644
index 000000000..0dc186019
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
new file mode 100644
index 000000000..a699436ca
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200
new file mode 100644
index 000000000..05a8b86f9
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA
new file mode 100644
index 000000000..836ba3767
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B
new file mode 100644
index 000000000..87b13faaa
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F
new file mode 100644
index 000000000..f1c03d688
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6
new file mode 100644
index 000000000..781d1e4f2
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B
new file mode 100644
index 000000000..8286cabbc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B
new file mode 100644
index 000000000..a0148f63b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C
new file mode 100644
index 000000000..42a64da07
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
new file mode 100644
index 000000000..32893db7f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C
new file mode 100644
index 000000000..277b6083a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29
new file mode 100644
index 000000000..afe6fdf09
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF
new file mode 100644
index 000000000..d71177a4e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml
new file mode 100644
index 000000000..e67b1f5ce
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style { font-size: large; }
+ .hidden {display: none; }
+ </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">
+ Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml
new file mode 100644
index 000000000..741013cd1
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style { font-size: large; }
+ .hidden {display: none; }
+ </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">
+ Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms></VerifyTransformsInfoProfile>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml
new file mode 100644
index 000000000..517f6437c
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default"/><xsl:template xmlns="http://www.w3.org/1999/xhtml" match="/"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css">
+ .normalstyle { font-size: medium; }
+ .italicstyle { font-size: medium; font-style: italic; }
+ .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; }
+ .h4style { font-size: large; }
+ .hidden {display: none; }
+ </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">
+ Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform>
+ <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ </dsig:Transforms></VerifyTransformsInfoProfile>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..d361d919f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ad13d7b28
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..b6f39e354
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9fef65fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
new file mode 100644
index 000000000..3c7775b6e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..36a442b89
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
new file mode 100644
index 000000000..54f809962
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ab9e0cd7d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
new file mode 100644
index 000000000..01965769d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
new file mode 100644
index 000000000..9befb53fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt
@@ -0,0 +1,34 @@
+-----BEGIN CERTIFICATE-----
+MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt
+MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B
+AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv
+YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt
+cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b
+DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk
+hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP
+IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A
+e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ
+67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG
+36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t
+zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky
+zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi
+v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S
+nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B
+o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM
+TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6
+czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ
+/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB
+0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ
+YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j
+uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw
+0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs
+p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi
+lm2dyCqZ9RUD5ZN2YRntJoo=
+-----END CERTIFICATE-----
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer
new file mode 100644
index 000000000..8c434777e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer
new file mode 100644
index 000000000..efa28178e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt
new file mode 100644
index 000000000..203c416fe
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt
@@ -0,0 +1,37 @@
+-----BEGIN CERTIFICATE-----
+MIIGfzCCBGegAwIBAgIHAJZY0iYXUjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQG
+EwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5IG9m
+IFRlY2hub2xvZ3kxDTALBgNVBAsTBElBSUsxIjAgBgNVBAMTGUlBSUsgVGVzdCBJ
+bnRlcm1lZGlhdGUgQ0EwHhcNMTgwNTI4MTQ0NTIxWhcNMjEwNTI4MTQ0NTIxWjAw
+MQwwCgYDVQQqEwNFaWQxDTALBgNVBAQTBFRlc3QxETAPBgNVBAMTCEVpZCBUZXN0
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKs+u9OdjFmRGF1Cbsa+XSuvzPoIG
+pPtcJs+4thMbCubwSQMvUOssrCzrC1Ji9YVxeqHs3DU2RDEosoSUROJH3KOCAyAw
+ggMcMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMIIBNgYIKwYBBQUHAQEE
+ggEoMIIBJDCBggYIKwYBBQUHMAKGdmxkYXA6Ly9jYXBzby10ZXN0LmlhaWsudHVn
+cmF6LmF0OjEzODkvY249aWFpay10ZXN0LWludGVybWVkaWF0ZS1jYSxvdT1wa2ks
+ZGM9aWFpayxkYz10dWdyYXosZGM9YXQ/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnkwUAYI
+KwYBBQUHMAKGRGh0dHA6Ly9jYXBzby10ZXN0LmlhaWsudHVncmF6LmF0L2NlcnRz
+L2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEsGCCsGAQUFBzABhj9odHRw
+Oi8vY2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdC9vY3NwL2lhaWstdGVzdC1pbnRl
+cm1lZGlhdGUtY2EwHwYDVR0jBBgwFoAUedgPAoHlywvut/xEv9Nn+hCGURIwgaAG
+A1UdIASBmDCBlTCBkgYMKwYBBAGVEgECBwEBMIGBMH8GCCsGAQUFBwICMHMMcVRo
+aXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBieSBhICoqY29weSoqIG9mIGFuIElB
+SUsgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgYW5kIG1heSBiZSB1c2VkIGZvciB0ZXN0
+IHB1cnBvc2VzIG9ubHkuMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYJsZGFwOi8v
+Y2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdDoxMzg5L2NuPWlhaWstdGVzdC1pbnRl
+cm1lZGlhdGUtY2Esb3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRp
+ZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5hkNodHRwOi8vY2Fwc28tdGVzdC5p
+YWlrLnR1Z3Jhei5hdC9jcmxzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY3Js
+MB0GA1UdDgQWBBSOwKEfd5HkkkiziZBb5Yj4HWy1DDANBgkqhkiG9w0BAQsFAAOC
+AgEAAjjDMSWxbUHvklPKS4xTJJV7Bl5Gy++/LZ39Mb8ZCgjIsGIP9w3hhz0kfi4z
+Iz6hvf/Yx9zlKZ/wRIU8R4iygqQSY5Zm28WKVm3Vbhfs4ewN4FJTP8w8LgUSHJ02
+V+JIHtUt5i9U2a/I01bmzIIfBYL0IW8s1K3VMAzADyHDGW/U6h9ck7dayw8OWi8t
+NT4tnKX4mEhH6z2kUPnv7fqFlSRrD0uqkeKZad3A1a155S0Dgj1cZmNjR4sRhQhh
+gba/EGuHNyEXchVasIITohORuJV9BAq4CckbSLo/qCSf+uiQUJm336LwavjGZked
+O/auvRTETctPipjdONSxF/jbjAQ3fmYR/VqvoCm6K3ZgWTzxk0S4mfarrwooDvlE
+rkSnrlLf+D6EyQt9LCw/i5LvH/+E+ZQ4AKwTHmJok4xdSgywyNrxsciZrvUGgwe9
+n+CV3IzEymYfL28qykKWpqbPTlSHqa3SlImdl8ywJI4hAW7mzZDp4OjhibRydJsR
+7uiFnfhIKMTDicnZGgPZZqIuS4qGwYBszU77R+XmwmZqZBkNP88eYW1qnxCFGEtI
+OiiETwO4zxXFF21CeB06PEwRCVgebBg0zBnX+hIsT/nJqwHK8I0Yh24BCudESUC2
+gE9xrujrk3e7r+lOqbYbzeWRJnXILg+SnflzC9kS3LxRfJI=
+-----END CERTIFICATE-----
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer
new file mode 100644
index 000000000..911640d0e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
new file mode 100644
index 000000000..1bb449441
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt
new file mode 100644
index 000000000..803b30eb1
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEATCCAumgAwIBAgIEOWntwTANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC
+QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg
+aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1U
+ZXN0LVF1YWwtMDIxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1RdWFsLTAyMB4XDTE0
+MTEyNDE0NDkxN1oXDTI0MTExODEzNDkxN1owgaExCzAJBgNVBAYTAkFUMUgwRgYD
+VQQKDD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0
+ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsMGmEtc2lnbi1QcmVtaXVtLVRl
+c3QtU2lnLTAyMSMwIQYDVQQDDBphLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMjCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANwJSfWpRaziThddTTup72Cl
+tlXl8oc7HQoK2SWsYQwZGAd5nJZbwbI4K8VFKlNnK72Zl8UhmQ2FxhzS6u+Q+qEz
+JOM2xTfA2NB6A9/KFpTJXUjvCHgRvW16EEF9YpYXxKTSK+QrYCXAC5rL6SuYOzgA
+7Q1ivq+zLbyXxroux2zVEBIiaBGpZhOHGDFJk6h/4QelIqzd2TIDCRzvhmLDVmhq
+X2C1NQb5kZuMgrxxOhG5Cr1F8solkwyu43JiM+apY4bZJVQBwi9ATBMz5tfdoLRs
+lQy1BCQ4X+b6u/2856gucU+1e/wa5pB9Ff0eP+xy+j2DZOXLNd8m/IQvnshjNusC
+AwEAAaNLMEkwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIRgafjkGOFb0wEwYD
+VR0jBAwwCoAIQg8xWXA9iecwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA
+A4IBAQBq/owq5eGvhxegchLvnMjPnE9gTYIHEvMq8DN6h2J7pTEhKG2o09LLn/pN
+HWRjKENU/LqZBIAJ5zebm5XqzB631BYcuu1abyPFfpMdAL9X4zFuDvg9EGaTir2c
+81XaBYzVSLN7fxmNLKSmMwUt0JQQyqpe3V9iyoBE/WcQyKmKaEp7mCZsGFBm6KmJ
+gqD6TPb7X9bWUr3yx6Z5gek71f3vQi69m1x811azXlxu1i/XFnVpzxkrKRXJWC+w
+nQRxXmU7YnMzYPOA7UOpUG6J+7tYi29hY3EpMgyXM/T/BL5MdyzBefbPVzLHng5z
+VaXNpO0ENCrlUyi1m3Yd/7QPDdJM
+-----END CERTIFICATE-----
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt
new file mode 100644
index 000000000..ee17cdb80
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt
@@ -0,0 +1,36 @@
+-----BEGIN CERTIFICATE-----
+MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl
+c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx
+MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV
+BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry
+LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1
+bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC
+IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS
+BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp
+gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR
+cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls
+5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d
+s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka
+hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE
+/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9
+kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh
+5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu
+IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj
+AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov
+L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME
+DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1
+3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy
+8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG
+x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM
+tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3
+76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra
+nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN
+sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp
+FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy
+Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq
+C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52
+85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK
+6MsTXFjxlwpIacl4fkAxk6L22xfB
+-----END CERTIFICATE-----
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
new file mode 100644
index 000000000..cac44093a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
new file mode 100644
index 000000000..32893db7f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
new file mode 100644
index 000000000..60bc9a557
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT
+VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx
+NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK
+DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g
+RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx
+HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA
+A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B
+kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV
+HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8
+fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK
+shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61
+0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB
+/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq
+hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ
+IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g
+zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc
+d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh
+eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq
+/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA==
+-----END CERTIFICATE-----
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..d361d919f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ad13d7b28
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9f27442b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..b6f39e354
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..f9fef65fc
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
new file mode 100644
index 000000000..3c7775b6e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..36a442b89
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
new file mode 100644
index 000000000..54f809962
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..ab9e0cd7d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
new file mode 100644
index 000000000..01965769d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
new file mode 100644
index 000000000..b9a0e5a61
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer
new file mode 100644
index 000000000..8c434777e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer
new file mode 100644
index 000000000..efa28178e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
new file mode 100644
index 000000000..3be7b6a06
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
new file mode 100644
index 000000000..afe6fdf09
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..36a442b89
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
new file mode 100644
index 000000000..54f809962
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
new file mode 100644
index 000000000..2284687bb
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy
+OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
+EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj
+lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ
+znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
+2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1
+k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
+2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1
+hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br
+cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm
+FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ
+tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s
+FJ6N46sU7LjJLqSKYEB8usoIiw==
+-----END CERTIFICATE-----
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
new file mode 100644
index 000000000..33e776369
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
new file mode 100644
index 000000000..277b6083a
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der
new file mode 100644
index 000000000..376d0753f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
new file mode 100644
index 000000000..376d0753f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt
new file mode 100644
index 000000000..b2de9da56
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt
@@ -0,0 +1,42 @@
+-----BEGIN CERTIFICATE-----
+MIIHajCCBVKgAwIBAgIGRUnF8D5SMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYT
+AkFUMQ0wCwYDVQQHEwRHcmF6MSYwJAYDVQQKEx1HcmF6IFVuaXZlcnNpdHkgb2Yg
+VGVjaG5vbG9neTENMAsGA1UECxMESUFJSzEiMCAGA1UEAxMZSUFJSyBUZXN0IElu
+dGVybWVkaWF0ZSBDQTAeFw0xNjA4MjUxMzA4MzhaFw0xOTA4MjUxMzA4MzhaMIH8
+MQswCQYDVQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2
+ZXJzaXR5IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBw
+bGllZCBJbmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEa
+MBgGA1UEBBMRU2lnbmF0dXJlIFNlcnZpY2UxHjAcBgNVBCoTFVNlcnZlckJLVSBE
+ZXZlbG9wbWVudDEwMC4GA1UEAxMnU2VydmVyQktVIERldmVsb3BtZW50IFNpZ25h
+dHVyZSBTZXJ2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd/3
+9il61ghIH781wRGg5m+12MRxFB/eKLTn8Aj3YpTmI9+4CTG8ESmu20i/d+mRc/Bg
+5tzvITi+964gIsovynCdU9QEwWF9SKTQ7vjTMfkTWDll+KfSWjO71l7Dm9F/dRVW
+xKcx1j6oSxbnYZio3UBsSF+vfEz7cJz2DzAgAtM9s/2wSiYyWwfQMQcgEgA4uWtW
+/7vre8FDgxxtA3XOV7IgKoEfFA2c7a6gVGUjN90OWxn4ZdDGpjDY9mAnEJS2rQoZ
+EnkI47rfx35FrEPt7Rdc5mTSwDvbJqLlxkCUrPi+CV/esMxryX4+mivaghxVy3GT
+SpTxf2IAgX2uX2VbUwIDAQABo4ICdDCCAnAwDgYDVR0PAQH/BAQDAgeAMAwGA1Ud
+EwEB/wQCMAAwggEXBggrBgEFBQcBAQSCAQkwggEFMHcGCCsGAQUFBzAChmtsZGFw
+Oi8vbGRhcC5pYWlrLnR1Z3Jhei5hdC9jbj1pYWlrLXRlc3QtaW50ZXJtZWRpYXRl
+LWNhLG91PXBraSxkYz1pYWlrLGRjPXR1Z3JheixkYz1hdD9jQUNlcnRpZmljYXRl
+O2JpbmFyeTBIBggrBgEFBQcwAoY8aHR0cDovL2NhLmlhaWsudHVncmF6LmF0L2Nl
+cnRzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEAGCCsGAQUFBzABhjRo
+dHRwOi8vb2NzcC5pYWlrLnR1Z3Jhei5hdC9pYWlrLXRlc3QtaW50ZXJtZWRpYXRl
+LWNhMB8GA1UdIwQYMBaAFEJur6/qQSp/lFcFhYLgkUYhyVdCMBkGA1UdIAQSMBAw
+DgYMKwYBBAGVEgECBwEBMIHKBgNVHR8EgcIwgb8wgbyggbmggbaGd2xkYXA6Ly9s
+ZGFwLmlhaWsudHVncmF6LmF0L2NuPWlhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2Es
+b3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRpZmljYXRlUmV2b2Nh
+dGlvbkxpc3Q7YmluYXJ5hjtodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY3Jscy9p
+YWlrLXRlc3QtaW50ZXJtZWRpYXRlLWNhLmNybDANBgcqKAAKAQcBBAIFADAdBgNV
+HQ4EFgQUCGcmNEgrFLwredMpRpa/34jEqY8wDQYJKoZIhvcNAQELBQADggIBAIAg
+/Ft+vM0DUKKipcF2xSZCweqEr6bF9I8FruxKyHg4WcWiUvFs96Wkwj/GA8YMJkjE
+SKad1nP+hFjiraYU6dSfpOnAUJyLV0q5DM8Y0cl8GDqazE2kNGNzjmH9HvGY9CWp
+vwF8htBnBX8N4Evw2t86eD4V507k2Ev8JOPWKifZwO0OCnPkkBfq30H5GVm9JA8W
+joEXYQzzX2TBYrxqkWNosAsN9StcOvv9sfTTtW+ozK5/VPvAp9SUOjC5Eww7BuKq
+yBxDrTSQ8hlfW2j8cMtCmg00LISnspiq8PdvIWktDO0sriyh3YuIIUx86OE9rBcG
+20qr9s2oXYzVxq+T6hIEzDC1v/sPbpeYFdU6DW7bz/3ObPcKjkGD7J06ZDZFbgXr
+aucr01ZFjdgBcdH0UzmsIaAMG+HY5RU99AZ5bP5RH+DbSTZLlcm8Zzne5/b0rN+a
+2Q1ctptQnaPlZYQMcTSqXcbM7Umzn4LgnOedjfAcp8Pk0r+bZojrzFGuoi9fqkqe
+qTup+PkGj+I8D+pOG/sSMaPx/gPZ4llO9v17VGHKH+OyGIsefwd+jXhMTJMdt5kO
+6fLyTFF1MP4Ld64pRuboagZqe3dmy9HCy7AVnq9dIl/BlhLjhLSTYWvwtduh33WV
+qegwBldr6P9vuJTsOrre7bRvkA+VnuZhlNW9AC1/
+-----END CERTIFICATE-----
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt
new file mode 100644
index 000000000..d69dc044e
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFZDCCA0ygAwIBAgIJAJav+zeqU/DMMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV
+BAYTAkFUMQ0wCwYDVQQKEwRFR0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYw
+JAYDVQQDFB1UZXN0X1NvZnR3YXJlY2FyZHNfSURMX1NpZ25lcjAeFw0xNjEwMTgx
+MDM5MDdaFw0xOTA3MTQxMDM5MDdaMFwxCzAJBgNVBAYTAkFUMQ0wCwYDVQQKEwRF
+R0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYwJAYDVQQDFB1UZXN0X1NvZnR3
+YXJlY2FyZHNfSURMX1NpZ25lcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBALkLgt+MFTxLfRzcEIZ0bycIFg7g/HPN7QWIZ67bHzrb6ehebzF9VinzDZXC
+kfKWdUJbkNSuWKWrp2X62f7oGhdqK0yFc+Dlo+OpIDgQiWCpBfKJo8cPWsiAmNuT
+xWVagU5faI1h7xvvOVMybWe92nivfqLOuEx6WvX/UoIawRHV2VmPGFgZocM5G0X6
+bUVEpqxAa3qOIlRr0poB+RA0PA86hRpRYal/Or93D8BfQH5l8zV9QcvPe/KeJSpJ
+HgGWmEs593LtNuA1Rv1iDpuu10y7C2FeMBvcUpRkR7WAj7vIYVtQILXCh1FhfN1b
+Hg6xLVTyshlgUn7ARQJYoJ3togdGamDRlnKU2rXN9j88Tw6fAdcCvWbWVtjy8pNj
+WLkVJMlFWdfO6/5LAva1HxROMhFx7QOPhOzemetCtT2fI4FTAk9Vyf9wTUQOL8sq
+K73t1A419lYS8WuUCzHDxLujLiTuwoIUgzMN/bqMEZrogPLY2Kj4vmZMZ4gU2PU7
+Yw+Xfang3+/yK1gYNEebpdvPi8SVUAnus/Cfmdwdn9O/naWiBpjc06GJvMbegjxw
+oPBM5c0SkCR5xCaygZL2OBpRMKgdfrk4k0pj5ZUm+mtrOGojtRZJEZQCBpVPk1yD
+3L4/Z4AZofOo8dSkUR+xJN0oKnIdfndvBxNF4sxY4IwOvFRrAgMBAAGjKTAnMAkG
+A1UdEwQCMAAwCwYDVR0PBAQDAgWgMA0GByooAAoBBwEEAgUAMA0GCSqGSIb3DQEB
+CwUAA4ICAQBcED7tE8qmAwFBdhyoz1D8yodEZmmdXZwksA/kI+o+5wQs6Y/qvw7j
++eBvlctyXCXWh1eFeb/FaiA5Cpoak8Nc/oY7T/yBj5gfKHlNqVT1owaBkHsEYMBv
+aUXxyDCbnFMznJfkxjbvFbQdd1hceJht8Dx+ikpB6MJHqHIEry0WWgf3JdN5PErr
+ATndjBE4BaTZ2q6sCv+SdK60Mk0mYA6l6nSC9eB8G9C4bA1cQEOu6+FPmFzSkiIF
+temA1tjQnhxKZZigzxIN3EQAnq/23jf+CkxAt5GkpUjqF5bqKI1nerJOgn4Jm5j6
+sPZGpGllzHLBaybfY63Az4sERC28OlqFw1vxQs4hWIWNWEAMF3Oz4+pYg4OIIh5C
+Nr1aqJgssWfOZrX2KSz2vqrZoU67zq84MQcJTSmgKVBb9OnrC5tYn5YVUlydPPjr
+Um0iHlWC0MFiIgSzx6Ti2HnPgc0UHsA6IpSTo+UufYYNDiFCssRbu4r0/Syq4MP3
+ghYXdP9Tj0FISz2TvM6YQfzHej94bZcVNwnF4pWEnGZtBbNVvJRw9iJHHkDWLiYM
+1B73zs7+pA8YgKqExDHXc1Shou5HvSuTXSmaTMUHrCkhotHfpqYhrJiAmJ+OftNv
+6oxMPfNhZg01eOotm1J+WV2mJbgcPTNSC1ONcSFdQ5vZZLL24J2Hcw==
+-----END CERTIFICATE-----
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
new file mode 100644
index 000000000..592c96230
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer
new file mode 100644
index 000000000..a699436ca
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
new file mode 100644
index 000000000..e4bd48dac
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer
new file mode 100644
index 000000000..61a7ccb15
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
new file mode 100644
index 000000000..5171276f4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der
new file mode 100644
index 000000000..5171276f4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer
new file mode 100644
index 000000000..ebfbce9a0
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt
new file mode 100644
index 000000000..fda99f2bd
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt
@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD
+ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD
+VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD
+VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5
+IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ
+bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE
+BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE
+AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH
+mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR
+yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI
+Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL
+STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI
+6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD
+VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB
+TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh
+ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI
+KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh
+ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG
+AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ
+S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56
+QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ
+KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb
+gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W
+ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w=
+-----END CERTIFICATE-----
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
new file mode 100644
index 000000000..afe6fdf09
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
new file mode 100644
index 000000000..376d0753f
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
new file mode 100644
index 000000000..592c96230
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer
new file mode 100644
index 000000000..61a7ccb15
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
new file mode 100644
index 000000000..5171276f4
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks
new file mode 100644
index 000000000..a976d286b
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks
Binary files differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
new file mode 100644
index 000000000..221ab5351
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
@@ -0,0 +1,6 @@
+{
+ "v": 10,
+ "respID": "NavkR2BWuvroWkIKWhAQ",
+ "inResponseTo": "_2ac94139a4451f7ef0893a5b823aff16",
+ "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAiZW5jcnlwdGVkUmVzdWx0IjogImV5SmhiR2NpT2lKU1UwRXRUMEZGVUMweU5UWWlMQ0psYm1NaU9pSkJNalUyUjBOTklpd2lZM1I1SWpvaVlYQndiR2xqWVhScGIyNHZjMnd5TGpBN2NtVnpkV3gwSWl3aWVEVjBJMU15TlRZaU9pSlJkRjl5UjNKalRWQm1jamxmYWpsaWRFTndhVXAyUTFWMmFVSlFSbFZqYzJwbWRsaGhVWGhJYmpkdkluMC5RQ1BLOHZrZzlvSkprUk5OTmR2cVE4V0hvTk1Id3hrRExlMEVFcmN3UDJHTVROM3gtR0Y4MFVoQno0Z3VrOFVFcXpqaFM0S09XOXVVbEdkdEJ2eVdlczNPaUM0SUQ3eFNmVDF6Z3R4QnlDcHJLOFQyREZTa1VqS1JpVGpqOHoyUWlWXy1NbzJKOVJmVl9LMWNseVQyTTNFdnNjMUQtNWkyS0dzbW9tcWlsVkpqaFhZSlZkZllBRFZVQ0pycnJFTms3YUNwZWxTWU4wZ1hGU2VNRUNyRWp3Y0lkaHM2TW5fU2JiUnRJTnVSUmF6aEZEM1Fhb2lKcjFTdy0zS0JUV19fUThKTlhkQW9KdkFqcmFvUTlMNk9JTEhwOGlVQUMtbVVGbDJ6bmVQYnBoTnktSlNzV2NzVlBpVG5HYzdKNDNyaEtvZlJTWmZQUmVxWlRQYi1ncXZCS3cuazNqZUprWXJucEZMUmdfY3dZZ09zN2QzQWRVWnpmTjM3YTROeW9aY214MC4yWUg0M0lzTWNsVFBuTGZMVGc2TjVlcjVQSmdmMlFmRWE0bGg1dFdxSlJHdUdPRUw3TVVUMDZLMTVxUV9jTWZ6M01XVnRDV0lSNE8xOG5yMVZtN3M1cWZjRUlmQVpTRk52OWo2SXViNkVTeUtDeWk2YktaM0VDWURxbS1ZMjZETk1GWU4zeFMwOG9UV3ZPbWprR0Rqb21xdzBUcjB4RF9saHBRZlhReTJ1WWZZSDBlc21NY1BnS3lyRmF5NzZnV3VQeWxBS1lXbzd2WVB0UmxMR3AteWZ0eDFVMGFQU1BCbE5sOTlxb2Vzdm9BVTFrSXh1aU94Q1BYVTBqYWZJamF6MklDT253QW9qV2xrVlJWeDE2TENEUEF2d256Ty1vbHR3eUNBNmNzbXZYN1VvVlAydFZLdVVGVnJRUVFkNTFsOGc4dmxpb2pwMjlMV3ZSdjJTeDR5UG84TS1qOGw3UlV6SlhwZzNsZV96WGJfOFRfYUpra0d3YWE2UV9hV0ZDQl9ISkRGYkUzbDJzeEtBeHYtYUd0QzhwVVp4RnppNHB5YUVMd25QVUhpalE5UnpRUm0tY3RlTUpZM0NhMHlpMXl3eERudGRic3JSQzJvdG84aTMtRnIwWWo3R0t1THBvZ1hHT0RLX1p2X3FoNFdIZTBjRkxZUUNuLVNUSEJtaVo0SHBxTU8ydXlmeGpSYUxqN29KUXRSdXJ2NjNvMGJpeWxtNTVqMHg3eGhrSDlPR3liTUtaWVE3cE04bnYyblg3ejhJTXZRdkl4UU5heWNQVlJycWFtNERVMDJCQ1VlWVc2T0x2TEg1bmtMaTRmeUhoQXJtdXA5R3JFU1BHeGRlcW1PcTRYeTMyNlE3MUNNMU14TUN2ZXdoU3R6RzBWZnFnTHJjSHl2bndSdW9sRnE2SVlsZU9mZ0JMOVNUR2M1WWxuUU05UTJYS3RabVVkMUk2VVhMS0UwbzYzU0JIbFFHSVlJaVBYMy1VYnMwcEtLLWJfbGhMNkszT29Pdkw1V3Q1OGljV2FCbFJqb25VbEQ1eGR2b0dLTjNZVmRxWDVSZ3BIUnQxMHVHcDN3cER5S3RYTy1OTWJjaVVTUURQMVlNMFZScE9oZVN6Nk15Vmx5eEZhMWxKNEVpVXRhYk5jYWMwMHJUaHdqMkpSWkJRUGlvb01YVk9mTmxGN2xGdm5UN2liQWNVTTNJcHo5bW1XM3VEQzFxNEUyd1p1bWk0aWloenBlRkNjZTRPVkZWYU1pMGxNaW44VnZNejVYRW1QMFlISFNGRS1LaExuZVdMeXlFYlBzendhU0I3ODdXTUNkZ1JmRU9PakdLVHAtWkNQeE5jUXY0ODVFSElEOWpzV29nRVBxZERoU0czSWRhT1ViY2EwOXJ6a2xQaWlqaTlaeE1lVml5dUd6M3dkc001Y3pmalRHT3BXM0hQOHlwM2JuYUVLMTJBdDNuTTZvUkdGekJLNmc5RDl4eTl0c1BiMkF6MFozc1hzV2RpbzVJV2J5UjhNWk5PdGlNOWxmYU5MMFY4X21ueGlrdWxlSExIaXlQc1JIZUotb2NSOFE3YWh1ZGJfX3Rkb0dFN1R4dC16U0tPZHllcWtOUll5cVd2MFByZloxTFp1bkNCMFZqeEFtVUt6N3RrWGpxeVFQZlFsc2dmblJ1blBhMGVvZHJvZEkzV0dYQmlkSUVjWkxHbjM4bEZyUWVJUkdfNG1hMmpteGp4NURFdXN5OGdqcEl4TElvZkxGQTZXWEtvU1pwWV9sMUxVQzJ2RzkxWGt1R2o0ODB6Z1NzcWFyN2NUd3ZUWnh3M1hqamtJTVFuS1RKa0s4QnByNnpqdEdJTTF4VEc3Ti1iUklhYWE1VHFjbGhGc0dMTmJTU3Y0a21EU19TX0x2cF80cWFHcWNjTHJGZlh0eE8zTnRXaFNpdXZzX0tsN1VfQmxIemZYV0lNQ1lZNlI1SDI2dWpRZ0ZEenpkV1pQVTBxM1hVdlltY2FXUHdMV1JWU2IyTVFjZnd2NThYSl82cUVxLVhaQjU5NHRaR294SlI3TmQwRFhqV1l1dVVTNExTYXBubnZ3eHRpTUF6X0diMjBwTmNBS3UwbDJGb1Etb0ZwQno0LUNRdVlZbE9pUVZhRjQwN0xlVUpWSFR6cG1USWdlZV92Z0VTUmtqTjY3RUowbVBtZDJQU01mVnZwXzBmLTZYN2NRSDlCOUdET05COHJXUFJLZnJBYkNBNWxaZkFSZHFkMnUxTTA0TDZjNW52OGh6NmptdnpIMEExSjJIMWNpT2I2QldoM0daNzd2NTlKZUxEZ0hoRDh5ZjRSOUdNSEo2dHlFMmpsVmZTd2lSc1JjMVhQS0Q1WTl4aWRoZDdKYWV1MmptakgxVXk0aXNrN3BjTDItWkxTOS1rZ0tFNlBxUVliQmI0U1lqN044UXdMQmVodkM2RzVYYjAyaFlGWUNpUzhIV3Z4djRpZTBjb0RkZmR0QVEyZDFpQUt0VlBBTW1saVRCZ1g0RGU3bW9oeGRRRVpTbG4wY3RRRDJsTzV3RVIzRnlkejN6M0lLbW56eXBXZnNkSHh5ZF8zUWM2b0RDZnlSV1NJVW5BQmdhQmV4ZmI1RUhXQ3NOeDVXUFI0ZE9mdDdrTWdBay1NNGI0NnAwSE1ieDdYamZ4U1NnUVprZmZRalZraXFUR1FGajVXS2hNS3h4YlVpRHZKa0laeEVCbWJiYVBQeXNjRXVxUHZvc3J2VjFadWtiWU01TWpobV9qMmk3RHBJNzIxMXRZdG1VZWZ2Sy1jUmp5TU5rN0dxb1kzRFdobWE3WXhHN1FlMmY5U1paemhOZlJ2T2lSak9TX3ZrTXFjUnB2bnlhN1lsc3lYZi1fVi1TNDU2SkVKeHFKNm03UDdkS0ZKTVdxQnlEb0NLWkJBdjB2TXRWem5JamhPa0oyS1o2dW9VdjlWcXg4NXBUaU5XWGEtYjhZelB4TkFTVS1IWWh1bUxLZE9jS01veGt1UENzcURaMzY3d2xpS1g0NFJCbW5fTGpTWjFqSmxNelByQVJyMlh1ZUtHbTVBQkNDSjBWclNhX1QtM2lNT2IyV0RVOE9EUFo2MHFmRklzTGRkRHk2QXk1c0RqbDZFa1RKc2hqZmNacXN0Ti1rc0kyN3d1VDYxVEh4dXRnS2tNWHZ0NFhoM3B0VGgtdVJGdWJmYy13cm90M0JXdXRzMjFnaGpkbk44VDd5TWJRaFNxd0N4anlYSXZWZXJoVEtKWkZ3aWQtTUVFLXE1VVhKQTN2R2FoWmlSN19XalEzX0NjM2dWLUgxLVAxZDhidnI3dTJURlRRam5CV0l6YXFIVW1QbWRyMzJoX1lkYWtpelQyNVlJNGkwMzJweE53cmFzdG0zY1BWa0tacnJCX1llSE1La005dm1QaThiSkhicGFSOFBkUTVuQk1XSkJkaUVuUTdoYVpPazRrWEltNXNyelJNVWhhRGxJaHR2T3hFUVRpMVd0RXdzcjd0OGl3YVdyekRaTXpGRVY0Uy11WUsyanhJeTJleW5CRXFzd2lBMTBnWVo4ZXhCSjJDU0VXM3lQeUhUWFIxN2lBZTdXUkJpYUhoNElXUnBJalI4MHExRjlRd0hVeEhQenJoSEFXN0JFLUVBU0xEMG1YN3hCWi05a094S1E3VjNNSXBIOFFhck1qRmJRelJRX0Ftb1E4eDdCMUdZLXBUeGdzMWduOVFxLUpRTU5peFhZSWdhM2dJQnV2ZE9GQjlQZXl0V3FpT18wV2Z1dVpHb1dkcEY4NFBoNjZlMEdCa0NuYjRkVnZyaHlZNlRvRXVzbTNtTFR5SVB4UWNTd3NnR0VQSHN2eUpxclpwdzNHVkppXzVfNUZqakNuMjhwSTVQTllEVE85aFNGYmhNcDNqMEdBam40NXpJUEYwdTlCa1Fick9WTFZrS1VCbEdHaWd2N3lSNWlvd1F2UjRvX05BX1ZVYWxndV93SWxVRXZZVC1Ba2hodzZJSFp0Q3lJYTd1aHJ0eV94TEYyX3lHRG1zRnZkZFBfeG5jY1dZVF92LXdIYm03NDVObmtoN2xVMlhrRUxkMVQ3bkVfb2p3aFlwWmhyUVNjanBfbUdSRmFuU2ZxOFVYNU9rZVh3bm4yTEVRQmJFOWEwak13ZE92M1FnZU5zYjIxd1I1QVE2RC1pNnRhaGxqWHVDMjBSbVFaTWs5Y1JPRE5abFNYUVZBQzhqTTEwb2lpRFJzdklWTXZjQWp1ZnBLbGNzdFFHdnlXZmZlQjNKbkFtYTRueFUyeVlYeHFyMWRkZEpQbVZ6c01xek4xbWNnZHFLWERHX0R3dGdCMUNNczJVd0tGaVoxQ2lpSk5vN3hPOEdaT3M1TzZncFpKMFh6cjFudFU4UUpYNXhoQlZUM3BRVFU1bUZ6SFNwdExkTU5ueTFjS2RITmMzQVlyUi1CdEdUVXV1Qnc2eERKbS0tT1FjS0RqMUJxSkxmMG01ekpqNlBKNHFQTXpWOEFHSDRrRzcwRHQ2bHI0eEJrQTM2MkpoN3B1eGFsWWh2aHJoR2UtOUhHVWZPNzZwVUlTS2o1WlplQXFfUWp0aTVVdzZGWU55bUM3ZWVUeDFPQUtsN012V1lUaVJiLVlLVHlNck5yY3V5RTRXWGtlVjBhQTllX09JQncxeHNpU25SQkYwTVJtbnpuX3J2NC1kNWtSSWNGc0xWenlHbzZaNFUzNk1odTB2a1R2MlRIU0pYc1ZEdzhvSWpEVUg3UFo4UDZrdEFmSmlLZXZ4cnZZdWw0Y2daaGxhNFBnUDVNR1RmYXlZdGZJU2NBbHZ0TG5pNDA3OG1ITmNoVTcyc2dheGtndERsSUhiVUpqdDlpZEZFR2dPcmdvODllMV83N2VxWklYaFlPdUpoOGVfUlhRd1o2bThOQjdvV1lWeDg3bmx4X1VKdFplZ090dGxnYUhwNXRWVEdPTk5jeUdtZENMU3lvRzZ1c1VRd0VqeFBGc1NTSXU5V0FwMTliOERzTWMxdzN1cGxIZnRMUXlnUDBzUXNRUG1FdndxOEpZc00wcjRfRENPcTJkcENvS1pUTlRDQkx3X0V6N3NzXzZpY1ZkWWhHekRpbUdZTWNOanZXcGQ3Q3pNczdkV1RjN2ZVeHVDWmstTmRwMUhvajVXTGJQd3cxWnVNOTBHWTZUVU4wMmdsVXZObEJ3Z2tTa1doclhDMU8wOXlGMFQ3akZMV3g5akMzY0VZSmhzTmxVbWVSeWdXalROajJQeE9WTDRTdHNZTXBUOS1VemxnSEZEbTdxZ3lMdlZhVGcyM0lWLW9LT3lraUkyT1Y0RG9PcndfR0hlMTlsdEQ0b1ZsMXRrQ2h6WDlVR3h1TTJJM0o2b1Q2Z25kN0FNdmRscUgyZkFQb0NfVHUzSUNFM1dRQXAtTFBVTm5lUkdJbnduR1Z2aVZmb1dUVzQwVVRadUlPNkdwOEJDUF9lZVFEYUVnV0VCUC1pV2M5bjZ5dW05LWhCbDNHS09YVlhnOXJsaHJSdDY4RkE4Qmt0WE9NaWZud29pNXR6Ry0tMTFPZVFmakRGbmJNUlh1WEpoT1RSLWNVYXZLQlV3RmFFc3pZdGJjQURmdTVJeC1lWHY5ZlM5d1pkZElOcHpzT3ZZb0t2cEd6MjVnNktxTjRXelF6bjY3WEhvbGs0VVMzVmRjRnYtQ3g1ZmV5MXlpXzFDc05acVlPSVZYaXRHRk1wdHZ1aThPLVp4Z3dhRDV3Ymh3TnpBbS1FTkhKRFNyV2Y3X1pwYTl0RUI1ZGM0SjdGbnpwX2xVcTQ4RkxlZGRuSmVoNnJhMzkyckh3NlpyQTJDUktsc3hlWTBZdGJwM1lyMXd2RWlYY0xZYTF4OWhBMnozM0V1aGFhUXFqWnBJQ2lYdXVxc21ZeklnVGU1WVZ6ekhZOGVkVGFCUE11QWdrMkFZTHQxZHhETGdndlJ4MXN6cUE1c3RUNEpFZEtXbGs3ZnFIeHJIOGoxdTNwTjNCaS1LTXdNekJ4bjNEZERncTV1ZTFPY2g1d3VmLWlhVHhnZVdfNmV0eGkxNWJ3Uko2STRuSUxTVGk0bG9aUDFTa0ZCVkR4el9FODg3Q0I1ckN4ZnhjY0kxRGsxSmlRWEFqNGtEMF9mRWRxRkllbnpnMWZ3VzBETkN3U2R5ampiNWlmSlk0cVZ2Y0dBSHpoX1dBOUFlYmw1eHcteGpqTkloZGplTEwtbzZ1aHdwLVZBSXE2SEtWMVFIZl9QMWEyNjR3NnBTZENHdGdvYjEweHdpZTA1SFY2R3g2MnI2ak81TE9QUHpkVldvbWJxTEUtZVJ5bVM5eE1JOWl4RG94dWhjcXh6bUZ1cU1mLUxlMjU1d0g0ODEyemVBSi1QTDBjU3FTdjNfXzUwRGRQMldVVHRHMmR1aTNlcDR0VkNObkVINlZFUnY0bUd6QUNwX2stZjlVcWVHTnoyejR6QnRWUGhKWi1rVUEtZ29uUnhKSEFUcU1iOWd0dWFpV2hIWk9mcEZaQi1EZnRuMks1MXZRaXZWWWx0Y1UyRzRYSDRMekJhRldjUjBZMEdVWk10SGxsMXVWSmdqZWVXYnBMaFE3Q3B2Q1djVjhlNlhsQ19BeWEzX2NnV2VNb2M2OG9GV3FBa040TFJ2blhLb0E1M0syRWdmNmhYcXFFLWhMM1RDRW5VQWhaNUkwVWVENnN5X25ndDJsSGV5ekRNT0Q1ZEpuLVpZdm1GZWdEMFlmd0FyWDlETnhrVExfelhzT1hzNERMWlhJMmJxUG5RU1dtbXdmQ2xkNFU2VlZhYklTdFVhdDE5eTYtTjZzMzJTelAtNm9QQUMyYWNqOWQ3c2ZoWHowR1JzNlVEM2ltdlF5MmNWbzg3MVhyX085OENFNENTZEM3cUFNSEM4TE9vTVB0ZWtNaGpkN1dXdW9BUWtUb3FzUkdRUzlRNDQycWNjeEhtVWhMYm0tYUFIXzBBR0dKY0psY09ObmlZY3p2dzFTSHRtZERiWU1BUFBqQ0FHWXlFT2NBUDNueTZEeTd1Zzh4c1QtZkZHNnUwTnZ3Y2RXSndTVHI0R2Y2Y3BtbXkzQTRwYk9wS1ZpdWJoYVJiMkxRb0pOanlxa2h2aTZVMDU3UFIzTkZiSEhSS2xPT19SVWhCMEotenFvWnVPb3NTdjk2RjZNZl9HSlpCUVZVcTBrQWI0dkVlNU95ZXg1aEcwSFVSMWtYZXB5Y0p0RG9FbmdqcWZqUmp3YW9HcTdJLXgtaV9qZjV6NXlNV0FqRkpkOGhiblV1WnB3ZG5iVGhLX2pHRXhWeW9zby1TM3BNQUM1dnA5MzR5MS1zbVo1ZXA1UW5xUGg4YUV4V0pfcVF1NGU4cnEyMzVtRFNmVGJOd1B1TTFJVElhWHAyaTA1aUZ1UVZPcEliOGpuUGNMN1Jua0dLMHV0TkhQOERJLW9HSFpiM2dVQWV0VHRINmwxUk9xZ0FFRkktVHQzVXlxQmotSVZmZ3QwRGNDbmNoYWlQUFhiSExjMjJSYm1jR2JjTjk4UWpQSlRSZDNjRDEyN2hLQVZIS010YWtiS0x3cV9abmpCZjlqMDZuVnZvWi1fc1RMNEZZSkhSRWJpLXhOcmw2SHBqOFMtRFZRRUpNMXlLLVRBUWI0UDR2X05uWU51R1dVTlhYYUh3bmNOcVFseWM1N3pJYWVkdzFUdm5UR0gwUDR1end5MWFnZFlXVWFXODE5c01ISVhBNWJmTzNEZDFSZVlUUzJjZ1NTaGwyclUwSUtrY3NsRlJqX1BicUt4RzJYSXlNdE01ZG9Eb2FONENFNHFfQmxNZjhXTENvNG5WLVVSRll3eVM1bVdkVWtSZzJJMWhJcXA1UGJyaHptUGI0RFBSclE2dWlNd1hXY3oxN3lOa1daYTRNTThIUW1EeVRwTC00eUJlREU2MmZwQlMzWkZERWxKVE9UMThRaXQ3Ny1PdTFjODl1V3EtVmhkRmd6UTBhT0Z1T0RyY2RmSlpEclJ2M2NXeHBvSG80SHp5Y3lsYlpFd21PS1FxdmhQN2NDRGJYbEFObGlPV1ZkRzZYeTQ3QWRIS2luYUhELXN0eWJGRnVHUl9KLXVibi1BVmhsYzI3bVlzbDl1X2VDbVpSWGE0bkFTa2YyYWNONFd2em9YWTJlZzFrNi1Qbld2bnZDeEVLVW9iRi1kdS1EY09nQWxSdnZzcGlweFRTS3FaNGZpeHBfdUJxYnlDOWR0YkJZTnBLNUM5dU8xQ3JVaE9iQWlMbC1NNVgwWGt1TjNYVzJ4TEpZWFhaenhGbkh4d2w1VlFpQXZDWEVlZTZaTXd1N0NZNVNqOVpkeXJfQV9uUExyQldHX0hvUEtlV0laWEQ3a21nVWVJYWQ5dUxrOWUwbjl6Mmx1elowWEF1YlJEOTIyRUYxLTlpR1VGUjQxdE1qX0JldDRhQi1aTW9YVDZGNGxKd0gwT2lLaERkUmpDRDFBazF1aEhjLVZjTDQtMUJHN3U0cVE4VWtWcWlnMFlldmlNaVJOTFZxMkwzTU83ekZEUnN0SURXamVZSDZkRFNqcF9hZVFhWDZXR0owZW9nSmxPUGNTTUZldjRCZm5pSGFOMHp6RmFaNHJjQ01wTUZwUHZCcHMyVmhhRHo4NVdnSUpxV2lNM2UyWEt3YVEta3pqU2J0T0EyVmNhQ2VKMjc1UTVmUkVvTDZ3WkoyQUYwVGo2OURpdnRWNnVfVFpTbGNjSHg5OWNHWWdtYTFQWnJMRy0yVTJiYkFfMG03azRzSUdYVmlJb0VyU3dEUThEU2tYcG5ZNDRLQXdFVkQwMTJaT0s2dWlsSVpsSlFHQmRCWENDa3JOeXRfUDk2ZlpzckotQkQyNzJFYUdiVWZVSkJqNkc1NU1DZnFFQnFCV3hWSlR1M3Y3QVA4R1pWeEEzREgzTFB2TEU5OFkxYW1yZlNrdmxieHlCQTVmb3ZDQ3NUMUI5WUJlZlhDZ0JULXZ4SjE4NkluYnA2eFpZbWd4YTVCcE1vLWt0RmZTcnRyNXNGNlgxV2JIaDlmQUY2emNta29kQ05CNXNaZnhvRnJzNlB5YVc5dF9yMjZZcFJmYnpLUGl6SjZlOXlyQ0tucmRaU1BNaVdBcnJJamtzWURDeExQWGZEaGlES05wbms1emwtTGRXWGVvR1VncmxnZ1V4Sm0zYnRnZzVDdFZYUTVfN0lxVUVibk5oMldMc2tlRzNQbW9zWjFjRWp4UmRiZzNBcTRWU0c2ZkU4ajRRSmloM1ZzTWgyUDVlUmFuRlF3STFJeUQ0ZzY2T3dIcEZ6Q1ViSTk1WEZ1VjNRMFc0TjNxaUhMR3BPaTEtWFdEUWhQc2FwTnhadkpKbW5FcjhoOVZyNGYxNzhZelFCUnNXTUVkOEhtdkFJYjN3UkFXOWxMUFRNMVJkR0V6ekNPUDBCQ3VnaEcteVdGcFNEMG9tSzdVN0otRWJzVHVGSHVEX0NlaEd2U1RJUDV2bS1BeTJ5LXBFT0daaVBCSk5HeWlTYktuRVI2WkpQbW1PUXpBNTQ2ck9xaDFDTmo0OXBuZjByaldKM2xXSDRhaGxsemFweGtqSWhDMDdqM20wSlZZcl9ZNWFkS3VkbV9SSDA3bHpRRzJJRXY3YzZnT3JwR2pYeXVOeUUwWkFfMHVrT2xRVG1icENpS1BJNWprUzZ0MXNtNVItQk44TGJDTlR6QjlCSk9SZGt2WmRESWhMa3BUak9aRnU4Wk9raWFPZUx6cTZRNHVBZVhoYlo4MldVQnY3OC1NbDNIVzZiMkswREQ3cE9lZ19LOVBRZGxaVnFiRzAycXc0WDRwOXBiUmV6S2tQMFYxdzhXQnNMdkdkbWp5Y2h2RnBiSDJwZkZHNzJtdGhoeTVBVjg1dmRDVU5ZYldBd3RsSTFiM1Y5SVZoMzRzWEtjUHowYWhKdV80N0dmNm40ZDlsQVc0c0VRTWtoTDQ5NjZwTno4eGczeHdWZVBQUndTNU9SdWU0TGNCWEdzYXZ6cHFCYnVIQ182ZGJ5VFJSZlRBOEVObWNzUWJrMzBGenNXR1VLS0Rmb2N2WWx1bjR3amZ5cVlQWkE0Skhja1liUnNZS2llUnNFTTZVRUFrMGNOQkUzRVlueHZnU3JtRWtqdHJQR2lheE15U05QNWR4S19oVEVDZTJoNWxpSVVKaThJYUpSc1g5YWR1VHFGRVowMmdQamhwTFY5TU9JTjRYZ0d5S2hhMnhxdVFfM3A2RkxXaUljVlJiR1lTS1I3cDFIXzI0OGYwOVVnUGtuRV83ZlBrQWFnamFfQWxqV2xHX2F3UXhCOWpGTGNHNldIU2p2ckpWOTRZOFQyV3VDYU15WHpMZFUtaWhpeXBYajB6N0doRk1UUktUVlBqbGZ2UEtJMEVBdUM4U1J5dVFkYXd5MzVGbTVpSGFsbnNTY25TOU9GdENzeVRxamkwNWt0OURpRU92Y01qcldEOVFrQm1aUzJrNWg3QzZFS1dWR0sxeWVOZjQ4YmpqSGZMWmswTjlRQ0dIRDhFeVY3NHhmV1BWUWNfQmd4SzBRMDV0VUlYTFZOV1g1WlVySFh4MVFtVWc3RlhhejR2cmVCZUp4enhSSnJaZjBWWlEzNDFPNG95Sk5KN3ZWc2dVcU5Rc1Z5dFdKNkVKRC1pTWJBZVZkeXM4OTk2UmY1LU9XcVhsUUs3dVVJbVZmMjBxTDJpMHlVY3NmX3ctUFM3dDJnNVh6Vk1feUlXZmVSSE9obTJ4Mzh5UUY0dGROelBtMjNsSkNXc0VuOTBhSXBJdFBraVk2T2FCTG5tdzByNWNpNi1ZR2xocWk0cmxVSDI2TnFvTUZNeGRqQ29kVzFHb0VkdUw3T19VbzJib1dIaGUtTUF1YzVxR2R0RVhac3BCTGd6WG0wOVdpaWF3OXhWSUYzQU5DbE1pZXRobXRBQ0pRd2pNeC1rckdTZmtyX25ScmwweEh3ZlJwajIwX2VWdHdKX2xLcUh5Q1FzT0ZHemlLWU5tVDhDbXU0enV6dXhRc2sxVVZmbkJ5SVBGOTFNSEFPZUo0RGVaMHNyZjM5UFZLd0I1RjNpcW1QSmYxVE1jUXluZFlYbFpITzh4SnlIZWhRVWJDTlNoX0hMeHpCVF9CX3B5T2d0N3l5V2c5ZmNLTUtodUtJaTFhTXJsb2FNaTEwN2xXY09OTWdQbTdOSWJURjRyOUUySi1oU0lEWlFrb0tCQkoteno3TUpvRnMyTjh0OWxqSW1IRGFrUnhYV016TFFKWC1WMXhkbktaZS1zek1XaEdMRW9XckNMeHNOQXZzNzlSTHBBVV8tdmVfWld3bWJQN05jYm42V05aa2tUWXZuX2tuQzV4LWhkZTU2OUw5aXgwOHdTNllDTFNxb1JvRVdveE1pT0ltU0p6ZkZTMTFnWHdOcnZxOGtYSkhzMjI4OWlsckEzOG56LVhQSWVsaW9EN1Vfc2hSSXQyRmhsT1BlMVcyRWNSbGNvVm53NDh6UGpiTHBLNTNTNlB6V3NuV19GbU5aejVVWV9oY09NZnljZkNSenN1N0s2VHU4WWxKWXVTWTM5ZUdlVWpjaWI4OUE0OFRLQ0w4Ui1kQUJyY0QxaldCUWg3ekxxckJfMnkweGd0QkVWY1k4bjdmRkNNa1Jac2d6bV85cDhKRGdjM0tvZGFtVHRDTHUxRDNNNXBTWDMybXh5WUNReW5EZjBfdXpzZlBHcHpQZEhYSUdEQlRNcjdpOUU0RWgwSGhUaUowSFk3VUNPeW9WUjBrMDQxNUlVV0d3dXpUelY0MlhDS1NQazE0ZnhaeUNVR3M5LUtsOXNtaHpOajZrTTc0NkQxSGI5QkVLdU4xRDkwSUFHTnhucHFlMHl0OGJZQjlHcWc1NzJ4cGVpbVRCQVNkemh2aEVTZ1VoNUNwY2JXR2hsekVEcS1BazgzbUFyXzJDdFpnVlB3LXRqRzF6NkladnhfekVyUWh1REhyV0FvcjB4cWdSM053TzlJQVBYUDlNbVdFMEhsSzlmS1E1TWpISXZiSkZvdGFOUno4N2RVNkRPbkV5Q0syazFSRkRFekM5Q0drbjdSY2dDWDh3alZCdE9LcW1vNlpHTThjZW9BMjJ0TjlmT2dRWko1b2N3OVg3YkEzZDNhMlRsUHJSODZvVExrYzctNFdUYmVxTWdiZVBXUUgwQzZBNGJxN3VScF9qaVl1V1pZN09VWS1TcWpvdjd3UzAwT3drSVN2WWhhYTRqd3NKODVSNXR6UlZuT0JlTGs4YVU5QmhVMEY3RzRhMHZKTDlKSG50SFpiLVotMWR3U29MUHhjT1NfdXVhemlZdXlyQ3hvQ0dld3lKQVJ4dzJsazJjRmVaVFRxRV9DYmVZcHV2OHpOR2piVzM5dUZoOHYyXzd3X0tINUJvTm5ZU1VtcVZHOUF1b2dqbnVMakRfSzdIRF9hdnV2LTNrQnUwSDVuelJnaHZCLVZacUl0dTVNSjlNQ1h4aVcwYmZhOXduYk1KU0gtZ3pXX2NJY0hXWGRzUFlScE1JWHBCVUg5b0xRZ2Ruemx0ekpvVkJkdWlsWmR5NnFfb1RfRkJNV1N0N2N6NmZ5U3E1TXNQZTFkYVRqLXE2b2lvcDNBd3d5d1ZsOUhvUlpKUVF4Q29JN1F6SjhURlYzRGJ5aG1Bb0xScU5Oc1FOc2ZEMDBhZ05lc0d1a0xuN0hDNzFKdm9qWmZWWHBKRGdmdWFiTkkzTUxhR3VJSDB3a01aS1dQSE96SHlBbEJuaE5iRDM2U3NYcHdhdEVOX0k3U2VQbVFWR09fSE5fRjhZajFjYm1KLXY4VkdtT0pQM0xyRlF6d1hQb1piMmNZWmlOd09hMWJtOU8zdGdDYXFhS3p1ek4wQlV3NU9HdDBsNVAxZG5PMEs4V3F5V0Y5cG5Mc2dpQm9KbFQxYUpaVlI2djlDRFlreC1HRnJEejF0b0MtdDZmVWhFQl9ZaUN2cWJSYkJybzFhT2pMRWVsVUxVSGd1OVBzblNKTlQyTGczTW1kQWtDS3NrUldhVEt2QWl5OEdwenA2QXA4WFk2ZDdjQ0lKZ3ZOQXpkNlVPUF92TERjZXJ4UktRYUdDbTBWejVSWWZRcGM4T1lKUmhEM3MzNFBhMVoweFRBLU1uWjVkSDBMU21ZRTlDWkFXWFFzZ0s3dXROWUVBbUZWN3h5cFA1UENHemJieEt1ZFVaLWdJYnBXQ215WGVobGN6bFNmbXhiOHRqT1Q5Qkt6bDFpU01fZ0cxVmFjUFZTQWJhWWVmMjRVZHViOG9tRGkyWFBwN19MeHFXakJDS0JMa09Ec09WNm8tLThFd3k5UHVIcFVWSlRJWjdnaV9aRlJfMXUyMWt2aHB2bGF6OW5GeEV5a0JQYmxyWWVsekxrOWdGQ2FoUDNOQXFjWVp2d0xWb1VTQU56YTliRGdodThOYTN6a0JtaG1USlJmdTBTdnpqRGJZbnNMd3EwRDZjOG9MYjVqaExka3lBN09TSWlaWkdMeVBicDloUTdXU21kSjA5VmVTS2VweUJmLXdtSzB1VmU5MF9mdHNORGpQSU83djFkYVh0YXJpUWc0MXhGY1RsMmJ6WVphYXV3N09IYjEtZDlzdk1vNnBjMFU1TlZzY1B5TDUwLTVhVmtZZHlOcU5uV1hmU3VfOFB0MC15YnRBNU5Rd2ZSNll2MjhLeGpLTWh5THRvQl9lcUV6Y0lneGVCNUhsRkMwTlFwY2VXUU1UelM3V01wTjJ5VTNIcVlocXNESXoyV3UxVEFQMFBCYnM3MHdFUnR1R0dwRHhPdk1ZRmxKa0FkTXRlamJ1bkVsWVBNYzJHMHZFQXFvNUxPWEhJNVVEQzhVVHhHY010QUFJdGw2Z2llXzB5ZFFiRjhpUHdMYWEwUlJBemZzZ3lLdExFZkR2dVVNNmpvVmxoS2x2LVhiVVBvYTR6Ry1aWlRQTTFUdHU0dS1BRjlJUWtEcDlHeEpwU0hfd1l5aGFqWFp5UUF6M0NScFJPTXBRSmRmYnhuNTFMUDUxLXJwR2ZQamM5cG54OVc0OG9OSDFnbGVySmR5dXVOSUVNOXVkN0h6ZG5rWXJNZ1NDZGNVVzdCZnZjTnNWcFJPR1MtdmRhSm0zdjJ6QTJYLTNaRjFEMFVFVm9jbHBvbllYWDNIQnowTm5tZXc4U3l0TDJsa0tyeGhoX0dRcERNSGxOakttZzlZcFd0NktLM0NTQXJFX2ZDd0hpOHd4NElwal9teER3LXI0Q0dZYmlwcy1QRVMwc1V4eHRLMG5HZ2pORGpuUU9FSVdSLVNqdVhjZUhIZnQ1dTlVMzFXbTdRamxtQTFhNWdSTTd0Ul9XMl9iZFMyc01mYUtkR2wtVERIVm84UkxZSE1WVXoxTXNWTVEwV3NuTENhTElmT040YmxpYXN0WDJvakF2VVZkY29YUWNTVDBqVEhFNUk0el8yNXdiaUhwTW9mSkRRb2NiUi1Edks1TDNON1JHX2FYYUhGSDVIeEtrRWZBa0JSVjJmOXREV1ZxelNiTjVuOUl1aDE4YVV1SzhxYmV2aEp5T2p2M01ESUdMX1lkZ0R3TFFlU0tjRWFFSUpzamlTMGdIY2V0WDhua1RZYTEyMlFKYWpzY244OWszZVVZeVBkNDhrZ2FldjUtVXZ5NHJsQnRJeVZRaEk2OUVGOHB4ZDlWZWJYNkF1cFZuSGR4aDRTejFWU2x2NU5WRS1ycU83cWQxRGxwVXJIYzhTMkpybU8tSHAwLXpadjJUM1hRT1F3MXJTYy1KRHp5WWJ4dTVzWjI3VmFlSlFuU0Jzb3NSVUZtNktaY3JPdzVoMk5qVkR0b1laSjVhQm5sWmY0aVQ4RHBDSzhzTzhacXFaLWRueEpuQ3RQZ1FLLVAwdzU5ZjFVMXIzV3Y5bnoyS09XWC1wdEQ5ZnVNODhPYjZyNndpdTJsVW5qS0dlTExKUmFVYTFPU09LemduTVZCbHowVGU0RWhmVTFud0lxMWZybm5BaTBNcmlWSUtNZlhGQjVtNnF5RWpOSDVUWUtCMk9MSGxDajRlTklyeW9UdGZIWUxneHY2YTUxRlFGSXJTazBhWTQ5U1NpRW9LN2hsRlZod2tGYkloWVBFMVBkQ1dGb3phN0Z2eVZIUC1GbXBzNmlPV0EwWjFiQlVXVnlNRUpDNXJWMXhMYjdUNXljaEg4N1E1Wm1waFVpb1lMN2FHVEdoZjJvaGw1Vk5YcWNXSlpDbUtUTUI1aXJmdzBlajVtaDg3VUYySnZFVm5YUTVhY0xWaXdiZ3N0bnRpUkJSZUpSNWxfUzhjek5BZzRXcWR2OHd0ZmhQM0djQmJ5R1p6VkJsVzRmSHRJUjhMN1gtSVhlSDBQaEtvS3F2ZUFXN2xfUDlSaVVINTdha2xPLVU3dWR6SXhrWXQxMzVWdzYtS2sxMm9nUmlYaUpEcWtkSFE4ZHZaR0VqNEtIelFUQlVVamVnOFVYRWUzc3VzMzNNQ1ZNZHJNMG5ORnIzRXk5SHFFa01PcTFIbmlRaFdKb2FIcWlYLXFISzBLYWR5eTNueVp4TG5MSl9udXdkMUMzX2V2UEVxLUR2LW90TXBvYmt1QnR0eTd6NElGbGpHM2lOZVZFekk4M1FKNkJRZjNmWFZhclpta1N0eDh1b05jMXZPWWRCQkdiVmduUExidWFtSnFkd01ITjhKXzVPUHY5SW9vVFFjZ1YzLU1BalV3ZVpyVm9SbTF5V1FZVnBsRTFUUld0NENFQ2NoQ05jczZaVzZCUTVldkJ3TC13enNQSFVBTXVTcTB2N3VRSnJaT0cwd2hDXzFtRFJWMUlWeHk1TEw4SXQ2TDhTSXhhRC1yN19JSkpFYnk5c0dodHhpdFloN2pRNS1qb2V6Y1M0TEttcWtGemhVSVlYa1BWZ2pGQzdyYV9SbzNIdElhamVwWFkyV0p3OEo4QUxaSTk4Wl9TMGw5RF9BekY1UmZXWGdVdVFjY2NQTG05MXg4RDU1Q2F1bFJjb0tRTWZvR1plMDFGMXppR2t0U0RUSWJNa1BzU255a0tteGk5UDh1QXlncUZFVjJyRkRvaGx3TlJvN1JEOExTRXprbFhZOUFGWVlpdzNfLTI0d1oyS2tUeTI5Y2MyZUZVWlUtVHctQ05ONWFLLUdWMUNvU2NscEhoTDdRemJkVkl6NzhFU0VVY3UwS3V0QW12RzBZbUVTaDZnZnJYaVJzd1FZdzBiblVHdThKZHZsZjFFNnFhMk5MY0lwRnRtdXprbmxkMEgzUml2NXdTMjZGRDY3TlhvMFZkZ04xYWNCTDE5QjVWSVJaSENLeU9LMFBwN2w3OFhfcVl4T05OaDZYemZkYnBHWjZySG1fazhCM0xndW9lNlpxMU1IZFFlU29OWlNicmMzVDhtUmh0REhta1RBX00tMTVoMktaa3AteGtiVGE4SnVaUEZnY3djd1VNM2JTLW00V3JORDQtNVJ5NEFOOVZXVTRiN1hhWWc4d1FNODZ0bUk0QnRzSGVkb1QxTGNMSWJlQWtrNzB2U1o1U3JkMWtoNVdtQ2tNaHdsbnNrUGhhVEk1bkNGWEs4T3Q2em1GSkg1MGJLUFNucWlMaHVuODlkU2tJbzJCM19QOUMxcUpXaS0xdmphd3RSelBfdlcwaHBISlowWF94QVZrQ2pJbFU4OVoySHM3aWljUlpZdWstd282VDhXUm8tTHRBaW41bXRIbTFGOWhJNUNJczF0M2g3dWRRZ2xMdE8zd0RwNElCcVpyZ3M2UlhfTDdHX0E5SzNlT0lwREFxU3R0M3QxY3JFaWpjUmhQZzNORkRTeVFSZUtUYW5Jckl1NE4wQ0pSWUg1MnRxUE5IQ1I4NE1INDd4RGxKMkZzUC10aHpmWXdhSnJtVVdrS2hBNkFZSEx2VmdMcmJZdmZ0SEk0NmMxekp0NER5cjZ5XzFJVnd5eW5iUEZVM215cDJJeVpFOHFqQ1NRRmxjNUh1QzRxYmR6cW5xWTIxM3gxd19HZ3pUcEhPRnpRYnJlWk5qWjl0VGFDeF9vRXR3NXctcEFkbTJzOTlvUHdqaHJtYkJRQXllZ2xZUExwOWp0STZkY1JfLXBKSlhISTE0MzBXMnFPU0lkaVBmSHZRUzBiOUxENEhTaVZaN20tM0J1VlVEbm82SGh4bnV5MjV5T0drX2cteDR1OE9odU1KNEY3MGVYVTdNNUp6dGM2aXVfODBORUhwR0xxSWFyUWlWUWJnM18ybGMxVTlQVkhpWWQtSjF6MjlvVkc2RlBaTlRUWVpsQ25XMkEtVnB0YzI1a0RHdVpxSEo5cFRwVDctTTI1X0VLdGVmUjg0enRrTnEyV0ltTVZpV1JONlBkY2l6NW9qWmVrYWN0SXgtT2NCd0FiVXRkN05tRVNrMEVlc0FXQWp5cHNjWXZ6ODhQMF9ULWI4RG5KaGg0OUc0Z2dWTDhpek90bl9QU1d1Qm1LdTRJeWV1V05uZTZGR1RtQ2pyX0t0cmZvQ19NSUd2a3dHbFVvdWwtSWN0aUxZMG9CbkVKWGgxdVFDWVpmSWRwTG5nbHVpQms1ME9FYXlHZzMwdEpobmtkZzRYSUxqdENEeGNFQTlOa1hCMDRTV0QxNGNXaEFWVlRiY3p4ZFpvWWJnbEM0aUVONWRhWDEySFdKZlNSNVh1ZlVuQkpUYzFvbHFUN0VwemhTMXRLeGx4aUlzdm4xaVBOZ3ZFOEUwODJIcFBuOGoxcjBsVFF0OC1Fc2xfeTFnZlRiTEUzSXMtZ2NDNHd1bkMwR09MaEcyMkZST1NsRXNOQk9KV19nTFB2RW9nRHVoYkdmX2dmdHR5cHhnMmcxd25PdUREV1N1MURtY0ExaWdkQ0Q3MGNtOUVEX1REa3lJM20yelNhejZBTHFUQl84czFxSkEtakduOUJxdVpMRkNfdVUtUGt5cW9wLWJ6M0dyTmhhcmxtYTc2NlFoM1lIdkt3YjVvaGQ0OFNaOF9WWEI1T2xiOHRwdVdUZUFSMElybU9kZGs1QTFpYXFoUUpkZlNjLTV4aFBORmxIZ0hxYkMzcXI2dVhCZGhGNE1XMjVMdTN2U2xUczhuZ3N0SVZlNnQ4YkxOQmFpWjJTY25VR2UycXo0cjBzRy01Y1p5a1RKQUdsSjFwTmhfMHFhWDlEeF9qSmd3TnpqQ0FYaGRreWphVXhwZHN1dW02bkJKOFFUaHBnbDlVYVBfcFNtZzY2Sm5qSmJLeVRVUFBqZnF2aTJwQlZjOXV2ZXlocHdwdXpISGs5S3FiZHNPQkxGMEo1X1NBdVFQSllSdGg4ZDJTLXlGRVJsQ3ZoeHRMUTBOS2R2QldqV3V6Vmt1dmQ5N2tySVZuSWdaczk4V1V4TG11d3YxbDBJQ2FLNEpYVkszYTIzVktSeXBPZ3dGX29IMC1rVzlnSGpKZ05Xdk9XUzFUdzNqMUMtMDRhanB0ZFIyU3JnMFBKMnE0T19Dc3pCRGx5c1VnZ2ctV1dxeFJZdkhSWVloNXdqQmVmcVRWbjNESElEaGp3cjBXaG15WG1FQ2oxMW1UbFQ3VWRUMXVoYTY1cTZ2SWJCbnJ4cmZSM3kwaVA3Q1d4NWk1QWY5QVdfaHdnSGJLN042WlliLTEzODhWQ1dIcnZrQTFnM0ZOVE1nTDRVaHdNcGZkRlg0SGp0d2ZqRGlEVkxuVlZmSVZwMWNnRGNTMUVGV0pIZjVNSzlnZER2TlBsZVFudEYyTkU5QTJoVjhPenhJcktHTnpRVWYzQXdVZ05sZUduMl9VM2EzcUtGMzY3bWZwckltUDJ4ZGlfa0E1Mnd3VUF3VjN3alZHUndaX3RfSC1PaTdYMDZfcUoxSnNtUnJUN0stc2ZKNHRLWFdtemVCZVUzUGh4OGVyYzVHekE2R2xyTHlkSmhsWnZNdlJSRGR5MVc0SVRTMXo4R2EteUdNMlZvaURGUG1Sek9qa1B6MXpONEFpYzR2Q1JqQkFPVUJqb3J4VjYzbndzLUNkZm9rUDEwZjNCZEVKUk1tVkIyWU5NUU8wTmRRM2pPTU9GdE9fOEVyYU52WGtVTzJ5VGp5RUxkaEczZENCTWVxSU92Wm9NdVVNMkV2TjFfMjFrazN0VHNzZ1AyZW5oYTJQdi01dVpXZE1SNFdodTlfUlFTeTFtVUJIbXp5c3BfZVNDT3QtV2I5R2Y2c0RYZWZySXVhMURNUlE3bHhfa3otYkZtZ1E4WF9lZlhKeFE4WWVZMFQzNXNXVTQwZnVwTmo2N0tfYTU3UG83QllQT0lQMlBxS3ctRldLaUdLWl9NUGYyck4zQVRDXzJodC1Vd2dEcGJ0ZUY3ZENVU1haT0J5ZGVLcE5zRHd2c2EyRWVQZ1dLUjVtVlJxUUxuSEJxRllSVG1Vbm9QeUdRWDNXekRPNTVtRnY0TXBmOTZKeVdrMlgyUkFoUVNrcFl6MzlDX20yX09yeE90QWRVTFlJa0lqWlhEWTVzS21wS2lNYmk1U1pMUGpTMElBZFF6SXphdlI1TFBJWTdhenpodzZWM3dnVkszU0JiMXlhUzExRnEwT1VnaWpwaXI3TVo5OU5qNWlVLUtnS1JoZUNJZlRpRDRRcG9OV0F5REl6aXBnWlhZMFA2YnNRa3JkaTBaaXFiaDZQSHFwdlRYdWxTV2M2UDVUUlZUdWZ2Q212UUlOOVR4ZERKamVWWERjb29WSXlGVjFGYUJXRGl3SFU0NXZmTUpWTUpiUG5ZSWNUakdDeF9TQkllc2VXNGlNN2Q4Zld2MmlNbGY1bzZvVVNmNEtyM1RVdll4a2tXR1B6T3NGcWJXZ280aHB1NU9RTkdhR08weVZCMmpQcjBnMFYxTXMybHVwRWIwak9pWU9Mb05ueWkta3NQdDg1c3ptVWpwdXN6akxqU1pWX0NtRERiY2psZ0FFNXhaZGpQLXpCa1Q0Qm9XOEpEcFJubDA3V1JNT0JWaHd3WE1GeG5odDNjSzk5OExIU1VSR1RDZWxkUDAzZElzRlctbjA4WFlGakdMdTNSVERmOFVnMTBJajVlelE4a3JCaG5laDF5S0FHdzB6ZWdUblI1UjFGZFNlcldPRy1BTl9JZkFZQ1JHbllLb0pISWFwbjZqYXhicjRNNUgzY0Fydlk5Vi0tU3RXRDBRaHZVVXZpNkxRbHZGazJPeGhHM1Q5UGh3QjVYY1A0WDl3WkNmY0tfU25aMmRIWFd5SWY4NmxHUmp6N3dxalFFcFNvdUhfRXlYMGRNeGdYLVoyQWduZGxFR2h3TkR2U1BNaXZYb3VscWRpTFdSUmU2Zm0yZGMtdFlkM0lnQktoTDdJYURGRWx3Z0pHOW9pMFZ1R09wNG9TSFphZXFWVDYtWWtRRl9TU3JIZno4Wi1RU0t6UmJrZUNBZHowalRHSmw5MzdnS2tOdEc3WTQySTdfTGxpYWV3LUpkTEtYUFk1VHNRZHZWaTFZMjYyZFVCMExBU3RPdzM2SGJZNXI5UjlFanhVZl9XSkxObzd1a1gwZVJfZ2JIaFVqTG95LUhtSW5mekdHRm5QQWdFRmdtZjU0bEdjdEFIcERJVEZNYWUwam42Zm45NUJwejJsOW9iN3JCbEpLV29zTVluLU45M0t6c21ZSEZBMm11T2RtRHRkR2VmX2hwbG9MeWpYUmRVbk82R0pGODZqcGFxc1lTSGNtUXhLbi01NjBlT0UtSDI3SC1hM3VmOElrbTluQkZIc2ZJRG15ZzRwWkV1cTExNHpjSTFMX0M4NHc1bkE3Mlg1VHplZlBkTzlHNjhlYVpySUl2MS1LZ1YwMU0xanVVaEJ1YTV5R1I2Z3BEODVjRnBlZDVOOTd2ZDdKMF9nUlhrdjNBMldTWWc3akl2d0RIekNEVHlmeUowTXJWM0Q3RFpDUDZ6LURXMGhRUVhiUkdrRVVkNGxldmZuODdnRGhoQlFkSlNTS2NFeHMxOVFyM2xST2JmZjMwLURxdEF2Ym0yWlhBZ2UzODRBY0Vva19MNUVrem9LNW04dy1ySHRybFlwNU1HZmZKRGxPa3Q5amU2Q2QtSmY2MnFtSVhIbWpwN2p2NnlkamxObE5HYlRsRF9GMmpPcWVia295RFVJb2RmTzBCZGtlaGtnNGlVazZqdjYyRTE5MnF0YVlZOUgyaDF6UWRsLUxhU3JxOUhSX0Jfd0oxdTJmTmI2QkktUU9JM1lVLWFHMV9qY0hkb2NENWxtM0lEZDZJV25sZGRUd3ZPWmp1ZXBWQ2tKREpRWGV1UlRtM0E4bmJXem1GVVJLUEhkeTlWSXVNTWdHeUE3QW8waXlSR3dVS2gtNEE3ZGpxZHF2QmltdkRhTUNsSG9yTHRPVDRrV0xCTFJsZWZfa2dOOTJsdHF2cWZHYXNZQkVkS0xvLTB3XzVaZjk3a2lnWVU2SHdsYjhUYXU4d3pJSFV6a0lQVVJzbWZVbVBsTGMwRmdBOHdZaDEyeWo1M2NJdloySWxSTmxfZUJod24xT0I1UVVXUlhGaGYxdkJHOGx2N00zRnlYNGdUd21xVDg0Y0oyTmRRRkxFa2x6aXBlQU92NGZ4ZXFKbmJPUlRwaS1ibE5BMzlQMVIxV2JoS1V2eFZsMzJ5akRnVkNDMU10N20tR2pMVnhQZFdGNktCeGNtdXZZVFRGcTNmWHR2NUYyNElvNmloM2JxR2ZNeUpYaHVUOXBhVFNrc2QyZlczLTZESGl6SVdpVFdBZVptZi14ekJONjFoNHE0NFQzalpNc1g3RFR5cHVzU2xjUGhpTlFRdlMxOGRKSWYtNXBnVXlOa1Bjb24wUE1heXVpc3RBS3JGZDA5OWxjZ3hqeEpZUlIxcWc4WVF3VXY5a0NfbWduZ3g4UjlFMndHQml5YnJrWmtuV0Q3aGp6a1ZqMV9TR1hEb21QOE9FUmNENFE1d3dSVndLZmxfWWNySFZwSHh0ODhLdnlOUHhuT1hvN0F0Y0NZUUZPNUpKLVlsSVFHNXBkNHBxLWh4cEVuQ3NGdkJpSHBOLTBnQjBWNE00TFE1TjRCUmlDU2ZzTUlJcGZFcHYxa0s0dWRmam43SUoyOUlxdjA0ZExtSmMzRmFxQ25DWFh1cWVkeTVJeUJ1TExrYVkyQzhfb2xOakN4RkZEVXQwV0luNnNTdEdCR1NLa05KcVRzMFNkeV9vNDc4WFFCaDFnNkJQZTVKNGp0RldtaVhXR0tiMkFrQUw1VWxHYXBqem1McUdxT24yREtoR05ISEhaMkFYQnd6aEwtSHAxcTdERktRSmFLTE9SWEY3OEd4WHdvSUpfVjZ1bjhRZmxHek1EWTZ0OEhpQkpsYmxpWmlvX0JBZkNOOHY5LWVuNHJwQ29GVEZWbk1jVC1aVnFHNHhxaUpjTXdRRmVscS12QmN3LUlISzBRWkJlWU55S0RZN2ljdnZFWXhNcHlJM0MxZFBzTGhnQkVRa2kyc2RvMmVKMUxwZWRJRnV6QXpiR1BrczV0U3F0NmNpVTNNZ1pBUjZRQ3hLTW9rVWMxeUk2WjNUTmhuU09IQVFPbjUyTzF1M2VaS2ZQWEtWUEg1Y3FFTmJKZjVfUG82S0hueVR0el8xQTlUbERJWWd1NE1uMHV2TGNBNzlRM3JjU19VV0dyZy0zVlR4TDlYNVZuUy1oVEQ3dk5rd3pCcFR1eFI0R05YSy1SUWJNdGE3V25wdS1ULXFrMnpqZ0hNdmRRazliNnVhVm9LZFEydkNvaTMzMjlGM0ZRckozbUoxd1RBTXBqd1M2MkNwbi1pS0NqTENhd25IU3NtRGRSNjAwc1FHTGt2RXI3WDBZT1ZjR0ZZLUs4YURQNXRlcjNfd0dFeUdVWklFaG9tMEVUMVNKTy1TWGZtWDZOU0lEc2VYMVFyWjJ3TjVTT2x6WXBTNjVjZzAxSWZyUGZnX2dYY241V19aM3NBQnp0ckQ0MDlGcVYtS2JBN0p1VlNFT0hoUWNfSWwtUWxRNV82OHppbkl1aE9SZUV1cGZ0WmdRT0M3U2tNemRJRzZzcldfajQ1Z19nSkFWekladWUtdmstdXZnUDlmV3ZHVmthdVdOcEFTY3NSS2F3bWJUWnQwWXZpREZOZnJIbEpHX3ZwNEtQdmg5cHRyc2hTaVFKZGxqSEFCejlDTGp0TVFMRWI3UTlPcEV1M1pjcDZyam4ybkJQdnhtdWszQ1A1bmRIM0xoTjVwYThGd2ZSSlZreUp6SlNSYVExRlk2OXZ3b1IxY05sWW9tajZUVHJCM3MxMDdHamZjdFg4MEtXT0loanUzbTBRSWtWdVFEdUI5bE1OUTZaSDg5elUteGRxaFkxZGRvR05QM0dUSkZSSWxHYURqWFZXa1VGcmpRUEpvX1dNVFRpZ2U0bko2Mjd2ZjZxTEp5RkkzVno0SzBBbE9VMjVhelBSSFpxQWo1c1dBZ2RQQW1NY2hKY0RCV0RoSzB6UG9MLWN5dGJfOUVoU2ZDZmc1ZGFWYlhJNUkzREJSdXlKMnZ4RXlOMy15bDdod19FTkpCUmxmQW55MEhXc1U3UVVQVEx0aDlsRDhmWXFZeXQxLU5ZU1F5RFdmdlZxTkdoVTBXOG9mN3NqdHJYYkRBUWFSZDBBYVJMZnlxUG9kYndxbkt5NzM5Y044TmVCRkpvSTUxcEtZQkN6bTNSWFVVR01fX2RlYmUzMjlnOTVXWGhCcmVld0J3bXdPUV8wQVlDSzUzQUoxVHE0U3Y0aGRmSDRmYnJPOTRsZEJURGhmVjdIU29wNUIwN3VYTjEyWkF1VkI3OTQtYnFHbDMtSTkzS1NLU2hIY3huSUN1QWJDZFNGYnFhOTJvRVMyTlZCNk5SeGNHNHVPLUNMZXdUTEg5VHRZVE1zcUVaRWs5NkJibGJ0aTkwcTlhYUxOWFhQWWstTFR1SVdleC1SZE5GRXhZbDlpX1RPaDlOSGREZ2ZDWVZGeVprQWVRUzZsLW9QR1BZWHpleFdPbnZPZS00NTR3WC1LRFdEVlZJMHJzeDZRU19jLWZNdWppVDVBeC1KWlFtbkhMY1VUZlRJRnNqeHhsWm9uM2NLdTFSS3h5RURwa3BWdmVRNXJPbkNPZVZQQlZWdWJGU2hnb1N5aTVLdURoNldHZGJubDNpT3dobnluVnk3bnYtRXpxc01pbDlTNkk1NHc4RTVJLVYzRi1TNmFMM2ZwNEFhMkVHMEdXNHlGWTZCSzVjWU1sMzBWSGdhWjZmTnlzZmhoQ3FoTkk2WEU3ckc4UFJUUV9BZGpLMXE0R0l4anAtVUx1Rkh1Yll4Sk5PZzNMNlFjQmFUdTVCdlM4S2lrM0hpTEdaQUIyTWJrcDFCXy15R2NMeFhsN3FQVk5TQzIzZ0U5WEdzZXBxV1NUdWRJSkVzMlJfVHZuWEVCdTZMREM4bE1DTlpvYnY3Y1A2Q0xtbkMzRHk2akZhU1F0LTVpZjFTTVc4OXc1Uy1HVkVOV3ZkNU1hcm93d090SUtERlZ6TVE4alppdldydEV1ckVkM21LR1h0M2YzZXZKek9nMkZiekZJb19JYksza2hqOTRJeENkVGEwbnByRi1aTzVlT2NUS3BuRUNaSS1WX2Z0MGFpeEo1dkZ3bDh1OGNRelB0NUdhOXN2d3VMTDRnTHg5LVhvRHpqRjNrY3V4T3M2RXZ5VWlvOUExRC04dzc4OW1MbGhIWkdNX3BTMTQ3dlk3eFc5VnVucklrSUY1ZlhYOV8wZjBRMXJuZEktZ2FSM2h2Z2tMN3JPOVBoTnBUOHRkX3RNMWhrWk5yUWVFLWJHMWsza1NCM2Fmakh0SDJRREdFUHdpZ3RRb0VGTndnQ3lkekg1Qmx1UVJ3TjhsSXNHeThkLXg5ZVI5X09RZUNhcHRoNUM3UmxKMUstb01QVHNTbm5sbmVoNDJZcFoyOUh0Rk1CTVZvcVdtVk9DR0VxSHpkOVd3QXJ6YnJaQ1M5TjExellyNkxFcDRQblRkQ001Z2hWeEc0NmZCNjY2bFBDdWRnOEtCUzdGVHBSYkNtZW5uMFNsVzJfTVVsd3M5aUs0ODgzeTdXbmtFYllQSzlKSk1ZWFpEdXU5eHNmcXZvbC0zRGxfbjNkQzFUU3N0LW9GU2t2aUxoaHFscUI0YlhGUWxaaFdVT0FFTmJIR29SRHJrQnp0eW5JMVBJNkstcVdKdi1xMGtURUpZU2R5WU5jT2pYYXlMdU95UmFnaXdmQnpvOTJGUVJyX3piZ1RNQlE0c0pFdWRuVm16YlRodDhVR2JoaUh4Vmo3SFpFX1pGTUNHRWtHZG5CY2cxMUVsNnVQdlctRjRwSUVBZDdsanZXTnIxelhkVFpPTFNZell4VnFWWnVtLVNnNllZN3oyemh4UlN4NUttM1UwTTFrcUNwSHFqRWhobFZzalJwMFE3YkhKTTJBYVBKTGl1RjF2V19BVEdmcWFXZTNhbHgzb1VrZkdLNUJ1Wi1TcjZLLWxqX3czRDk4OEJSaEl5N0wza1RnR2RRaWp3NmcxTWlLT0RmZWtkbHN6YWRYN2FVTzgxam4zZXllbWYxUXRsenlyRUZCU2huYW9zVG5hTXo0RmdsY2lEeVpZLTVQX2ZOODFHc19ZUUxWZGVwYlJ3dGF4VWFkdkdLY2xzM1JGQlJZQmloTDNqcks4TElTd244Vkd2YVRiR0N3dUFTS2EwQ3lMNUJiZ19NQnI0SmdOYXE1cVVpZVExcjF3SjlNWkVZTzB6dXN4VHhyMlVBOHg2eVhmVVJGd0FONjVlVnJ0emFtWGhGbWZ5Y0tZME1RTkgxOHYyazJ3b0JFRkRud0hRaHRSMjEwMkd1bkFnMV9uMnZtUmktRmdtTW5ZTUk0ZmVUNDJMSW1PSXZja1VHN0dxSHV1dWZRc1dXS0lKNTAwNVFaS0NKS1hFdllzYUlIWHlDaVZPTGZ1cnk5RjBpS2EybWZrNjhUS3RHXzhma0REcUV1V1JzRE13eXVZZzY0NXNCSDJVUm9HUmR2bGhVcE1kenAxM3lnT3BSSTlqSG1pMVJXUkpoaVZydk5oM3pjUHlWdGxQbjdWNE1GUWtINXJkMl8zWVZkX1FCcnQ5Q1BKOGZEdmRjeTJQSTd2bFV5Y29MQlowQ2RlMUlJaWdlNVRFdTRvZ3Z6VUZaQVVfRVkzVVlIOGZIVFJQcjB6M1RrX09JeEtUZ2ttSE9MRGZoVnJaNWl3MGdqTGpJZ3V6d2pZeUFfY09YN2pOMlV3NS1uZVpzbWdZTTZOOEQ2UUozVFRRdG53LTlQbjhoazRHdDhLY0dnVFY5N051UkdhaFNxQ0d6OGppb2IwQ21fcDZ1c1gtYnVLSEQtejdhdVptSXlGUzRDRWFpRHJaVk9ZZGQyWUZabThaeVdWV1NvWHlpT2sxamNQQS1KdkJnVGtDUU9MUFp2U1drOVBMandBSHFVOUcyMXo0aXlQSEtyWjBDMVVsbUhRSUExVWFXWEd3OVZZbzltSGo0bllkY0FGa3RjX01IVXBOR1M5c29CUjdISWJpQVZhc2QzeGZOUmhrTW1FSFFnaERWSmxXZXk3TVJtdWliNEI4a2ltZDVpeWI3TDlHYndlSmlweTV2UHdxNGZZalJERlZia05vTDdZNTdFZWdLeVMzdnFubEpRV1RjS3h6RUNSTzc4b3Z3aFRmRU55XzNYNU9YZWRpenduM0RuQ1FTUnlxOFhnRFpyRFpENldMQUg2emNlejZnU2ZoN3FBLTB3NWFNTWpFUmQxdUFaWnlLUGNuVXJUYmhhNkd0dHJXdTVsVFB0QzNIMGhwNVdVWjI1bGNGYnNXNVJGX28yY2l0dnVTNzRYOVpSY3dYUzlDM2pUQWVDVC1uTDJJS2RVUXRGNnFFd3hZcGVmaGVHb1k1czZOUkRlQzBRTlJWWDNoQmpFbmF2dm40OFNHZkF2QlhNTG8zNThfbndXeUE0YjhtSVJadWU0Ym1Qa0R0aU9nWUdPNHVoY215aTROWU5kMVBUaENMVzA0WHFWb3pwQ1Vva1NueURYb0xMNFBnY1NpQWZMOV9nb3pwSHBWNGhQVm5hM3RsT0c1WEdmcFZscTNacFpEM2NENlpSUzdVN3hCSTdfR0laR2t1OThGWkRsUEVsRk5xcUV6cWlWeHFiUnF0X0prN1pBLWJ5V3g3ZXVQWVhicE4tLXMwZ2w3SHFBRnNrQTNCQW56ZXFyaHA4Nm1SbFc3NjZnMjQwZTg2S09hMFEzaGRkcG8wdnp5OFVxTEpCOVZURkNpNzBQdzN6WlZPdWl6OVVWTnc2UDRPVzRBYlJ2NWZYYVRzdy1PY3lzMjQ3YkRsdm9sMDl2NDhHa3ZSQ2ttWHZDQVgxU3R4X1FyNm5GMmwwcTBPVGNEU2FiVTJFWjZmZ2F3MGsxN21hdmIySFA0SkVtZnZwdkRwcmd5T1dUY2NWMDRVT2NBMDA3eGpaeTJNME5uRDZMZzVScFYwaDN0VGJjZFpHaHJXRG1icHItMkxhZmdiWG5wcXJ6N2hJVnhwa0c1Q3FaSVNJdnFYaDd0M0pxWVFGLU9XOU4wT2VqSmhsMVhvMzJlMFVOM0JNVmpzMnQtalU1bWlMSEVBYk0tUDd6Qk11WWdRY3JiRW9VaU40elFNdTBlazZpN1Vfem5ocUhDOG1OUVVnakhWSXZFelZyV0dRdjZhSmxfSFRUYUxYVmxKTWdGbkxfaEhiaFdoQlBxcUlHcXNvd3JXSUxVc2ZXUmtOdG5FOWhRSkM2OGtvUlVyMGs1UTlYd1RkZk1uNDlhNXgwRWdGcl96TTNIMjdXME9wLWs1VTlrLXZfa1JyVmpQSG9kcmRBZ1lsMTJqYkVvLXFqY0lFbFQtOVZGRE5fSE5BZ3dqMGJPaS0tTi1CZTRybWFNclZhYWh3ZXR5bGxBNjNGWlg5NWxoNGJzdjNKT01lNWNCTHRRU3hWRENvNUZVNDlZRnRhelpIOHA0S1hTd1MxZ3FnRko3ajd6Zi1iM1BfMUlLZFJfZURCSmt4RWc0UUFXTmg5UkdXU3BrU0lTRlZXZU91VV9DdGlVd1ZHRFVZSk1YWHd1RVA2V1RDcHplRnM3MlRMVkZUN1FJbkR2c181dTFRY3gzaUpFLUxBczdDZ2R4NldVZ2F2YmZXbkVpckpDanY0NlhtczZPa002Nk9OZ3U1YmNTWWtsQzdiem5JSFZpbWpxeTVXaVNHX3VISTFQdmVsZlNUdzFwM3JQekxQV1dldFlFeXFNbUtHM0lBUWRMdnY2cTVNY0lLUzdQcWhHYXFQWUR3NDhpN1I5aDNfelFjbDFUNU54ZTdCeUF0Q2ppeGZzdkRrenlCZm1CYXZza1l4ZWhNc3VNd2tIbWEzb2hab2U0NktuWU1KWU9JVmRHNEtmSEV4NFRnNzFwa2pMSkEtNUlvYlFIYU15NmNYLUxiUlVvRVlkaG9rOFY1WEtKdHpiRXlxa21tWHdLZnRHaWFEZlVGX0Zlb0xBYW9leUpCVHFfQUZ1N0pHNHNrdjZGaFAzNUN4NzlpWktsdXRCNS1aS3RJampEVnV5NmQ5TlpXMFRQYzNZY0VZdnJwLWQ0cVg3WXFiMFdGSGdnTGkzODk4akx0Q0pKZGlRbWdOTjVQVUdTNm1NNUp5LUpFQXYxRXBlNGFSOTY4MXM0dktac3FSbUljUjMwemotVDhQeUlqVlBhYkhyVjVlT0c4clUybUw1YlhhRkNiUGUyLWU1X0dTbVlaZ3hfSUlxazVMMHRTR2dDd2lBUFFiemdXU3FYSFRscFJwc09ELW1VZ3NwVTdxMVBENlI4NDB6a3ZFYWlOVlZCSGdLLUJkZnVuRnl0d3ZIRER3YjNUWldTTzBTbG14Zlotdkh1Mm16b19Gem1ZQ3N6ZkxqVWNyMmluRDI4aU9Jb2RSd1ktS2tuNXhLamhWQS1xUi01STNSd0tFb2EwZm5sbnluOGRfOTZKT3NRRFBjQllvLWJJN1dfdGJqd3p6TXE4cy1HS3BrekpSbVVJb0FRdXZCWm5TbTh6c1Q1Mkk5UkgwUEx5VzQ5aUtBRGhjb1ZtbkMzNkt2REZZVVlLU0IzMHZfUlk2WmNUQXlPSXRfVjQ3QndtQVkyeXZ3RV83ejQ2MEEyY1BTeGY2c1hRbGFPc21Sd0xGcm9yWVNHM1piYTcwSTVkWG9ha2ZETEc4ZkFxZUhIbnJHaHNnSlVqa2JYbG1rMFJBQ0s5WXlLak14Z2ZIU3o5S2ZtY01ycENxZXdTbVRhcE9kLWM4aW1RYmVveWJZamF0LXlIdE9FR1Ixai04VUIzb184YTZsOEdkQ2dJclQ2Qlp0WVpyYm03em1vV2hDT200Smw3WEFybmpCYmFLYU5aNy1hM2M3MDNJVjRSbGVpOTd5QV95blZVWG9JQ3A2LW9iMWd5Mkl0T2ZlSzRwbi1VOVBjdFEwOXN6T3BnbjVtYTA4YlFiZU8ySVdLT0NtOEQ4Tjh5S2lLeHZNbUd5U3FmYUtJY1JNNThHUnU3OFNCQWdBMkMwNlVTZUdFU2I5VFo0b2w4YVIyRkR1cHU2Sm9zZFh1RzVFSnd1VUFVaVB4OG5SajlSaEdCTUZKc29RejBZUndTWWpQQlFLbHdyak4zYTZDbTIzMTRaOXhTYkk1eW5MQ1c0SjVfQ1NLS2NFcnd0ZFY3QXJ3R2tWcUNGX0lDMjlQN3EzZEk2bmRSajJtQkt5QTB5VkVqcVVzcW9pYXdsM2puVlBjeFV1eC1rZFZHbnM2ZU1DdHVJX2I2UWtlM3gzRHRWa2c3czNJQ1VEaFBjS0lnRzdWY2t3ME9ORENtTVpmV25qUmhXWjlfTXY4ZXRzZnF6SFVSTkNWTlFBMkljZkVIRUJNS0VhbGtMSXJNZGFPNDBCeGZMR2VLQUMxN25aSFh0T1JUblcxM3FNcGE4X2w2X095SmprMWVsY1NmYm95ai0wV0ZVZmY2bEltXzROLVhGMEE4T1B5RTBuaVZvekpVRGJ3U0t0TUlJZDJqRjBiT0RKQkppV1EtcXlHdHVTNW54dDRQT0lWQzR4UmZhTnpZc3Q2YXRrUmstSTRybHpKcXNIemJuTGFpVElJRkFadnlJVFY0VzhoZ2hJaHpXdEZoOFZiVlJ3VVg2cVhWY0x5WGlXaDdOa3Nwdml2ZmVWYnRWVGdwZzlzcTNRdWhXZmoxMG5PMUoyUWlMZ0s4dXdRS001R2lHYlh6dzEyUC1lV2o2OUt6M2w2VVo3bTBTalVMOTJ4eGR0R0J2RGxEd2lJLVc0WjlzSV8tMWNNQVFWS215SHpfOTBCUF9CQmZWbzJkUWVrWE41bU5WOXFLMm9XQUs1TWpJS3NtWWZuX0FpeXQzWWUtdGFIbEdEWVg3R184d3oxVXpUdW5MN3hWRnE3eEpBWHJqSy1LdEdCMjJpZXVfME5IRmtEdGdPSWRaTFZJMlN4SUJwaE5Gd0g5WTdKQlAwS0F3d2o1M2ZyanFDZ0Nvamw1TEZ0UElpMzFKS3JiTEJxUmhSUW41RmxQNnZtbmZBaUVHTFR2U1JLNC1jTVZmdjF4Y3ZONjlOT3hYZHI3cWZwUU1aLXFwZWhaMFl6bUYyRUQ1bE03Q01vMUtvYV9yN2N2VVFnZnc1LUxnNDVMSkxEQk5LLU1aTFZBZlFOOTloREZhUzRTNlRmeGczc3g1Ynh5ZE1SV1VnaXJfNFN5M2ZZeDBBeDRrU244ZjlPTFQzN0hNOGFLSTI3NG9XaGVxSkQycXhzX05ULWYtQ04xYk13YVJ2dFl1aXVrOXYxYWVZdGFRX19xN1V1aHlCeDJZYm15a21qZDB2UVRYd1E5MW51VVdXZjZ0NWdtanR1VG1fZ3Q0cWVLdmdmcWY5NVVFcmM5Umh0dDQwNGhKNTg1Vl9hSUVOdnJpSjdtUF84NU5XWldoYTktSS1Ja1BaUGlSTTlzT2Q4T2l4aHIyYzA4MG1rZzhpZXBiOEVhMlFkNjBPNGlaMnEzTkJkWmNwT2ZjbkdhMXZidlhEUTJrZWtvMmZXSm92eFZUWE8yYlVsMk8tSTdESFBpUVZyYi1QVm13dTVrcGt4dUVOWVNRbE9QNGJJRkhQMkVlY05wQnM1QThjajkyR1BmYjNnUXc0NWNnaTdoekF6QTBmcmplWkFkekJlVGpiUGpIZURvb3NSdzNjdHhTVHRlUGRkTzVsdzJ1eTQtREEzTXBDWk5weTdOZS1YUGc3cHVwaXA5ektXZmJrWGVUcHJpTU4ySE1QNTJPUUU0R1d4eXNNNlVSbHdDZ0d1YW5SNWJNOVcyLXBwRHgxbWlEVTJyQ0dIemoxdWNjYkJmVWVvdFUtdmk5bkI5Rl9TVGVqT3oxbjl6UFpsbXJDMVc2Y1JDUV9OZzhCMlJBeGFEQmlDV0U4Tk83bC1aVmFSZFJ4TkVWbG93RmNQWWJzY0ktVnl5ejRFX3VzR2d5OFNHd0l5Q1FtOUxsZnVCS2t4bVhCTjFGV2lCTzIxanA0VTU2MngwLURJQTVadFBDZFFnRWNVTUFwZ2x1dkpxZEpBczdmTDZneE5tM3M3TjlxRnYteEJ2LXJsbDlfSGZrcGtWUktNTE1OTXBDd1lvUEFiUEE0N3FVMDVBOHhxQzN1c04xRGw0YkxLV0ZsWndkenI2OXBSUHZ3MWlHS1g0ZkNrd2d1VXdkc0VndlVuU1BkcldNLWJSRWdPV3pWa0hnYy1PSnpmUGM4Ylh3c1AyMC1mWU92SzVCbU9ueGNSZFg2aDNTY1VOV0FCOWl3ZUpPS0NzQnRHYkVIVkEyc0FLRElyd2tyZks3U1JwSE1odURCRWRUREYyNlFKWUhDY2ktNDRiMlVjRUZGaE9BMlBfYklqUjZ1LVpyMUNxMFVSa1R0R2kwTktDWjgwUTZQNi1sUFFvOVRFS1dMYXIwNWFDSng0dGV5anhLcTFZZC1XNHFyaEpIZ3duZi1WUjFaZE1aWU1Mems3cXVJRDdMSzFvTTlYQ0FtVDNwM1Eza1JuSWFsc1NRNXhUV1hnSXFUd1pwdWMyX0N5MENHcWtyWkhHSXJqT1dsUUZZaW54WkNxcVBBOVhRVmdwbGtXOFRJRHRNZHFyd3ktU05fcmFFcUhQek5ncjYyamFqNXpCbUxSUkpkODFqRTlpUUlUU2ZTamljZkhHS1NaT2RjTEFRRnZGakR4akhrbElvZjdMb0FqSTVVMlBqd29uWEI2S3hJQS1ZenV3UTkyR1hXUUhDTU5LMDBYd0lDazBiOFdVUXpaaGs0cWZxeUZrbG81TFJ4c1Y2TEJwZWdyTDZyUE9sdXNoNnhzNzQxME5HN2RiWWIwZzFsVW5RNFEwZ1N3SWdBel90Y1ZEWkZrQkJNY2ZWQm54SHY2SW44V2RjRXRxVnY2dmM1Ykp1azZNZkF4cFVObWxVbUR4UHdDSmNVcllHWXd2N29objJnOV80R2ZIWHhXLWNVYXdzRVd3bVBoOGhncUZ6UGtKbENIMDhiaDdNajd6QmhwbkJoMVNvTk1FQmZWMXk3dzc1c3NESjdwb3NibjlrckVhLVZwM3hjOVhKY1dxS21ESldCMlVjM1Y3bjUxVUhnSjJJanZIN2dNRUN1YkNXSmk0dm04RURjdDFreHV4bFBSU2FHN1JUbVBxWUZWQU1fTW9ZWDRYa1BmOFB3dEhkbXBoM1dTaUdtYnpBREI1Vi1KbzR2Rlg2TklYYjZqSWVGRmRmRmJ1TWJ6RTNwT3NKXzEzX19JRHF5RldjSXBudWVSZHhxMUJCZ3NvblFvNExuZmlPeUJScXpSX0x6X2hud0NDalRPbUg1cGlkcUVUc0o0bENDNjhhcEJ0UUozZUdNTUdjbi1ra0FRTXNGYW5sQVRxbFJOTW5sQmZsemRmWVZlbVFuM3A2TXZqS3A1WmRCSTEtWWliT2pfcGhZemtpdExMVWgzbEd6N1kxRjlpVGIxLW43cklST0kwajFnVTBaZ2NnZGxuZWozOTNSUDlWWWNlMkF5SHZ3R25PUmxxdDBZMFlwRFdRMU1rc0c3ZnlCTnZscUJPNU1wR1ROQzFPZXNwTktWaktxY2ZHb1VETlppMy1zTGhSc1ZMQkVyS3F0eUlpbk9yY21DUWhSMExFMGlXVHRIQVBnSU9FM3ZKWE9iMDlnQkxjcW9ZdTN3WThPaTRlWkY4WWdfZDFIeTNxOUlOUFpCcklRa1dMS1lDcnlJMzlVSzR4WFFhQXBzQ0tKcWNoR1V0V0gxYmJJMlVHTUQ5OGtrdWZjUkoxZVYzQVhyQ2NuazFMVzdBLUtRcFB5QWdHUkFVYkdLeUs3QUFPcWJxSUJMejhLVmRTVnlqWm04b3VNRDNScjhvZURCeVd2OUFSZ0RrOFpmSmplUHJQRDByNzNnZFJWSllBTzA1d2lDUjJQVGFRcWt1VnFzM1JmU21zYm9HbG9obF9PUlBBenNVRlFoR3RRTDVteU1MV040RFVpRkNDRTJ4WDBIUXhVZEMxa1N1Q0NaTnNLR1RjZVpvMEpycDYwOHdWT19wTFBNeTRfSHZhR0h2MGJRVWNERVVQV2lmcm16ekhUMzhOVUhKMzZ2NV9hd1M0STB0REx4M2xKQXpZTHVkU3l0d01TZHQ5NnVFU1JHZTBtQVM0WDkxbnVXX1ZiMGNGd2RYSnVKNnF4SThVQjVmeXI2QkRSYXVBT3pjQk9ZdzhMcnMwZzJiQ2pJWWFGWUgzbmR3dlIyUWlLT052VkpBQkw0cEg3dk1US1ZaZEtqTEZnd2VBczNmRnlnYjUzQ1RRRkdjRlBVREZuT2ZjdWJjSXhiQTJ3R2J2alFsWkVPaWNpWEk0VGViRUZlSmUweVVXR0VfMm9kdnFIV3g0V011SjdtYklpQ3JJYjB4b1hHN1o4SGlMTU1zYnBmZk5aN0pmaERBbUo1ZFNXUzFlMXpKbTFxQU8yWTR5cXhTTTBGOS1Od3RDWXJXa2xLaUlKa0R3cWV5d0ZxZHFIQjlSRGZwc2JvU0VNaURURFBVcXNrMHFYcVExcVdBd0FzQS1POW1sNTVzRkVqVFk2WVNxc1RRZDVya0pzS21uNkZtMklZQXlYTDdaU1JObU1fNDFoeU1NR0Q4Ynp5RG5WRmZsOWtPTW9QbnJCNVNHQjY5eUZSME9STzc2WnVxLTFOUlNqWXFYYUcybTVtREJMSDVnSnNpdFJQSElDcGUzLUtueG5LOWFCbTJzRjk5SDYzNEdpeV9TY2pKaXhxQXFQRkNyLTgxZHlyMnVxT3hhZGxUSmFWLVBPUkRtdFVidXdNd3pMOWpoVXNiWnRmX1NzRjU3eFpRdmdXYXVvekpvajRkYmo3SDNqN3F0SG9KQTc0QUF5WGozOG9DVFJzc2wxOHpON2t6X2NnTF9keHMwN1RTdGE4LVVWSVhURFI3LXVsVzd4bXdKdWZFYU9ON2J4RXEwdHZCeHo3R25LdU1wamtIVjVzYVlCUk9NUG05TkpvcWo3dUdxQmxYNEUzdTY2eTFQMTFnUXBkYXprdTY2Qno2Y1FndmQyLW1wcU16Z2pvQkY1dFZualgwclA1aEhYMHZ2d1dlenJxNFIyOEJqSDZTQldnelpNM2dWYW1zWGRNWTIwT2IzLWJMdTRmNDhGMDhTYnNFOHAzWGtYamhCdWd3RzBKTThWT3BDRzdBNlNvTlR2VWhSaWc1c3plOVM1YXlMTEJxQ0FBZmpxSXIwRzdnSW45b0hFQ0pmM1FnOXhmdi1HbVIwSmZpbU5WdElMNWJRUjZiRTJCanRjMXpHSk5NTHZxaUxhZnRnWkFwZTNwVm5FTER6NHZueVZNUExsWkF4cHhSNzRGTWFic0FXNEV4U19iaEVxRUVsTmxVVzJGbGFFcEI2ZkJrdUh6d0NtZ1ViWTNHQlljYU9oeTE2MUJJUnlVR0pWXzU1ZXI5Q0FVSkNfRWR1SUJxODFQdlZqYkpLemU4ZWVTUHpQbnpfTmdTLUZmQldjRWd6LU1udGp5ME1CN3dnUmdZcWVEZmZSdXRINUtaMHJzZXR3b2hDUTJkcy1mc1piN3ZIQ3B6WUY2eFVKQ0t3ZVItT3dTanc5Z3dVcmV5Zzk2RGhkZFJfcXNXdmc3UzdGOTlwVTd2YWo3RDUtY0cxVlp6OG1TQ0UzMWp5LTBjQkxQMFJILWI5ZEs3a2o3RkRDYjR5SHRzTWNYUWZDWFFrQWtzYXdZZlRwOGRpZEFpTzJoUzlzN0d6dWQ1RThXbUFvZUt6NjhzQXZDVHVxV0NqbE1jRmpCMmFnOFhzUURPVUZZejIwWnZFYVhpclVtRzRpRlpDTThHMjNxSWJ3VDd5VFdvblhseW8zUFRGLTRYOEVlWWw1NVIzSFhDbndfOFVxTV9teDFaR2lpcVl5aklKc2ZOVTgtMkhHd3hCaWktdU9ZSHBmdVlDT1oya3JoTkFITTZmZ3BYUlI2YmJjeU92TVk5c2o4Y004R2JWTEtITjFaaDNPM0p5LVNGMllyZ3ZnREJkWVcwWFpiZl9qLW01RU56WlEyWks3RHFhV1pEWVRFMVpsLU1ybUtWeGU5elV6OXBISUM0Z1JlLXZkbzB5SjdQMTdSVkdfX2hVbWNyX2VBSTZnQ1BPaVZHU2VVdEJ3eWFBQjlUWFNxNjdLOTcwSk1JdExjN2UzZ1RMSWVSQkFidUI0NWgxMldPaWRWTmpvbC05T0tFblFCbFRrWFFxMV91Uy0ycHJPcDRrdEFWeThxYkJvbFdNdi1tT09wRE52T01pcWtOZEJkcml4bUVrakRDZWZfLW1WUkl0VDhvNVdrWlctam50blVfZWVrNWpKOHdGVXRYdEMtTkEtZ2NERnFGbm5yd3NDLUttQUUyMkRDSWkycUo4T09nam1UazFsVUNjWHZwS1Q4MURnVWVoNE5NSFM3ZDk1dnVyY0l3bWFjVjBjM2hUc2h1ZzNJS0Q2NGNacTJwZU5tOVNWcEtpc2cwbFVrNjV1WVUyRzM4VGpNbnZmclJ3OUZBblhUU0VOUzZpMG8tVzZlVHphUjl4SktaaWhBSjhsaFNET2MzYnJTRjlzMjNiM2lKU1Fxdzhwa0V1cXJTeWZ1WTB2SVN4U0NneFVnSF9kV21ZWVFxVEhoSXZ4VkpmUk9wbTBiaHVMSjlDbVFyMExORUVfZEY5dkpDRFVsTnBSN3k5QzA5VC05Y3l4ajBHaGtTd05xUENwRnppVDdQNVdwRVd5SVRSTUlZX21PSENkUFMxQ2FnQWVRcEpfQldaTlI2dGlTOWJPWUwyRlRjMUNVS3BKSWM3amx0bGJFWmQ1c01VaGRHa1RudVJWQmRvT2NlZTNnVmVJZkJhLWo5bFlyUUZaUWppT3Vfbkt1NzFVZXJTQVBnMHpsV3hVSkcxdEpGSVh4WVZfcG9WTHk1eXlvWlRnY3ViUGxLR1dtYnlzS09MemVTNTMxM3F6X3VJbDY2VHp1SUxuOTVacFpQaXduaXFoTzJpbktTY3NDX01CVkNYdGhTdVlXeW8xSkI2alZlX1h3VjctS1dUMlhjYk5ITnl5M2RWTkJwOWdidWl1RWlmNmExUDhDTlVyRmNzQjRGQlBOaklld1I5MDZNWkM4TUR6bUtfWm1tb3M0c0M4Ql9IcWctMXhaWFZZQnBLay10YUpmNWNBZ2F3dmZxaVJ1a1hYYkNDWHpKUFJvZjNJQUQyN3dZTUJLWEpYdzVGcll4dU9hMHEwRlJVMTVUWG1JN3RSbVFJWWE0eDFTZGVhZ2hMYVBGcFRwNjRaSVZBa0pJbllHbnN6aml4Uk5mXzdreDdJc0xNallZa3RFekZZa282bXZEX3d6NXFzUmIwcGV6cENLcVQ5TU0zcnB2TkE2NVZsdFgwMGt0cjFxOTdXajVHejNCU2pBN2pfVWNhdmp1R2dqV3Mycm5jNWx4bU41dUhPMnF2T1lFLWtNV0Q2S1NaWFp0bkQ2d29LRS1QZnR2bUFqUEFiQ2RCT1RucmRESm5NVW9jdGw2TlJlZG8xVkVLalJkclBXaEhPWXk1Ylk2SjVFZHdiY2I4TWlFcFd2azFSRWJBRFVkdjI4aUluM0pMdmlJODE3MkdhRW1BdXV1NEpHcnlXVVM5ejdRUmRYb3R6SnF6MDVVcHFxRFFHQW42bUJCTURYUmhLUzNhcWswQkhHNGhGQ0ZMaXhva0pBOFZmMkdoMTVqa2xUZ2pOc1VwajN6cE5iaWZ4LTc2WmRpSmxpcGxPUl91MDlSVHN2TUs5Q3lrNW83QzEtX1Y5NlJqNUJVUkoxT0NLamhoNkNCV1RvZ3UyckNFSUVlY1FlT0lnWmdFYy1yclpHc1BPUXhtTFdKdVp5SjRLcEtqUFJPMWttTjVMRlVneGkydVN4d3YySnAwTXRGODVkXzFjMzNXMUpYOFp1aHNrVGNFeExaUDVLekJWTzdlX2syclVuQzRid054eDVHUlhKRTI2OUlhcGFFd3Nad1RrSmRBOVc0YnJxTXN5SnNmYW4yTXlOUmxoSHpzdUhpeUZib3ZpWEFwQmVsMVQyYTZReHNqTHE2QmFHUWxhUXFSZV90Rk5PVUl6UzNpcDdCdUtGN3hqYjdNVUdtbU45VVg1Q2pHb1NzMkRnRElucVlXejVXUGRkZG1KMlZqc3dUSVM2emdHS0dOLW1uR0NHU3c3MDhfWldEbFlDVkxmdnpDc2ZFYTB3X0Vtc25NRUtsZHQ0OHhXT2FwQ0VUaVI3bjJsMFVNRGtPQjA4blB6QWF4dWtyaUg5bDltMzlwUGhOVE5CUHE4NHhYOE5MTy1hVnh3cDVvTEZaRm1uZFN5UzZWTERMTjdEd2hXNGtLQS0wcnlVQ1gwenAyRk1DalM4SC11cHZHY28yTVJMd3QwYnFzb3gtd0lYUlU0Mi1vYTRlTGM0cElBRFJ0M3dBc3U4dWp0OFFBTFhZN2tDNFJNYW5zYmp5N2RVRkprbVk3LXdkQXJqSmUzQy1KQW9QVTM3RWltam43Qk9SVy1peFZyVTNBd2taQl9TMkVBWHo2azViTVNNYnJFS25vODQtNElMbGIzcFpfcmh3TDlVc2hFcnE3TmJMWFVZOVRwOVhqRGtrVzRlTjB6OFBtQ1h3R25QQnVGZGxMZ2dvVW0wNWVuQkxOLW43eUR3NGFQZThqNHc5RGNVOHhMRU13aE5CbzF5TmN3bE5SR05NY25SRmF3cGNCNWtMS2FYd1BWUVpibzJiWDBGSk0yeXVpcGJKX2JBSzB4aFExNzBmZkZRY015R1RHWFhtdWNYMnVEckNWTmhnTkJvWDhmN1NicmVJSndJaER1em1nYldJUEpKMFgxUGtRWjBBUkFJZXkyTnJBaVFxZWp2c0d4dmhadDJ2Q0kwRFF6b1UyOXhxVlJfUFFybkNvYzE2bl9ESDdjQ1J0WFotZUZYdkV3WEpPbkNBUVFkSi1qY1JKY00wTXRxR0t6MXVYN3V5eUVJMjlJbWR0amFTdEZVcmF0N1piQnlwd1UzempDTlFxVnNUSEtkc3MyT3EtU2NJdHhaaWpmbXBScUs5STRqZFhHd2drTlQ1cVRCQ2puZ2dDYU1FTW8yTVZwMjhEUjNpNFV4dHIyZTIyd1Q4a1NMZVY5T0NtSU50amp0LVVaVTRnaDNaLS02YzNsX0Jxd09IMzFxemhHTmlBb3FkcVAyMnBVUVJmcFNwWUpBaktHcVRIMk1Ta1d1eGx6SjB2Z2Fmam5JbHJOSnVJVy1QeUpwcUpwQzZTeWlCQzAwRnlvYWxzWFliRFBNSWJvbE1xT0N2V2VkVkRSYkVZRVAyN1YtWG1CNGdSNGwzZm5zM2lxY3JrSkRSUDVVend0Ny1lMTR2b3VQckhtdzEzQ2t3UGJqZ2xsR2Q4Nmx5OW9aS0p3Qy1jS3FGWnpnem9vVDg2cUhicUtheHNTR0t2WXlabUxhSnF1emg4ZHNsamotQ2dvZjdBY2tadExOelVrVzlpRFRaWG5qMlB6czNtYmVCWEwyNndPLXktTWJlaEpqUVp4MzVZck95TWFyZ1RqeE9wbTNSak5hTWxzWjMtcU01NHFYbHh3QXJVWEVDbVNXRkN4Q1l5QjNrd29NRkp6TEJxT193ekNTSWF3dG5jWUF5Q2xOSkdaSi1hNklnUVdTY040SlhoMVJRYVZ4X3o4RU1mbWhFWkFCTF9YWndYT0FrNS1GcEVPZEZlbmJ0OW00MTc3Vm5IckFIUzB4REotTG4zcWNWemdwNHh0V3dvNm9aR3gxX1RSS0NXR1ptY0tveEROalQ3NFhVZlQ0QzdmYmNUV211NzZOZmQ5NHZHT1JqdnA5eVhlZkY5M1c4QVM5LXp6X2ZGQmlsTGk3ajNOUkRHcmp4UXZYUE04bkkxdldUZnZYWXl4RXBLTkw4NWxRZno3MVVibzVDUnA1SElsVFNfQUpnbks2RnU3N0dDaHJBLThGWHBFUTd3TWpCUVNyYkozRFU4MmVodGJzSUlSMmgxbk9RVnhId2hWejM4RG9NYzIwR0Rqbk5GRDZZWG9GNkpIWFdXY05OcmpLYXg1RDJCWDZCYktOSDBpU0JTWXBsTjhsU19HSFgwN1BCTTlFOEdQRVJHMG1uTmJ6clhGMkFmM3ZfZ1VZenZIQjBHZnhTYjAwZDFBU01pZ1dnRnhEaUM3cHlGeWE4NlJ2U1ZMVGNuaFJ5TGJiYy1iT1Zscjc5Y0tFNE1rcGdXYm4zcVdaZ2Q0MlFvbFgxMUZlelJnZW1Ja2FLRVd4bHpTSmRPS1RiblBnd1hCeUM3ZmFoa3lFTmk1dXhBTU51aHo3dlRTMWUyWktyVzI3OXlBWTdnd0lqQk44bUFVSnVqWUgwMHJIbFhoSDlaaUltWHp5Z3ZNdHM4cVNxUThwSG9QTVVFREpLRWxDNVZCY0RSaUpUTmhlZU9TdXBBZGNrbFBQV0tDYUUwbVlDM3VUY0x0V2syMS1jX0otOVZ2dTNFNzNKWXJUbE4wR1NMV1ZhcVY3bjZ3QkJoTEtwSEg0bmNkRkk3Y1pjV19UYmQ4OGhyUmJYZ21SbmpqVHJEd21RbDdOTFNUN0Z4R2dxR2lDUTNOQjNoa0NoUUpENVp3dV9QLWRmRnVFaUtDWFc3NlZoaTM4ekk2cjRUVkJWdU53WTdHQUphdDNRM3lEUE5Pb1AycDFraTlXVjRoLVZsWTBLUThEaEFLeXdKVl9rLXJNZWNGaEhwQ1VzN2hXRGdjajdsbmlPdlVOZTZDSjNXUWJkRy1leGpadjlSRXoxTjZpVGtYby00OGc0THhyc1Z6ay01b3JKTTQ3V2RzSzJaMi15cFMwcWRmUG5hc09CX1gzTVVMZU5CcGtHNUoyT0dMNjRvN18zSlV6Mk54OFlwaG11aFNvZmdEOXpOWjlkc3FCdUdrVkdIQkR0NVpZUG9VUVhDV1hLYVV6Q0FFRFc1S2tlWGdPSzVVWnA2ZVcyekZndXc5RlBmekpjVjAtd0h2dHRhWVdqRHN4RmpvNkN5MDc3TjJXRzVEZkNLa3FIM1VFNDBCejJtNjlpTkxhTUVMMm0zUHBkVHNROFVfdFdyNElCUUNXYXhLdUI2R1NsMWw3ak0xMEJ6akpmTFJadXJXR2MwQkxlSUVuc05ka0tMNmNOWWZ4cGpkQzFKNXppTTBQZ3dsUGMyOFJXeDAxeXlkXzVhTWQyR2NjVk4xVzRjeWlfRHRINUotSUFzeVhvUjM4V0xUeGpqR2U3UnJWRlJSMHFxaVRwVW1BQ0IzRU5KNUZWSXVXcmItNGMwZ0ZXWXlId19mSjEyUllSSFFOMkdzZEpibFN2cXAyc2ZQM3FWSVBWdjFXRzhKUmozbHFYRDFaNDA0SFNMeW5jM0tlbV9hVF9WVUo2MVdTR1lCQTVXMm5UcGhSMkJXV25WMkg3RzdLaWJacm94MmliVExReEdtamtLaGtxX2hNZ0NLS2ZaaXlnRWtEN3pZb1YzV1RRWmhaZmZib3cyMlVHTzdMWVVIUWlYZ3hHWEdINElxaXY5aHRqNklSS29PeG1CRl9aRENqS1kwOXQ1a2pFN29FWjNVeTNIckhyNjhMVVhzT2tkZ1lCcU5UQnZ0c3RRbDdZOG55a0dpNUtjbDlKZ2JUTUl5cDJuQk1ZYzdCMlo3cm80YllkZWFVclFfeUQ1MjNOcV9BMEx4OExWdkF4MUkxSUMyaTFoa3hRbjJWa2VIQ2NHR0F3Qy05V2oxeE9GSmZrRUlJS0Y3dGpNdUhHRE9KMW1PdjB4OUxvbG5nVGw4M3Q4T01zR2VFNVY5a3FHTTJPdFpwcWtqeG4tQngwUFpwd1hJV2FHM2s4a0kxa1ptNWg4MHg3dlhxeWVETGJjRGhYdzQ0eEIwWktYRDItWEk1WmdMNExFX0JLekR3OVJaQTNYRjJ0eTJCX3JqOG9Uby04V01ZbGt6dlJaZVpGWXV2Y2tyNVlGZGFQR2I3bjR2Qkh0ZDZySlRzV2R6SmllRFBSS05IaG1vQUVUQmxMdEMyWk1ZNkxpbkVoUFNWbk11X24wcGtaMXVXcmhWZzgtU3JrNEhnWmNnZUdwdVNnVWRSNXVOaUNIWkZKa1B4V0tYTk1pNGRIUnE1ZERPS3laR19Jczh0LUlPRDRlbXFGVjJKMHVwWHhWcmFfSHR1UWN2b19oY2prMWc0ZzFlWVQ1czdLMzBjM3RfR3g0ajlmWmJ0aXhxQkxsZHE1ZHhVcmFTR193Q0NRYV9BTHF4bm5ySVVNWmZlbGJ3WFpITWVta3pabmlQOE5zLVRRa3VFY2VINzRkblR1Znh4U1dGNFZRSzZBWnI5WnA4VjBUeFNSZ0JjRDVGT3lWUzhaOVV2bXkwRnFBWVNOTHdLYi12aTkwbW9MV2pESlVqblJXMDRLallYMm1TSlZxakNnVlJOZ3AwOXRWczRwYUszOUNnZHhnUDVrS1ZfZGlTN2xWVVl0bEkxeEZrOEN5cVJqaHYzbkl2WmZIbzRucHV3eFMxY2QyQTVqLUY1WlpvazVYcE53cHBIOXpnMFRqMG5IcFFqT3FmMkdiVktuUGlWMHJ3cEpvbWV4SGEyMmtpTjdyYzJVazczWlhkRmxQdGNwNmp5S0E0a3JoS19KNzZKZkNCeVBhVGlTV1U1WEM5RjRPN3hUeXBCay1YS0w1SWVBWDl3NEtFUGZLV29zbGs3N3h0MXowV0UzbkVsbVR5WFFNLXVKVlJnNWExQlBKTHl5R2RDVFZMalZaN2dZbl9QMlF6dzIwTUtWNEZaekR4QU40MWFQSnUyZEdMYmU2czI0QUhkUmhDT1RTNWF4SDVTejg4NGp5UWMwRDJqZjBDUVk0Nkp3YkpENzZFQUFpMGc4cGwwR2luc0FEVUU0RS1tc0tkMlVtSGxucGp1TngwLVpvdEVZckdQRlZzT3Z1R1hnN3M3NFFBNGFwTGJ6VHhVOWZpVGFmdmU0Q05tWE9uSlEtOGdIR1VudEZleW5VZUQ1MUd0dlduQllmZkxSak9wM0taNTlWcEFvWnFCaVZIeVVIeU9vTWFmOVNtU2hMNTQyUHNwZjV3a2lVSFBvWWtpbmt6VnlBRXd4LVkyV1ljSmVadG1tdk5jc1hPaS1OSWEzVzVHZmhQY3h0RjJLV1Z0blhKamhpWUJuaVJMU0RGU3kyd0ZWQTduM3dEbl8tUWZ0MlczQ2YtdlB5MW1jY0lvZUJqVWZ4MUIzaGFxME9rYjRwTENmQ0NBNVVTSVRKT3MzS2pHbHJNVEJrVTBoVlk1WE9NTy1QZXZ0YldRRVJ2MHBGNDdiWk4wUlA0bGNUNzNxN3g0X0pfRWhMNnRBNHl1clU1dHNYc19PNXBnWlBlXzNYczBNMndvU3V2VE54UHdtZzNtdjdvS0FiRXpGNlFFMzZCVHlFZ3M4YzBBVWR4NkRKLS1wX0FLemRzYVRVNkZUczNUWjJuZnFUbzBZamItYkJST1NQaUxZajNjcUc5cGFlQmJGS0p5TjhBajZYTmpBbTFqWC1INXIzaGRncTd4TVZ2RThxQVFOamZYRk9hNEcxWnMxaENPN2lPc0Y5T2MzbFZDbVVzTDczNDFzbGlYMXhIUmdfMFQzcmJyU3RVdzNfSnMzMTd0Tm9Sa2NlQnF5ejFPdjk0dzFBdkxWU3o3MlFKT2F6elJGUjRXWmpRcEVFV1lIRi1pT0ZHR1BDZnI3d3RYMVd0YURURWZVMXVSTnhPYUhpNmJCQlVtZXp0QmZyNGlfLUo2WVZFanYwazZSa2hNQWljSDBOVElONHF2SlQ2Z0JCVGhQU3d0SjFwNS1tTXc1TGdlcDdtbEFKaUxpUnliLUwzYjd1TmZ6a3AtcFo4aWlmeUpRNGdJb04xbWlFSTNNaElpT1dTeUxNaXhkY1kxTEVaN01Bb0dZbUZXTlNpeDg5QThhaWpNTmdkY291a3p4LUVUMV9OY24xMUtNdTBfQmFjZk03SDdNTmJPSjBKeXJ3ODhGbTRyVUFtTk5FTm1CTUp2cWh4MUV0NGhkS09DeHJwTFhyNHlfQ0w4X2o4eXBYQXhvQ0RfYWR2SDRpdDFwMGFJV1F0QlhDMDZDeTJpUlk2aEZybzBGREpXbEljajZ6RGtEMGg0am9Ob2xSaXplQkxWQmV3VnZmOUJRWFY1enp3TzBfNWQtYkZJODBjcE1jV1lxRmU3bHhtU3V2eUZ6UGh2b0ZLcmdHeS1La1VlWGRmT0lzbHFHNm1kcERwT0Q2X1BpdFl5ZmxLNjNpMkMtVXdVN1dTR3VUQlpiY2xfdEFTRkU1UE1CTEVVa1JqN2JqUWEydEgtZ0FaQ1ZPRmc1V0FSNTRHLXhFeEprOFFEVmtTSmpYY3p0WXdXVXFiMU5aV1JIcGNfWW0wdnA2RW1XdFlTVVJtTXV5NlY5enFoYnJlYkxWYVh0UDJJRGh0YnlxV1oxMVBOd1RDYllENzFRanN6MUwxU1pHakxaM2RXX0FnQTQwcGJNeGVyVnFHWG5oS2szTVNXa2RzS0s3cWFxM0VGMDcwUmlVYUQ0dHU4a25QWVdvb3NJWnp2aEhmVDRxcUs5NFduS19ONkRodlp1TmUzR192LWEtczJ5ZDlUcTNUalJsZDNCTF8tbnYyT2o0bWRvdWRhQW5yc1BSaTd4TEtOQl8ydkFqZ0RHRF9FODBCZFliX3VrS2FKTkFHRFZzMHJZX2ZTekZ5cUtKMFNWZjk5Q3JvWkdZaHMwaEMzOUs4OWVyZS1ZTFJFcG93UUNEQmMxZkJmUnJxUlBxMXBEWnJ1OHJjMUNyU0I5ZjJJak5Jb0o4cE80ZmJMTE1lbnd5ekhqal9sQ1kyTEtfbTFYaEd2RFIyVVZrNDFteTQ3ckVuU1J0b0dKWDJIOUNGd29ZVzN2RU5XR2tlSGcwUnQ5cFlOZTZQSGtUODdtMEp6TFlEWnBRcUZMM2hIdjgyOW5VRkVGNjBzZ1R5MTR4bHQxbE1OV1J4dHBwUUozdWl5N1h4Zm5pUXV0RlBpMng1aTVScFVfSFFNamtsUmxoX3lKdFhvTUtLNFJ5SUFpTi1XTnBhZ1lVTjhPUlZKUUpvUTRmT0Mtb0pBdnZmSzVHb0E3VGRiUXdSdnhNM1VnTThydTVMYmdReUFZTDc3MVVFby0zSUxLMFJnM3hJcW1hUTJETlQ5dmVrendkaXRBMGJBX2kwdjZBbkw0ZHpicWE1Qkt3Q0p2SHBkNmZRdDhlVlhzWGtWWTVMSkdsYjJxNzNqNUJiZGszZlZqZjBZSUI2eTlkbE5NTHFZWF9RN2ZTb0xZTmxEMjdERmFJYk1PcmlZVWhEVXRZbUl2dXlVMWpYaUVzLU5fVElKT3cxODRqUmY4UFZnSGZuX1UyWkstN2d3ZndJWkF3emd3amt1MWRJSlVGQnZhdWg3ZWwtSFpvWmV2ZDhRYk1ORjVzRjlubjE4bWlGNkJCMmZiOWw0dThRVDhQQUUwYWpUZFNNcUZSbVNadnByRUJncTVjNkpYMnJqNFVxOHpYcDF2OTRQVHM2U0Mwdl9SY1I1MVlFMGgxdzJrVXVUZXVEN3lKNHloVzlCUDZ1a1pPNXVwWWdKSUQ2em5FLWFsRUk2dzZJdC12LTBxMnhhV0YtbFpHamZLOVdpRTZNdzdjRFdHZzk4blJDTmJyc1ItTjE0ZmcuaTY2ejBVOTg3QmVFNHZNU0RsdHJLQSINCn0.F97n9ow8AlifFZTfh4QoC6P0rfMSBwVblnkl2pBlzZ-jvYS0mYOwJYwyB7TKG_JlWuPxJYdyDY5xPKEXhOxrQPY-448PVrSLAiuR3f5R2PFqVl4WXio87gfbC8z7PAd0y0vNJcTD8PRFbf-SsZZESA6S5rnrrpAN1EsuDMkEVimFaSQo9TTc2PYXPH1qe5m18LMF2bteqIiwVEW7-4waAZF0VMVAVlaYYOGx8AzdFuGgTPFe67leOo2Zam3YvBsGX6gH3EzaY69hQS5lS4km09WcNnH8RDMVeC2VsWiPaVTyZ9z9limS-P-0YkikQP5VbjiOPRCIhHOu6S6k4xQHoA"
+} \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json
new file mode 100644
index 000000000..8fef32927
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json
@@ -0,0 +1,6 @@
+{
+ "v": 10,
+ "respID": "2LVPaGlWAwzxURkrcTQX",
+ "inResponseTo": "_63ff9ef67370024c4d2d8b9bfd380578",
+ "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAicmVzdWx0Ijogew0KICAgICJFSUQtSURFTlRJVFktTElOSyI6ICJQSE5oYld3NlFYTnpaWEowYVc5dUlFRnpjMlZ5ZEdsdmJrbEVQU0p6ZW5JdVltMXBMbWQyTG1GMExVRnpjMlZ5ZEdsdmJrbEVNVFV5T0RnNE1ESTJORE0wTURJNU5EVWlJRWx6YzNWbFNXNXpkR0Z1ZEQwaU1qQXhPQzB3TmkweE0xUXhNRG8xTnpvME5Dc3dNVG93TUNJZ1NYTnpkV1Z5UFNKb2RIUndPaTh2Y0c5eWRHRnNMbUp0YVM1bmRpNWhkQzl5WldZdmMzcHlMMmx6YzNWbGNpSWdUV0ZxYjNKV1pYSnphVzl1UFNJeElpQk5hVzV2Y2xabGNuTnBiMjQ5SWpBaUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qRXVNRHBoYzNObGNuUnBiMjRpSUhodGJHNXpPbkJ5UFNKb2RIUndPaTh2Y21WbVpYSmxibU5sTG1VdFoyOTJaWEp1YldWdWRDNW5kaTVoZEM5dVlXMWxjM0JoWTJVdmNHVnljMjl1WkdGMFlTOHlNREF5TURJeU9DTWlJSGh0Ykc1ek9tUnphV2M5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU1pSUhodGJHNXpPbVZqWkhOaFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU01pSUhodGJHNXpPbk5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0krQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblErQ2drSlBITmhiV3c2VTNWaWFtVmpkRDRLQ1FrSlBITmhiV3c2VTNWaWFtVmpkRU52Ym1acGNtMWhkR2x2Ymo0S0NRa0pDVHh6WVcxc09rTnZibVpwY20xaGRHbHZiazFsZEdodlpENTFjbTQ2YjJGemFYTTZibUZ0WlhNNmRHTTZVMEZOVERveExqQTZZMjA2YzJWdVpHVnlMWFp2ZFdOb1pYTThMM05oYld3NlEyOXVabWx5YldGMGFXOXVUV1YwYUc5a1Bnb0pDUWtKUEhOaGJXdzZVM1ZpYW1WamRFTnZibVpwY20xaGRHbHZia1JoZEdFK0Nna0pDUWtKUEhCeU9sQmxjbk52YmlCemFUcDBlWEJsUFNKd2NqcFFhSGx6YVdOaGJGQmxjbk52YmxSNWNHVWlQanh3Y2pwSlpHVnVkR2xtYVdOaGRHbHZiajQ4Y0hJNlZtRnNkV1UrZEhGRFVVVkROeXRCY1VkRlpXVk1Nemt3VmpWS1p6MDlQQzl3Y2pwV1lXeDFaVDQ4Y0hJNlZIbHdaVDUxY200NmNIVmliR2xqYVdRNlozWXVZWFE2WW1GelpXbGtQQzl3Y2pwVWVYQmxQand2Y0hJNlNXUmxiblJwWm1sallYUnBiMjQrUEhCeU9rNWhiV1UrUEhCeU9rZHBkbVZ1VG1GdFpUNU5ZWGc4TDNCeU9rZHBkbVZ1VG1GdFpUNDhjSEk2Um1GdGFXeDVUbUZ0WlNCd2NtbHRZWEo1UFNKMWJtUmxabWx1WldRaVBrMTFjM1JsY20xaGJtNDhMM0J5T2taaGJXbHNlVTVoYldVK1BDOXdjanBPWVcxbFBqeHdjanBFWVhSbFQyWkNhWEowYUQ0eE9UUXdMVEF4TFRBeFBDOXdjanBFWVhSbFQyWkNhWEowYUQ0OEwzQnlPbEJsY25OdmJqNEtDUWtKQ1R3dmMyRnRiRHBUZFdKcVpXTjBRMjl1Wm1seWJXRjBhVzl1UkdGMFlUNEtDUWtKUEM5ellXMXNPbE4xWW1wbFkzUkRiMjVtYVhKdFlYUnBiMjQrQ2drSlBDOXpZVzFzT2xOMVltcGxZM1ErQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1VnUVhSMGNtbGlkWFJsVG1GdFpUMGlRMmwwYVhwbGJsQjFZbXhwWTB0bGVTSWdRWFIwY21saWRYUmxUbUZ0WlhOd1lXTmxQU0oxY200NmNIVmliR2xqYVdRNlozWXVZWFE2Ym1GdFpYTndZV05sY3pwcFpHVnVkR2wwZVd4cGJtczZNUzR5SWo0OGMyRnRiRHBCZEhSeWFXSjFkR1ZXWVd4MVpUNDhaSE5wWnpwU1UwRkxaWGxXWVd4MVpUNDhaSE5wWnpwTmIyUjFiSFZ6UG5sMlIwMVFSRFZaYWtobVpXOHhkbHBoU0VGNFEwWkNNeXRCUW0xaVlWQnpjRE5HTVhGRGRHY3ZaWFpsVVZSSWNsQnlSVXhPVDJaT1VuWTBhV0V3WlhjNFRsQnlaVFpRUjJKRFZHTU5DbnBrT1ZGdVZqSmlSRE5yVFhCa1VqUlRjMlpRVFVnd2VGQkdXRFV4T0dsUlZEQTFUWHBhT1dRM01WVnpiRGxzZHpack1HcHdTMjFGVlVWMlpWcGpRVVZKTVhGa00ySjNTWEJVTURnTkNtRjZabG8xTDFCa1JUWlpSVmcyVlhwUE5FSk1VbHB3ZUdOTlJtTXdhRGxaYW5vclZ6QktjRVYxVTFKUE0xZFFjRVpvY2xZeVZVOUtVU3R4ZUhrdk5EWklZek5JVERkTlFsRlNWMm9OQ2twVU9XUndlV0l2T0dSbFpWQkRialJGTldoTFRWSlRjblZGUjJwaGFFOVlMMHcwTTNWSFVVOU5VRVZ4V1hCTFNIZzRhazlTTDBsUE16WnJTSFZWWm5GT1RuVlhiRWhDYlVzMldFME5DbmN3TUZsclYyTkRVRUkwYW1KUk5URTBSVk16UjFJMlJIQkpNbGRVVVRCaFRGbHRWR1YzUFQwOEwyUnphV2M2VFc5a2RXeDFjejQ4WkhOcFp6cEZlSEJ2Ym1WdWRENUJVVUZDUEM5a2MybG5Pa1Y0Y0c5dVpXNTBQand2WkhOcFp6cFNVMEZMWlhsV1lXeDFaVDQ4TDNOaGJXdzZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzT2tGMGRISnBZblYwWlQ0OEwzTmhiV3c2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwUGdvSlBHUnphV2M2VTJsbmJtRjBkWEpsUGdvSkNUeGtjMmxuT2xOcFoyNWxaRWx1Wm04K0Nna0pDVHhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekV3TDNodGJDMWxlR010WXpFMGJpTWlJQzgrQ2drSkNUeGtjMmxuT2xOcFoyNWhkSFZ5WlUxbGRHaHZaQ0JCYkdkdmNtbDBhRzA5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU55YzJFdGMyaGhNU0lnTHo0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGVlNTVDBpSWo0S0NRa0pDVHhrYzJsbk9sUnlZVzV6Wm05eWJYTStDZ2tKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrOFpITnBaenBZVUdGMGFENXViM1FvWVc1alpYTjBiM0l0YjNJdGMyVnNaam82Y0hJNlNXUmxiblJwWm1sallYUnBiMjRwUEM5a2MybG5PbGhRWVhSb1Bnb0pDUWtKQ1R3dlpITnBaenBVY21GdWMyWnZjbTArQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdElFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkyVnVkbVZzYjNCbFpDMXphV2R1WVhSMWNtVWlJQzgrQ2drSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1R4a2MybG5Pa1JwWjJWemRFMWxkR2h2WkNCQmJHZHZjbWwwYUcwOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREF2TURrdmVHMXNaSE5wWnlOemFHRXhJaUF2UGdvSkNRa0pQR1J6YVdjNlJHbG5aWE4wVm1Gc2RXVSthVXN6TW10cmJVNWtVelZIV2xSemJHOHhTbVJDWVdsRFRsVnJQVHd2WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDRLQ1FrSlBDOWtjMmxuT2xKbFptVnlaVzVqWlQ0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGUjVjR1U5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU5OWVc1cFptVnpkQ0lnVlZKSlBTSWpiV0Z1YVdabGMzUWlQZ29KQ1FrSlBHUnphV2M2UkdsblpYTjBUV1YwYUc5a0lFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkzTm9ZVEVpSUM4K0Nna0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDQ0TWtadVlVeGxja2x6YVVOM1RFRlhVVEZYUVVjcmJVUlVWVTA5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRazhMMlJ6YVdjNlVtVm1aWEpsYm1ObFBnb0pDVHd2WkhOcFp6cFRhV2R1WldSSmJtWnZQZ29KQ1R4a2MybG5PbE5wWjI1aGRIVnlaVlpoYkhWbFBnb2dJQ0FnY1UxMU1uTXJkV2xwVlhVMk0zRmpOWEZhYmxWWFpVeEZSREpuVm5GRFkwTmtRMGN4ZHpFMVoxSkdTV3Q0UzNOWVZGRlRRVE5LVjBoRFJYaHhjams1ZDBjMFYwMXRjRTF0U21oaFR3MEtkRGc0TjJOUlRtOUdURFJaYTBzMVRXcEhOR28wUjI1Q1ZHZFRhRVpXY0c0MWRXaFBkblpITUZsd1lVSlhNMlYyYVdSYVRYWkllV0psV1VSSVZHeHBia2sxVWtaU1pVaEdXRU5zVGcwS1dGQmhUMWxWTHpVek5GRnhaMWhLU1hrMFpXdHVkRFJ2UXk5TE0xRnVaVWhoU1VKbmVrSjFkMlpIUjIxbGEwVnlPVGROUkV0NllXWjBhMDVwTVVSS1dFNDRkMkZJVmtWTVdubHRPUTBLUjJGM1JraExjRUpGY2s5aGVqQXZVRVpxZUZGUVpsQkRaVW93UzJoNGRqbFFWVmh5YUZkUlMySkhZWEp1VlU1MUx5dFRNVEZqUzA5eGMzQmpiR2htUzFac2QxUlNhQzlXVkdsaFZBMEtSbUU0THpoYVMwSTVNM2cyV21SSVQwMHlZblY1VERaMVRqQTFjblpMWW05d1ozcG5ObEU5UFFvZ0lEd3ZaSE5wWnpwVGFXZHVZWFIxY21WV1lXeDFaVDQ4WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2xnMU1EbEVZWFJoUGp4a2MybG5PbGcxTURsRFpYSjBhV1pwWTJGMFpUNU5TVWxHZFhwRFEwSkxUMmRCZDBsQ1FXZEpSRWRUYTJWTlFUQkhRMU54UjFOSllqTkVVVVZDUWxGVlFVMUpSMlpOVVhOM1ExRlpSRlpSVVVkRmQwcENEUXBXUkVaSlRVVlpSMEV4VlVWRFozY3ZVVk14VldOdVZucGtRMEpJV2xoTmRVbEhXWFZKUms1d1dUSm9iR050YUd4aFdGSjZZek5zZW1SSFZuUmFVMEp3RFFwaVUwSnNZa2RXY21SSVNYVkpSVkpvWkVkV2RXUnRWbmxoTWxadlkybENTR0pYU2tsTlUwbDNTVUZaUkZaUlVVeEVRbXhvVEZoT2NGb3lOSFJaTWpsNURRcGpSemw1V1ZoU2JFeFhlSEJhTW1nd1RGUkJlVTFUU1hkSlFWbEVWbEZSUkVSQ2JHaE1XRTV3V2pJMGRGa3lPWGxqUnpsNVdWaFNiRXhYZUhCYU1tZ3dEUXBNVkVGNVRVSTBXRVJVUlRGTlJHTjVUMFJGTVU1RWEzZE9WbTlZUkZSSmQwMUVZM2xQUkVWNlRrUnJkMDVXYjNkbllsbDRRM3BCU2tKblRsWkNRVmxVRFFwQmEwWlZUVkkwZDBoQldVUldVVkZMUkVKV1JWbFlVbXhpYms1cVlVaFdNR1Z0ZEhaaVZ6RndZek5PY0dJeU5IaEpha0ZuUW1kT1ZrSkJjMDFIVms0d0RRcFpWekYwWlcxR2IySklTbXhhTW14NlpFZFdlVmx0Vm05aU1sWjVXa2RWZUV4cVFYTkNaMDVXUWtGTlRVcFdUbkJhTWpWb1pFaFdlV015Vm5sa2JXeHFEUXBhVTBKRldWaFNiR0p1VG1waFNGWXdaVzEwZG1KWE1YQmpNMDV3WWpJMGVFWlVRVlJDWjA1V1FrRlZWRVJFVFhsT1ZHdDVUMFJOZVUxNmF6VlBSRVZqRFFwTlFtOUhRMU54UjFOSllqTkVVVVZLUVZGM1RscElUbkpSUjFKNllYazFibVJwTldoa1JFTkRRVk5KZDBSUldVcExiMXBKYUhaalRrRlJSVUpDVVVGRURRcG5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVNHJaRUpUUlVKSGFqSnFWVmhKU3pGTmNETnNWbmhqTDFwaEszQktUV2w1UzNKWU0wY3hXbmhuV0M5cGEzZzNEUXBFT1hOamMxQlpUWFEwTnpOTWJFRlhiRGxqYlVOaVNHSktTeXRRVmpKWVRrNWtWVkpNVFZWRFNWZ3JOSFpWVG5NeVRVaGxSRlJSZEZnNFFsaHFTa1p3RFFwM1NsbFRiMkZTU2xFek9VWldVeTh4Y2pWelYyTnlZVGxJYUdSdE4zYzFSM1I0THpKMWEzbEVXREJyWkd0NFlYZHJhRkEwUlZGRmVta3ZVMGtyUm5WbkRRcHVLMWR4WjFFeGJrRmtiR0o0WWk5a1kwSjNOWGN4YURsaU0yeHRkWGRWWmpSNk0yOXZVVmRWUkRKRVowRXZhMHRrTVV0bGFrNVNORE50VEZWemJYWlREUXA2WlhaUWVGUTVlbk0zT0hCUFVqRlBZV05DTjBsemVsUldTbEJZWlU5RllXRk9Xa2h1YmtJdlZXVlBNMmM0VEVWV0x6TlBhMWhqVldkalRXdGlTVWxwRFFwaFFraHNiR3czTVZCeE1FTlBhamxyY1dwWWIyVTNUM0pTYWt4Wk5Xa3pTM2RQY0dFMlZFMURRWGRGUVVGaFQwTkJaVlYzWjJkSWFFMUNSVWRCTVZWa0RRcEVaMUZMUWtGb1RVTkJObVZIZGxNeGRXcEJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkNURUYzUkdkWlNFdHBaMEZEWjBWSVFWRlJSRUZSU0M5TlFrMUhEUXBCTVZWa1NYZFJUVTFCY1VGRFJXdGpWMFJ3VURaQk1FUk5RV3RIUVRGVlpFVjNVVU5OUVVGM1JrRlpTRXRwWjBGRFowVkNRVkZSU2tSQlpFTlZNRWwwRFFwU1JrNU1UVWc0UjBORGMwZEJVVlZHUW5kRlFrSklUWGRqVkVKSFFtZG5ja0puUlVaQ1VXTjNRVzlaTm1GSVVqQmpSRzkyVEROa00yUjVOV2hNV0ZKNURRcGtXRTR3VEcxR01Fd3lUbXhqYmxKNlRESkZkR015Ykc1aWFURnFZak5LZDJJelNtaGtSMVYwWWtkc2JtRklVWFJOUkVwb1RHMU9lV1JFUVc1Q1oyZHlEUXBDWjBWR1FsRmpkMEZaV1dKaFNGSXdZMFJ2ZGt3eU9XcGpNMEYxV1ZNeE1HTnVWbnBrUXpWb1pFTTVkbGt6VG5kTlJsRkhRVEZWWkVsQlVrNU5SWE4zRFFwVFVWbEhTMmxuUVVWUlJWTk5SRGgzVUZGWlNVdDNXVUpDVVZWSVFXZEZWMDFYYURCa1NFRTJUSGs1TTJRelkzVlpVekV3WTI1V2VtUkROV2hrUXpsckRRcGlNazU2VERKT2Qwd3lSWFJqTW14dVlta3hRbUpZVW5wak1teHVZbTFHTUdSWVNYZG5XalJIUVRGVlpFaDNVMEpzYWtOQ2EzcERRbXRMUTBKcVlVTkNEUXBwYjJGQ2FESjRhMWxZUVRaTWVUbHpXa2RHZDB4dFJYUmtTRW94WXpOUmRWbFlVWFppTTFVNVdWTXhlbUZYWkhWTVYwNTJZMjVDZG1OdFJqQmFVekZ6RFFwaFYyUnZaRU13ZDAxcGVIWlFWVVYwVmtoS01XTXpVWE5aZWpGQ1ZrUTVhbHBZU2pCaFYxcHdXVEpHTUZwWVNteGtiVGxxV1ZoU2NHSXlOWE5oV0U0d0RRcFFNa3BvWXpKVkwySXlTbkZhVjA0d1dUSjRhR016VFRsYVYyeHJVVEpXZVdSSGJHMWhWMDVvWkVkc2RtSnJSakZrUjJoMlkyMXNNR1ZVUVU1Q1oydHhEUXBvYTJsSE9YY3dRa0ZSVlVaQlFVOURRVkZGUVVoUk0xcERUWFJCWW1GNlpVMUliVmRCTW5wb1dXeEljVWhuUzFadlkxWllSVVJuYlU1dFYweEhjVVpsRFFvNFJVRkVSa2x6T0hWSGNtdDBRbTFYUTFWSldHSlljemRVU0dObWVITXlTalEzZGtoMVkyOXdjMlJyWVdKT2JGaEZhbnB1WkZKbWJtTXJNVlpKYm1KdkRRcDZUWEpaWkRkcVpVUk9WRXN2ZEVscWFVOUZXV1J5ZVVsd1pXdFdPVU5tWVhjM2VYVTJiV1ZtVFhwbGRURmhRWGRtTjBKdVN5OW9kV2wzU2xkdVpXNXdEUXBDTjJsRUwxQjJXaXR0ZW5WRE4xSk9aa3BtUmlzclUzUnBRbFI0YVROV1dYaE9SMDFxVFRGalZUaEhkemxXVjJNd1VqTkZkV3BQWVZoWFowTkRPR2sxRFFwR1IyaFdkazlaYUU1WVpuTjRTbGhpVG5obGQwVkRhbkJCVEhaRWJFWk1UQ3RwUXpRNVJ5dEJSRk52VW5Zd1UyczVNVTlRZFN0alNXMURhak55Y3pOUkRRcDBZWE5KTDNBNVRGbGhZMGMyWXk5blNUTjBSVEJwYUhGbk9WSmljMHRJV0ZGc00xQlBka1ZTU2tFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBnb0pDVHhrYzJsbk9rOWlhbVZqZEQ0S0NRa0pQR1J6YVdjNlRXRnVhV1psYzNRZ1NXUTlJbTFoYm1sbVpYTjBJajRLQ1FrSkNUeGtjMmxuT2xKbFptVnlaVzVqWlNCVlVrazlJaUkrQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrSlBHUnphV2M2V0ZCaGRHZytibTkwS0dGdVkyVnpkRzl5TFc5eUxYTmxiR1k2T21SemFXYzZVMmxuYm1GMGRYSmxLVHd2WkhOcFp6cFlVR0YwYUQ0S0NRa0pDUWtKUEM5a2MybG5PbFJ5WVc1elptOXliVDRLQ1FrSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrOFpITnBaenBFYVdkbGMzUk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF3THpBNUwzaHRiR1J6YVdjamMyaGhNU0lnTHo0S0NRa0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDV0TWpWR056UXZOMWRMVlV4QmIwVXlWemRDYzBneVdVWlFUelE5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRa0pQQzlrYzJsbk9sSmxabVZ5Wlc1alpUNEtDUWtKUEM5a2MybG5PazFoYm1sbVpYTjBQZ29KQ1R3dlpITnBaenBQWW1wbFkzUStDZ2s4TDJSemFXYzZVMmxuYm1GMGRYSmxQZ284TDNOaGJXdzZRWE56WlhKMGFXOXVQZz09IiwNCiAgICAiRUlELUNJVElaRU4tUUFBLUxFVkVMIjogImh0dHA6Ly9laWRhcy5ldXJvcGEuZXUvTG9BL3N1YnN0YW50aWFsIiwNCiAgICAiRUlELUNDUy1VUkwiOiAiaHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvIiwNCiAgICAiRUlELUFVVEgtQkxPQ0siOiAiUEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpSUhOMFlXNWtZV3h2Ym1VOUltNXZJajgrUEhOaGJXd3lPa0Z6YzJWeWRHbHZiaUI0Yld4dWN6cHpZVzFzTWowaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRnpjMlZ5ZEdsdmJpSWdTVVE5SWw4Mk0yWm1PV1ZtTmpjek56QXdNalJqTkdReVpEaGlPV0ptWkRNNE1EVTNPQ0lnU1hOemRXVkpibk4wWVc1MFBTSXlNREU0TFRBMkxURXpWREUzT2pRMk9qQTVLekF5T2pBd0lpQldaWEp6YVc5dVBTSXlMakFpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0krUEhOaGJXd3lPa2x6YzNWbGNpQkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcHVZVzFsYVdRdFptOXliV0YwT21WdWRHbDBlU0krYUhSMGNITTZMeTkzZDNjdVlTMTBjblZ6ZEM1aGRDOTBiMlJ2UEM5ellXMXNNanBKYzNOMVpYSStQR1J6YVdjNlUybG5ibUYwZFhKbElIaHRiRzV6T21SemFXYzlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURBdk1Ea3ZlRzFzWkhOcFp5TWlJRWxrUFNKemFXZHVZWFIxY21VdE1TMHhJajQ4WkhOcFp6cFRhV2R1WldSSmJtWnZQanhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk5VVVpOHlNREF4TDFKRlF5MTRiV3d0WXpFMGJpMHlNREF4TURNeE5TSWdMejQ4WkhOcFp6cFRhV2R1WVhSMWNtVk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU055YzJFdGMyaGhNalUySWlBdlBqeGtjMmxuT2xKbFptVnlaVzVqWlNCSlpEMGljbVZtWlhKbGJtTmxMVEV0TVNJZ1ZWSkpQU0lpUGp4a2MybG5PbFJ5WVc1elptOXliWE0rUEdSemFXYzZWSEpoYm5ObWIzSnRJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2VkZJdk1UazVPUzlTUlVNdGVITnNkQzB4T1RrNU1URXhOaUkrUEhoemJEcHpkSGxzWlhOb1pXVjBJSGh0Ykc1ek9uaHpiRDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TVRrNU9TOVlVMHd2VkhKaGJuTm1iM0p0SWlCbGVHTnNkV1JsTFhKbGMzVnNkQzF3Y21WbWFYaGxjejBpYzJGdGJESWlJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02YzJGdGJESTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUGp4NGMydzZiM1YwY0hWMElHMWxkR2h2WkQwaWVHMXNJaUI0Yld3NmMzQmhZMlU5SW1SbFptRjFiSFFpSUM4K1BIaHpiRHAwWlcxd2JHRjBaU0J0WVhSamFEMGlMeUlnZUcxc2JuTTlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5MekU1T1RrdmVHaDBiV3dpUGp4b2RHMXNJSGh0Ykc1elBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDNob2RHMXNJajQ4YUdWaFpENDhkR2wwYkdVK1UybG5ibUYwZFhJZ1pHVnlJRUZ1YldWc1pHVmtZWFJsYmp3dmRHbDBiR1UrUEhOMGVXeGxJRzFsWkdsaFBTSnpZM0psWlc0aUlIUjVjR1U5SW5SbGVIUXZZM056SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FKQ1FrSkNTNXViM0p0WVd4emRIbHNaU0I3SUdadmJuUXRjMmw2WlRvZ2JXVmthWFZ0T3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRa0pMbWwwWVd4cFkzTjBlV3hsSUhzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lHWnZiblF0YzNSNWJHVTZJR2wwWVd4cFl6c2dmUW9KQ1FrSkNRa0pDUzUwYVhSc1pYTjBlV3hsSUhzZ2RHVjRkQzFrWldOdmNtRjBhVzl1T25WdVpHVnliR2x1WlRzZ1ptOXVkQzEzWldsbmFIUTZZbTlzWkRzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lIMGdDZ2tKQ1FrSkNRa0pMbWcwYzNSNWJHVWdleUJtYjI1MExYTnBlbVU2SUd4aGNtZGxPeUI5SUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtDUWtKQ1FrSkNRa3VhR2xrWkdWdUlIdGthWE53YkdGNU9pQnViMjVsT3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRazhMM04wZVd4bFBqd3ZhR1ZoWkQ0OFltOWtlVDQ4YURRZ1kyeGhjM005SW1nMGMzUjViR1VpUGtGdWJXVnNaR1ZrWVhSbGJqbzhMMmcwUGp4d0lHTnNZWE56UFNKMGFYUnNaWE4wZVd4bElqNUVZWFJsYmlCNmRYSWdVR1Z5YzI5dVBDOXdQangwWVdKc1pTQmpiR0Z6Y3owaWNHRnlZVzFsZEdWeWN5SStQSGh6YkRwcFppQjBaWE4wUFNKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUXZjMkZ0YkRJNlFYUjBjbWxpZFhSbFcwQk9ZVzFsUFNkMWNtNDZiMmxrT2pJdU5TNDBMalF5SjEwdmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVXBJajQ4ZEhJK1BIUmtJR05zWVhOelBTSnBkR0ZzYVdOemRIbHNaU0krVm05eWJtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakl1TlM0MExqUXlKMTB2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVaUlDOCtQQzkwWkQ0OEwzUnlQand2ZUhOc09tbG1Qang0YzJ3NmFXWWdkR1Z6ZEQwaWMzUnlhVzVuS0M5ellXMXNNanBCYzNObGNuUnBiMjR2YzJGdGJESTZRWFIwY21saWRYUmxVM1JoZEdWdFpXNTBMM05oYld3eU9rRjBkSEpwWW5WMFpWdEFUbUZ0WlQwbmRYSnVPbTlwWkRveExqSXVOREF1TUM0eE1DNHlMakV1TVM0eU5qRXVNakFuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTa2lQangwY2o0OGRHUWdZMnhoYzNNOUltbDBZV3hwWTNOMGVXeGxJajVPWVdOb2JtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhlSE5zT21sbUlIUmxjM1E5SW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMM05oYld3eU9rRjBkSEpwWW5WMFpWTjBZWFJsYldWdWRDOXpZVzFzTWpwQmRIUnlhV0oxZEdWYlFFNWhiV1U5SjNWeWJqcHZhV1E2TVM0eUxqUXdMakF1TVRBdU1pNHhMakV1TlRVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU2tpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SFpXSjFjblJ6WkdGMGRXMDZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNDFOU2RkTDNOaGJXd3lPa0YwZEhKcFluVjBaVlpoYkhWbElpQXZQand2ZEdRK1BDOTBjajQ4TDNoemJEcHBaajQ4ZUhOc09tbG1JSFJsYzNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNHlOakV1T1RBblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGxadmJHeHRZV05vZERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25SbGVIUStTV05vSUcxbGJHUmxJRzFwWTJnZ2FXNGdWbVZ5ZEhKbGRIVnVaeUJoYmk0Z1NXMGdic09rWTJoemRHVnVJRk5qYUhKcGRIUWdkMmx5WkNCdGFYSWdaV2x1WlNCTWFYTjBaU0JrWlhJZ1pzTzhjaUJ0YVdOb0lIWmxjbWJEdkdkaVlYSmxiaUJXWlhKMGNtVjBkVzVuYzNabGNtakRwR3gwYm1semMyVWdZVzVuWlhwbGFXZDBMQ0JoZFhNZ1pHVnVaVzRnYVdOb0lHVnBibVZ6SUdGMWMzZkRwR2hzWlc0Z2QyVnlaR1V1UEM5NGMydzZkR1Y0ZEQ0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BDOTBZV0pzWlQ0OGNDQmpiR0Z6Y3owaWRHbDBiR1Z6ZEhsc1pTSStSR0YwWlc0Z2VuVnlJRUZ1ZDJWdVpIVnVaend2Y0Q0OGRHRmliR1VnWTJ4aGMzTTlJbkJoY21GdFpYUmxjbk1pUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SlpHVnVkR2xtYVd0aGRHOXlPaUE4TDNSa1BqeDBaQ0JqYkdGemN6MGlibTl5YldGc2MzUjViR1VpUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKMmgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblF2YzJGdGJESTZRWFIwY21saWRYUmxXMEJPWVcxbFBTZG9kSFJ3T2k4dlpXbGtMbWQyTG1GMEwyVkpSQzloZEhSeWFXSjFkR1Z6TDFObGNuWnBZMlZRY205MmFXUmxja1p5YVdWdVpHeDVUbUZ0WlNkZEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxLU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGs1aGJXVTZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5hSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpHY21sbGJtUnNlVTVoYldVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0lnTHo0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BIaHpiRHBwWmlCMFpYTjBQU0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2RvZEhSd09pOHZaV2xrTG1kMkxtRjBMMlZKUkM5aGRIUnlhV0oxZEdWekwxTmxjblpwWTJWUWNtOTJhV1JsY2tOdmRXNTBjbmxEYjJSbEoxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VwSWo0OGRISStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1UzUmhZWFE2SUR3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJaTl6WVcxc01qcEJjM05sY25ScGIyNHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFUzUmhkR1Z0Wlc1MEwzTmhiV3d5T2tGMGRISnBZblYwWlZ0QVRtRnRaVDBuYUhSMGNEb3ZMMlZwWkM1bmRpNWhkQzlsU1VRdllYUjBjbWxpZFhSbGN5OVRaWEoyYVdObFVISnZkbWxrWlhKRGIzVnVkSEo1UTI5a1pTZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhMM1JoWW14bFBqeHdJR05zWVhOelBTSjBhWFJzWlhOMGVXeGxJajVVWldOb2JtbHpZMmhsSUZCaGNtRnRaWFJsY2p3dmNENDhkR0ZpYkdVZ1kyeGhjM005SW5CaGNtRnRaWFJsY25NaVBqeDBjajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUVZWFIxYlRvOEwzUmtQangwWkNCamJHRnpjejBpYm05eWJXRnNjM1I1YkdVaVBqeDRjMnc2ZG1Gc2RXVXRiMllnYzJWc1pXTjBQU0p6ZFdKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTlBU1hOemRXVkpibk4wWVc1MExEa3NNaWtpSUM4K1BIaHpiRHAwWlhoMFBpNDhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMRFlzTWlraUlDOCtQSGh6YkRwMFpYaDBQaTQ4TDNoemJEcDBaWGgwUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSnpkV0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOUFTWE56ZFdWSmJuTjBZVzUwTERFc05Da2lJQzgrUEM5MFpENDhMM1J5UGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1VmFISjZaV2wwT2p3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJbk4xWW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMMEJKYzNOMVpVbHVjM1JoYm5Rc01USXNNaWtpSUM4K1BIaHpiRHAwWlhoMFBqbzhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMREUxTERJcElpQXZQang0YzJ3NmRHVjRkRDQ2UEM5NGMydzZkR1Y0ZEQ0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGljM1ZpYzNSeWFXNW5LQzl6WVcxc01qcEJjM05sY25ScGIyNHZRRWx6YzNWbFNXNXpkR0Z1ZEN3eE9Dd3lLU0lnTHo0OEwzUmtQand2ZEhJK1BIUnlQangwWkNCamJHRnpjejBpYVhSaGJHbGpjM1I1YkdVaVBsUnlZVzV6WVd0MGFXOXVjMVJ2YTJWdU9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDBCSlJDSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKM1Z5YmpwdmFXUTZNUzR5TGpRd0xqQXVNVEF1TWk0eExqRXVNall4TGprd0oxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo0S0NRa0pDUWtKQ1FrSkNRbFdiMnhzYldGamFIUmxiaTFTWldabGNtVnVlam9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0NU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhkSElnWTJ4aGMzTTlJbWhwWkdSbGJpSStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1JHRjBZVlZTVERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25aaGJIVmxMVzltSUhObGJHVmpkRDBpTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcERiMjVrYVhScGIyNXpMM05oYld3eU9rRjFaR2xsYm1ObFVtVnpkSEpwWTNScGIyNHZjMkZ0YkRJNlFYVmthV1Z1WTJVaUlDOCtQQzkwWkQ0OEwzUnlQang0YzJ3NmFXWWdkR1Z6ZEQwaUwzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBEYjI1a2FYUnBiMjV6TDBCT2IzUlBiazl5UVdaMFpYSWlQangwY2lCamJHRnpjejBpYUdsa1pHVnVJajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUJkWFJvUW14dlkydFdZV3hwWkZSdk9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDNOaGJXd3lPa052Ym1ScGRHbHZibk12UUU1dmRFOXVUM0pCWm5SbGNpSWdMejQ4TDNSa1Bqd3ZkSEkrUEM5NGMydzZhV1krUEM5MFlXSnNaVDQ4TDJKdlpIaytQQzlvZEcxc1Bqd3ZlSE5zT25SbGJYQnNZWFJsUGp3dmVITnNPbk4wZVd4bGMyaGxaWFErUEM5a2MybG5PbFJ5WVc1elptOXliVDQ4WkhOcFp6cFVjbUZ1YzJadmNtMGdRV3huYjNKcGRHaHRQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEx6RXdMM2h0YkMxbGVHTXRZekUwYmlNaUlDOCtQQzlrYzJsbk9sUnlZVzV6Wm05eWJYTStQR1J6YVdjNlJHbG5aWE4wVFdWMGFHOWtJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOHdOQzk0Yld4bGJtTWpjMmhoTWpVMklpQXZQanhrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQbXBoTUhSSlVEQkJVVEU0ZGk4NFpsVmpOR1kxYVhsSGNIWXhXVGhFYWpGUGJDODVNa2RTU0V0Q2EyYzlQQzlrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQand2WkhOcFp6cFNaV1psY21WdVkyVStQR1J6YVdjNlVtVm1aWEpsYm1ObElFbGtQU0psZEhOcExXUmhkR0V0Y21WbVpYSmxibU5sTFRFdE1TSWdWSGx3WlQwaWFIUjBjRG92TDNWeWFTNWxkSE5wTG05eVp5OHdNVGt3TXlOVGFXZHVaV1JRY205d1pYSjBhV1Z6SWlCVlVrazlJaU5sZEhOcExYTnBaMjVsWkhCeWIzQmxjblJwWlhNdE1TMHhJajQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrTVZGVWFXNTBPR1Y1UXpsNFVFbExXR0ZxYzJ0cmVUWmlMM2MzY20xV1JEUldZMjQwUjFkMVJrMVZjejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5a2MybG5PbEpsWm1WeVpXNWpaVDQ4TDJSemFXYzZVMmxuYm1Wa1NXNW1iejQ4WkhOcFp6cFRhV2R1WVhSMWNtVldZV3gxWlNCSlpEMGljMmxuYm1GMGRYSmxkbUZzZFdVdE1TMHhJajVLT0ROMFdUUnhUMWhGWVhWNWMxVXhMM1pUZWtzMk1EbDBNRWRKUm5sQlJUZFVkR05LYmpsRmNXZGFXa3RHTmxNMWVVRllURTlzZEhsc1JVdFBZV015TW1zMUsxaHlaRlZ0ZFV0NGFtNHdMekZQWTNwSFJqRTNlR1pYYXpORWFtbHdUMDlqZFVOM2VYQlZTV3BWTW5KVEt6RldkMnhxVUU4NGNIY3hTSGR3VEZaa1JtbFJjVzkzZVU5NFRGTkJlV05VUlV4Ukx6bHhRVTFaTm05UFpscFBiMEZhVTNaVFpXOVJVazVhVFN0YUwyTjZOalZDZUhwdFZrUklkMjgwYmxkemJTOXdVWEpSYmtkblVGQTFORmRNVWpSc1YyOXZWV2xqU1ZkdVEyMW5ZbVV6WVdkUVoybFBNVTlITVV4SWNuTkVNbXBrY0VKeGJITkJjWGR2Y0U1Qk5ta3dXbkE1Y3pFNVNEWk1VbWxsTjBKNE9EUnpSbmxLWlhNMU5qWTFaRkp4WlhoWFpub3ZOVGhaU0ZndmMzWkdOWEpDZUhjMVVHcEtZbGhYYmxKNlptcHpORXM0YzBSeVdsQmFhSEZSU0hwQ1Zub3pTV2M5UFR3dlpITnBaenBUYVdkdVlYUjFjbVZXWVd4MVpUNDhaSE5wWnpwTFpYbEpibVp2UGp4a2MybG5PbGcxTURsRVlYUmhQanhrYzJsbk9sZzFNRGxEWlhKMGFXWnBZMkYwWlQ1TlNVbEdNV3BEUTBKTU5tZEJkMGxDUVdkSlJWRnpNVEpxVkVGT1FtZHJjV2hyYVVjNWR6QkNRVkZ6UmtGRVEwSnZWRVZNVFVGclIwRXhWVVZDWjNkRFVWWlJlRk5FUWtkQ1owNVdRa0Z2VFZBd1JYUldTRW94WXpOUloxSXlWbnBNYVVKdFRHbENWR0ZYVG05YVdFcHZXbGRzTUdNelRqVmpNMUpzWWxkVloyRlhNR2RhVjNoc1lUTlNlVXhwUWtWWldGSnNZbTVhYkdOdGRHeGhTRWxuVWpJeGFWTkVSV3BOUTBWSFFURlZSVU4zZDJGWlV6RjZZVmRrZFV4V1FubGFWekZ3WkZjd2RGWkhWbnBrUXpGVVlWZGpkRTFFU1hoSmVrRm9RbWRPVmtKQlRVMUhiVVYwWXpKc2JtSnBNVkZqYlZaMFlWaFdkRXhXVW14ak0xRjBWVEpzYmt4VVFYbE5RalJZUkZSRk5FMUVXWGhOZWtFMFRsUmpNVTlHYjFoRVZFbDZUVVJaZUUxNlFUUk9WR014VDBadmQxbEVSVXhOUVd0SFFURlZSVUpuZDBOUlZsRjRSbnBCVmtKblRsWkNRVTFOUkdzeGFHVkRRazVrV0U0d1dsaEtkRmxYTlhWTlVrMTNSVkZaUkZaUlVVVkVRWEJPWkZoT01GcFlTblJaVnpWMVRWRjNkME5uV1VSV1VWRnhSRUZPVGxsWVozaEdWRUZVUW1kT1ZrSkJWVTFFUkZWNFRVUmpNVTFFV1RCUFJFMTRUVlJEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUWEo0YWtSM0sxZEplRE16Y1U1aU1sZG9kMDFSYUZGa0wyZEJXbTB5YWpkTFpIaGtZV2R5V1ZBemNqTnJSWGcyZWpaNFEzcFVibnBWWWl0SmJYUkljMUJFVkRZemRXcDRiWGRyTTAwelpsVktNV1J0ZHprMVJFdFlWV1ZGY2toNmVrSTVUVlI0Vml0a1prbHJSVGxQVkUweVpsaGxPVlpNU21aYVkwOXdUa2syVTNCb1JrSk1NMjFZUVVKRFRtRnVaREk0UTB0Vk9WQkhjek15WldaNk0xSlBiVUpHSzJ4TmVuVkJVekJYWVdOWVJFSllUa2xtVjBrNEwyeDBRMkZTVEd0clZIUXhhalpTV1dFeFpHeEVhVlZRY1hOamRpdFBhRE5PZUhrcmVrRlZSVlp2ZVZVdldHRmpiUzh2U0ZodWFuZHdLMEpQV1ZOcVJWVnhOMmhDYnpKdlZHd3ZlU3RPTjJoclJHcEVlRXR0UzFOb09HWkplbXRtZVVSMEszQkNOMnhJTm1wVVlteHdVbmRhYVhWc2VrMU9Ua2RLUm01QmFuZGxTVEl3VDJSbFFrVjBlR3RsWnpaVFRteHJNRTVIYVRKS2F6TnpRMEYzUlVGQllVOURRV3hSZDJkblNsRk5TVWRFUW1kbmNrSm5SVVpDVVdOQ1FWRlNNMDFJVlhkU1VWbEpTM2RaUWtKUlZVaE5RVXRIVDFkb01HUklRVFpNZVRrelpETmpkVmxUTVRCamJsWjZaRU0xYUdSRE9XcGFXRW93WTNrNWFFeFlUbkJhTWpSMFkwaEtiR0pYYkRGaVV6RjBZakpLY0dKSFZYUk5SRTVvVEcxT2VXUkVRWE5DWjJkeVFtZEZSa0pSWTNkQldWbG5ZVWhTTUdORWIzWk1NamxxWXpOQmRHUkhWbnBrUXpWb1RGaFNlV1JZVGpCTWJVWXdUREk1YW1NelFYZEZkMWxFVmxJd2FrSkJkM2REYjBGSlVtZGhabXByUjA5R1lqQjNZMmRaU1V0M1dVSkNVVlZJUVZGTlJWcHFRbXROUVc5SFEwTnpSMEZSVlVaQ2QzTkRUVUZuUjBKblVVRnFhMWxDUVZSQlNVSm5XVVZCU1RWSFFWRlJkMFYzV1VkQ1FVTlBVbWRGUjAxQmEwZENkMUZCYW10WlFrSm5SWGRNVVZsSFFrRkRUMUpuUlVaTlEwMTNTVkpaWW1GSVVqQmpTRTAyVEhrNU0yUXpZM1ZaVXpFd1kyNVdlbVJETldoa1F6bDNXa2hOZGtWM1NrWlVha0ZTUW1kT1ZraFJORVZEWjFGSlVqWjRPRVZqYzNGUGVITjNSR2RaUkZaU01GQkJVVWd2UWtGUlJFRm5Za0ZOUVd0SFFURlZaRVYzVVVOTlFVRjNXVUZaUkZaU01HZENSbXQzVm5wQlNVSm5XVVZCU1hOM1FWRkZkMU4zV1VkTGFXZEJSVkZGVlUxRlJYZFFkMWxKUzNkWlFrSlJWVWhCWjBWWFRUSm9NR1JJUVRaTWVUa3paRE5qZFZsVE1UQmpibFo2WkVNMWFHUkRPV3RpTWs1NlRESk9kMHd5UlhSak1teHVZbWt4ZDJOdFZuUmhXRlowVEZjeGRsbHRiSE5hVkVOQ2NtZFpSRlpTTUdaQ1NVZHRUVWxIYWsxSlIyZHZTVWRrYjBsSFlXaHZSMWhpUjFKb1kwUnZka3d5ZUd0WldFRjBaRWRXZW1SRE5XaE1XRko1WkZoT01FeHRSakJNTWpreFVGZEZkR015Ykc1aWFURlJZMjFXZEdGWVZuUk1WbEpzWXpOUmRGVXliRzVNVkVGNVNVTm9WRk5GUlhSTmFsVXlTMU40ZGxCVlJYUldTRW94WXpOUmMxbDZNVUpXUkRscVdsaEtNR0ZYV25CWk1rWXdXbGhLYkdSdE9XcFpXRkp3WWpJMWMyRllUakJRTWtwb1l6SlZMMkl5U25GYVYwNHdXVEo0YUdNelRUbGFWMnhyVVRKV2VXUkhiRzFoVjA1b1pFZHNkbUpyUmpGa1IyaDJZMjFzTUdWVVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGTk1GQkVMekl6U20xUE16Wk5Uazk1SzNwYVFpOVVUSE5oUmpjNE1HMXRUMHRxY0dzeFdITllRWHBWVGt0YU5sTnlkQ3R0TUhVcksybFhiemxNT0VoR0wyeHllRk5FT0VkWVNtTkVURmxYUm1aNE56QnlORW81ZDFVNFN6ZHdSRWt4YmpsRmNXSkJjekJTSzNaWlZtNU1OVlZXVUM5MVZWRmxkekpYYkhBMU9GQkdjR2RCV0N0VUwxTkZNR05sWlV0NVRUaFlSVzVZVTNwbFRpOUZVM1JzUml0S1EyRkJPSFZ0Y1dwdFJFVnVZV1V6Y1hWeFUxVnNLMHhsYTFCVk9HazRSME56YmpVNWRYaDBibFZ1ZUVsTlMzY3paR2N2TjBRM1dUaE1ObFoxTkU1WE5FeGpiemRtYVRsRGNtRklRelJTVEV4MFpIaFliSFpQZGxGcFJWbHZSU3Q1TVRkbk1Ia3ZRemhPTkVSelkyaGFhWHBaZDNBd2NFOVNUMkpqWmt0V1RuQndWWFZMZFhOTmFIUnRVMnBzTUZaeEx5OWhkamhVVlhGU2NEVkdlalpYWTNwMFVFZEhVM2N3Um1WbGRsVkxSRzlETDBFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2s5aWFtVmpkQ0JKWkQwaVpYUnphUzF6YVdkdVpXUXRNUzB4SWo0OFpYUnphVHBSZFdGc2FXWjVhVzVuVUhKdmNHVnlkR2xsY3lCNGJXeHVjenBsZEhOcFBTSm9kSFJ3T2k4dmRYSnBMbVYwYzJrdWIzSm5MekF4T1RBekwzWXhMak11TWlNaUlGUmhjbWRsZEQwaUkzTnBaMjVoZEhWeVpTMHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGQnliM0JsY25ScFpYTWdTV1E5SW1WMGMya3RjMmxuYm1Wa2NISnZjR1Z5ZEdsbGN5MHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGTnBaMjVoZEhWeVpWQnliM0JsY25ScFpYTStQR1YwYzJrNlUybG5ibWx1WjFScGJXVStNakF4T0Mwd05pMHhNMVF4TlRvME5qb3dPVm84TDJWMGMyazZVMmxuYm1sdVoxUnBiV1UrUEdWMGMyazZVMmxuYm1sdVowTmxjblJwWm1sallYUmxQanhsZEhOcE9rTmxjblErUEdWMGMyazZRMlZ5ZEVScFoyVnpkRDQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrYW1WQmJFcHdTVEZIWkV0WlVXMVNOM1pRY25KVWNrZFdPVWRNT1M5MVdXeExNM0JyU1ROUWVtNHpiejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5bGRITnBPa05sY25SRWFXZGxjM1ErUEdWMGMyazZTWE56ZFdWeVUyVnlhV0ZzUGp4a2MybG5PbGcxTURsSmMzTjFaWEpPWVcxbFBrTk9QV0V0YzJsbmJpMVFjbVZ0YVhWdExWUmxjM1F0VTJsbkxUQXlMRTlWUFdFdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TEU4OVFTMVVjblZ6ZENCSFpYTXVJR1l1SUZOcFkyaGxjbWhsYVhSemMzbHpkR1Z0WlNCcGJTQmxiR1ZyZEhJdUlFUmhkR1Z1ZG1WeWEyVm9jaUJIYldKSUxFTTlRVlE4TDJSemFXYzZXRFV3T1VsemMzVmxjazVoYldVK1BHUnphV2M2V0RVd09WTmxjbWxoYkU1MWJXSmxjajR4TVRJd056WXhORGcxUEM5a2MybG5PbGcxTURsVFpYSnBZV3hPZFcxaVpYSStQQzlsZEhOcE9rbHpjM1ZsY2xObGNtbGhiRDQ4TDJWMGMyazZRMlZ5ZEQ0OEwyVjBjMms2VTJsbmJtbHVaME5sY25ScFptbGpZWFJsUGp4bGRITnBPbE5wWjI1aGRIVnlaVkJ2YkdsamVVbGtaVzUwYVdacFpYSStQR1YwYzJrNlUybG5ibUYwZFhKbFVHOXNhV041U1cxd2JHbGxaQ0F2UGp3dlpYUnphVHBUYVdkdVlYUjFjbVZRYjJ4cFkzbEpaR1Z1ZEdsbWFXVnlQand2WlhSemFUcFRhV2R1WldSVGFXZHVZWFIxY21WUWNtOXdaWEowYVdWelBqeGxkSE5wT2xOcFoyNWxaRVJoZEdGUFltcGxZM1JRY205d1pYSjBhV1Z6UGp4bGRITnBPa1JoZEdGUFltcGxZM1JHYjNKdFlYUWdUMkpxWldOMFVtVm1aWEpsYm1ObFBTSWpjbVZtWlhKbGJtTmxMVEV0TVNJK1BHVjBjMms2VFdsdFpWUjVjR1UrWVhCd2JHbGpZWFJwYjI0dmVHaDBiV3dyZUcxc1BDOWxkSE5wT2sxcGJXVlVlWEJsUGp3dlpYUnphVHBFWVhSaFQySnFaV04wUm05eWJXRjBQand2WlhSemFUcFRhV2R1WldSRVlYUmhUMkpxWldOMFVISnZjR1Z5ZEdsbGN6NDhMMlYwYzJrNlUybG5ibVZrVUhKdmNHVnlkR2xsY3o0OEwyVjBjMms2VVhWaGJHbG1lV2x1WjFCeWIzQmxjblJwWlhNK1BDOWtjMmxuT2s5aWFtVmpkRDQ4TDJSemFXYzZVMmxuYm1GMGRYSmxQanh6WVcxc01qcERiMjVrYVhScGIyNXpJRTV2ZEVKbFptOXlaVDBpTWpBeE9DMHdOaTB4TTFReE56bzBOam93T1Nzd01qb3dNQ0lnVG05MFQyNVBja0ZtZEdWeVBTSXlNREU0TFRBMkxURXpWREU0T2pBeE9qQTVLekF5T2pBd0lqNDhjMkZ0YkRJNlFYVmthV1Z1WTJWU1pYTjBjbWxqZEdsdmJqNDhjMkZ0YkRJNlFYVmthV1Z1WTJVK2FIUjBjSE02THk5bGFXUXVaM1l1WVhRdmJXOWhMV2xrTFdGMWRHZ3ZjMnd5TUM5a1lYUmhWWEpzUDNCbGJtUnBibWRwWkQwME9UYzFOelUxTXpjNE16azBNRFF4TkRnMlBDOXpZVzFzTWpwQmRXUnBaVzVqWlQ0OEwzTmhiV3d5T2tGMVpHbGxibU5sVW1WemRISnBZM1JwYjI0K1BDOXpZVzFzTWpwRGIyNWthWFJwYjI1elBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbEJXVUMxV1JWSlRTVTlPSWlCT1lXMWxQU0oxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eE1DSWdUbUZ0WlVadmNtMWhkRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T21GMGRISnVZVzFsTFdadmNtMWhkRHAxY21raVBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0I0Yld4dWN6cDRjMms5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01ERXZXRTFNVTJOb1pXMWhMV2x1YzNSaGJtTmxJaUI0YzJrNmRIbHdaVDBpZUhNNmMzUnlhVzVuSWo0eUxqRThMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsUGp3dmMyRnRiREk2UVhSMGNtbGlkWFJsUGp4ellXMXNNanBCZEhSeWFXSjFkR1VnUm5KcFpXNWtiSGxPWVcxbFBTSlFVa2xPUTBsUVFVd3RUa0ZOUlNJZ1RtRnRaVDBpZFhKdU9tOXBaRG94TGpJdU5EQXVNQzR4TUM0eUxqRXVNUzR5TmpFdU1qQWlJRTVoYldWR2IzSnRZWFE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaGRIUnlibUZ0WlMxbWIzSnRZWFE2ZFhKcElqNDhjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VnZUcxc2JuTTZlSE5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0lnZUhOcE9uUjVjR1U5SW5oek9uTjBjbWx1WnlJK1RYVnpkR1Z5YldGdWJqd3ZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1UrUEM5ellXMXNNanBCZEhSeWFXSjFkR1UrUEhOaGJXd3lPa0YwZEhKcFluVjBaU0JHY21sbGJtUnNlVTVoYldVOUlrZEpWa1ZPTFU1QlRVVWlJRTVoYldVOUluVnlianB2YVdRNk1pNDFMalF1TkRJaUlFNWhiV1ZHYjNKdFlYUTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoZEhSeWJtRnRaUzFtYjNKdFlYUTZkWEpwSWo0OGMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVWdlRzFzYm5NNmVITnBQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEwxaE5URk5qYUdWdFlTMXBibk4wWVc1alpTSWdlSE5wT25SNWNHVTlJbmh6T25OMGNtbHVaeUkrVFdGNFBDOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaVDQ4TDNOaGJXd3lPa0YwZEhKcFluVjBaVDQ4YzJGdGJESTZRWFIwY21saWRYUmxJRVp5YVdWdVpHeDVUbUZ0WlQwaVFrbFNWRWhFUVZSRklpQk9ZVzFsUFNKMWNtNDZiMmxrT2pFdU1pNDBNQzR3TGpFd0xqSXVNUzR4TGpVMUlpQk9ZVzFsUm05eWJXRjBQU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WVhSMGNtNWhiV1V0Wm05eWJXRjBPblZ5YVNJK1BITmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxJSGh0Ykc1ek9uaHphVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOVlUVXhUWTJobGJXRXRhVzV6ZEdGdVkyVWlJSGh6YVRwMGVYQmxQU0o0Y3pwemRISnBibWNpUGpFNU5EQXRNREV0TURFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Vlc1cGNYVmxTV1FpSUU1aGJXVTlJbWgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FpSUU1aGJXVkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcGhkSFJ5Ym1GdFpTMW1iM0p0WVhRNmRYSnBJajQ4YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVZ2VHMXNibk02ZUhOcFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4TDFoTlRGTmphR1Z0WVMxcGJuTjBZVzVqWlNJZ2VITnBPblI1Y0dVOUluaHpPbk4wY21sdVp5SSthSFIwY0hNNkx5OWlhVzVrYVc1bkxtOWxjM1JsY25KbGFXTm9MbWQyTG1GMEwyRjFkR2d2YzNBdlRXVjBZV1JoZEdFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Um5KcFpXNWtiSGxPWVcxbElpQk9ZVzFsUFNKb2RIUndPaTh2Wldsa0xtZDJMbUYwTDJWSlJDOWhkSFJ5YVdKMWRHVnpMMU5sY25acFkyVlFjbTkyYVdSbGNrWnlhV1Z1Wkd4NVRtRnRaU0lnVG1GdFpVWnZjbTFoZEQwaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRjBkSEp1WVcxbExXWnZjbTFoZERwMWNta2lQanh6WVcxc01qcEJkSFJ5YVdKMWRHVldZV3gxWlNCNGJXeHVjenA0YzJrOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREV2V0UxTVUyTm9aVzFoTFdsdWMzUmhibU5sSWlCNGMyazZkSGx3WlQwaWVITTZjM1J5YVc1bklqNUNhVzVrYVc1bklGTmxjblpwWTJVZ1pzTzhjaUJ2WlM1bmRpNWhkRHd2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzTWpwQmRIUnlhV0oxZEdVK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbE5sY25acFkyVlFjbTkyYVdSbGNpMURiM1Z1ZEhKNVEyOWtaU0lnVG1GdFpUMGlhSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpEYjNWdWRISjVRMjlrWlNJZ1RtRnRaVVp2Y20xaGREMGlkWEp1T205aGMybHpPbTVoYldWek9uUmpPbE5CVFV3Nk1pNHdPbUYwZEhKdVlXMWxMV1p2Y20xaGREcDFjbWtpUGp4ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTQjRiV3h1Y3pwNGMyazlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURFdldFMU1VMk5vWlcxaExXbHVjM1JoYm1ObElpQjRjMms2ZEhsd1pUMGllSE02YzNSeWFXNW5JajVCVkR3dmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUStQQzl6WVcxc01qcEJjM05sY25ScGIyNCsiDQogIH0NCn0.WgPyI2KiVzp2DzbC6AfbDlQbXEYk-hL78-bfzj_b_IXwyHmuENwHA8MslDHOe1bYd3mlSTnoAUE20igmXM6gnFOe4pQes2i5d8YAnYRspbwhj86sn5_vMyGfHtBsApP3MqjcSHL24vo6DHqKYqN85FMGq6GnPub9HGbeIgMAvECuH0ZCqY5MDWj4FI2OA5Jrn2fyBY1CebF5NdTSUeBJMjG_q-cpTnWmkcELKXTNJg9ihkHR8FkBjt8xh2YWh9Opk_0RrUIZI5U9YC4Xc-Hgj7C7YplA4Pr0_SUHdqH_86xF7GcMMuC5Bs8EU22lejxhxwz0BzPPg2Ws0LJ8RGAm0A"
+} \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json
new file mode 100644
index 000000000..0513709e2
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json
@@ -0,0 +1,8 @@
+{"result":
+ {
+ "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6cHI9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9wZXJzb25kYXRhLzIwMDIwMjI4IyIgeG1sbnM6c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiBBc3NlcnRpb25JRD0ic3pyLmJtaS5ndi5hdC1Bc3NlcnRpb25JRDE0Njc2MTY4NDU1MTg2OTkiIElzc3VlSW5zdGFudD0iMjAxNi0wNy0wNFQwOToyMDo0NSswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiPgoJPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCTxzYW1sOlN1YmplY3Q+CgkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJCQk8c2FtbDpDb25maXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KCQkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhPgoJCQkJCTxwcjpQZXJzb24gc2k6dHlwZT0icHI6UGh5c2ljYWxQZXJzb25UeXBlIj48cHI6SWRlbnRpZmljYXRpb24+PHByOlZhbHVlPkFUL0NaL3hXRTB2RldhcnpwelNMNExZbHBzdDliNnZnMD08L3ByOlZhbHVlPjxwcjpUeXBlPnVybjpwdWJsaWNpZDpndi5hdDplaWRhc2lkK0FUK0NaPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTgwLTAyLTI5PC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZWNkc2E6RUNEU0FLZXlWYWx1ZT48ZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6TmFtZWRDdXJ2ZSBVUk49InVybjpvaWQ6MS4yLjg0MC4xMDA0NS4zLjEuNyIvPjwvZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6UHVibGljS2V5PjxlY2RzYTpYIFZhbHVlPSI0OTYyOTAyMjY5NzQ3NDYwMjQ5NzcwNzQ3MzIzODI0NjkxNDYxMDIxNzUzNTY4OTc5ODUyNzMxMzYyMDE1NzEwOTYxNDM1NTI0Mjk4OCIgc2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8+PGVjZHNhOlkgVmFsdWU9Ijc3MTExNTYwNzEzNzU1OTE0NDUwNzM2MDQxNzUxNjE1MTEyNDAyMzEwNjQ5ODMyMTQ3NzMxNjA5MjIxNzEwNDY1MDY1NTAxMzU2NDkyIiBzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48L2VjZHNhOlB1YmxpY0tleT48L2VjZHNhOkVDRFNBS2V5VmFsdWU+PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI+PHNhbWw6QXR0cmlidXRlVmFsdWU+PGRzaWc6UlNBS2V5VmFsdWU+PGRzaWc6TW9kdWx1cz4xQkZPaXRpUVVjMWxBSERHa3NuZVhXWkdLR2FGQmN1MDNIRWlJRnNqSGpOdC9JZlJaNEl6cUhvdFVLSXR4bkNkTnRzRmMxTWtNSmcrCmcwQVhIc3VVNk1OZ2NiY1hQYVBmbUhwKzgrQkpoK2FtREYzRm5BTjRjZUc4b0ZBR1ZFWnRlT2dmZFdrMXI1UlEyU0srMFB1WFB1THAKVGVlN0l6WHRrc1JlWmtWRWFkVUN4bi9oaVJYWmEwZEFCZ2tGZTNrU1hiRHI1dEtYT0YwRkN0TEtoWkJJOXorTmJYK2FUU0tPbUFPcQo0anl5bW9vNUVQM0wraVBlY3JVd0hpakQwQm04OWgxSmp4UDUyMWZrWWUzU2krMEo0MG9rcm1DQ1FIQnIrSXpCMXVYOThwS2h2czdYCjZyUGpPSjZsQndQN1hqSzdEMTI4UC9jZzRlSDZ2NThjQ2ZiTGNRPT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCjxkc2lnOlNpZ25hdHVyZSBJZD0ic2lnbmF0dXJlLTEtMSIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzaWc6U2lnbmVkSW5mbz48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9InJlZmVyZW5jZS0xLTEiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHNpZzpEaWdlc3RWYWx1ZT5FK0JYSDBDMkY2RVlIamRKck9VS3IrRHNLVDg9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWU+SHZqNDBtOXJpZHAySE96ODFNVEFxemYwcStzWkM1WWVLcEpQNDNlSzVHMUhOSDEvRE5HVS9yLzZJVlBpYlU5WQpZR1lKb1hwem54UkZpYkVRNmRGQ0hBYU5QeUFEbWRHSHlKU1dyeUk1eXBBYXA0WThNSm5hVUdTV1k0OUlaYmh0ClBqZktXQjJqVU56ajFUMnU2ZWJJaWZBVGhBSzhacUlFK2U1dWFSK3FyckxpY3hJaFhjU1pveVNjYkt4TXVUMVEKcDZ6TnNOQk9IdWpiVkFmS0ZVRThXbUdJbnl2dW9EZ2VyVXJBMFhzdFdXZzJNOWdoeXRjREp3WnBUWXdYdm1tbwpHVjQ3dWUwSVRydE0rUXFXVmJ0K2RITzgzNjlKRm5HUTloLzZoLzRqOWl5TnV4Zkc3dS9FeUhRaVN1eTArRlA4CjFsa0xzZzFZWCsycE4wSEVseVhWcXc9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlFcXpDQ0JCU2dBd0lCQWdJSEFOdXg4MW9OZXpBTkJna3Foa2lHOXcwQkFRVUZBREJBTVNJd0lBWURWUVFECkV4bEpRVWxMSUZSbGMzUWdTVzUwWlhKdFpXUnBZWFJsSUVOQk1RMHdDd1lEVlFRS0V3UkpRVWxMTVFzd0NRWUQKVlFRR0V3SkJWREFlRncweE16QTVNamN3TlRNek16ZGFGdzB5TXpBNU1qY3dOVE16TXpkYU1JSGtNUXN3Q1FZRApWUVFHRXdKQlZERU5NQXNHQTFVRUJ4TUVSM0poZWpFbU1DUUdBMVVFQ2hNZFIzSmhlaUJWYm1sMlpYSnphWFI1CklHOW1JRlJsWTJodWIyeHZaM2t4U0RCR0JnTlZCQXNUUDBsdWMzUnBkSFYwWlNCbWIzSWdRWEJ3YkdsbFpDQkoKYm1admNtMWhkR2x2YmlCUWNtOWpaWE56YVc1bklHRnVaQ0JEYjIxdGRXNXBZMkYwYVc5dWN6RVVNQklHQTFVRQpCQk1MVFU5QkxWTlRJRlJsYzNReEdEQVdCZ05WQkNvVEQwVkhTVm9nVkdWemRIQnZjblJoYkRFa01DSUdBMVVFCkF4TWJSVWRKV2lCVVpYTjBjRzl5ZEdGc0lFMVBRUzFUVXlCVVpYTjBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUYKQUFPQ0FROEFNSUlCQ2dLQ0FRRUF1RGpPeWYrbVkrb1FMMkZRenp1YWlDOEMyM3ZWS2JxL24yWmk3QnFTaWJaSAptdHFNSmZtajRwVCtoV1NOSHZWdldzYXhGY3g0S2VOcWRDTXp3bncxcjRQM1NmKzJvNXVGa3U1S0hFTUxNb2tSCnlZUUc5VnFZL0trQjk0eWU3UHY2elQ4Z3ZLcXhHRmc5NlVhbUVDZXA0c3dQYVNackE4QU9FUjVXQXR5R0R6S0kKVHorYTV6ZkZhVFhEb2JhN2Y5OFBDV1I5NnlLaUZqVk9oenAzOFdWejRWSmd6K2I4WlNZN1hzdjVLbjdEWGpPTApTVFg0TWV2RkxraTNyRlB1cDMrNHZHVG9hTUJXM1BFajY3SFhCZHFSODU1TGU2K0U2clZ4T1Jxc1hxbFZ3aHNJCjZudVMwQ08yTFdZbUJOUjFJQjBtWHRlZVlIL0hmeHZ1WmMrN3lEamRQUUlEQVFBQm80SUJoRENDQVlBd0RnWUQKVlIwUEFRSC9CQVFEQWdiQU1Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRFZSME9CQllFRkVtY0g2Vlk0QkcxRUFHQgpUTG9OUjl2SC9nNnlNRkFHQTFVZEh3UkpNRWN3UmFCRG9FR0dQMmgwZEhBNkx5OWpZUzVwWVdsckxuUjFaM0poCmVpNWhkQzlqWVhCemJ5OWpjbXh6TDBsQlNVdFVaWE4wWDBsdWRHVnliV1ZrYVdGMFpVTkJMbU55YkRDQnFnWUkKS3dZQkJRVUhBUUVFZ1owd2dab3dTZ1lJS3dZQkJRVUhNQUdHUG1oMGRIQTZMeTlqWVM1cFlXbHJMblIxWjNKaAplaTVoZEM5allYQnpieTlQUTFOUVAyTmhQVWxCU1V0VVpYTjBYMGx1ZEdWeWJXVmthV0YwWlVOQk1Fd0dDQ3NHCkFRVUZCekFDaGtCb2RIUndPaTh2WTJFdWFXRnBheTUwZFdkeVlYb3VZWFF2WTJGd2MyOHZZMlZ5ZEhNdlNVRkoKUzFSbGMzUmZTVzUwWlhKdFpXUnBZWFJsUTBFdVkyVnlNQ0VHQTFVZEVRUWFNQmlCRm5Sb2IyMWhjeTVzWlc1NgpRR1ZuYVhvdVozWXVZWFF3SHdZRFZSMGpCQmd3Rm9BVWFLSmVFZHJlTDRCclJFUy9qZnBsTm9Fa3AyOHdEUVlKCktvWklodmNOQVFFRkJRQURnWUVBbEZHalV4WExzN1NBVDhOdFhTcnYyV3JqbGtsYVJuSFRGSExRd3lWbzhKV2IKZ3ZSa0hIRFV2Mm84b2ZYVVkyUjJXSjM4ZHhlRG9jY2diWHJKYi9RaGk4SVk3WWhDd3YvVHVJWkRpc3lBcW84VwpPUktTaXAvNkhXbEdDU1IvVmdvZXQxR3RDbUYwRm9VeEZVSUdTQXVRMnl5dDRmSXp0NUdKclUxWDV1ampJMXc9PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PC9kc2lnOlNpZ25hdHVyZT48L3NhbWw6QXNzZXJ0aW9uPg==",
+ "EID-CITIZEN-QAA-LEVEL": "http://eidas.europa.eu/LoA/substantial",
+ "EID-CCS-URL": "https://localhost.org/demovda",
+ "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0iXzU3MDEwYjdmY2M5M2NjNGNmM2YyYjc2NDM4OTEzN2MyIiBJc3N1ZUluc3RhbnQ9IjIwMTYtMDYtMDZUMTA6NDA6MDAuMDAwIiBWZXJzaW9uPSIyLjAiPg0KCTxzYW1sMjpJc3N1ZXIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiPmh0dHBzOi8vZGVtby12ZGEuYXQvdmRhLXNlcnZpY2U8L3NhbWwyOklzc3Vlcj48ZHNpZzpTaWduYXR1cmUgSWQ9IlNpZ25hdHVyZS03NmUyZDZmYi0xIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHNpZzpTaWduZWRJbmZvIElkPSJTaWduZWRJbmZvLTc2ZTJkNmZiLTEiPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNlY2RzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0xIiBVUkk9IiI+PGRzaWc6VHJhbnNmb3JtcyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCgkJCQk8ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk5L1JFQy14c2x0LTE5OTkxMTE2Ij48eHNsOnN0eWxlc2hlZXQgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIGV4Y2x1ZGUtcmVzdWx0LXByZWZpeGVzPSJzYW1sMiIgdmVyc2lvbj0iMS4wIiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHhzbDpvdXRwdXQgbWV0aG9kPSJ4bWwiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4c2w6dGVtcGxhdGUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIG1hdGNoPSIvIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3RpdGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+DQogICAgICAgICAgICAgIAkJCQkJLm5vcm1hbHN0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IH0gDQogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQ0KCQkJCQkJCQkudGl0bGVzdHlsZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KCQkJCQkJCQkuaDRzdHlsZSB7IGZvbnQtc2l6ZTogbGFyZ2U7IH0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IA0KICAgICAgICAgICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxlIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xsbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0PkljaCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hyaXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFyZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVuIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNUb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+DQoJCQkJCQkJCQkJCVZvbGxtYWNodGVuLVJlZmVyZW56OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5BdXRoQmxvY2tWYWxpZFRvOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvQE5vdE9uT3JBZnRlciIvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjwvYm9keT48L2h0bWw+PC94c2w6dGVtcGxhdGU+PC94c2w6c3R5bGVzaGVldD48L2RzaWc6VHJhbnNmb3JtPg0KCQkJCTxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1I1dpdGhDb21tZW50cyIvPg0KCQkJPC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+QWFqRkVkQWx5NW45MWkyVVZvcVNuL0JKcjREVlpZeFBYM2RIcE9aUC9vdz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0yIiBUeXBlPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iI1NpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+Nldac3lKNkYySUJLS3BsWDNacHJzQ0FJOVN0OXVmS0UyNWFlUDI1cDRkQT08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZSBJZD0iU2lnbmF0dXJlVmFsdWUtNzZlMmQ2ZmItMSI+NzY1NndpVGRGWVZCTDlyOGdXemprWVhJWXNhTk9EWDBVUHVQVXRyTlpSYnhZY3BJdDNhVUpVaUZuR0FBVzhiRw0KSytGdnZXYkYweDMzMm9zeFFYRDZtUT09PC9kc2lnOlNpZ25hdHVyZVZhbHVlPjxkc2lnOktleUluZm8+PGRzaWc6WDUwOURhdGE+PGRzaWc6WDUwOUNlcnRpZmljYXRlPk1JSUZDVENDQS9HZ0F3SUJBZ0lFWDcxL21qQU5CZ2txaGtpRzl3MEJBUVVGQURDQm9URUxNQWtHQTFVRUJoTUMNClFWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWcNCmFXMGdaV3hsYTNSeUxpQkVZWFJsYm5abGNtdGxhSElnUjIxaVNERWpNQ0VHQTFVRUN3d2FZUzF6YVdkdUxWQnkNClpXMXBkVzB0VkdWemRDMVRhV2N0TURJeEl6QWhCZ05WQkFNTUdtRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXQNClUybG5MVEF5TUI0WERURTJNRGN3TkRBM01qRXdPRm9YRFRJd01ETXpNVEExTWpFd09Gb3dnYmN4Q3pBSkJnTlYNCkJBWU1Ba0ZVTVRzd09RWURWUVFERERKWVdGaE5ZWEpwWVMxVWFHVnlaWE5wWVNCTGRXNXBaM1Z1WkdFZ1dGaFkNClNHRmljMkoxY21jdFRHOTBhSEpwYm1kbGJqRWZNQjBHQTFVRUJBd1dXRmhZU0dGaWMySjFjbWN0VEc5MGFISnANCmJtZGxiakVrTUNJR0ExVUVLZ3diV0ZoWVRXRnlhV0V0VkdobGNtVnphV0VnUzNWdWFXZDFibVJoTVJVd0V3WUQNClZRUUZEQXc0TWpnM05EZ3hNamM0TVRJeERUQUxCZ05WQkF3TUJFMWhaeTR3V1RBVEJnY3Foa2pPUFFJQkJnZ3ENCmhrak9QUU1CQndOQ0FBUnR1UWdLYTdpR013RHdVM0E3a1J2VzM0NXA2dVU1bUFRQURRWlpHVUZmN0twN21NRGkNCnZUWVNLcFREMjI2MTcrRXVrRGJ2dHVxdVpGd2ZscEtOZkhITW80SUIrakNDQWZZd2dZVUdDQ3NHQVFVRkJ3RUINCkJIa3dkekJIQmdnckJnRUZCUWN3QW9ZN2FIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMk5sY25SekwyRXQNCmMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5WVM1amNuUXdMQVlJS3dZQkJRVUhNQUdHSUdoMGRIQTYNCkx5OXZZM053TFhSbGMzUXVZUzEwY25WemRDNWhkQzl2WTNOd01BNEdBMVVkRHdFQi93UUVBd0lHd0RBbkJnZ3INCkJnRUZCUWNCQXdFQi93UVlNQll3Q0FZR0JBQ09SZ0VCTUFvR0NDc0dBUVVGQndzQk1JR2tCZ05WSFI4RWdad3cNCmdaa3dnWmFnZ1pPZ2daQ0dnWTFzWkdGd09pOHZiR1JoY0MxMFpYTjBMbUV0ZEhKMWMzUXVZWFF2YjNVOVlTMXoNCmFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNRElzYnoxQkxWUnlkWE4wTEdNOVFWUS9ZMlZ5ZEdsbWFXTmgNCmRHVnlaWFp2WTJGMGFXOXViR2x6ZEQ5aVlYTmxQMjlpYW1WamRHTnNZWE56UFdWcFpFTmxjblJwWm1sallYUnANCmIyNUJkWFJvYjNKcGRIa3dDUVlEVlIwVEJBSXdBREJaQmdOVkhTQUVVakJRTUFnR0JnUUFpekFCQVRCRUJnWXENCktBQVJBUXN3T2pBNEJnZ3JCZ0VGQlFjQ0FSWXNhSFIwY0RvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDJSdlkzTXYNClkzQXZZUzF6YVdkdUxWQnlaVzFwZFcwd0V3WURWUjBqQkF3d0NvQUlSZ2FmamtHT0ZiMHdFUVlEVlIwT0JBb0UNCkNFTVFVRXBMcjZNa01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQ2x5Mm1IbVhZNTUybHRNdm4xUTkzb3dweDMNCkwxMGJ4UVRIV3dZN2c4YnlVdlhBdDc3bW9USkU5aHNlZW90ZVkzQ1Y2c3VOL1h6VFZIeVlBRFZKMHkyR3lCWDANCjFvaGhNcjE0TDVuQ0YzNC81WUJ3bkdSYzhxWDhtMGxaZEhaajVmZkJqQTNreWRLWHQvTFhRSEpYYlBtU0VuYnMNCkc1NWMvRjNTc3A4OC93Q1M2ZC9WZ3d0S1RxMnN1RnNHR0RJbGhic1RKN0p6TnpLNm9pdEUzVXZLd05nbzdKWUMNCkZJM1R4bXhpUy84dm5qRnc4V3o1M016bjBaTjAwUERqYi9Nb24vT2hUMUN1Y3dBMmh2eW1KeWhwcG9JN2tQbm8NCmRxZGV3Y0toZzNPcGJHUkVGL3Z5N2pNRjRUSXhBMGJ3VkNvdUFsdmZqSnZoM2MvSElnQS84WlpTTVdrbTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPjxkc2lnOk9iamVjdCBJZD0iT2JqZWN0LTc2ZTJkNmZiLTEiPjx4YWRlczpRdWFsaWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiB4bWxuczpuczM9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuNC4xIyIgVGFyZ2V0PSIjU2lnbmF0dXJlLTc2ZTJkNmZiLTEiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNsPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3NlY3VyaXR5bGF5ZXIvMS4yIyI+PHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDZUMTE6NTg6MDRaPC94YWRlczpTaWduaW5nVGltZT48eGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpDZXJ0Pjx4YWRlczpDZXJ0RGlnZXN0Pjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPkZaTHZCVERTdEVMM0k1VEJZVmJaRjk2alcvMVRCcXhqdDJZYnNJUTN4OGM9PC9kc2lnOkRpZ2VzdFZhbHVlPjwveGFkZXM6Q2VydERpZ2VzdD48eGFkZXM6SXNzdWVyU2VyaWFsPjxkc2lnOlg1MDlJc3N1ZXJOYW1lPkNOPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE9VPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj4xNjA2MjU0NDkwPC9kc2lnOlg1MDlTZXJpYWxOdW1iZXI+PC94YWRlczpJc3N1ZXJTZXJpYWw+PC94YWRlczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L3hhZGVzOlNpZ25hdHVyZVBvbGljeUlkZW50aWZpZXI+PC94YWRlczpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjx4YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48eGFkZXM6RGF0YU9iamVjdEZvcm1hdCBPYmplY3RSZWZlcmVuY2U9IiNSZWZlcmVuY2UtNzZlMmQ2ZmItMSI+PHhhZGVzOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwveGFkZXM6TWltZVR5cGU+PC94YWRlczpEYXRhT2JqZWN0Rm9ybWF0PjwveGFkZXM6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC94YWRlczpTaWduZWRQcm9wZXJ0aWVzPjwveGFkZXM6UXVhbGlmeWluZ1Byb3BlcnRpZXM+PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPg0KCTxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOC0wNi0wNlQxMDo0MDowMC4wMDBaIiBOb3RPbk9yQWZ0ZXI9IjIwMTgtMDYtMDZUMTU6MDA6MDAuMDAwWiI+DQoJCTxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL3Bvc3Q8L3NhbWwyOkF1ZGllbmNlPg0KCQk8L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQoJPC9zYW1sMjpDb25kaXRpb25zPg0KCTxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQVlAtVkVSU0lPTiIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlBSSU5DSVBBTC1OQU1FIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkdJVkVOLU5BTUUiIE5hbWU9InVybjpvaWQ6Mi41LjQuNDIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkJJUlRIREFURSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjE5ODAtMDItMjk8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1VbmlxdWVJZCIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL21ldGFkYXRhPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkRlbW9sb2dpbiBTZXJ2aWNlIHByb3ZpZGVkIGJ5IEVHSVo8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFUPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJNQU5EQVRFLVJFRkVSRU5DRS1WQUxVRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5fYXNkZmFkZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQo8L3NhbWwyOkFzc2VydGlvbj4="
+ }
+} \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json
new file mode 100644
index 000000000..8acd1986d
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json
@@ -0,0 +1,6 @@
+{
+ "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6bnMzPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMiIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIEFzc2VydGlvbklEPSJsb2NhbGhvc3QtMjAxOC0wNS0yOFQxNjo0NDo0MSswMjowMCIgSXNzdWVJbnN0YW50PSIyMDE4LTA1LTI4VDE0OjQ0OjQxLjM2N1oiIElzc3Vlcj0iaHR0cDovL3Rlcm1pbmFsLmlhaWsudHVncmF6LmF0IiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI-PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOlN1YmplY3Q-PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48c2FtbDpDb25maXJtYXRpb25NZXRob2Q-dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT48cHI6UGVyc29uIHhzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU-QnMwbWNSWWVBTW5XeG5pVVlsM256QT09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24-PHByOk5hbWU-PHByOkdpdmVuTmFtZT5FaWQ8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlRlc3Q8L3ByOkZhbWlseU5hbWU-PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4yMDAwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE-PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24-PC9zYW1sOlN1YmplY3Q-PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI-PHNhbWw6QXR0cmlidXRlVmFsdWU-PGVjZHNhOkVDRFNBS2V5VmFsdWU-PGVjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOk5hbWVkQ3VydmUgVVJOPSJ1cm46b2lkOjEuMi44NDAuMTAwNDUuMy4xLjciLz48L2VjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOlB1YmxpY0tleT48ZWNkc2E6WCBWYWx1ZT0iMTkzNjQwODQ0ODkzNjU1NDM4MDYwNTQ2NjYxOTczNDAzODMzNzUxODUzNjU4MDgzMzA2MDY5NzQ2OTk5ODg2Mjc2ODc1Mjk0NTAyMTQiIHhzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48ZWNkc2E6WSBWYWx1ZT0iMTA4Njg0MDg1NDc2NTkxMDE3NTA1NjkyODQzMTE0NzMwNDU5MzUxODYzMTI5NDE4Mjg3NTUzMzg2OTM2MjE0NDQwODQxNjY4ODcyMTU2IiB4c2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8-PC9lY2RzYTpQdWJsaWNLZXk-PC9lY2RzYTpFQ0RTQUtleVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ-PGRzaWc6U2lnbmF0dXJlPjxkc2lnOlNpZ25lZEluZm8-PGRzaWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM-PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPjxkc2lnOlhQYXRoPm5vdChhbmNlc3Rvci1vci1zZWxmOjpwcjpJZGVudGlmaWNhdGlvbik8L2RzaWc6WFBhdGg-PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPm5JUlRucWZraUpETDhEc3A5ZHRuWUU4YnZxbTRrbUFRVVhOUDRyMzU5Qnc9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPnk5bXNyVmIxR2FOczNmZ3lkcVp2WnorYnp5cVFHeGRQRDhzazNyL1BnYTA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PC9kc2lnOlNpZ25lZEluZm8-PGRzaWc6U2lnbmF0dXJlVmFsdWU-WHNhNjlWaUFlTjcvTlBQeWlycXAzYWxwY1RsS2ZVMlJaUTBWS1FpTU1mSzExTnRHaFNlRE9aR1BvR1lnQjdaTApLbkw4UWxmVzRUK2I3eHNCcDM5WE5iSS9jVi9zY0c5ZUIweWhYa0x6MjVsdE1jUUJNcUdEcDJHcmNpOEpYQmRaCkFIQWVBS2IrNUZzVHR4MllyMUZIUGhyWnEwN3RFK2NhSXlNb2VOdi95bVBrSWFhT0lUcTZHWTdndFZReFJGNWwKMi9uUmFKWExwc1JIdnVpNmIrWHBxUlFuZFJvaVEvSW41N3lSY0JLVk5lbFBhcUJmekRSMmtjVEt1RCtxWFAvawpaMU1nRUErY1dXcVI0Y085UEdxQms4NUR1MTBBVXMvTjNCbzRqWDZrcTYvMWVKdWlnSDVhTmlTNnVTcnFHZktLCklxUWxYc2N6a0oxLzIxUDgzQmFYZUE9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlIYWpDQ0JWS2dBd0lCQWdJR1JVbkY4RDVTTUEwR0NTcUdTSWIzRFFFQkN3VUFNSGN4Q3pBSkJnTlZCQVlUCkFrRlVNUTB3Q3dZRFZRUUhFd1JIY21GNk1TWXdKQVlEVlFRS0V4MUhjbUY2SUZWdWFYWmxjbk5wZEhrZ2IyWWcKVkdWamFHNXZiRzluZVRFTk1Bc0dBMVVFQ3hNRVNVRkpTekVpTUNBR0ExVUVBeE1aU1VGSlN5QlVaWE4wSUVsdQpkR1Z5YldWa2FXRjBaU0JEUVRBZUZ3MHhOakE0TWpVeE16QTRNemhhRncweE9UQTRNalV4TXpBNE16aGFNSUg4Ck1Rc3dDUVlEVlFRR0V3SkJWREVOTUFzR0ExVUVCeE1FUjNKaGVqRW1NQ1FHQTFVRUNoTWRSM0poZWlCVmJtbDIKWlhKemFYUjVJRzltSUZSbFkyaHViMnh2WjNreFNEQkdCZ05WQkFzVFAwbHVjM1JwZEhWMFpTQm1iM0lnUVhCdwpiR2xsWkNCSmJtWnZjbTFoZEdsdmJpQlFjbTlqWlhOemFXNW5JR0Z1WkNCRGIyMXRkVzVwWTJGMGFXOXVjekVhCk1CZ0dBMVVFQkJNUlUybG5ibUYwZFhKbElGTmxjblpwWTJVeEhqQWNCZ05WQkNvVEZWTmxjblpsY2tKTFZTQkUKWlhabGJHOXdiV1Z1ZERFd01DNEdBMVVFQXhNblUyVnlkbVZ5UWt0VklFUmxkbVZzYjNCdFpXNTBJRk5wWjI1aApkSFZ5WlNCVFpYSjJhV05sTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4ZC8zCjlpbDYxZ2hJSDc4MXdSR2c1bSsxMk1SeEZCL2VLTFRuOEFqM1lwVG1JOSs0Q1RHOEVTbXUyMGkvZCttUmMvQmcKNXR6dklUaSs5NjRnSXNvdnluQ2RVOVFFd1dGOVNLVFE3dmpUTWZrVFdEbGwrS2ZTV2pPNzFsN0RtOUYvZFJWVwp4S2N4MWo2b1N4Ym5ZWmlvM1VCc1NGK3ZmRXo3Y0p6MkR6QWdBdE05cy8yd1NpWXlXd2ZRTVFjZ0VnQTR1V3RXCi83dnJlOEZEZ3h4dEEzWE9WN0lnS29FZkZBMmM3YTZnVkdVak45ME9XeG40WmRER3BqRFk5bUFuRUpTMnJRb1oKRW5rSTQ3cmZ4MzVGckVQdDdSZGM1bVRTd0R2YkpxTGx4a0NVclBpK0NWL2VzTXhyeVg0K21pdmFnaHhWeTNHVApTcFR4ZjJJQWdYMnVYMlZiVXdJREFRQUJvNElDZERDQ0FuQXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1Bd0dBMVVkCkV3RUIvd1FDTUFBd2dnRVhCZ2dyQmdFRkJRY0JBUVNDQVFrd2dnRUZNSGNHQ0NzR0FRVUZCekFDaG10c1pHRncKT2k4dmJHUmhjQzVwWVdsckxuUjFaM0poZWk1aGRDOWpiajFwWVdsckxYUmxjM1F0YVc1MFpYSnRaV1JwWVhSbApMV05oTEc5MVBYQnJhU3hrWXoxcFlXbHJMR1JqUFhSMVozSmhlaXhrWXoxaGREOWpRVU5sY25ScFptbGpZWFJsCk8ySnBibUZ5ZVRCSUJnZ3JCZ0VGQlFjd0FvWThhSFIwY0RvdkwyTmhMbWxoYVdzdWRIVm5jbUY2TG1GMEwyTmwKY25SekwybGhhV3N0ZEdWemRDMXBiblJsY20xbFpHbGhkR1V0WTJFdVkyVnlNRUFHQ0NzR0FRVUZCekFCaGpSbwpkSFJ3T2k4dmIyTnpjQzVwWVdsckxuUjFaM0poZWk1aGRDOXBZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsCkxXTmhNQjhHQTFVZEl3UVlNQmFBRkVKdXI2L3FRU3AvbEZjRmhZTGdrVVloeVZkQ01Ca0dBMVVkSUFRU01CQXcKRGdZTUt3WUJCQUdWRWdFQ0J3RUJNSUhLQmdOVkhSOEVnY0l3Z2I4d2dieWdnYm1nZ2JhR2QyeGtZWEE2THk5cwpaR0Z3TG1saGFXc3VkSFZuY21GNkxtRjBMMk51UFdsaGFXc3RkR1Z6ZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkVzCmIzVTljR3RwTEdSalBXbGhhV3NzWkdNOWRIVm5jbUY2TEdSalBXRjBQMk5sY25ScFptbGpZWFJsVW1WMmIyTmgKZEdsdmJreHBjM1E3WW1sdVlYSjVoanRvZEhSd09pOHZZMkV1YVdGcGF5NTBkV2R5WVhvdVlYUXZZM0pzY3k5cApZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsTFdOaExtTnliREFOQmdjcUtBQUtBUWNCQkFJRkFEQWRCZ05WCkhRNEVGZ1FVQ0djbU5FZ3JGTHdyZWRNcFJwYS8zNGpFcVk4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJQWcKL0Z0K3ZNMERVS0tpcGNGMnhTWkN3ZXFFcjZiRjlJOEZydXhLeUhnNFdjV2lVdkZzOTZXa3dqL0dBOFlNSmtqRQpTS2FkMW5QK2hGamlyYVlVNmRTZnBPbkFVSnlMVjBxNURNOFkwY2w4R0RxYXpFMmtOR056am1IOUh2R1k5Q1dwCnZ3RjhodEJuQlg4TjRFdncydDg2ZUQ0VjUwN2syRXY4Sk9QV0tpZlp3TzBPQ25Qa2tCZnEzMEg1R1ZtOUpBOFcKam9FWFlRenpYMlRCWXJ4cWtXTm9zQXNOOVN0Y092djlzZlRUdFcrb3pLNS9WUHZBcDlTVU9qQzVFd3c3QnVLcQp5QnhEclRTUThobGZXMmo4Y010Q21nMDBMSVNuc3BpcThQZHZJV2t0RE8wc3JpeWgzWXVJSVV4ODZPRTlyQmNHCjIwcXI5czJvWFl6VnhxK1Q2aElFekRDMXYvc1BicGVZRmRVNkRXN2J6LzNPYlBjS2prR0Q3SjA2WkRaRmJnWHIKYXVjcjAxWkZqZGdCY2RIMFV6bXNJYUFNRytIWTVSVTk5QVo1YlA1UkgrRGJTVFpMbGNtOFp6bmU1L2Iwck4rYQoyUTFjdHB0UW5hUGxaWVFNY1RTcVhjYk03VW16bjRMZ25PZWRqZkFjcDhQazByK2Jab2pyekZHdW9pOWZxa3FlCnFUdXArUGtHaitJOEQrcE9HL3NTTWFQeC9nUFo0bGxPOXYxN1ZHSEtIK095R0lzZWZ3ZCtqWGhNVEpNZHQ1a08KNmZMeVRGRjFNUDRMZDY0cFJ1Ym9hZ1pxZTNkbXk5SEN5N0FWbnE5ZElsL0JsaExqaExTVFlXdnd0ZHVoMzNXVgpxZWd3QmxkcjZQOXZ1SlRzT3JyZTdiUnZrQStWbnVaaGxOVzlBQzEvPC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE-PC9kc2lnOktleUluZm8-PGRzaWc6T2JqZWN0Pjxkc2lnOk1hbmlmZXN0IElkPSJtYW5pZmVzdCI-PGRzaWc6UmVmZXJlbmNlIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkvUkVDLXhwYXRoLTE5OTkxMTE2Ij48ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6ZHNpZzpTaWduYXR1cmUpPC9kc2lnOlhQYXRoPjwvZHNpZzpUcmFuc2Zvcm0-PC9kc2lnOlRyYW5zZm9ybXM-PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8-PGRzaWc6RGlnZXN0VmFsdWU-QWZHRytDVVAvZUY3bFpCaTgzMkVZYk9lS1MwYzNpYTljQ1p5OEUvYS9QZz08L2RzaWc6RGlnZXN0VmFsdWU-PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6TWFuaWZlc3Q-PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPjwvc2FtbDpBc3NlcnRpb24-",
+ "EID-CITIZEN-QAA-LEVEL": "eid-citizen-qaa-level",
+ "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDI6QXNz\r\nZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXNzZXJ0aW9uIiBJRD0iXzQwOTcyZmQ3NzdjNTlkYTFlYmVlZDJiOGQ2MzNhMzAw\r\nIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBWZXJzaW9uPSIy\r\nLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+\r\nCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6\r\nMi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL3NlcnZlcmJrdWRlbW8u\r\naWFpay50dWdyYXouYXQvZWlkPC9zYW1sMjpJc3N1ZXI+Cgk8ZHM6U2lnbmF0dXJl\r\nIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBJ\r\nZD0iU2lnbmF0dXJlLWx1cmx5d2ZjLTEiPjxkczpTaWduZWRJbmZvIElkPSJTaWdu\r\nZWRJbmZvLWx1cmx5d2ZjLTEiPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFs\r\nZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4j\r\nIi8+PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMu\r\nb3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkczpSZWZl\r\ncmVuY2UgSWQ9IlJlZmVyZW5jZS1sdXJseXdmYy0xIiBVUkk9IiI+PGRzOlRyYW5z\r\nZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3Jn\r\nL1RSLzE5OTkvUkVDLXhzbHQtMTk5OTExMTYiPjx4c2w6c3R5bGVzaGVldCB4bWxu\r\nczp4c2w9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvWFNML1RyYW5zZm9ybSIgZXhj\r\nbHVkZS1yZXN1bHQtcHJlZml4ZXM9InNhbWwyIiB2ZXJzaW9uPSIxLjAiIHhtbG5z\r\nOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48\r\neHNsOm91dHB1dCBtZXRob2Q9InhtbCIgeG1sbnM6eG1sPSJodHRwOi8vd3d3Lncz\r\nLm9yZy9YTUwvMTk5OC9uYW1lc3BhY2UiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4\r\nc2w6dGVtcGxhdGUgbWF0Y2g9Ii8iIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8x\r\nOTk5L3hodG1sIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94\r\naHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3Rp\r\ndGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+CiAgICAg\r\nICAgICAgICAgCQkJCQkubm9ybWFsc3R5bGUgeyBmb250LXNpemU6IG1lZGl1bTsg\r\nfSAKICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTog\r\nbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0KCQkJCQkJCQkudGl0bGVzdHls\r\nZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7\r\nIGZvbnQtc2l6ZTogbWVkaXVtOyB9IAoJCQkJCQkJCS5oNHN0eWxlIHsgZm9udC1z\r\naXplOiBsYXJnZTsgfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSAKICAgICAgICAg\r\nICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxl\r\nIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4g\r\nenVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYg\r\ndGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3Rh\r\ndGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40Midd\r\nL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5\r\nbGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2\r\nYWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRl\r\nU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40\r\nMiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4\r\nc2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIu\r\nNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0\r\ncj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwy\r\nOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVz\r\ndD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVt\r\nZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4y\r\nLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0i\r\naXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1h\r\nbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9z\r\nYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1\r\ncm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFs\r\ndWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNz\r\nZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVb\r\nQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xs\r\nbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0Pklj\r\naCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hy\r\naXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFy\r\nZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVu\r\nIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3Ry\r\nPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1\r\nciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRk\r\nIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQ\r\ncm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwv\r\ndHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpB\r\ndHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8v\r\nZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5\r\nTmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhz\r\nbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5n\r\ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUn\r\nXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNs\r\nOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0\r\nZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3Yu\r\nYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9z\r\nYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxl\r\nIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVl\r\nLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJ\r\nRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBj\r\nbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxl\r\nIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+\r\nRGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFu\r\ndCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2Vs\r\nZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYs\r\nMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9\r\nInN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIv\r\nPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8\r\nL3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0\r\nPSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIp\r\nIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJz\r\ndWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+\r\nPHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJz\r\ndHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90\r\nZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNU\r\nb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1v\r\nZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6\r\naWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1l\r\nbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIu\r\nMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNz\r\nPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6\r\nIDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxl\r\nY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3Nh\r\nbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4y\r\nNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDpp\r\nZj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0\r\nYVVSTDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL3NhbWwy\r\nOkF1ZGllbmNlUmVzdHJpY3Rpb24vc2FtbDI6QXVkaWVuY2UiLz48L3RkPjwvdHI+\r\nPHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMv\r\nQE5vdE9uT3JBZnRlciI+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPkF1dGhCbG9ja1ZhbGlkVG86IDwvdGQ+PHRkIGNsYXNzPSJub3Jt\r\nYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24v\r\nc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIi8+PC90ZD48L3RyPjwveHNs\r\nOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpz\r\ndHlsZXNoZWV0PjwvZHM6VHJhbnNmb3JtPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGht\r\nPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2Rz\r\nOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93\r\nd3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1\r\nZT5IbEk0T0lNbG1sVlpJQWtBdkQ1bGdGNWRGeXdxWVhES0wzVEVSaXRZeHlVPTwv\r\nZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PGRzOlJlZmVyZW5jZSBJZD0i\r\nUmVmZXJlbmNlLWx1cmx5d2ZjLTIiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcv\r\nMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjU2lnbmVkUHJvcGVydGllcy1s\r\ndXJseXdmYy0xIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRo\r\nbT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9k\r\nczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v\r\nd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFs\r\ndWU+a3lFdzl5bUlLbm9KSlF3bW85bitmdjF1VGpCUXdaNGpsZk5oSll5akpKTT08\r\nL2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48\r\nZHM6U2lnbmF0dXJlVmFsdWUgSWQ9IlNpZ25hdHVyZVZhbHVlLWx1cmx5d2ZjLTEi\r\nPlQrOTN3ejU3dUVsQUFFb1dZTVNYcVA3YnVIU0drZW9YVlQvTnN5Q1hrM056Zmpn\r\nbC9ERlgreFJqOGJqUDNkUEgKenVtejVUV1N3R25NRUU4bUNJTUxRQT09PC9kczpT\r\naWduYXR1cmVWYWx1ZT48ZHM6S2V5SW5mbyBJZD0iS2V5SW5mbyI+PGRzOlg1MDlE\r\nYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJR2Z6Q0NCR2VnQXdJQkFnSUhBSlpZ\r\nMGlZWFVqQU5CZ2txaGtpRzl3MEJBUXNGQURCM01Rc3dDUVlEVlFRRwpFd0pCVkRF\r\nTk1Bc0dBMVVFQnhNRVIzSmhlakVtTUNRR0ExVUVDaE1kUjNKaGVpQlZibWwyWlhK\r\nemFYUjVJRzltCklGUmxZMmh1YjJ4dloza3hEVEFMQmdOVkJBc1RCRWxCU1VzeElq\r\nQWdCZ05WQkFNVEdVbEJTVXNnVkdWemRDQkoKYm5SbGNtMWxaR2xoZEdVZ1EwRXdI\r\naGNOTVRnd05USTRNVFEwTlRJeFdoY05NakV3TlRJNE1UUTBOVEl4V2pBdwpNUXd3\r\nQ2dZRFZRUXFFd05GYVdReERUQUxCZ05WQkFRVEJGUmxjM1F4RVRBUEJnTlZCQU1U\r\nQ0VWcFpDQlVaWE4wCk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdB\r\nRUtzK3U5T2RqRm1SR0YxQ2JzYStYU3V2elBvSUcKcFB0Y0pzKzR0aE1iQ3Vid1NR\r\nTXZVT3NzckN6ckMxSmk5WVZ4ZXFIczNEVTJSREVvc29TVVJPSkgzS09DQXlBdwpn\r\nZ01jTUE0R0ExVWREd0VCL3dRRUF3SUhnREFNQmdOVkhSTUJBZjhFQWpBQU1JSUJO\r\nZ1lJS3dZQkJRVUhBUUVFCmdnRW9NSUlCSkRDQmdnWUlLd1lCQlFVSE1BS0dkbXhr\r\nWVhBNkx5OWpZWEJ6YnkxMFpYTjBMbWxoYVdzdWRIVm4KY21GNkxtRjBPakV6T0Rr\r\ndlkyNDlhV0ZwYXkxMFpYTjBMV2x1ZEdWeWJXVmthV0YwWlMxallTeHZkVDF3YTJr\r\ncwpaR005YVdGcGF5eGtZejEwZFdkeVlYb3NaR005WVhRL1kwRkRaWEowYVdacFky\r\nRjBaVHRpYVc1aGNua3dVQVlJCkt3WUJCUVVITUFLR1JHaDBkSEE2THk5allYQnpi\r\neTEwWlhOMExtbGhhV3N1ZEhWbmNtRjZMbUYwTDJObGNuUnoKTDJsaGFXc3RkR1Z6\r\nZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkV1WTJWeU1Fc0dDQ3NHQVFVRkJ6QUJoajlv\r\nZEhSdwpPaTh2WTJGd2MyOHRkR1Z6ZEM1cFlXbHJMblIxWjNKaGVpNWhkQzl2WTNO\r\nd0wybGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXdId1lEVlIwakJC\r\nZ3dGb0FVZWRnUEFvSGx5d3Z1dC94RXY5Tm4raENHVVJJd2dhQUcKQTFVZElBU0Jt\r\nRENCbFRDQmtnWU1Ld1lCQkFHVkVnRUNCd0VCTUlHQk1IOEdDQ3NHQVFVRkJ3SUNN\r\nSE1NY1ZSbwphWE1nWTJWeWRHbG1hV05oZEdVZ2QyRnpJR2x6YzNWbFpDQmllU0Jo\r\nSUNvcVkyOXdlU29xSUc5bUlHRnVJRWxCClNVc2dWR1Z6ZENCSmJuUmxjbTFsWkds\r\naGRHVWdRMEVnWVc1a0lHMWhlU0JpWlNCMWMyVmtJR1p2Y2lCMFpYTjAKSUhCMWNu\r\nQnZjMlZ6SUc5dWJIa3VNSUhlQmdOVkhSOEVnZFl3Z2RNd2dkQ2dnYzJnZ2NxR2dZ\r\nSnNaR0Z3T2k4dgpZMkZ3YzI4dGRHVnpkQzVwWVdsckxuUjFaM0poZWk1aGREb3hN\r\nemc1TDJOdVBXbGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXNiM1U5\r\nY0d0cExHUmpQV2xoYVdzc1pHTTlkSFZuY21GNkxHUmpQV0YwUDJObGNuUnAKWm1s\r\nallYUmxVbVYyYjJOaGRHbHZia3hwYzNRN1ltbHVZWEo1aGtOb2RIUndPaTh2WTJG\r\nd2MyOHRkR1Z6ZEM1cApZV2xyTG5SMVozSmhlaTVoZEM5amNteHpMMmxoYVdzdGRH\r\nVnpkQzFwYm5SbGNtMWxaR2xoZEdVdFkyRXVZM0pzCk1CMEdBMVVkRGdRV0JCU093\r\nS0VmZDVIa2traXppWkJiNVlqNEhXeTFEREFOQmdrcWhraUc5dzBCQVFzRkFBT0MK\r\nQWdFQUFqakRNU1d4YlVIdmtsUEtTNHhUSkpWN0JsNUd5KysvTFozOU1iOFpDZ2pJ\r\nc0dJUDl3M2hoejBrZmk0egpJejZodmYvWXg5emxLWi93UklVOFI0aXlncVFTWTVa\r\nbTI4V0tWbTNWYmhmczRld040RkpUUDh3OExnVVNISjAyClYrSklIdFV0NWk5VTJh\r\nL0kwMWJteklJZkJZTDBJVzhzMUszVk1BekFEeUhER1cvVTZoOWNrN2RheXc4T1dp\r\nOHQKTlQ0dG5LWDRtRWhINnoya1VQbnY3ZnFGbFNSckQwdXFrZUtaYWQzQTFhMTU1\r\nUzBEZ2oxY1ptTmpSNHNSaFFoaApnYmEvRUd1SE55RVhjaFZhc0lJVG9oT1J1SlY5\r\nQkFxNENja2JTTG8vcUNTZit1aVFVSm0zMzZMd2F2akdaa2VkCk8vYXV2UlRFVGN0\r\nUGlwamRPTlN4Ri9qYmpBUTNmbVlSL1Zxdm9DbTZLM1pnV1R6eGswUzRtZmFycndv\r\nb0R2bEUKcmtTbnJsTGYrRDZFeVF0OUxDdy9pNUx2SC8rRStaUTRBS3dUSG1Kb2s0\r\neGRTZ3l3eU5yeHNjaVpydlVHZ3dlOQpuK0NWM0l6RXltWWZMMjhxeWtLV3BxYlBU\r\nbFNIcWEzU2xJbWRsOHl3Skk0aEFXN216WkRwNE9qaGliUnlkSnNSCjd1aUZuZmhJ\r\nS01URGljblpHZ1BaWnFJdVM0cUd3WUJzelU3N1IrWG13bVpxWkJrTlA4OGVZVzFx\r\nbnhDRkdFdEkKT2lpRVR3TzR6eFhGRjIxQ2VCMDZQRXdSQ1ZnZWJCZzB6Qm5YK2hJ\r\nc1Qvbkpxd0hLOEkwWWgyNEJDdWRFU1VDMgpnRTl4cnVqcmszZTdyK2xPcWJZYnpl\r\nV1JKblhJTGcrU25mbHpDOWtTM0x4UmZKST08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48\r\nL2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48ZHM6T2JqZWN0Pjx4YWRlczpRdWFs\r\naWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9y\r\nZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNTaWduYXR1cmUtbHVybHl3ZmMtMSI+\r\nPHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtbHVy\r\nbHl3ZmMtMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVz\r\nOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDdUMTY6NTc6MzcrMDI6MDA8L3hhZGVzOlNp\r\nZ25pbmdUaW1lPjx4YWRlczpTaWduaW5nQ2VydGlmaWNhdGVWMj48eGFkZXM6Q2Vy\r\ndD48eGFkZXM6Q2VydERpZ2VzdD48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0i\r\naHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzOkRp\r\nZ2VzdFZhbHVlPmRXV01DZ29LL09Uc1Bkemk1S0orSFV0RUE5YWhxVitsQkVEK3BD\r\na1d0OFU9PC9kczpEaWdlc3RWYWx1ZT48L3hhZGVzOkNlcnREaWdlc3Q+PC94YWRl\r\nczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlVjI+PHhhZGVzOlNpZ25h\r\ndHVyZVBvbGljeUlkZW50aWZpZXI+PHhhZGVzOlNpZ25hdHVyZVBvbGljeUltcGxp\r\nZWQvPjwveGFkZXM6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L3hhZGVzOlNp\r\nZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25lZERhdGFPYmplY3RQ\r\ncm9wZXJ0aWVzPjx4YWRlczpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5j\r\nZT0iI1JlZmVyZW5jZS1sdXJseXdmYy0xIj48eGFkZXM6TWltZVR5cGU+YXBwbGlj\r\nYXRpb24veGh0bWwreG1sPC94YWRlczpNaW1lVHlwZT48L3hhZGVzOkRhdGFPYmpl\r\nY3RGb3JtYXQ+PC94YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48L3hh\r\nZGVzOlNpZ25lZFByb3BlcnRpZXM+PC94YWRlczpRdWFsaWZ5aW5nUHJvcGVydGll\r\ncz48L2RzOk9iamVjdD48L2RzOlNpZ25hdHVyZT48c2FtbDI6Q29uZGl0aW9ucyBO\r\nb3RCZWZvcmU9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBOb3RPbk9yQWZ0ZXI9IjIw\r\nMTgtMDYtMDdUMTU6MDI6MzdaIj4KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlv\r\nbj4KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHA6Ly9sYWJkYS5pYWlrLnR1Z3Jhei5h\r\ndDo4MDgwL21vYS1pZC1hdXRoL3NsMjAvZGF0YVVybD9wZW5kaW5naWQ9Nzg0NTg4\r\nMDkxNDYxODg5MjM2MTwvc2FtbDI6QXVkaWVuY2U+CgkJPC9zYW1sMjpBdWRpZW5j\r\nZVJlc3RyaWN0aW9uPgoJPC9zYW1sMjpDb25kaXRpb25zPgoJPHNhbWwyOkF0dHJp\r\nYnV0ZVN0YXRlbWVudD4KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0i\r\nUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYx\r\nLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0\r\ncm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxu\r\nczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNl\r\nIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5k\r\nbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4x\r\nMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpT\r\nQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0\r\nZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hl\r\nbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlRlc3Q8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIu\r\nNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXR0cm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4\r\nbWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3Rh\r\nbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5FaWQ8L3NhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJp\r\nZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAu\r\nMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu\r\nMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5z\r\ndGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjIwMDAtMDEtMDE8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5h\r\nbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3Zp\r\nZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1M\r\nOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEt\r\naW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vbGFiZGEuaWFp\r\nay50dWdyYXouYXQ6NTU1My9kZW1vbG9naW4vTG9naW5TZXJ2bGV0RXhhbXBsZS5h\r\nY3Rpb248L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRl\r\nPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlk\r\nZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRy\r\naWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0i\r\ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmki\r\nPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3\r\nLnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0\r\ncmluZyI+RGVtbyBBcHBsaWNhdGlvbjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+CgkJ\r\nPC9zYW1sMjpBdHRyaWJ1dGU+CgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5h\r\nbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2Vp\r\nZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29k\r\nZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJu\r\nYW1lLWZvcm1hdDp1cmkiPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6\r\neHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIg\r\neHNpOnR5cGU9InhzOnN0cmluZyI+QVQ8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJ\r\nCTwvc2FtbDI6QXR0cmlidXRlPgoJCQoJCQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQ+Cjwvc2FtbDI6QXNzZXJ0aW9uPg==",
+ "EID-CCS-URL": "eid-ccs-url"
+} \ No newline at end of file
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index 611771188..c9bccb708 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -476,4 +476,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
return null;
}
+ @Override
+ public List<String> foreignbPKSectorsRequested() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index bb7f735aa..f5af84405 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -132,8 +132,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
if (MiscUtil.isEmpty(msg.getEntityID())) {
throw new InvalidProtocolRequestException("sp.pvp2.04",
- new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING},
- "NO configuration for SP entityID: " + msg.getEntityID());
+ new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING});
}
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index aa3fce249..398119a7f 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -171,13 +171,13 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
if (oaParam == null)
throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null }, "No Online-Application configuration found");
+ new Object[] { null });
SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter();
if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
throw new InvalidProtocolRequestException("auth.00",
- new Object[] { null }, "OA: " + oaURL + " can not used with SAML1");
+ new Object[] { null });
}
pendingRequest.setOnlineApplicationConfiguration(oaParam);
@@ -215,7 +215,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
pendingRequest.setAction(GetArtifactAction.class.getName());
} catch (WrongParametersException e) {
- throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), "SAML1 parameter validation FAILED");
+ throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters());
} catch (InvalidProtocolRequestException e) {
throw e;
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
index 33976704f..1aae0f8d0 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java
@@ -29,12 +29,12 @@ import java.util.List;
import org.w3c.dom.Element;
import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
-import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse;
@@ -46,14 +46,22 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class IdentityLinkTestModule implements TestModuleInterface {
private static IIdentityLink identityLink = null;
+ private AuthConfiguration authConfig;
- public void initializeTest(long delayParam, String url) throws Exception{
+ @Override
+ public void initializeTest(long delayParam, String url) throws Exception {
+ Logger.error("NOT implemented yet!!!");
- if (MiscUtil.isNotEmpty(url)) {
+ }
+
+ public void initializeTest(long delayParam, String url, AuthConfiguration authConfig) throws Exception{
+
+ if (MiscUtil.isNotEmpty(url)) {
URL keystoreURL = new URL(url);
InputStream idlstream = keystoreURL.openStream();
identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink();
+ this.authConfig = authConfig;
}
}
@@ -85,7 +93,8 @@ public class IdentityLinkTestModule implements TestModuleInterface {
verifyXMLSignatureResponse,
config.getIdentityLinkX509SubjectNames(),
VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
- oaParam);
+ oaParam,
+ authConfig);
} catch (ValidateException e) {
//check if default Monitoring IDL is used then error is ignored
diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
index 9ba1c4dd3..55b360ce2 100644
--- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
+++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java
@@ -101,7 +101,7 @@ public class TestManager{
IdentityLinkTestModule test2 = new IdentityLinkTestModule();
String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir());
try {
- test2.initializeTest(0, idlurl);
+ test2.initializeTest(0, idlurl, authConfig);
tests.put(test2.getName(), test2);;
} catch (Exception e) {