diff options
Diffstat (limited to 'id/server/modules')
466 files changed, 9548 insertions, 2322 deletions
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 3d0073276..a77ba45a5 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -4,7 +4,6 @@ package at.gv.egovernment.moa.id.auth; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.io.UnsupportedEncodingException; import java.security.Principal; import java.security.cert.CertificateException; import java.util.Calendar; @@ -21,27 +20,30 @@ import org.apache.xpath.XPathAPI; import org.opensaml.xml.util.Base64; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import org.springframework.util.Base64Utils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; @@ -53,29 +55,25 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.config.ConfigurationProviderImpl; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.egovernment.moaspss.logging.LogMsg; @@ -96,7 +94,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { @Autowired private MOAReversionLogger revisionsLogger; @Autowired private AuthConfiguration authConfig; - + /** * Constructor for AuthenticationServer. */ @@ -148,12 +146,12 @@ public class AuthenticationServer extends BaseAuthenticationServer { } //load OnlineApplication configuration - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()}); + throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()}); //load Template - String templateURL = pendingReq.getGenericData( + String templateURL = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class); String template = null; if (MiscUtil.isNotEmpty(templateURL)) { @@ -203,7 +201,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //build DataURL for BKU request String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getPendingRequestId()); //removed in MOAID 2.0 String pushInfobox = ""; @@ -298,7 +296,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, authConfig - .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); + .getMoaSpIdentityLinkTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseIDLTestTrustStore())); // invokes the call Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() @@ -307,14 +305,15 @@ public class AuthenticationServer extends BaseAuthenticationServer { IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate( verifyXMLSignatureResponse, authConfig.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - oaParam); + oaParam, + authConfig); session.setIdentityLink(identityLink); // now validate the extended infoboxes @@ -322,8 +321,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); return "found!"; } @@ -401,7 +399,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); try { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam @@ -436,9 +434,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ public String getCreateXMLSignatureRequestAuthBlockOrRedirect( IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException, - BuildException, ValidateException { + BuildException, ValidateException, EAAFBuilderException { - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq); @@ -450,10 +448,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { .build(authBlock, oaParam.getKeyBoxIdentifier(), transformsInfos); - SpecificTraceLogger.trace("Req. Authblock: " + Base64Utils.encodeToString(createXMLSignatureRequest.getBytes())); - SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); - SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); - SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); + SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest); + SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString()); + SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); + SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); return createXMLSignatureRequest; } @@ -517,8 +515,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { xmlReadInfoboxResponse); X509Certificate cert = p.parseCertificate(); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); return cert; @@ -536,7 +533,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { * @throws ConfigurationException */ private String buildAuthenticationBlock(IAuthenticationSession session, - IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException { + IOAAuthParameters oaParam, IRequest pendingReq) throws BuildException, ConfigurationException, EAAFBuilderException { IIdentityLink identityLink = session.getIdentityLink(); String issuer = identityLink.getName(); @@ -550,10 +547,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { String authURL = pendingReq.getAuthURL(); @Deprecated - String saml1RequestedTarget = pendingReq.getGenericData( + String saml1RequestedTarget = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); @Deprecated - String saml1RequestedFriendlyName = pendingReq.getGenericData( + String saml1RequestedFriendlyName = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); @@ -935,7 +932,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { public void verifyAuthenticationBlock(IRequest pendingReq, IAuthenticationSession session, String xmlCreateXMLSignatureReadResponse) throws AuthenticationException, BuildException, ParseException, - ConfigurationException, ServiceException, ValidateException, BKUException { + ConfigurationException, ServiceException, ValidateException, BKUException, EAAFBuilderException { if (session == null) throw new AuthenticationException("auth.10", new Object[]{ @@ -965,13 +962,11 @@ public class AuthenticationServer extends BaseAuthenticationServer { new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq); else - new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq, - authConfig.getBasicMOAIDConfigurationBoolean( - ConfigurationProviderImpl.VALIDATION_AUTHBLOCK_TARGETFRIENDLYNAME, true)); + new CreateXMLSignatureResponseValidator().validate(csresp, session, pendingReq); // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call List<String> vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); + String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseAuthBlockTestTestStore()); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output @@ -1001,12 +996,13 @@ public class AuthenticationServer extends BaseAuthenticationServer { } } - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // validates the <VerifyXMLSignatureResponse> VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, - oaParam); + oaParam, + authConfig); // Compare AuthBlock Data with information stored in session, especially // date and time @@ -1040,10 +1036,10 @@ public class AuthenticationServer extends BaseAuthenticationServer { session.setForeigner(false); //set QAA Level four in case of card authentifcation - session.setQAALevel(PVPConstants.STORK_QAA_1_4); + session.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); + - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); revisionsLogger.logPersonalInformationEvent(pendingReq, session.getIdentityLink() ); @@ -1075,7 +1071,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { */ protected Element createIdentificationBPK(Element mandatePerson, - String baseid, String target) throws BuildException { + String baseid, String target) throws BuildException, EAAFBuilderException { Element identificationBpK = mandatePerson.getOwnerDocument() .createElementNS(Constants.PD_NS_URI, "Identification"); Element valueBpK = mandatePerson.getOwnerDocument().createElementNS( diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java index 9a807ca00..a2a38c9dd 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java @@ -31,10 +31,10 @@ import javax.xml.transform.TransformerException; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index bc28d4f0e..a2e03bc4e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -47,21 +47,21 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; @@ -69,8 +69,7 @@ import at.gv.egovernment.moa.util.StringUtils; * Builder for the authentication block <code><saml:Assertion></code> * to be included in a <code><CreateXMLSignatureResponse></code>. * - * @author Paul Ivancsics - * @version $Id$ + * @author Paul Ivancsics */ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants { @@ -163,7 +162,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion result.put(AUTHBLOCK_TEXT_PATTERN_TIME, timeformat.format(datetime.getTime())); //set other values from pendingReq if exists - Map<?,?> processSpecificElements = pendingReq.getGenericData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class); + Map<?,?> processSpecificElements = pendingReq.getRawData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class); if (processSpecificElements != null && !processSpecificElements.isEmpty()) { Logger.debug("Find process-specific patterns for 'special AuthBlock-Text'. Start processing ..."); Iterator<?> mapIterator = processSpecificElements.entrySet().iterator(); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java index a904242e1..8e80fbbbb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/CertInfoVerifyXMLSignatureRequestBuilder.java @@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.auth.builder; import java.io.IOException; import java.text.MessageFormat; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.FileUtils; /** * Builder for the <code><VerifyXMLSignatureRequest></code> structure diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index f7aba5e53..e4063903d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -156,9 +156,10 @@ public class GetIdentityLinkFormBuilder extends Builder { String dataURL, String certInfoXMLRequest, String certInfoDataURL, - String pushInfobox, IOAAuthParameters oaParam, + String pushInfobox, + IOAAuthParameters oaParam, String appletheigth, - String appletwidth, + String appletwidth, String contextURL) throws BuildException { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java index 9dcc93e9f..fb65bac04 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilder.java @@ -49,10 +49,10 @@ package at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Builder for the <code>lt;pr:Person></code> element to be inserted diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java index 306c871fc..ee58b7fa1 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/SAMLResponseBuilder.java @@ -50,9 +50,9 @@ import java.text.MessageFormat; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java deleted file mode 100644 index e6adcf159..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,408 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.builder; - -import java.util.List; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the <code><VerifyXMLSignatureRequestBuilder></code> structure - * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureRequestBuilder { - - /** shortcut for XMLNS namespace URI */ - private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; - /** shortcut for MOA namespace URI */ - private static final String MOA_NS_URI = Constants.MOA_NS_URI; - /** The DSIG-Prefix */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - - /** The document containing the <code>VerifyXMLsignatureRequest</code> */ - private Document requestDoc_; - /** the <code>VerifyXMLsignatureRequest</code> root element */ - private Element requestElem_; - - - /** - * Builds the body for a <code>VerifyXMLsignatureRequest</code> including the root - * element and namespace declarations. - * - * @throws BuildException If an error occurs on building the document. - */ - public VerifyXMLSignatureRequestBuilder() throws BuildException { - try { - DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - requestDoc_ = docBuilder.newDocument(); - requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); - requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); - requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); - requestDoc_.appendChild(requestElem_); - } catch (Throwable t) { - throw new BuildException( - "builder.00", - new Object[] {"VerifyXMLSignatureRequest", t.toString()}, - t); - } - } - - - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param identityLink - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * - * @return Element - The complete request as Dom-Element - * - * @throws ParseException - */ - public Element build(IIdentityLink identityLink, String trustProfileID) - throws ParseException - { - try { - // build the request - Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); - requestElem_.appendChild(dateTimeElem); - Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); - dateTimeElem.appendChild(dateTime); - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); - verifySignatureEnvironmentElem.appendChild(base64ContentElem); - // insert the base64 encoded identity link SAML assertion - String serializedAssertion = identityLink.getSerializedSamlAssertion(); - String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8")); - //replace all '\r' characters by no char. - StringBuffer replaced = new StringBuffer(); - for (int i = 0; i < base64EncodedAssertion.length(); i ++) { - char c = base64EncodedAssertion.charAt(i); - if (c != '\r') { - replaced.append(c); - } - } - base64EncodedAssertion = replaced.toString(); - Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); - base64ContentElem.appendChild(base64Content); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); - // add the transforms - Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); - - for (int i = 0; i < dsigTransforms.length; i++) { - Element verifyTransformsInfoProfileElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); - verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); - } - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - } catch (Throwable t) { - throw new ParseException("builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); - } - - return requestElem_; - } - - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param identityLink - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * - * @return Element - The complete request as Dom-Element - * - * @throws ParseException - */ - public Element build(byte[]mandate, String trustProfileID) - throws ParseException - { - try { - // build the request -// Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); -// requestElem_.appendChild(dateTimeElem); -// Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); -// dateTimeElem.appendChild(dateTime); - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); - verifySignatureEnvironmentElem.appendChild(base64ContentElem); - // insert the base64 encoded identity link SAML assertion - //String serializedAssertion = identityLink.getSerializedSamlAssertion(); - //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8")); - String base64EncodedAssertion = Base64Utils.encode(mandate); - //replace all '\r' characters by no char. - StringBuffer replaced = new StringBuffer(); - for (int i = 0; i < base64EncodedAssertion.length(); i ++) { - char c = base64EncodedAssertion.charAt(i); - if (c != '\r') { - replaced.append(c); - } - } - base64EncodedAssertion = replaced.toString(); - Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); - base64ContentElem.appendChild(base64Content); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); -// // add the transforms -// Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); -// signatureManifestCheckParamsElem.appendChild(referenceInfoElem); -// Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); -// -// for (int i = 0; i < dsigTransforms.length; i++) { -// Element verifyTransformsInfoProfileElem = -// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); -// referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); -// verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); -// } - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - } catch (Throwable t) { - throw new ParseException("builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); - } - - return requestElem_; - } - - - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from the signed AUTH-Block with a known trustProfileID which - * has to exist in MOA-SP - * @param csr - signed AUTH-Block - * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element build( - CreateXMLSignatureResponse csr, - List<String> verifyTransformsInfoProfileID, - String trustProfileID) - throws BuildException { //samlAssertionObject - - try { - // build the request -// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" -// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); - verifySignatureEnvironmentElem.appendChild(xmlContentElem); - xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); - // insert the SAML assertion - xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true)); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); - // add the transform profile IDs - Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - -// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { -// -// Element verifyTransformsInfoProfileIDElem = -// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); -// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); -// verifyTransformsInfoProfileIDElem.appendChild( -// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); -// } - - for (String element : verifyTransformsInfoProfileID) { - - Element verifyTransformsInfoProfileIDElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); - verifyTransformsInfoProfileIDElem.appendChild( - requestDoc_.createTextNode(element)); - } - - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - - } catch (Throwable t) { - throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); - } - - return requestElem_; - } - - /** - * Builds a <code><VerifyXMLSignatureRequest></code> - * from the signed data with a known trustProfileID which - * has to exist in MOA-SP - * @param csr - signed AUTH-Block - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element buildDsig( - CreateXMLSignatureResponse csr, - String trustProfileID) - throws BuildException { //samlAssertionObject - - try { - // build the request -// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" -// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); - - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - - Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); - verifySignatureEnvironmentElem.appendChild(xmlContentElem); - xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); - - // insert the dsig:Signature - xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true)); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); - // add the transform profile IDs - Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - - } catch (Throwable t) { - throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); - } - - return requestElem_; - } - -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java index 7caf2f5a1..1962d6c82 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -3,9 +3,9 @@ package at.gv.egovernment.moa.id.auth.modules.internal; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * Module descriptor @@ -16,7 +16,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { public int getPriority() { return 0; } - + @Override public String selectProcess(ExecutionContext context) { //select process if BKU is selected and it is no STORK authentication @@ -26,10 +26,16 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean) performBKUSelection = (boolean) performBKUSelectionObj; - if ( (StringUtils.isBlank((String) context.get("ccc")) && - StringUtils.isBlank((String) context.get("CCC")) ) && - StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && - !performBKUSelection) + if ( (StringUtils.isBlank((String) context.get("ccc")) + && StringUtils.isBlank((String) context.get("CCC")) +// && ( StringUtils.isBlank((String) context.get("useeIDAS")) +// || ( StringUtils.isNotBlank((String) context.get("useeIDAS")) +// && !Boolean.parseBoolean((String) context.get("useeIDAS")) +// ) +// ) + ) + && StringUtils.isNotBlank((String) context.get(MOAIDAuthConstants.PARAM_BKU)) && !performBKUSelection ) + return "DefaultAuthentication"; else diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index 000a47438..3eb7225a8 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -10,15 +10,15 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -50,10 +50,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - try { - //execute default task initialization - defaultTaskInitialization(req, executionContext); - + try { + //execute default task initialization + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); boolean useMandate = moasession.isMandateUsed(); boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); if (!identityLinkAvailable && useMandate) { @@ -66,7 +65,7 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { // build dataurl (to the VerifyCertificateSerlvet) String dataurl = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), REQ_VERIFY_CERTIFICATE, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); @@ -77,9 +76,6 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { } catch (IOException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); - } catch (MOADatabaseException e1) { - throw new TaskExecutionException(pendingReq, e1.getMessage(), e1); - } finally { } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index e1495f254..50add6beb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -10,14 +10,15 @@ import org.springframework.stereotype.Component; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -61,20 +62,18 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - try { + try { //execute default task initialization - defaultTaskInitialization(req, executionContext); - + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq); if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate"))) - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); if (!StringUtils.isEmpty(getIdentityLinkForm)) { byte[] content = getIdentityLinkForm.getBytes("UTF-8"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index ba778002d..ef9ddc1cd 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -1,42 +1,18 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; -import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE; -import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.security.cert.CertificateException; -import java.util.Map; - import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import javax.xml.transform.TransformerException; -import org.apache.commons.fileupload.FileUploadException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; -import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.client.SZRGWClientException; -import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse; /** * Evaluates the {@code CreateXMLSignatureResponse}, extracts signature and certificate and asks the SZR Gateway for an identity link.<p/> @@ -71,86 +47,87 @@ public class GetForeignIDTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - - Logger.debug("POST GetForeignIDServlet"); - - Map<String, String> parameters; - try { - parameters = getParameters(req); - - } catch (FileUploadException | IOException e) { - Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); - throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); - } - - try { - //check if response exists - String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); - if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { - throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); - - } - Logger.debug(xmlCreateXMLSignatureResponse); - - //execute default task initialization - defaultTaskInitialization(req, executionContext); - - - CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) - .parseResponseDsig(); - - try { - String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature()); - moasession.setAuthBlock(serializedAssertion); + throw new MOAIDException("auth.36", new Object[]{"Foreign authentication IS ONLY supported by using eIDAS"}); - } catch (TransformerException e) { - throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - } catch (IOException e) { - throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); - - } - - Element signature = csresp.getDsigSignature(); - - try { - moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); - - } catch (CertificateException e) { - Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); - throw new MOAIDException("auth.14", null); - } - - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); - // make SZR request to the identity link - CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature); - - if (null != response.getErrorResponse()) { - // TODO fix exception parameter - throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(), - (String) response.getErrorResponse().getInfo()); - } else { - IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream( - response.getIdentityLink())); - IIdentityLink identitylink = ilParser.parseIdentityLink(); - moasession.setIdentityLink(identitylink); - - // set QAA Level four in case of card authentifcation - moasession.setQAALevel(PVPConstants.STORK_QAA_1_4); - - authServer.getForeignAuthenticationData(moasession); - - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); - - //store pending request - requestStoreage.storePendingRequest(pendingReq); - - - } +// Logger.debug("POST GetForeignIDServlet"); +// +// Map<String, String> parameters; +// +// +// parameters = getParameters(req); +// +// } catch (FileUploadException | IOException e) { +// Logger.error("Parsing mulitpart/form-data request parameters failed: " + e.getMessage()); +// throw new TaskExecutionException(pendingReq, "Parsing mulitpart/form-data request parameters failed", new IOException(e.getMessage())); +// } +// +// try { +// //check if response exists +// String xmlCreateXMLSignatureResponse = (String) parameters.get(PARAM_XMLRESPONSE); +// if (!ParamValidatorUtils.isValidXMLDocument(xmlCreateXMLSignatureResponse)) { +// throw new WrongParametersException("GetForeignID", PARAM_XMLRESPONSE, "auth.12"); +// +// } +// Logger.debug(xmlCreateXMLSignatureResponse); +// +// //execute default task initialization +// AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); +// +// CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) +// .parseResponseDsig(); +// +// try { +// String serializedAssertion = DOMUtils.serializeNode(csresp.getDsigSignature()); +// moasession.setAuthBlock(serializedAssertion); +// +// } catch (TransformerException e) { +// throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); +// +// } catch (IOException e) { +// throw new ParseException("parser.04", new Object[] { REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE }); +// +// } +// +// Element signature = csresp.getDsigSignature(); +// +// try { +// moasession.setSignerCertificate(AuthenticationServer.getCertificateFromXML(signature)); +// +// } catch (CertificateException e) { +// Logger.error("Could not extract certificate from CreateXMLSignatureResponse"); +// throw new MOAIDException("auth.14", null); +// } +// +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); +// +// // make SZR request to the identity link +// CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature); +// +// if (null != response.getErrorResponse()) { +// // TODO fix exception parameter +// throw new SZRGWClientException("service.08", (String) response.getErrorResponse().getErrorCode(), +// (String) response.getErrorResponse().getInfo()); +// } else { +// IdentityLinkAssertionParser ilParser = new IdentityLinkAssertionParser(new ByteArrayInputStream( +// response.getIdentityLink())); +// IIdentityLink identitylink = ilParser.parseIdentityLink(); +// moasession.setIdentityLink(identitylink); +// +// // set QAA Level four in case of card authentifcation +// moasession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); +// +// authServer.getForeignAuthenticationData(moasession); +// +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); +// +// //store pending request +// pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); +// requestStoreage.storePendingRequest(pendingReq); +// +// +// } } catch (MOAIDException ex) { throw new TaskExecutionException(pendingReq, ex.getMessage(), ex); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 3383cf201..e4966a53b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -15,20 +15,23 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import iaik.pki.PKIException; /** @@ -58,28 +61,29 @@ import iaik.pki.PKIException; public class GetMISSessionIDTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Autowired private AuthConfiguration moaAuthConfig; @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - + Logger.debug("POST GetMISSessionIDServlet"); try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //get MIS sessionID String misSessionID = moasession.getMISSessionID(); //get mandates from MIS - ConnectionParameterInterface connectionParameters = authConfig - .getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); + ConnectionParameterInterface connectionParameters = moaAuthConfig + .getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( - authConfig, + moaAuthConfig, connectionParameters); List<MISMandate> list = MISSimpleClient.sendGetMandatesRequest( - connectionParameters.getUrl(), misSessionID, sslFactory, authConfig); + connectionParameters.getUrl(), misSessionID, sslFactory, moaAuthConfig); //check if mandates received if (list == null || list.size() == 0) { @@ -87,8 +91,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.15", null); } - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); // for now: list contains only one element @@ -114,7 +117,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { moasession.setMISMandate(mandate); //log mandate specific set of events - revisionsLogger.logMandateEventSet(pendingReq, mandate); + //revisionsLogger.logMandateEventSet(pendingReq, mandate); //store pending request with new MOASession data information requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 88a235978..65ae9cf91 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -30,19 +30,22 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -53,11 +56,12 @@ import at.gv.egovernment.moa.util.MiscUtil; public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { @Autowired StartAuthentificationParameterParser authInitialisationParser; + @Autowired private AuthConfiguration moaAuthConfig; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -81,10 +85,12 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } protected void internalInitializeWithoutPersist(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) throws WrongParametersException, MOAIDException, MOADatabaseException { + HttpServletRequest request, HttpServletResponse response) throws EAAFException { Logger.info("BKU is selected -> Start BKU communication ..."); - defaultTaskInitialization(request, executionContext); + //AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + + AuthenticationSessionWrapper moasession = ((RequestImpl)pendingReq).getSessionData(AuthenticationSessionWrapper.class); boolean isLegacyRequest = false; Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); @@ -109,26 +115,25 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } //load OA Config - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getSPEntityId() }); else { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); //get Target from config or from request in case of SAML 1 String target = null; - if (MiscUtil.isNotEmpty(pendingReq.getGenericData("saml1_target", String.class)) && + if (MiscUtil.isNotEmpty(pendingReq.getRawData("saml1_target", String.class)) && pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol")) - target = pendingReq.getGenericData("saml1_target", String.class); + target = pendingReq.getRawData("saml1_target", String.class); String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); - bkuURL = authConfig.getDefaultBKUURL(bkuid); + bkuURL = moaAuthConfig.getDefaultBKUURL(bkuid); } //search for OA specific template @@ -139,13 +144,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { templateURL = oaTemplateURLList.get(0); } else { - templateURL = authConfig.getSLRequestTemplates(bkuid); + templateURL = moaAuthConfig.getSLRequestTemplates(bkuid); } //make url absolut if it is a local url if (MiscUtil.isNotEmpty(templateURL)) templateURL = FileUtils.makeAbsoluteURL(templateURL, - authConfig.getRootConfigFileDir()); + moaAuthConfig.getRootConfigFileDir()); if (oaParam.isOnlyMandateAllowed()) useMandate = "true"; @@ -156,7 +161,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { //parse all OA parameters i authInitialisationParser.parse( moasession, target, - pendingReq.getOAURL(), + pendingReq.getSPEntityId(), bkuURL, templateURL, useMandate, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index f7a816c74..a02032e74 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -7,11 +7,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -40,7 +41,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet @@ -49,7 +50,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { try { //initialize task - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); //build authBlock String createXMLSignatureRequest = authServer diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index d2fd4d1de..dd7890b7e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -30,23 +30,26 @@ import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; /** * @author tlenz @@ -55,7 +58,9 @@ import at.gv.egovernment.moa.util.DOMUtils; @Component("PrepareGetMISMandateTask") public class PrepareGetMISMandateTask extends AbstractAuthServletTask { - /* (non-Javadoc) + @Autowired private AuthConfiguration moaAuthConfig; + + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -66,11 +71,11 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //mandate Mode try { //perform default task initialization - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); ConnectionParameterInterface connectionParameters = - authConfig.getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); + moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(moaAuthConfig, connectionParameters); // get identitity link as byte[] Element elem = moasession.getIdentityLink().getSamlAssertion(); @@ -83,9 +88,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { String redirectURL = new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), GET_MIS_SESSIONID, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); List<String> profiles = oaParam.getMandateProfiles(); if (profiles == null) { @@ -101,8 +106,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //TODO: check in case of SSO!!! String targetType = oaParam.getAreaSpecificTargetIdentifier(); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( connectionParameters.getUrl(), @@ -115,7 +119,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { targetType, authBlock, sslFactory, - authConfig); + moaAuthConfig); if (misSessionID == null) { Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); @@ -129,8 +133,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //store pending request with new MOASession data information requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); response.setStatus(302); response.addHeader("Location", redirectMISGUI); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index 5730224e5..c8b562282 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -3,7 +3,6 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks; import static at.gv.egovernment.moa.id.commons.MOAIDAuthConstants.PARAM_XMLRESPONSE; import java.io.IOException; -import java.io.UnsupportedEncodingException; import java.util.Map; import javax.servlet.http.HttpServletRequest; @@ -13,19 +12,17 @@ import org.apache.commons.fileupload.FileUploadException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; -import org.springframework.util.Base64Utils; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.MiscUtil; /** * Verifies the signed authentication block (provided as {@code CreateXMLSignatureResponse}).<p/> @@ -59,7 +56,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}. * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * - */ + */ @Component("VerifyAuthenticationBlockTask") public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { @@ -83,19 +80,16 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { } String createXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE); - if (createXMLSignatureResponse != null) - SpecificTraceLogger.trace("Raw signed AuthBlock: " + Base64Utils.encodeToString(createXMLSignatureResponse.getBytes())); - + try { //check if authblock is received if (!ParamValidatorUtils.isValidXMLDocument(createXMLSignatureResponse)) throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //verify authBlock authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 6aefb75a1..9f1f23344 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -13,14 +13,15 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.util.CertificateUtils; @@ -56,7 +57,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { @@ -76,10 +77,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //read certificate from response X509Certificate cert = authServer.getCertificate(pendingReq, parameters); @@ -113,8 +113,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } // Foreign Identities Modus - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert); @@ -123,7 +122,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), REQ_GET_FOREIGN_ID, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 4408f3852..b7c45a032 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -10,13 +10,14 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -48,7 +49,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { @@ -65,10 +66,9 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //verify identityLink boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index eca231094..0b5db368f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -58,14 +58,14 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.w3c.dom.traversal.NodeIterator; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Parses an <code><InfoboxReadResponse></code> returned from diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java index 390467bf8..4c9c15e99 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/ExtendedInfoboxReadResponseParser.java @@ -53,12 +53,12 @@ import java.util.Vector; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.data.InfoboxToken; import at.gv.egovernment.moa.id.auth.data.InfoboxTokenImpl; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; /** * Parses and unmarshales <code>InfoboxReadResponse<code>. diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 154092b03..8458bce01 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -63,14 +63,14 @@ import org.apache.xpath.XPathAPI; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; import iaik.x509.X509Certificate; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java index 139be49fe..582af517c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java @@ -31,6 +31,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; + /** * @author tlenz * diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 1d2887e6a..ab9be7163 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -54,31 +54,31 @@ import java.util.List; import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; -import org.springframework.util.Base64Utils; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * @@ -136,18 +136,18 @@ public class CreateXMLSignatureResponseValidator { * @throws BuildException * @throws ConfigurationException */ - public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq, boolean validateTargetFriendlyName) - throws ValidateException, BuildException, ConfigurationException { + public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) + throws ValidateException, BuildException, ConfigurationException, EAAFBuilderException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); String oaURL = oaParam.getPublicURLPrefix(); IIdentityLink identityLink = session.getIdentityLink(); @Deprecated - String saml1RequestedTarget = pendingReq.getGenericData( + String saml1RequestedTarget = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class); @Deprecated - String saml1RequestedFriendlyName = pendingReq.getGenericData( + String saml1RequestedFriendlyName = pendingReq.getRawData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); try { @@ -273,16 +273,8 @@ public class CreateXMLSignatureResponseValidator { } String refValueSector = userSectorId.getSecond().substring(MOAIDAuthConstants.PREFIX_CDID.length()) + " (" + sectorName + ")"; - if (!refValueSector.equals((String)samlAttribute.getValue())) { - if (validateTargetFriendlyName) - throw new ValidateException("validator.13", new Object[] {(String)samlAttribute.getValue(), refValueSector}); - - else { - Logger.warn("AuthBlock 'TargetFriendlyName' " + samlAttribute.getValue() + " does not match to " + refValueSector); - - } - - } + if (!refValueSector.equals((String)samlAttribute.getValue())) + throw new ValidateException("validator.13", new Object[] {(String)samlAttribute.getValue(), refValueSector}); } else throw new ValidateException("validator.12", null); @@ -438,7 +430,7 @@ public class CreateXMLSignatureResponseValidator { } catch (Exception e) { SpecificTraceLogger.trace("Validate AuthBlock without SSO"); - SpecificTraceLogger.trace("Signed AuthBlock: " + Base64Utils.encodeToString(session.getAuthBlock().getBytes())); + SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); SpecificTraceLogger.trace("OA config: " + oaParam.toString()); SpecificTraceLogger.trace("saml1RequestedTarget: " + saml1RequestedTarget); SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + saml1RequestedFriendlyName); @@ -671,12 +663,12 @@ public class CreateXMLSignatureResponseValidator { } catch (Exception e) { SpecificTraceLogger.trace("Validate AuthBlock with SSO"); - SpecificTraceLogger.trace("Signed AuthBlock: " + Base64Utils.encodeToString(session.getAuthBlock().getBytes())); - SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); + SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); + SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration().toString()); throw e; } - + } public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java deleted file mode 100644 index f3ce6888b..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ /dev/null @@ -1,210 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.validator; - -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * This class is used to validate an {@link IdentityLink} - * returned by the security layer - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class IdentityLinkValidator implements Constants { - - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching PersonData Namespaces */ - private static final String PDATA = PD_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = DSIG_PREFIX + ":"; - /** Xpath prefix for reaching ECDSA Namespaces */ - private static final String ECDSA = ECDSA_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = ""; - /** Xpath expression to the SAML:SubjectConfirmationData element */ - private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Subject/" - + SAML - + "SubjectConfirmation/" - + SAML - + "SubjectConfirmationData"; -/** Xpath expression to the PersonData:Person element */ - private static final String PERSON_XPATH = - SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; - /** Xpath expression to the SAML:Attribute element */ - private static final String ATTRIBUTE_XPATH = - ROOT + SAML + "AttributeStatement/" + SAML + "Attribute"; -// /** Xpath expression to the SAML:AttributeName attribute */ -// private static final String ATTRIBUTE_NAME_XPATH = -// ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName"; -// /** Xpath expression to the SAML:AttributeNamespace attribute */ -// private static final String ATTRIBUTE_NAMESPACE_XPATH = -// ROOT -// + SAML -// + "AttributeStatement/" -// + SAML -// + "Attribute/@AttributeNamespace"; -// /** Xpath expression to the SAML:AttributeValue element */ -// private static final String ATTRIBUTE_VALUE_XPATH = -// ROOT -// + SAML -// + "AttributeStatement/" -// + SAML -// + "Attribute/" -// + SAML -// + "AttributeValue"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static IdentityLinkValidator instance; - - /** - * Constructor for a singleton IdentityLinkValidator. - * @return a new IdentityLinkValidator instance - * @throws ValidateException if no instance can be created - */ - public static synchronized IdentityLinkValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new IdentityLinkValidator(); - } - return instance; - } - - /** - * Method validate. Validates the {@link IdentityLink} - * @param identityLink The identityLink to validate - * @throws ValidateException on any validation error - */ - public void validate(IIdentityLink identityLink) throws ValidateException { - - Element samlAssertion = identityLink.getSamlAssertion(); - //Search the SAML:ASSERTION Object (A2.054) - if (samlAssertion == null) { - throw new ValidateException("validator.00", null); - } - - // Check how many saml:Assertion/saml:AttributeStatement/ - // saml:Subject/ saml:SubjectConfirmation/ - // saml:SubjectConfirmationData/pr:Person of type - // PhysicalPersonType exist (A2.056) - NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH); - // If we have just one Person-Element we don't need to check the attributes - int counterPhysicalPersonType = 0; - if (nl.getLength() > 1) - for (int i = 0; i < nl.getLength(); i++) { - String xsiType = - ((Element) nl.item(i)) - .getAttributeNodeNS( - "http://www.w3.org/2001/XMLSchema-instance", - "type") - .getNodeValue(); - // We have to check if xsiType contains "PhysicalPersonType" - // An equal-check will fail because of the Namespace-prefix of the attribute value - if (xsiType.indexOf("PhysicalPersonType") > -1) - counterPhysicalPersonType++; - } - if (counterPhysicalPersonType > 1) - throw new ValidateException("validator.01", null); - - //Check the SAML:ATTRIBUTES - nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH); - for (int i = 0; i < nl.getLength(); i++) { - String attributeName = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeName", - null); - String attributeNS = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeNamespace", - null); - if (attributeName.equals("CitizenPublicKey")) { - - if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") || - attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) { - Element attributeValue = - (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue"); - if (attributeValue==null) - attributeValue = - (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); - if (attributeValue==null) - attributeValue = - (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue"); - if (attributeValue == null) - throw new ValidateException("validator.02", null); - - } - else - throw new ValidateException("validator.03", new Object [] {attributeNS} ); - } - else - throw new ValidateException("validator.04", new Object [] {attributeName} ); - } - - //Check if dsig:Signature exists - Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature"); - if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"}); - } - -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java deleted file mode 100644 index c4ea80df9..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ /dev/null @@ -1,302 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.validator; - -import java.security.InvalidKeyException; -import java.security.PublicKey; -import java.security.interfaces.RSAPublicKey; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.logging.Logger; -import iaik.asn1.structures.Name; -import iaik.security.ec.common.ECPublicKey; -import iaik.utils.RFC2253NameParserException; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - -/** - * This class is used to validate an {@link VerifyXMLSignatureResponse} - * returned by MOA-SPSS - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureResponseValidator { - - /** Identification string for checking identity link */ - public static final String CHECK_IDENTITY_LINK = "IdentityLink"; - /** Identification string for checking authentication block */ - public static final String CHECK_AUTH_BLOCK = "AuthBlock"; - - /** Singleton instance. <code>null</code>, if none has been created. */ - private static VerifyXMLSignatureResponseValidator instance; - - /** - * Constructor for a singleton VerifyXMLSignatureResponseValidator. - */ - public static synchronized VerifyXMLSignatureResponseValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new VerifyXMLSignatureResponseValidator(); - } - return instance; - } - - /** - * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. - * - * @param verifyXMLSignatureResponse the <code><VerifyXMLSignatureResponse></code> - * @param identityLinkSignersSubjectDNNames subject names configured - * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated - * @param oaParam specifies whether the validation result of the - * manifest has to be ignored (identityLink validation if - * the OA is a business service) or not - * @throws ValidateException on any validation error - * @throws ConfigurationException - */ - public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, - List<String> identityLinkSignersSubjectDNNames, - String whatToCheck, - IOAAuthParameters oaParam) - throws ValidateException, ConfigurationException { - - if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) - throw new ValidateException("validator.06", null); - - if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { - String checkFailedReason =""; - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); - -// TEST CARDS - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); - else - throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); - } - - //check QC - if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() && - !whatToCheck.equals(CHECK_IDENTITY_LINK) && - !verifyXMLSignatureResponse.isQualifiedCertificate()) { - - //check if testcards are active and certificate has an extension for test credentials - if (oaParam.isTestCredentialEnabled()) { - boolean foundTestCredentialOID = false; - try { - X509Certificate signerCert = verifyXMLSignatureResponse.getX509certificate(); - - List<String> validOIDs = new ArrayList<String>(); - if (oaParam.getTestCredentialOIDs() != null) - validOIDs.addAll(oaParam.getTestCredentialOIDs()); - else - validOIDs.add(MOAIDAuthConstants.TESTCREDENTIALROOTOID); - - Set<String> extentsions = signerCert.getCriticalExtensionOIDs(); - extentsions.addAll(signerCert.getNonCriticalExtensionOIDs()); - Iterator<String> extit = extentsions.iterator(); - while(extit.hasNext()) { - String certOID = extit.next(); - for (String el : validOIDs) { - if (certOID.startsWith(el)) - foundTestCredentialOID = true; - } - } - - } catch (Exception e) { - Logger.warn("Test credential OID extraction FAILED.", e); - - } - //throw Exception if not TestCredentialOID is found - if (!foundTestCredentialOID) - throw new ValidateException("validator.72", null); - - } else - throw new ValidateException("validator.71", null); - } - - // if OA is type is business service the manifest validation result has - // to be ignored - boolean ignoreManifestValidationResult = false; - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - ignoreManifestValidationResult = (oaParam.hasBaseIdInternalProcessingRestriction()) ? true - : false; - - if (ignoreManifestValidationResult) { - Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); - } else { - if (verifyXMLSignatureResponse.isXmlDSIGManigest()) - if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) - throw new ValidateException("validator.08", null); - } - - - // Check the signature manifest only when verifying the signed AUTHBlock - if (whatToCheck.equals(CHECK_AUTH_BLOCK)) { - if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) { - throw new ValidateException("validator.50", null); - } - } - - //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not - if (identityLinkSignersSubjectDNNames != null) { - String subjectDN = ""; - X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); - try { - subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); - } - catch (RFC2253NameParserException e) { - throw new ValidateException("validator.17", null); - } - //System.out.println("subjectDN: " + subjectDN); - // check the authorisation to sign the identity link - if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { - // subject DN check failed, try OID check: - try { - if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) { - throw new ValidateException("validator.18", new Object[] { subjectDN }); - } else { - Logger.debug("Identity link signer cert accepted for signing identity link: " + - "subjectDN check failed, but OID check successfully passed."); - } - } catch (X509ExtensionInitException e) { - throw new ValidateException("validator.49", null); - } - } else { - Logger.debug("Identity link signer cert accepted for signing identity link: " + - "subjectDN check successfully passed."); - } - - } - } - - /** - * Method validateCertificate. - * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse - * @param idl The Identitylink - * @throws ValidateException - */ - public void validateCertificate( - IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, - IIdentityLink idl) - throws ValidateException { - - X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); - PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); - - PublicKey pubKeySignature = x509Response.getPublicKey(); - - boolean found = false; - for (int i = 0; i < pubKeysIdentityLink.length; i++) { - - //compare RSAPublicKeys - if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) && - (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) { - - RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature; - RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; - - if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus()) - && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent())) - found = true; - } - - //compare ECDSAPublicKeys - if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) || - (idl.getPublicKey()[i] instanceof ECPublicKey)) && - ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || - (pubKeySignature instanceof ECPublicKey) ) ) { - - try { - ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded()); - ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded()); - - if(ecdsakey.equals(ecdsaPubKeySignature)) - found = true; - - } catch (InvalidKeyException e) { - Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e); - throw new ValidateException("validator.09", null); - } - - - - } - -// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName() -// + " Resp-Pubkey=" + pubKeySignature.getClass().getName()); - - } - - if (!found) { - - throw new ValidateException("validator.09", null); - - } - } - -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java index 7bb07df74..e023a6507 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/parep/ParepUtils.java @@ -63,17 +63,17 @@ import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.BoolUtils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; /** diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index d093cc7f0..01e349d0f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -56,9 +56,10 @@ import javax.servlet.http.HttpServletResponse; import com.google.common.net.MediaType; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; @@ -69,7 +70,7 @@ import at.gv.egovernment.moa.logging.Logger; */ public class CitizenCardServletUtils extends ServletUtils{ - /** + /** * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing * depending on the requests starting text. * @@ -88,7 +89,7 @@ public class CitizenCardServletUtils extends ServletUtils{ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { resp.setStatus(307); String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getPendingRequestId()); resp.addHeader("Location", dataURL); //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) @@ -100,7 +101,7 @@ public class CitizenCardServletUtils extends ServletUtils{ Logger.debug("Finished POST " + servletName); } else { - String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getRequestID()); + String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getPendingRequestId()); resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 26d50905e..fe0e659c7 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -70,12 +70,12 @@ import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule index e628fbd1b..e628fbd1b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.auth.modules.AuthModule +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml index 74792ed72..48c7b6a07 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml @@ -15,7 +15,8 @@ <pd:Task id="prepareAuthBlockSignature" class="PrepareAuthBlockSignatureTask" /> <pd:Task id="prepareGetMISMandate" class="PrepareGetMISMandateTask" /> <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> - <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> <pd:StartEvent id="start" /> @@ -39,13 +40,15 @@ <pd:Transition from="verifyCertificate" to="getForeignID" /> <pd:Transition from="verifyAuthBlock" to="prepareGetMISMandate" conditionExpression="ctx['useMandate']" /> - <pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" /> + <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" /> <pd:Transition from="prepareGetMISMandate" to="getMISMandate" /> - <pd:Transition from="getMISMandate" to="finalizeAuthentication" /> - <pd:Transition from="getForeignID" to="finalizeAuthentication" /> + <pd:Transition from="getMISMandate" to="userRestrictionTask" /> + <pd:Transition from="getForeignID" to="userRestrictionTask" /> + + <pd:Transition from="userRestrictionTask" to="finalizeAuthentication" /> <pd:Transition from="finalizeAuthentication" to="end" /> <pd:EndEvent id="end" /> diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java index ec15a209c..9d59b60f3 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java @@ -48,10 +48,9 @@ package test.at.gv.egovernment.moa.id.auth.builder; import org.w3c.dom.Document; import test.at.gv.egovernment.moa.id.UnitTestCase; - +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; /** * @author Paul Ivancsics diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java index f2fde6322..f83f57144 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java @@ -46,9 +46,9 @@ package test.at.gv.egovernment.moa.id.auth.builder; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.util.Constants; import test.at.gv.egovernment.moa.id.UnitTestCase; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java index 977764878..88b973457 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java @@ -46,20 +46,19 @@ package test.at.gv.egovernment.moa.id.auth.parser; -import iaik.security.rsa.RSAPublicKey; - import java.io.FileOutputStream; import java.io.RandomAccessFile; import java.security.PublicKey; import org.w3c.dom.Document; -import test.at.gv.egovernment.moa.id.UnitTestCase; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.util.ECDSAKeyValueConverter; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; +import iaik.security.rsa.RSAPublicKey; +import test.at.gv.egovernment.moa.id.UnitTestCase; /** * @author Paul Ivancsics @@ -74,7 +73,7 @@ public class IdentityLinkAssertionParserTest extends UnitTestCase { } public void setUp() { - try { + try { RandomAccessFile s = new RandomAccessFile( "data/test/xmldata/testperson1/InfoboxReadResponse.xml", diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java index 38bf1cab6..58c6b66d0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java @@ -48,10 +48,10 @@ package test.at.gv.egovernment.moa.id.auth.parser; import java.io.RandomAccessFile; -import test.at.gv.egovernment.moa.id.UnitTestCase; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import test.at.gv.egovernment.moa.id.UnitTestCase; /** * @author Paul Ivancsics @@ -64,7 +64,7 @@ public class InfoboxReadResponseParserTest extends UnitTestCase { public InfoboxReadResponseParserTest(String name) { super(name); } - + public void setUp() { } diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml new file mode 100644 index 000000000..c340f90c9 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml @@ -0,0 +1,59 @@ +<?xml version="1.0"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>${moa-id-version}</version> + </parent> + <artifactId>moa-id-module-AT_eIDAS_connector</artifactId> + <name>moa-id-module-AT_eIDAS_connector</name> + <url>http://maven.apache.org</url> + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <repositoryPath>${basedir}/../../../../repository</repositoryPath> + </properties> + + <profiles> + <profile> + <id>default</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <repositories> + <repository> + <id>local</id> + <name>local</name> + <url>file:${basedir}/../../../../repository</url> + </repository> + <repository> + <id>egiz-commons</id> + <url>https://demo.egiz.gv.at/int-repo/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + </repositories> + </profile> + </profiles> + + <dependencies> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + </dependency> + + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> +</project> diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java new file mode 100644 index 000000000..19950a078 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java @@ -0,0 +1,94 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthConstants { + + public static final String MODULE_NAME_FOR_LOGGING = "eIDAS central authentication"; + + public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; + + public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = "useeIDAS"; + + public static final String ENDPOINT_POST = "/sp/eidas/post"; + public static final String ENDPOINT_REDIRECT = "/sp/eidas/redirect"; + public static final String ENDPOINT_METADATA = "/sp/eidas/metadata"; + + public static final String CONFIG_PROPS_PREFIX = "modules.eidascentralauth."; + public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path"; + public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password"; + public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias"; + public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password"; + public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias"; + public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password"; + public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias"; + public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes"; + public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId"; + public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl"; + public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID"; + + + public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH; + public static final List<Trible<String, String, Boolean>> DEFAULT_REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { + private static final long serialVersionUID = 1L; + { + //add PVP Version attribute + add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, true)); + + //request entity information + add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.BPK_NAME, PVPConstants.BPK_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_IDENTITY_LINK_NAME, PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME, false)); + } + }); + + public static final List<String> DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = + Collections.unmodifiableList(new ArrayList<String>() { + private static final long serialVersionUID = 1L; + { + for (Trible<String, String, Boolean> el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) + add(el.getFirst()); + } + }); +} + + diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java new file mode 100644 index 000000000..821a200c7 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java @@ -0,0 +1,103 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth; + +import java.io.Serializable; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthModuleImpl implements AuthModule { + + @Autowired(required=true) private AuthenticationManager authManager; + + private int priority = 0; + + @PostConstruct + protected void initalCentralEidasAuthentication() { + //parameter to whiteList + authManager.addParameterNameToWhiteList(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION); + if (paramObj != null ) { + if (paramObj instanceof String) { + String param = (String)paramObj; + if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) { + Logger.debug("Centrial eIDAS authentication process selected "); + return "centrialEidasAuthentication"; + + } else + Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION + + " is empty or has value: " + Boolean.parseBoolean(param)); + + } else + Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION + + "' of type: " + paramObj.getClass().getName()); + } + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:eIDAS_central_node_auth.process.xml" }; + } + + /** + * @param priority the priority to set + */ + public void setPriority(int priority) { + this.priority = priority; + + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java new file mode 100644 index 000000000..beaaee619 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java @@ -0,0 +1,63 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource federationAuthConfig = new ClassPathResource("/moaid_eIDAS_central_node_auth.beans.xml", EidasCentralAuthSpringResourceProvider.class); + + return new Resource[] {federationAuthConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "MOA-ID Auth-module 'central eIDAS Authentication'"; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java new file mode 100644 index 000000000..aad1244f1 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java @@ -0,0 +1,355 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config; + +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.core.NameIDType; +import org.opensaml.saml2.metadata.ContactPerson; +import org.opensaml.saml2.metadata.Organization; +import org.opensaml.saml2.metadata.RequestedAttribute; +import org.opensaml.xml.security.credential.Credential; + +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthMetadataConfiguration implements IPVPMetadataBuilderConfiguration { + + private Collection<RequestedAttribute> additionalAttributes = null; + + + private String authURL; + private EidasCentralAuthCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; + + public EidasCentralAuthMetadataConfiguration(String authURL, + EidasCentralAuthCredentialProvider credentialProvider, + IPVP2BasicConfiguration pvpConfiguration) { + this.authURL = authURL; + this.credentialProvider = credentialProvider; + this.pvpConfiguration = pvpConfiguration; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil() + */ + @Override + public int getMetadataValidUntil() { + return EidasCentralAuthConstants.METADATA_VALIDUNTIL_IN_HOURS; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement() + */ + @Override + public boolean buildEntitiesDescriptorAsRootElement() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor() + */ + @Override + public boolean buildIDPSSODescriptor() { + return false; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor() + */ + @Override + public boolean buildSPSSODescriptor() { + return true; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix() + */ + @Override + public String getEntityID() { + return authURL + EidasCentralAuthConstants.ENDPOINT_METADATA; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName() + */ + @Override + public String getEntityFriendlyName() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation() + */ + @Override + public List<ContactPerson> getContactPersonInformation() { + try { + return pvpConfiguration.getIDPContacts(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Contect Person", e); + return null; + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation() + */ + @Override + public Organization getOrgansiationInformation() { + try { + return pvpConfiguration.getIDPOrganisation(); + + } catch (EAAFException e) { + Logger.warn("Can not load Metadata entry: Organisation", e); + return null; + + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials() + */ + @Override + public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPMetaDataSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials() + */ + @Override + public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionSigningCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials() + */ + @Override + public Credential getEncryptionCredentials() throws CredentialsNotAvailableException { + return credentialProvider.getIDPAssertionEncryptionCredential(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL() + */ + @Override + public String getIDPWebSSOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL() + */ + @Override + public String getIDPWebSSORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL() + */ + @Override + public String getIDPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL() + */ + @Override + public String getIDPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL() + */ + @Override + public String getSPAssertionConsumerServicePostBindingURL() { + return authURL + EidasCentralAuthConstants.ENDPOINT_POST; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL() + */ + @Override + public String getSPAssertionConsumerServiceRedirectBindingURL() { + return authURL + EidasCentralAuthConstants.ENDPOINT_REDIRECT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL() + */ + @Override + public String getSPSLOPostBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL() + */ + @Override + public String getSPSLORedirectBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL() + */ + @Override + public String getSPSLOSOAPBindingURL() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes() + */ + @Override + public List<Attribute> getIDPPossibleAttributes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes() + */ + @Override + public List<String> getIDPPossibleNameITTypes() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes() + */ + @Override + public Collection<RequestedAttribute> getSPRequiredAttributes() { + Map<String, RequestedAttribute> requestedAttributes = new HashMap<String, RequestedAttribute>(); + for (Trible<String, String, Boolean> el : EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES) + requestedAttributes.put(el.getFirst(), PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); + + if (additionalAttributes != null) { + Logger.trace("Add additional PVP attributes into metadata ... "); + for (RequestedAttribute el : additionalAttributes) { + if (requestedAttributes.containsKey(el.getName())) + Logger.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration"); + + requestedAttributes.put(el.getName(), el); + + } + } + + return requestedAttributes.values(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes() + */ + @Override + public List<String> getSPAllowedNameITTypes() { + return Arrays.asList(NameIDType.PERSISTENT); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned() + */ + @Override + public boolean wantAssertionSigned() { + return false; + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned() + */ + @Override + public boolean wantAuthnRequestSigned() { + return true; + } + + /** + * Add additonal PVP attributes that are required by this deployment + * + * @param additionalAttr List of PVP attribute name and isRequired flag + */ + public void setAdditionalRequiredAttributes(List<Pair<String, Boolean>> additionalAttr) { + if (additionalAttr != null) { + additionalAttributes = new ArrayList<RequestedAttribute>(); + for (Pair<String, Boolean> el : additionalAttr) { + Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst()); + if (attributBuilder != null) { + additionalAttributes.add( + PVPAttributeBuilder.buildReqAttribute( + attributBuilder.getName(), + attributBuilder.getFriendlyName(), + el.getSecond())); + + } else + Logger.info("NO PVP attribute with name: " + el.getFirst()); + + } + } + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java new file mode 100644 index 000000000..8376f3aad --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java @@ -0,0 +1,272 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config; + +import java.util.List; + +import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; +import org.opensaml.saml2.core.NameID; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.xml.security.credential.Credential; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; + +/** + * @author tlenz + * + */ +public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation { + + private boolean isPassive; + private String SPEntityID; + private String QAA_Level; + private EntityDescriptor idpEntity; + private Credential signCred; + private String scopeRequesterId; + private String providerName; + private List<EAAFRequestedAttribute> requestedAttributes; + private String reqId; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#isPassivRequest() + */ + @Override + public Boolean isPassivRequest() { + return this.isPassive; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId() + */ + @Override + public Integer getAssertionConsumerServiceId() { + return 0; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getEntityID() + */ + @Override + public String getSPEntityID() { + return this.SPEntityID; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public String getNameIDPolicyFormat() { + return NameID.PERSISTENT; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy() + */ + @Override + public boolean getNameIDPolicyAllowCreation() { + return true; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef() + */ + @Override + public String getAuthnContextClassRef() { + return this.QAA_Level; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison() + */ + @Override + public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() { + return AuthnContextComparisonTypeEnumeration.MINIMUM; + } + + /** + * @param isPassive the isPassive to set + */ + public void setPassive(boolean isPassive) { + this.isPassive = isPassive; + } + + /** + * @param sPEntityID the sPEntityID to set + */ + public void setSPEntityID(String sPEntityID) { + SPEntityID = sPEntityID; + } + + /** + * @param qAA_Level the qAA_Level to set + */ + public void setQAA_Level(String qAA_Level) { + QAA_Level = qAA_Level; + } + + /** + * @param idpEntity the idpEntity to set + */ + public void setIdpEntity(EntityDescriptor idpEntity) { + this.idpEntity = idpEntity; + } + + /** + * @param signCred the signCred to set + */ + public void setSignCred(Credential signCred) { + this.signCred = signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential() + */ + @Override + public Credential getAuthnRequestSigningCredential() { + return this.signCred; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor() + */ + @Override + public EntityDescriptor getIDPEntityDescriptor() { + return this.idpEntity; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID() + */ + @Override + public String getSubjectNameID() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging() + */ + @Override + public String getSPNameForLogging() { + return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat() + */ + @Override + public String getSubjectNameIDFormat() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID() + */ + @Override + public String getRequestID() { + return this.reqId; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier() + */ + @Override + public String getSubjectNameIDQualifier() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode() + */ + @Override + public String getSubjectConformationMethode() { + return null; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate() + */ + @Override + public Element getSubjectConformationDate() { + return null; + } + + @Override + public List<EAAFRequestedAttribute> getRequestedAttributes() { + return this.requestedAttributes; + + } + + @Override + public String getProviderName() { + return this.providerName; + } + + @Override + public String getScopeRequesterId() { + return this.scopeRequesterId; + } + + /** + * Set the entityId of the SP that requests the proxy for eIDAS authentication + * + * @param scopeRequesterId + */ + public void setScopeRequesterId(String scopeRequesterId) { + this.scopeRequesterId = scopeRequesterId; + } + + /** + * Set a friendlyName for the SP that requests the proxy for eIDAS authentication + * + * @param providerName + */ + public void setProviderName(String providerName) { + this.providerName = providerName; + } + + /** + * Set a Set of PVP attributes that a requested by using requested attributes + * + * @param requestedAttributes + */ + public void setRequestedAttributes(List<EAAFRequestedAttribute> requestedAttributes) { + this.requestedAttributes = requestedAttributes; + } + + /** + * Set a RequestId for this Authn. Request + * + * @param reqId + */ + public void setRequestId(String reqId) { + this.reqId = reqId; + } + + + + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java new file mode 100644 index 000000000..4898c8f1e --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java @@ -0,0 +1,133 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller; + +import java.io.IOException; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import com.google.common.net.MediaType; + +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthMetadataConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Controller +public class EidasCentralAuthMetadataController extends AbstractController { + + @Autowired PVPMetadataBuilder metadatabuilder; + @Autowired AuthConfiguration authConfig; + @Autowired EidasCentralAuthCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; + + public EidasCentralAuthMetadataController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EidasCentralAuthConstants.ENDPOINT_METADATA + + "'."); + + } + + @RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, + method = {RequestMethod.GET}) + public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException { + //check PublicURL prefix + try { + String authURL = HTTPUtils.extractAuthURLFromRequest(req); + if (!authConfig.getPublicURLPrefix().contains(authURL)) { + resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL"); + return; + + } else { + //initialize metadata builder configuration + EidasCentralAuthMetadataConfiguration metadataConfig = + new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); + metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes()); + + + //build metadata + String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); + + //write response + byte[] content = xmlMetadata.getBytes("UTF-8"); + resp.setStatus(HttpServletResponse.SC_OK); + resp.setContentLength(content.length); + resp.setContentType(MediaType.XML_UTF_8.toString()); + resp.getOutputStream().write(content); + + } + + } catch (Exception e) { + Logger.warn("Build federated-authentication PVP metadata FAILED.", e); + handleErrorNoRedirect(e, req, resp, false); + + } + + } + + private List<Pair<String, Boolean>> getAdditonalRequiredAttributes() { + Map<String, String> addReqAttributes = authConfig.getBasicMOAIDConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST); + if (addReqAttributes != null) { + List<Pair<String, Boolean>> result = new ArrayList<Pair<String, Boolean>>(); + for (String el : addReqAttributes.values()) { + if (MiscUtil.isNotEmpty(el)) { + Logger.trace("Parse additional attr. definition: " + el); + List<String> attr = KeyValueUtils.getListOfCSVValues(el.trim()); + if (attr.size() == 2) { + result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1)))); + + } else + Logger.info("IGNORE additional attr. definition: " + el + + " Reason: Format not valid"); + } + } + + return result; + } + + return null; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java new file mode 100644 index 000000000..1486ef841 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java @@ -0,0 +1,67 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.text.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class EidasCentralAuthSignalController extends AbstractProcessEngineSignalController { + + public EidasCentralAuthSignalController() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '" + EidasCentralAuthConstants.ENDPOINT_POST + + "' and '" + EidasCentralAuthConstants.ENDPOINT_REDIRECT + "'."); + + } + + @RequestMapping(value = { EidasCentralAuthConstants.ENDPOINT_POST, + EidasCentralAuthConstants.ENDPOINT_REDIRECT + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + + } + + public String getPendingRequestId(HttpServletRequest request) { + return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState")); + + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java new file mode 100644 index 000000000..c1229e3ff --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java @@ -0,0 +1,184 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks; + +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.ws.message.encoder.MessageEncodingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("CreateEidasCentrialAuthnRequestTask") +public class CreateAuthnRequestTask extends AbstractAuthServletTask { + + @Autowired PVPAuthnRequestBuilder authnReqBuilder; + @Autowired EidasCentralAuthCredentialProvider credential; + @Autowired EidasCentralAuthMetadataProvider metadataService; + + //@Autowired(required=true) ILoALevelMapper loaMapper; + //@Autowired(required=true) MOAMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try{ + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED); + + //check if eIDAS authentication is enabled for this SP + if (!Boolean.parseBoolean(pendingReq.getServiceProviderConfiguration().getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, String.valueOf(false)))) { + Logger.info("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + throw new MOAIDException("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), null); + + } + + // get entityID for central ms-specific eIDAS node + String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); + + + if (MiscUtil.isEmpty(msNodeEntityID)) { + Logger.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!"); + throw new MOAIDException("NO EntityID for central eIDAS node FOUND", null); + + } + + //load metadata with metadataURL, as backup + String metadataURL = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_METADATAURL); + if (MiscUtil.isNotEmpty(metadataURL)) { + Logger.warn("Use not recommended metadata-provider initialization!" + + " SAML2 'Well-Known-Location' is the preferred methode."); + Logger.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL:" + metadataURL); + metadataService.addMetadataWithMetadataURL(metadataURL); + + } + + //load IDP SAML2 entitydescriptor + EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID); + if (entityDesc == null) { + Logger.error("Requested 'ms-specific eIDAS node' " + entityDesc + + " has no valid metadata or metadata is not found"); + throw new MOAIDException("Requested 'ms-specific eIDAS node' " + entityDesc + + " has no valid metadata or metadata is not found", null); + + } + + //setup AuthnRequestBuilder configuration + EidasCentralAuthRequestBuilderConfiguration authnReqConfig = new EidasCentralAuthRequestBuilderConfiguration(); + SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator(); + authnReqConfig.setRequestId(gen.generateIdentifier()); + authnReqConfig.setIdpEntity(entityDesc); + authnReqConfig.setPassive(false); + authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential()); + authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA); + authnReqConfig.setQAA_Level( + pendingReq.getServiceProviderConfiguration().getConfigurationValue( + MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, + EidasCentralAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL)); + + authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier()); + authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName()); + authnReqConfig.setRequestedAttributes(buildRequestedAttributes()); + + //build and transmit AuthnRequest + authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); + + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED, + authnReqConfig.getRequestID()); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (MetadataProviderException e) { + + throw new TaskExecutionException(pendingReq, + "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", + new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'national central eIDASNode'"},e )); + + } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { + Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e); + throw new TaskExecutionException(pendingReq, + e.getMessage(), + new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'national central eIDASNode'"},e )); + + } catch (Exception e) { + Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + private List<EAAFRequestedAttribute> buildRequestedAttributes() { + List<EAAFRequestedAttribute> attributs = new ArrayList<EAAFRequestedAttribute>(); + + //build EID sector for identification attribute + Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME); + EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple( + attr , + true, + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + attributs.add(reqAttr ); + + //TODO: add mandate information if mandates are used!!!! + + return attributs; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 000000000..f3eaff11a --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,269 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks; + +import java.io.IOException; +import java.util.Set; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml2.core.Response; +import org.opensaml.saml2.core.StatusCode; +import org.opensaml.ws.message.decoder.MessageDecodingException; +import org.opensaml.xml.io.MarshallingException; +import org.opensaml.xml.security.SecurityException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +@Component("ReceiveFederatedAuthnResponseTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + + @Autowired private SAMLVerificationEngineSP samlVerificationEngine; + @Autowired private EidasCentralAuthCredentialProvider credentialProvider; + @Autowired(required=true) EidasCentralAuthMetadataProvider metadataProvider; + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + InboundMessage msg = null; + + try { + + IDecoder decoder = null; + EAAFURICompare comperator = null; + //select Response Binding + if (request.getMethod().equalsIgnoreCase("POST")) { + decoder = new PostBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_POST); + Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using POST-Binding."); + + } else if (request.getMethod().equalsIgnoreCase("GET")) { + decoder = new RedirectBinding(); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_REDIRECT); + Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using Redirect-Binding."); + + } else { + Logger.warn("Receive PVP Response, but Binding (" + + request.getMethod() + ") is not supported."); + throw new AuthnResponseValidationException("sp.pvp2.03", new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //decode PVP response object + msg = (InboundMessage) decoder.decode( + request, response, metadataProvider, true, + comperator); + + if (MiscUtil.isEmpty(msg.getEntityID())) { + throw new InvalidProtocolRequestException("sp.pvp2.04", + new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //validate response signature + if(!msg.isVerified()) { + samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + msg.setVerified(true); + + } + + //validate assertion + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); + + //validate entityId of response + String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig); + String respEntityId = msg.getEntityID(); + if (!msNodeEntityID.equals(respEntityId)) { + Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ..."); + throw new AuthnResponseValidationException("sp.pvp2.08", + new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, + msg.getEntityID()}); + + } + + //initialize Attribute extractor + AssertionAttributeExtractor extractor = + new AssertionAttributeExtractor((Response) processedMsg.getResponse()); + + getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + + //store pending-request + requestStoreage.storePendingRequest(pendingReq); + + //write log entries + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID); + Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()); + + } catch (MessageDecodingException | SecurityException e) { + String samlRequest = request.getParameter("SAMLRequest"); + Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e); + throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", + new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'national central eIDASNode'"}, e)); + + } catch (IOException | MarshallingException | TransformerException e) { + Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e); + throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e)); + + } catch (CredentialsNotAvailableException e) { + Logger.error("PVP response decrytion FAILED. No credential found.", e); + throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e)); + + } catch (AssertionValidationExeption | AuthnResponseValidationException e) { + Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e)); + + } catch (Exception e) { + Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", + new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e)); + + } + + } + + private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig) throws BuildException, ConfigurationException{ + try { + //check if all attributes are include + if (!extractor.containsAllRequiredAttributes() + && !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) { + Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes."); + throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING}); + + } + + //copy attributes into MOASession + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + for (String el : includedAttrNames) { + String value = extractor.getSingleAttributeValue(el); + session.setGenericDataToSession(el, value); + Logger.debug("Add PVP-attribute " + el + " into MOASession"); + + } + + //set foreigner flag + session.setForeigner(true); + if (extractor.getFullAssertion().getIssuer() != null && + StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue())) + session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue()); + else + session.setBkuURL("eIDAS_Authentication"); + + + } catch (AssertionValidationExeption e) { + throw new BuildException("builder.06", null, e); + + } catch (EAAFStorageException e) { + throw new BuildException("builder.06", null, e); + + } + } + + /** + * PreProcess AuthResponse and Assertion + * @param msg + * @throws TransformerException + * @throws MarshallingException + * @throws IOException + * @throws CredentialsNotAvailableException + * @throws AssertionValidationExeption + * @throws AuthnResponseValidationException + */ + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + Logger.debug("Start PVP21 assertion processing... "); + Response samlResp = (Response) msg.getResponse(); + + // check SAML2 response status-code + if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) { + //validate PVP 2.1 assertion + samlVerificationEngine.validateAssertion(samlResp, true, + credentialProvider.getIDPAssertionEncryptionCredential(), + pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA, + EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING); + + msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement()); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED, + samlResp.getID()); + return msg; + + } else { + Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() + + " from 'ms-specific eIDAS node'."); + revisionsLogger.logEvent(pendingReq, + MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR); + throw new AuthnResponseValidationException("sp.pvp2.05", + new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, + samlResp.getIssuer().getValue(), + samlResp.getStatus().getStatusCode().getValue(), + samlResp.getStatus().getStatusMessage().getMessage()}); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java new file mode 100644 index 000000000..f2f8530f6 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java @@ -0,0 +1,124 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils; + +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +/** + * @author tlenz + * + */ +@Service("EidasCentralAuthCredentialProvider") +public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvider { + + @Autowired AuthConfiguration authConfig; + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() + */ + @Override + public String getKeyStoreFilePath() throws ConfigurationException { + return FileUtils.makeAbsoluteURL( + authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getRootConfigFileDir()); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword() + */ + @Override + public String getKeyStorePassword() { + return authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias() + */ + @Override + public String getMetadataKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword() + */ + @Override + public String getMetadataKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias() + */ + @Override + public String getSignatureKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword() + */ + @Override + public String getSignatureKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias() + */ + @Override + public String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword() + */ + @Override + public String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName() + */ + @Override + public String getFriendlyName() { + return "eIDAS centrial authentication"; + } + +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java new file mode 100644 index 000000000..5cee90658 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java @@ -0,0 +1,345 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils; + +import java.net.MalformedURLException; +import java.util.List; +import java.util.Timer; + +import javax.xml.namespace.QName; + +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; +import org.opensaml.saml2.metadata.EntitiesDescriptor; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.RoleDescriptor; +import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider; +import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataFilter; +import org.opensaml.saml2.metadata.provider.MetadataProvider; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ + +@Service("EidasCentralAuthMetadataProvider") +public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider + implements IDestroyableObject { + @Autowired(required=true) AuthConfiguration moaAuthConfig; + + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); + private Timer timer = null; + + + public EidasCentralAuthMetadataProvider() { + metadataProvider.setRequireValidMetadata(true); + + } + + public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException { + internalInitialize(metadataURL); + + } + + public void destroy() { + fullyDestroy(); + + } + + + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata() + */ + @Override + public boolean requireValidMetadata() { + return metadataProvider.requireValidMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean) + */ + @Override + public void setRequireValidMetadata(boolean requireValidMetadata) { + metadataProvider.setRequireValidMetadata(requireValidMetadata); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter() + */ + @Override + public MetadataFilter getMetadataFilter() { + return metadataProvider.getMetadataFilter(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter) + */ + @Override + public void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException { + Logger.fatal("Set Metadata Filter is not implemented her!"); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata() + */ + @Override + public XMLObject getMetadata() throws MetadataProviderException { + return metadataProvider.getMetadata(); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntitiesDescriptor(java.lang.String) + */ + @Override + public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException { + return metadataProvider.getEntitiesDescriptor(name); + + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntityDescriptor(java.lang.String) + */ + @Override + public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException { + try { + //search if metadata is already loaded + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + + if (entityDesc != null) + return entityDesc; + else + Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + try { + EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID); + if (entityDesc == null) { + Logger.error("MS-specific eIDAS node Client ERROR: No EntityID with "+ entityID); + throw new MetadataProviderException("No EntityID with "+ entityID); + } + + return entityDesc; + + } catch (MetadataProviderException e) { + Logger.error("MS-specific eIDAS node Client ERROR: Metadata extraction FAILED.", e); + throw new MetadataProviderException("Metadata extraction FAILED", e); + + } + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName) + */ + @Override + public List<RoleDescriptor> getRole(String entityID, QName roleName) throws MetadataProviderException { + try { + //search if metadata is already loaded + List<RoleDescriptor> role = metadataProvider.getRole(entityID, roleName); + + if (role != null) + return role; + else + Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName); + } + + /* (non-Javadoc) + * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String) + */ + @Override + public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol) + throws MetadataProviderException { + try { + //search if metadata is already loaded + RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol); + + if (role != null) + return role; + else + Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ..."); + + } catch (MetadataProviderException e) { + Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ..."); + + } + + //(re)initialize ms-specific eIDAS node + internalInitialize(entityID); + + //search again after reload (re)initialization + return metadataProvider.getRole(entityID, roleName, supportedProtocol); + } + + private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException { + + //check if metadata with EntityID already exists in chaining metadata provider + boolean addNewMetadata = true; + try { + addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null); + + } catch (MetadataProviderException e) {} + + //switch between metadata refresh and add new metadata + if (addNewMetadata) { + //Metadata provider seems not loaded --> Add new metadata provider + Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ms-specific eIDAS node"); + + String trustProfileID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_TRUSTPROFILEID); + if (MiscUtil.isEmpty(trustProfileID)) { + Logger.error("Create ms-specific eIDAS node Client FAILED: No trustProfileID to verify PVP metadata." ); + throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); + } + + //initialize Timer if it is null + if (timer == null) + timer = new Timer(true); + + //create metadata validation filter chain + MetadataFilterChain filter = new MetadataFilterChain(); + filter.addFilter(new SchemaValidationFilter(true)); + filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); + + MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, + filter, + EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, + timer, + new BasicParserPool(), + createHttpClient(metdataURL)); + + if (idpMetadataProvider == null) { + Logger.error("Create ms-specific eIDAS node Client FAILED."); + throw new MetadataProviderException("Can not initialize 'ms-specific eIDAS node' metadata provider."); + + } + + idpMetadataProvider.setRequireValidMetadata(true); + metadataProvider.addMetadataProvider(idpMetadataProvider); + + } else { + //Metadata provider seems already loaded --> start refresh process + List<MetadataProvider> loadedProvider = metadataProvider.getProviders(); + for (MetadataProvider el : loadedProvider) { + if (el instanceof HTTPMetadataProvider) { + HTTPMetadataProvider prov = (HTTPMetadataProvider)el; + if (prov.getMetadataURI().equals(metdataURL)) + prov.refresh(); + + } else + Logger.warn("'ms-specific eIDAS node' Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!"); + + } + } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy() + */ + @Override + public void fullyDestroy() { + Logger.info("Destroy 'ms-specific eIDAS node' PVP metadata pool ... "); + + if (metadataProvider != null) { + metadataProvider.destroy(); + + } + + if (timer != null) + timer.cancel(); + + } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java new file mode 100644 index 000000000..642008726 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils; + +import java.util.List; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.logging.Logger; + +public class Utils { + + public static String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) { + //load from service-provider configuration + String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL); + + if (StringUtils.isEmpty(msNodeEntityID)) { + Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... "); + if (authConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig; + List<String> configuratedEntityIDs = KeyValueUtils.getListOfCSVValues( + moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL)); + + if (configuratedEntityIDs.size() > 0) + msNodeEntityID = configuratedEntityIDs.get(0); + else + Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... "); + + } else + Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName() + + "' Switch to generic Type ... "); + + + if (StringUtils.isEmpty(msNodeEntityID)) + msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID); + + } + + return msNodeEntityID; + } +} diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..5954455a4 --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml new file mode 100644 index 000000000..02bf7bcad --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml @@ -0,0 +1,17 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="centrialEidasAuthentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + <pd:Task id="createEidasAuthnRequest" class="CreateEidasCentrialAuthnRequestTask" /> + <pd:Task id="receiveEidasAuthnResponse" class="ReceiveEidasCentrialAuthnResponseTask" async="true" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + + <pd:StartEvent id="start" /> + + <pd:Transition from="start" to="createEidasAuthnRequest" /> + <pd:Transition from="createEidasAuthnRequest" to="receiveEidasAuthnResponse"/> + <pd:Transition from="receiveEidasAuthnResponse" to="finalizeAuthentication"/> + <pd:Transition from="finalizeAuthentication" to="end" /> + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml new file mode 100644 index 000000000..f57d4a94b --- /dev/null +++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml @@ -0,0 +1,43 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + +<!-- Federated authentication services --> + <bean id="EidasCentralAuthCredentialProvider" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider"/> + + <bean id="EidasCentralAuthMetadataController" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthMetadataController"/> + + <bean id="EidasCentralAuthModuleImpl" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthModuleImpl"> + <property name="priority" value="2" /> + </bean> + + <bean id="EidasCentralAuthSignalController" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller.EidasCentralAuthSignalController"/> + + <bean id="EidasCentralAuthMetadataProvider" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider" /> + + <bean id="pvpAuthnRequestBuilder" + class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder" /> + +<!-- Federated Authentication Process Tasks --> + <bean id="CreateEidasCentrialAuthnRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks.CreateAuthnRequestTask" + scope="prototype"/> + + <bean id="ReceiveEidasCentrialAuthnResponseTask" + class="at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks.ReceiveAuthnResponseTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 0cef4cb41..b17f0c121 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -29,13 +29,13 @@ import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -45,19 +45,20 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class BKAMobileAuthModule implements AuthModule { - private int priority = 1; + private int priority = 2; @Autowired(required=true) protected AuthConfiguration authConfig; - @Autowired(required=true) private AuthenticationManager authManager; + @Autowired(required=true) private IAuthenticationManager authManager; private List<String> uniqueIDsDummyAuthEnabled = new ArrayList<String>(); + private String noAuthHeaderValue = null; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @Override public int getPriority() { - return priority; + return priority; } /** @@ -67,11 +68,13 @@ public class BKAMobileAuthModule implements AuthModule { public void setPriority(int priority) { this.priority = priority; } - @PostConstruct public void initialDummyAuthWhiteList() { - String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID"); + String sensitiveSpIdentifier = authConfig.getBasicConfiguration("modules.bkamobileAuth.entityID"); + noAuthHeaderValue = authConfig.getBasicConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0"); + Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue); + if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) { uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier)); @@ -84,6 +87,8 @@ public class BKAMobileAuthModule implements AuthModule { //parameter to whiteList authManager.addParameterNameToWhiteList(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); +// authManager.addHeaderNameToWhiteList("SL2ClientType"); +// authManager.addHeaderNameToWhiteList("X-MOA-VDA"); } /* (non-Javadoc) @@ -91,13 +96,23 @@ public class BKAMobileAuthModule implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER); - if (MiscUtil.isNotEmpty(spEntityID)) { - if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) { + String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID); + String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase()); + String sl20VDATypeHeader = (String) context.get("X-MOA-VDA".toLowerCase()); + if (MiscUtil.isNotEmpty(spEntityID)) { + Logger.trace("Check dummy-auth for SP: " + spEntityID); + + + if ( (uniqueIDsDummyAuthEnabled.contains(spEntityID))) { String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); if (eIDBlob != null && MiscUtil.isNotEmpty(eIDBlob.trim())) { return "BKAMobileAuthentication"; + } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) + && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals(noAuthHeaderValue)) { + Logger.info("Find dummy-auth request for oe.gv.at demos ... "); + return "BKAMobileAuthentication"; + } else { Logger.debug("Dummy-auth are enabled for " + spEntityID + " but no '" + FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW + "' req. parameter available."); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index 43043ddd6..0cbf009ad 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -53,16 +53,16 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParseException; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -88,9 +88,9 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { private static final String EIDCONTAINER_KEY_SALT = "salt"; private static final String EIDCONTAINER_KEY_IV = "iv"; private static final String EIDCONTAINER_EID = "eid"; - private static final String EIDCONTAINER_KEY_IDL = "idl"; + private static final String EIDCONTAINER_KEY_IDL = "idl"; private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert"; - + public static final String REQ_PARAM_eID_BLOW = "eidToken"; @Autowired(required=true) private AuthConfiguration authConfig; @@ -111,7 +111,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { throw new MOAIDException("NO eID data blob included!", null); } - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64); + parseDemoValuesIntoMOASession(pendingReq, eIDBlobRawB64); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); @@ -133,7 +133,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { * @throws MOAIDException * @throws IOException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession, String eIDBlobRawB64) throws MOAIDException, IOException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException { Logger.debug("Check eID blob signature ... "); byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false); @@ -201,14 +201,14 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { Logger.debug("Parse eID information into MOA-Session ..."); byte[] rawIDL = Base64Utils.decode(idlB64, false); IIdentityLink identityLink = new IdentityLinkAssertionParser(new ByteArrayInputStream(rawIDL)).parseIdentityLink(); + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moaSession.setIdentityLink(identityLink); moaSession.setUseMandates(false); moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_1_3); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL); Logger.info("Session Restore completed"); - - + } catch (MOAIDException e) { throw e; @@ -243,7 +243,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } private SecretKey generateDecryptionKey(byte[] salt) throws MOAIDException { - String decryptionPassPhrase = authConfig.getBasicMOAIDConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); + String decryptionPassPhrase = authConfig.getBasicConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); try { SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); KeySpec spec = new PBEKeySpec(decryptionPassPhrase.toCharArray(), salt, 2000, 128); @@ -276,7 +276,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } SignerInfo signerInfos = verifySigResult.getSignerInfo(); DateTime date = new DateTime(signerInfos.getSigningTime().getTime()); - Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicMOAIDConfiguration(CONF_SIGNING_TIME_JITTER, "5")); + Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicConfiguration(CONF_SIGNING_TIME_JITTER, "5")); if (date.plusMinutes(signingTimeJitter).isBeforeNow()) { Logger.warn("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter)); throw new MOAIDException("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter), null); @@ -290,7 +290,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { cmsSigVerifyReq.setSignatories(VerifyCMSSignatureRequestImpl.ALL_SIGNATORIES); cmsSigVerifyReq.setExtended(false); cmsSigVerifyReq.setPDF(false); - cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicMOAIDConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); + cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); cmsSigVerifyReq.setCMSSignature(new ByteArrayInputStream(eIDBlobRaw)); return cmsSigVerifyReq; } diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java index 4b18e7112..bb5700bd7 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java @@ -29,20 +29,23 @@ import java.net.URL; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; /** * @author tlenz @@ -50,17 +53,19 @@ import at.gv.egovernment.moa.util.FileUtils; */ @Component("SecondBKAMobileAuthTask") public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { - + + @Autowired AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - + try { Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication"); - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession()); + parseDemoValuesIntoMOASession(pendingReq); // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -78,27 +83,29 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { * @param pendingReq * @param moaSession * @throws MOAIDException + * @throws EAAFStorageException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession) throws MOAIDException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException { + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); moaSession.setUseMandates(false); moaSession.setForeigner(false); moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest"); - moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4); + moaSession.setQAALevel(PVPConstants.EIDAS_QAA_HIGH); try { - String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir()); + String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir()); URL keystoreURL = new URL(idlurl); InputStream idlstream = keystoreURL.openStream(); IIdentityLink identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); moaSession.setIdentityLink(identityLink); - + } catch (ParseException | IOException e) { Logger.error("IdentityLink is not parseable.", e); throw new MOAIDException("IdentityLink is not parseable.", null); } - + } } diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml index 6f41f347a..07faeae88 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml @@ -5,17 +5,17 @@ STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures. --> <pd:Task id="firstStep" class="FirstBKAMobileAuthTask" /> - <pd:Task id="secondStep" class="SecondBKAMobileAuthTask" async="true" /> - <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="secondStep" class="SecondBKAMobileAuthTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> <!-- Process is triggered either by GenerateIFrameTemplateServlet (upon bku selection) or by AuthenticationManager (upon legacy authentication start using legacy parameters. --> <pd:StartEvent id="start" /> - <pd:Transition from="start" to="firstStep" /> - <!-- pd:Transition from="firstStep" to="secondStep"/> - <pd:Transition from="secondStep" to="finalizeAuthentication" /--> - - <pd:Transition from="firstStep" to="finalizeAuthentication" /> + <pd:Transition from="start" to="secondStep" /> + <pd:Transition from="secondStep" to="finalizeAuthentication" /> + +<!-- <pd:Transition from="firstStep" to="secondStep"/> --> + <!-- <pd:Transition from="firstStep" to="finalizeAuthentication" /> --> <pd:Transition from="finalizeAuthentication" to="end" /> diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml index ef13b0348..79f29e08c 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml @@ -10,7 +10,7 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> <bean id="BKAMobileAuthModule" class="at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.BKAMobileAuthModule"> - <property name="priority" value="1" /> + <property name="priority" value="4" /> </bean> diff --git a/id/server/modules/moa-id-module-eIDAS-v2/pom.xml b/id/server/modules/moa-id-module-eIDAS-v2/pom.xml new file mode 100644 index 000000000..2ad14a24f --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/pom.xml @@ -0,0 +1,82 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>${moa-id-version}</version> + </parent> + <artifactId>moa-id-module-eIDAS-v2</artifactId> + <name>MOA-ID eIDAS module v2</name> + <description>eIDAS module based on eIDAS node reference implementation v2.x</description> + + <properties> + <repositoryPath>${basedir}/../../../../repository</repositoryPath> + + <eidas-commons.version>2.0.0</eidas-commons.version> + <eidas-light-commons.version>2.0.0</eidas-light-commons.version> + <eidas-specific-communication-definition.version>2.0.0</eidas-specific-communication-definition.version> + + </properties> + <profiles> + <profile> + <id>default</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <repositories> + <repository> + <id>local</id> + <name>local</name> + <url>file:${basedir}/../../../../repository</url> + </repository> + <repository> + <id>egiz-commons</id> + <url>https://demo.egiz.gv.at/int-repo/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + </repositories> + </profile> + </profiles> + + <dependencies> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + </dependency> + + + + <!-- eIDAS reference implemenation libs --> + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-commons</artifactId> + <version>${eidas-commons.version}</version> + <!--scope>provided</scope--> + <exclusions> + <exclusion> + <groupId>log4j</groupId> + <artifactId>log4j</artifactId> + </exclusion> + <exclusion> + <artifactId>log4j-over-slf4j</artifactId> + <groupId>org.slf4j</groupId> + </exclusion> + </exclusions> + </dependency> + + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-light-commons</artifactId> + <version>${eidas-light-commons.version}</version> + </dependency> + + <dependency> + <groupId>eu.eidas</groupId> + <artifactId>eidas-specific-communication-definition</artifactId> + <version>${eidas-specific-communication-definition.version}</version> + </dependency> + + </dependencies> +</project>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java new file mode 100644 index 000000000..ca62319f3 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java @@ -0,0 +1,44 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import java.net.URI; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +public class Constants { + //TODO: update endpoints + + //configuration properties + public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS"; + public static final String CONIG_PROPS_EIDAS_NODE= CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; + public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; + + + //http endpoint descriptions + public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post"; + public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/light/sp/redirect"; + public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/light/ColleagueRequest"; + public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/light/metadata"; + + //eIDAS request parameters + public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; + + //eIDAS attribute names + public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; + public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; + public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; + public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; + public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; + public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; + + public static final List<URI> NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList<URI>() { + private static final long serialVersionUID = 1L; + { + //TODO: find correct location of attribute definitions +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri()); +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri()); +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri()); +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri()); + } + }); +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java new file mode 100644 index 000000000..6883e0cb5 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java @@ -0,0 +1,72 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * @author tlenz + * + */ +public class eIDASAuthenticationModulImpl implements AuthModule { + + private int priority = 1; + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + if (StringUtils.isNotBlank((String) context.get("ccc")) || + StringUtils.isNotBlank((String) context.get("CCC"))) + return "eIDASAuthentication_v2"; + else + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..fb3b7fc24 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "MOA-ID eIDAS-Authentication SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_v2_auth.beans", eIDASAuthenticationSpringResourceProvider.class); + + return new Resource[] {eIDASAuthConfig}; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java new file mode 100644 index 000000000..9a98c1ae1 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java @@ -0,0 +1,88 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class eIDASSignalServlet extends AbstractProcessEngineSignalController { + + public eIDASSignalServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + + "' and '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + "'."); + + } + + @RequestMapping(value = { Constants.eIDAS_HTTP_ENDPOINT_SP_POST, + Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } + + @Override + /** + * Protocol specific implementation to get the pending-requestID + * from http request object + * + * @param request The http Servlet-Request object + * @return The Pending-request id + * + */ + public String getPendingRequestId(HttpServletRequest request) { + String sessionId = super.getPendingRequestId(request); + + try { + + // use SAML2 relayState + if (sessionId == null) { + sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState")); + } else + Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id."); + + } catch (Exception e) { + Logger.warn("Unable to retrieve moa session id.", e); + } + + return sessionId; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java new file mode 100644 index 000000000..b0add27ba --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java @@ -0,0 +1,180 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks; + +import java.io.InputStream; +import java.text.SimpleDateFormat; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; + +/** + * @author tlenz + * + */ +@Component("CreateIdentityLinkTask") +public class CreateIdentityLinkTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try{ + defaultTaskInitialization(request, executionContext); + + //get eIDAS attributes from MOA-Session + ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession( + AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, + ImmutableAttributeMap.class); + + IIdentityLink identityLink = null; + + //connect SZR-Gateway + //TODO: implement SZR-Gateway communication!!!! + if(true) { + + // create fake IdL + // - fetch IdL template from resources + InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); + Element idlTemplate = DOMUtils.parseXmlValidating(s); + + identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); + + // replace data + Element idlassertion = identityLink.getSamlAssertion(); + + // - set fake baseID; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + + + Object eIdentifier = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + if (eIdentifier == null || !(eIdentifier instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + prIdentification.getFirstChild().setNodeValue((String) eIdentifier); + + //build personal identifier which looks like a baseID +// String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID"); +// Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID); +// prIdentification.getFirstChild().setNodeValue(fakeBaseID); + + // - set last name + Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); + Object familyName = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_CURRENTFAMILYNAME)); + if (familyName == null || !(familyName instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + prFamilyName.getFirstChild().setNodeValue((String) familyName); + + // - set first name + Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); + Object givenName = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_CURRENTGIVENNAME)); + if (givenName == null || !(givenName instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + prGivenName.getFirstChild().setNodeValue((String) givenName); + + // - set date of birth + Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); + Object dateOfBirth = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_DATEOFBIRTH)); + if (dateOfBirth == null || !(dateOfBirth instanceof DateTime)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + + String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirth).toDate()); + prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth); + + identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink(); + + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); + identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); + + } else { + //contact SZR Gateway + Logger.debug("Starting connecting SZR Gateway"); + + //TODO:!!!!!! + + } + + Logger.debug("SZR communication was successfull"); + + if (identityLink == null) { + Logger.error("SZR Gateway did not return an identity link."); + throw new MOAIDException("stork.10", null); + } + + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + moasession.setForeigner(true); + moasession.setIdentityLink(identityLink); + moasession.setBkuURL("Not applicable (eIDASAuthentication)"); + + //store MOA-session to database + requestStoreage.storePendingRequest(pendingReq); + + } catch (eIDASAttributeException e) { + throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); + + } catch (MOAIDException | MOADatabaseException e) { + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java new file mode 100644 index 000000000..08496afcc --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java @@ -0,0 +1,333 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks; + +import java.io.StringWriter; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.UUID; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.BooleanUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; + +import com.google.common.net.MediaType; + +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egovernment.moa.id.auth.modules.eidas_v2.Constants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.EidasStringUtil; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.protocol.IRequestMessage; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssuranceComparison; +import eu.eidas.auth.commons.protocol.eidas.SpType; +import eu.eidas.auth.commons.protocol.eidas.impl.EidasAuthenticationRequest; + +/** + * @author tlenz + * + */ +@Component("GenerateAuthnRequestTask") +public class GenerateAuthnRequestTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try{ + //get service-provider configuration + IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + + // get target and validate citizen countryCode + String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); + + if (StringUtils.isEmpty(citizenCountryCode)) { + // illegal state; task should not have been executed without a selected country + throw new AuthenticationException("eIDAS.03", new Object[] { "" }); + + } + CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); + if(null == cpeps) { + Logger.error("PEPS unknown for country: " + citizenCountryCode); + throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); + } + Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode); + + + //TODO: load authnReq End-Point URL from configuration + SingleSignOnService authnReqEndpoint = null; + + + //TODO: switch to entityID and set new status codes +// revisionsLogger.logEvent(oaConfig, pendingReq, +// MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, +// metadataUrl); + + // assemble requested attributes + Collection<StorkAttribute> attributesFromConfig = oaConfig.getRequestedSTORKAttributes(); + + // - prepare attribute list + + // - fill container + List<AttributeDefinition<?>> reqAttrList = new ArrayList<AttributeDefinition<?>>(); + //TODO: update requested attribute builder +// for (StorkAttribute current : attributesFromConfig) { +// AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(current.getName()); +// +// if (newAttribute == null) { +// Logger.warn("eIDAS attribute with friendlyName:" + current.getName() + " is not supported."); +// +// } else { +// boolean globallyMandatory = false; +// for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) +// if (current.getName().equals(currentGlobalAttribute.getName())) { +// globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); +// break; +// } +// +// Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(current.getMandatory() || globallyMandatory); +// reqAttrList.add(attrBuilder.build()); +// +// } +// } + + //request +// if (reqAttrList.isEmpty()) { +// Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() +// + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default"); +// AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); +// Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(true); +// reqAttrList.add(attrBuilder.build()); +// +// } + + //build requested attribute set + ImmutableAttributeMap reqAttrMap = new ImmutableAttributeMap.Builder().putAll(reqAttrList).build(); + + //build eIDAS AuthnRequest + LightRequest.Builder authnRequestBuilder = LightRequest.builder(); + + authnRequestBuilder.id(UUID.randomUUID().toString()); + authnRequestBuilder.providerName(pendingReq.getAuthURL()); + String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA; + authnRequestBuilder.issuer(issur); + + //TODO: + //authnRequestBuilder.destination(authnReqEndpoint.getLocation()); + + + authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + + //set minimum required eIDAS LoA from OA config + String LoA = oaConfig.getQaaLevel(); + //TODO: +// if (MiscUtil.isNotEmpty(LoA)) +// authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel())); +// else + authnRequestBuilder.levelOfAssurance(LevelOfAssurance.HIGH.getValue()); + + //TODO: check if required + //authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM); + + + //set correct SPType for this online application + if (oaConfig.hasBaseIdTransferRestriction()) + authnRequestBuilder.spType(SpType.PRIVATE.getValue()); + else + authnRequestBuilder.spType(SpType.PUBLIC.getValue()); + + + //TODO + //set service provider (eIDAS node) countryCode +// authnRequestBuilder.serviceProviderCountryCode( +// authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); + + //set citizen country code for foreign uses + authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); + + //add requested attributes + authnRequestBuilder.requestedAttributes(reqAttrMap); + + + LightRequest lightAuthnReq = authnRequestBuilder.build(); + + + + //IRequestMessage authnRequest = engine.generateRequestMessage(authnRequestBuilder.build(), issur); + + //encode AuthnRequest +// byte[] token = authnRequest.getMessageBytes(); +// String SAMLRequest = EidasStringUtil.encodeToBase64(token); + + +// if (SAMLConstants.SAML2_POST_BINDING_URI.equals(authnReqEndpoint.getBinding())) +// buildPostBindingRequest(pendingReq, authnReqEndpoint, SAMLRequest, authnRequest, response); +// +// //TODO: redirect Binding is not completely implemented +// //else if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(authnReqEndpoint.getBinding())) +// //buildRedirecttBindingRequest(pendingReq, authnReqEndpoint, token, authnRequest, response); +// +// else { +// Logger.error("eIDAS-node use an unsupported binding (" +// + authnReqEndpoint.getBinding() + "). Request eIDAS node not possible."); +// throw new MOAIDException("eIDAS.02", new Object[]{"eIDAS-node use an unsupported binding"}); +// +// } + + + +// }catch (EIDASSAMLEngineException e){ +// throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", +// new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e)); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); + + } catch (Exception e) { + Logger.error("eIDAS AuthnRequest generation FAILED.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + /** + * Encode the eIDAS request with POST binding + * + * @param pendingReq + * @param authnReqEndpoint + * @param SAMLRequest + * @param authnRequest + * @param response + * @throws MOAIDException + */ + private void buildPostBindingRequest(IRequest pendingReq, SingleSignOnService authnReqEndpoint, + String SAMLRequest, IRequestMessage authnRequest, HttpServletResponse response) + throws MOAIDException { + //send + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm"); + VelocityContext context = new VelocityContext(); + + String actionType = "SAMLRequest"; + context.put(actionType, SAMLRequest); + context.put("RelayState", pendingReq.getRequestID()); + context.put("action", authnReqEndpoint.getLocation()); + + Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); + Logger.debug("Encoded " + actionType + " original: " + SAMLRequest); + + Logger.trace("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.trace("Doing template merge"); + template.merge(context, writer); + + Logger.trace("Template merge done"); + Logger.trace("Sending html content: " + writer.getBuffer().toString()); + + + byte[] content = writer.getBuffer().toString().getBytes("UTF-8"); + response.setContentType(MediaType.HTML_UTF_8.toString()); + response.setContentLength(content.length); + response.getOutputStream().write(content); + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, + authnRequest.getRequest().getId()); + + } catch (Exception e) { + Logger.error("Velocity general error: " + e.getMessage()); + throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e); + + } + + } + + /** + * Select a SingleSignOnService endPoint from eIDAS node metadata. + * This endPoint receives the Authn. request + * + * @param idpEntity + * @return + */ + private SingleSignOnService selectSingleSignOnServiceFromMetadata(EntityDescriptor idpEntity) { + //select SingleSignOn Service endpoint from IDP metadata + SingleSignOnService endpoint = null; + if (idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) == null) { + return null; + + } + + for (SingleSignOnService sss : + idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { + + // use POST binding as default if it exists + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) + endpoint = sss; + + //TODO: redirect Binding is not completely implemented + // use Redirect binding as backup +// else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) +// && endpoint == null ) +// endpoint = sss; + + } + + return endpoint; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 000000000..03e345b43 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,141 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.saml2.core.StatusCode; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.EidasStringUtil; +import eu.eidas.auth.commons.protocol.IAuthenticationResponse; +import eu.eidas.auth.engine.ProtocolEngineI; +import eu.eidas.engine.exceptions.EIDASSAMLEngineException; + +@Component("ReceiveAuthnResponseTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + + @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { + + try{ + //get SAML Response + String base64SamlToken = request.getParameter("SAMLResponse"); + if (MiscUtil.isEmpty(base64SamlToken)) { + Logger.warn("No eIDAS SAMLReponse found in http request."); + throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null); + + } + + //get MOASession + defaultTaskInitialization(request, executionContext); + + //decode SAML response + byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); + + //get eIDAS SAML-engine + ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); + + //validate SAML token + IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, + request.getRemoteHost(), + Constants.CONFIG_PROPS_SKEWTIME_BEFORE, + Constants.CONFIG_PROPS_SKEWTIME_AFTER, + pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); + + if (samlResp.isEncrypted()) { + Logger.info("Received encrypted eIDAS SAML-Response."); + //TODO: check if additional decryption operation is required + + } + + + //check response StatusCode + if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) { + Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode() + + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getStatusMessage()); + throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()}); + + } + + // ********************************************************** + // ******* MOA-ID specific response validation ********** + // ********************************************************** + String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); + + + // ********************************************************** + // ******* Store resonse infos into session object ********** + // ********************************************************** + + //update MOA-Session data with received information + Logger.debug("Store eIDAS response information into MOA-session."); + + moasession.setQAALevel(samlResp.getLevelOfAssurance()); + + moasession.setGenericDataToSession( + AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, + samlResp.getAttributes()); + + moasession.setGenericDataToSession( + AuthenticationSessionStorageConstants.eIDAS_RESPONSE, + decSamlToken); + + //set issuer nation as PVP attribute into MOASession + moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + + //store MOA-session to database + requestStoreage.storePendingRequest(pendingReq); + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, + samlResp.getId()); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); + + }catch (EIDASSAMLEngineException e) { + Logger.warn("eIDAS Response validation FAILED.", e); + Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", + new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); + + } catch (MOADatabaseException e) { + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", + new MOAIDException("init.04", new Object[]{""}, e)); + + } catch (Exception e) { + Logger.warn("eIDAS Response processing FAILED.", e); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, e.getMessage(), + new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..8b97063bd --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eidas_v2.eIDASAuthenticationSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml new file mode 100644 index 000000000..94b23314a --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="eIDASAuthentication_v2" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + + <pd:Task id="createAuthnRequest" class="GenerateAuthnRequestTask" /> + <pd:Task id="receiveAuthnResponse" class="ReceiveAuthnResponseTask" async="true" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + <pd:Task id="generateIdentityLink" class="CreateIdentityLinkTask" /> + + <pd:StartEvent id="start" /> + <pd:Transition from="start" to="createAuthnRequest" /> + <pd:Transition from="createAuthnRequest" to="receiveAuthnResponse" /> + <pd:Transition from="receiveAuthnResponse" to="generateIdentityLink" /> + <pd:Transition from="generateIdentityLink" to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" to="end" /> + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml new file mode 100644 index 000000000..9cf22eae9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml @@ -0,0 +1,14 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> + + <context:annotation-config /> + + <bean id="eIDASAuthModule" class="at.gv.egovernment.moa.id.auth.modules.eidas_v2.eIDASAuthenticationModulImpl"> + <property name="priority" value="2" /> + </bean> + +</beans> diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml new file mode 100644 index 000000000..1d851614e --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml @@ -0,0 +1,36 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <bean id="eIDASSignalServlet" + class="at.gv.egovernment.moa.id.auth.modules.eidas.eIDASSignalServlet"/> +<!-- + <bean id="EIDASProtocol" + class="at.gv.egovernment.moa.id.protocols.eidas.EIDASProtocol"/> + + <bean id="eIDASMetadataProvider" + class="at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider"/> + --> + +<!-- Authentication Process Tasks --> + + <bean id="GenerateAuthnRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks.GenerateAuthnRequestTask" + scope="prototype"/> + + <bean id="ReceiveAuthnResponseTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks.ReceiveAuthnResponseTask" + scope="prototype"/> + + <bean id="CreateIdentityLinkTask" + class="at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks.CreateIdentityLinkTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java index 74cf665ca..bad1f4e41 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/Constants.java @@ -31,7 +31,7 @@ import org.apache.xml.security.signature.XMLSignature; import org.opensaml.xml.encryption.EncryptionConstants; import org.opensaml.xml.signature.SignatureConstants; -import at.gv.egovernment.moa.id.data.Trible; +import at.gv.egiz.eaaf.core.impl.data.Trible; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java index 78793d3fc..5e4745f7c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java @@ -35,12 +35,12 @@ import java.util.List; import java.util.Map; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.samlengineconfig.BinaryParameter; import eu.eidas.samlengineconfig.EngineInstance; @@ -131,7 +131,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends private Properties loadConfigurationFromExternalFile(String key) throws ConfigurationException { String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(key); if (MiscUtil.isEmpty(configFile)) { Logger.warn("No eIDAS SAML-engine configuration key: " + key + " found in MOA-ID properties configuration file."); @@ -150,7 +150,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends Properties inputProps = loadConfigurationFromExternalFile(configKey); String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(configKey); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(configKey); PropsParameter outputProps = new PropsParameter(); outputProps.setFileName(configFile); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java index 384d6be0b..f7a6ff495 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLInstanceConfigurationImpl.java @@ -34,10 +34,10 @@ import java.util.List; import java.util.Map.Entry; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import eu.eidas.samlengineconfig.ConfigurationParameter; import eu.eidas.samlengineconfig.InstanceConfiguration; import eu.eidas.samlengineconfig.StringParameter; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java index 7b044522c..ec042949a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -37,7 +37,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule { @Override public int getPriority() { - return priority; + return priority; } /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java index 16d909331..49d98ed33 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java @@ -32,7 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index a2ec47a45..aca818532 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.engine; +import java.net.MalformedURLException; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; @@ -11,6 +12,9 @@ import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -22,44 +26,39 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.saml2.metadata.provider.ObservableMetadataProvider; import org.opensaml.xml.XMLObject; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; -import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing; -import at.gv.egovernment.moa.id.auth.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IGarbageCollectorProcessing; +import at.gv.egiz.eaaf.core.api.IPostStartupInitializable; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.engine.AbstractProtocolEngine; @Service("eIDASMetadataProvider") -public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider implements ObservableMetadataProvider, - IGarbageCollectorProcessing, IDestroyableObject, IMOARefreshableMetadataProvider, IPostStartupInitializable{ +public class MOAeIDASChainingMetadataProvider extends SimpleMetadataProvider implements ObservableMetadataProvider, + IGarbageCollectorProcessing, IDestroyableObject, IRefreshableMetadataProvider, IPostStartupInitializable{ - private Timer timer = null; + @Autowired(required=true) IConfiguration basicConfig; + + private Timer timer = null; private MetadataProvider internalProvider; private Map<String, Date> lastAccess = null; - -// public static MOAeIDASChainingMetadataProvider getInstance() { -// if (instance == null) { -// synchronized (mutex) { -// if (instance == null) { -// instance = new MOAeIDASChainingMetadataProvider(); -// MOAGarbageCollector.addModulForGarbageCollection(instance); -// } -// } -// } -// return instance; -// } - - public MOAeIDASChainingMetadataProvider() { internalProvider = new ChainingMetadataProvider(); lastAccess = new HashMap<String, Date>(); @@ -71,23 +70,36 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider */ @Override public void executeAfterStartup() { - initializeEidasMetadataFromFileSystem(); + try { + initializeEidasMetadataFromFileSystem(); + + } catch (ConfigurationException e) { + Logger.error("Post start-up initialization of eIDAS Metadata-Provider FAILED.", e); + + } } - protected void initializeEidasMetadataFromFileSystem() { - Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); - if (!metadataToLoad.isEmpty()) { - Logger.info("Load static configurated eIDAS metadata ... "); - for (String metaatalocation : metadataToLoad.values()) { - String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getRootConfigFileDir()); - Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); - refreshMetadataProvider(absMetadataLocation); + protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { + try { + Map<String, String> metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); + if (!metadataToLoad.isEmpty()) { + Logger.info("Load static configurated eIDAS metadata ... "); + for (String metaatalocation : metadataToLoad.values()) { + String absMetadataLocation = FileUtils.makeAbsoluteURL(metaatalocation, authConfig.getConfigurationRootDirectory()); + Logger.info(" Load eIDAS metadata from: " + absMetadataLocation); + refreshMetadataProvider(absMetadataLocation); + } + + Logger.info("Load static configurated eIDAS metadata finished "); } - Logger.info("Load static configurated eIDAS metadata finished "); - } + } catch (MalformedURLException e) { + Logger.warn("MOA-ID configuration error." , e); + throw new ConfigurationException("MOA-ID configuration error.", null, e); + + } } @@ -229,11 +241,12 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider //add Metadata filters MetadataFilterChain filter = new MetadataFilterChain(); filter.addFilter(new MOASPMetadataSignatureFilter( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); - return createNewMoaMetadataProvider(metadataURL, filter, + return createNewSimpleMetadataProvider(metadataURL, filter, "eIDAS metadata-provider", - timer, AbstractProtocolEngine.getSecuredParserPool()); + timer, AbstractProtocolEngine.getSecuredParserPool(), + createHttpClient(metadataURL)); } @@ -414,5 +427,40 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider if (observer != null) observer.onEvent(this); } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + if (basicConfig instanceof AuthConfiguration) { + AuthConfiguration moaAuthConfig = (AuthConfiguration) basicConfig; + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java index 9adc221e5..3851ead2d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASMetadataProviderDecorator.java @@ -31,7 +31,7 @@ import org.opensaml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IRefreshableMetadataProvider; import eu.eidas.auth.engine.ProtocolEngineI; import eu.eidas.auth.engine.metadata.MetadataFetcherI; import eu.eidas.auth.engine.metadata.MetadataSignerI; @@ -65,8 +65,8 @@ public class MOAeIDASMetadataProviderDecorator implements MetadataFetcherI { * @return true if refresh was successful, otherwise false */ public boolean refreshMetadata(String entityId) { - if (this.metadataprovider instanceof IMOARefreshableMetadataProvider ) - return ((IMOARefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId); + if (this.metadataprovider instanceof IRefreshableMetadataProvider ) + return ((IRefreshableMetadataProvider)this.metadataprovider).refreshMetadataProvider(entityId); else return false; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index cf3a13e32..3dea62ec4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -29,26 +29,29 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; /** @@ -58,18 +61,19 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; @Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { + @Autowired private AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { - try{ - defaultTaskInitialization(request, executionContext); - + throws TaskExecutionException { + try{ //get eIDAS attributes from MOA-Session - ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession( + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + ImmutableAttributeMap eIDASAttributes = moaSession.getGenericDataFromSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, ImmutableAttributeMap.class); @@ -138,7 +142,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), moaAuthConfig.getStorkFakeIdLResigningKey()); identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); } else { @@ -156,11 +160,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new MOAIDException("stork.10", null); } - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); - moasession.setForeigner(true); - moasession.setIdentityLink(identityLink); - moasession.setBkuURL("Not applicable (eIDASAuthentication)"); - + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + moaSession.setForeigner(true); + moaSession.setIdentityLink(identityLink); + moaSession.setBkuURL("Not applicable (eIDASAuthentication)"); + + //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index d21334faf..0e8bf2a5a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -44,23 +44,24 @@ import org.springframework.util.StringUtils; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; @@ -87,14 +88,14 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ //get service-provider configuration - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // get target and validate citizen countryCode String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); @@ -104,7 +105,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throw new AuthenticationException("eIDAS.03", new Object[] { "" }); } - CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); + CPEPS cpeps = ((AuthConfiguration)authConfig).getStorkConfig().getCPEPSWithFullName(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country: " + citizenCountryCode); throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); @@ -161,7 +162,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } //TODO: switch to entityID - revisionsLogger.logEvent(oaConfig, pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, metadataUrl); @@ -181,7 +182,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } else { boolean globallyMandatory = false; - for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) + for (StorkAttribute currentGlobalAttribute : ((AuthConfiguration)authConfig).getStorkConfig().getStorkAttributes()) if (current.getName().equals(currentGlobalAttribute.getName())) { globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); break; @@ -195,7 +196,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //request if (reqAttrList.isEmpty()) { - Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + Logger.info("No attributes requested by OA:" + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default"); AttributeDefinition<?> newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); Builder<?> attrBuilder = AttributeDefinition.builder(newAttribute).required(true); @@ -235,7 +236,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //set service provider (eIDAS node) countryCode authnRequestBuilder.serviceProviderCountryCode( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); //set citizen country code for foreign uses authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); @@ -302,7 +303,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String actionType = "SAMLRequest"; context.put(actionType, SAMLRequest); - context.put("RelayState", pendingReq.getRequestID()); + context.put("RelayState", pendingReq.getPendingRequestId()); context.put("action", authnReqEndpoint.getLocation()); Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); @@ -323,7 +324,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { response.setContentLength(content.length); response.getOutputStream().write(content); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, authnRequest.getRequest().getId()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 5e83f0a3f..1788facf0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -7,18 +7,20 @@ import org.opensaml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -36,7 +38,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ + try{ //get SAML Response String base64SamlToken = request.getParameter("SAMLResponse"); if (MiscUtil.isEmpty(base64SamlToken)) { @@ -46,7 +48,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //get MOASession - defaultTaskInitialization(request, executionContext); + //defaultTaskInitialization(request, executionContext); //decode SAML response byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); @@ -79,7 +81,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** // ******* MOA-ID specific response validation ********** // ********************************************************** - String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + String spCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); @@ -88,25 +90,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** //update MOA-Session data with received information - Logger.debug("Store eIDAS response information into MOA-session."); - - moasession.setQAALevel(samlResp.getLevelOfAssurance()); - - moasession.setGenericDataToSession( + Logger.debug("Store eIDAS response information into MOA-session."); + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + session.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance()); + session.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, - samlResp.getAttributes()); - - moasession.setGenericDataToSession( + samlResp.getAttributes()); + session.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_RESPONSE, decSamlToken); //set issuer nation as PVP attribute into MOASession - moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); - + session.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, samlResp.getId()); @@ -116,20 +116,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { }catch (EIDASSAMLEngineException e) { Logger.warn("eIDAS Response validation FAILED.", e); Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); } catch (MOADatabaseException e) { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new MOAIDException("init.04", new Object[]{""}, e)); } catch (Exception e) { Logger.warn("eIDAS Response processing FAILED.", e); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, e.getMessage(), new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java index a2c6a3ad9..9d1ec6d98 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java @@ -29,7 +29,7 @@ import org.apache.commons.lang.StringUtils; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 02a5df098..6d20caa4b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -32,6 +32,7 @@ import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.xml.ConfigurationException; import org.opensaml.xml.XMLConfigurator; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAExtendedSWSigner; import at.gv.egovernment.moa.id.auth.modules.eidas.config.MOAIDCertificateManagerConfigurationImpl; @@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProvid import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; import eu.eidas.auth.commons.attribute.AttributeRegistries; @@ -82,7 +82,7 @@ public class SAMLEngineUtils { //load additional eIDAS attribute definitions String additionalAttributeConfigFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration( + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS); AttributeRegistry addAttrDefinitions = AttributeRegistries.empty(); if (MiscUtil.isNotEmpty(additionalAttributeConfigFile)) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java index d43fa1622..e3b58d259 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; /** * @author tlenz @@ -37,7 +37,7 @@ public class SimpleEidasAttributeGenerator implements IAttributeGenerator<String public String buildStringAttribute(String friendlyName, String name, String value) { return value; - } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator#buildIntegerAttribute(java.lang.String, java.lang.String, int) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index f148421bd..200215308 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -30,14 +30,16 @@ import java.util.ServiceLoader; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -52,7 +54,7 @@ import eu.eidas.auth.commons.attribute.AttributeValueMarshallingException; */ public class eIDASAttributeBuilder extends PVPAttributeBuilder { private static IAttributeGenerator<String> generator = new SimpleEidasAttributeGenerator(); - + private static List<String> listOfSupportedeIDASAttributes; private static ServiceLoader<IeIDASAttribute> eIDASAttributLoader = ServiceLoader.load(IeIDASAttribute.class); @@ -66,8 +68,12 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { while (moduleLoaderInterator.hasNext()) { try { IeIDASAttribute modul = moduleLoaderInterator.next(); - Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName()); - supportAttrList.add(modul.getName()); + if (modul.getClass().isAnnotationPresent(eIDASMetadata.class)) { + Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName()); + supportAttrList.add(modul.getName()); + + } else + Logger.trace(modul.getName() + " is not an eIDAS metadata attribute"); } catch(Throwable e) { Logger.error("Check configuration! " + "Some attribute-builder modul" + @@ -99,7 +105,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { * @param authData Authentication data that contains user information for attribute generation * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES */ - public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, IOAAuthParameters onlineApplicationConfiguration, + public static Pair<AttributeDefinition<?>,ImmutableSet<AttributeValue<?>>> buildAttribute(AttributeDefinition<?> attr, ISPConfiguration onlineApplicationConfiguration, IAuthData authData) { String attrName = attr.getNameUri().toString(); @@ -110,11 +116,15 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { if (attrBuilder != null) { try { String attrValue = attrBuilder.build(onlineApplicationConfiguration, authData, generator); + boolean isMandatesUsed = false; + if (authData instanceof IMOAAuthData) + isMandatesUsed = ((IMOAAuthData)authData).isUseMandate(); + if (MiscUtil.isNotEmpty(attrValue)) { //set uniqueIdentifier attribute, because eIDAS SAMLEngine use this flag to select the // Subject->NameID value from this attribute Builder<?> eIDASAttrBuilder = AttributeDefinition.builder(attr); - eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, authData.isUseMandate())); + eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, isMandatesUsed)); AttributeDefinition<?> returnAttr = eIDASAttrBuilder.build(); //unmarshal attribute value into eIDAS attribute @@ -135,7 +145,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { } - } catch (AttributeException e) { + } catch (AttributeBuilderException e) { Logger.debug("Attribute can not generate requested attribute:" + attr.getNameUri().toString() + " Reason:" + e.getMessage()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java index 30e1e4505..3075ab9cf 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeProcessingUtils.java @@ -25,8 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; import java.util.regex.Matcher; import java.util.regex.Pattern; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 694efab80..a9a3ef01f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -1,13 +1,10 @@ package at.gv.egovernment.moa.id.protocols.eidas; -import java.util.Collection; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.protocol.IAuthenticationRequest; @@ -30,13 +27,7 @@ public class EIDASData extends RequestImpl { private String remoteIPAddress; private String remoteRelayState; - - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - // TODO Auto-generated method stub - return null; - } - + /** * Gets the eidas requested attributes. * diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 2948c0d53..d268dd2f6 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -43,8 +43,14 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASMetadataProviderDecorator; @@ -54,12 +60,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; @@ -80,11 +81,13 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * * @author tlenz */ -@Controller -public class EIDASProtocol extends AbstractAuthProtocolModulController { +@Controller +public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo { + public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE"; + public static final String NAME = EIDASProtocol.class.getName(); - public static final String PATH = "eidas"; + public static final String PATH = "id_eidas"; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -102,17 +105,18 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { return NAME; } - public String getPath() { - return PATH; - } + @Override + public String getAuthProtocolIdentifier() { + return PATH; + } //eIDAS metadata end-point @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET}) - public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { //create pendingRequest object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); pendingReq.setNeedAuthentication(false); pendingReq.setAuthenticated(false); @@ -137,11 +141,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { //PVP2.x IDP POST-Binding end-point @RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST}) - public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { //create pending-request object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -191,7 +195,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); String cititzenCountryCode = - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, MOAIDAuthConstants.COUNTRYCODE_AUSTRIA); @@ -221,7 +225,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { } //check eIDAS node configuration - IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(samlReq.getIssuer()); + ISPConfiguration oaConfig = authConfig.getServiceProviderConfiguration(samlReq.getIssuer()); if (oaConfig == null) throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{samlReq.getIssuer()}); @@ -346,15 +350,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { pendingReq.setRemoteRelayState(relayState); //store level of assurance - pendingReq.setGenericDataToSession(RequestImpl.eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, + pendingReq.setRawDataToTransaction(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, eIDASSamlReq.getEidasLevelOfAssurance().stringValue()); //set flag if transiend identifier is requested if (MiscUtil.isNotEmpty(eIDASSamlReq.getNameIdFormat()) && eIDASSamlReq.getNameIdFormat().equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat())) - pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true); + pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true); else - pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false); + pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false); // - memorize requested attributes pendingReq.setEidasRequestedAttributes(eIDASSamlReq.getRequestedAttributes()); @@ -363,7 +367,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { pendingReq.setEidasRequest(eIDASSamlReq); // - memorize OA url - pendingReq.setOAURL(samlReq.getIssuer()); + pendingReq.setSPEntityId(samlReq.getIssuer()); // - memorize OA config pendingReq.setOnlineApplicationConfiguration(oaConfig); @@ -486,7 +490,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController { private boolean iseIDASTargetAValidOrganisation(String reqCC, String bPKTargetArea) { if (MiscUtil.isNotEmpty(reqCC)) { List<String> allowedOrganisations = KeyValueUtils.getListOfCSVValues( - authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); + authConfig.getBasicConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); if (allowedOrganisations.contains(bPKTargetArea)) { Logger.debug(bPKTargetArea + " is a valid OrganisationIdentifier for request-country: "+ reqCC); return true; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index cc9b09107..bfdb46a11 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -28,6 +28,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; @@ -35,13 +41,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.engine.ProtocolEngineI; import eu.eidas.auth.engine.metadata.ContactData; @@ -56,9 +56,10 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; */ @Service("EidasMetaDataRequest") public class EidasMetaDataRequest implements IAction { - + @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @Autowired(required=true) AuthConfiguration authConfig; + @Autowired(required=true) IPVP2BasicConfiguration pvpConfiguration; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IAction#processRequest(at.gv.egovernment.moa.id.moduls.IRequest, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, at.gv.egovernment.moa.id.data.IAuthData) @@ -136,7 +137,7 @@ public class EidasMetaDataRequest implements IAction { metadataConfigBuilder.authnRequestsSigned(true); metadataConfigBuilder.wantAssertionsSigned(true); metadataConfigBuilder.assuranceLevel( - authConfig.getBasicMOAIDConfiguration( + authConfig.getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_NODE_LoA, MOAIDAuthConstants.eIDAS_LOA_HIGH)); @@ -150,10 +151,10 @@ public class EidasMetaDataRequest implements IAction { //add organisation information from PVP metadata information Organization pvpOrganisation = null; try { - pvpOrganisation = PVPConfiguration.getInstance().getIDPOrganisation(); + pvpOrganisation = pvpConfiguration.getIDPOrganisation(); eu.eidas.auth.engine.metadata.ContactData.Builder technicalContact = ContactData.builder(); - List<ContactPerson> contacts = PVPConfiguration.getInstance().getIDPContacts(); + List<ContactPerson> contacts = pvpConfiguration.getIDPContacts(); if (contacts != null && contacts.size() >= 1) { ContactPerson contact = contacts.get(0); technicalContact.givenName(contact.getGivenName().getName()); @@ -172,7 +173,7 @@ public class EidasMetaDataRequest implements IAction { if (pvpOrganisation != null) { eu.eidas.auth.engine.metadata.OrganizationData.Builder organizationConfig = OrganizationData.builder(); organizationConfig.url(pvpOrganisation.getURLs().get(0).getURL().getLocalString()); - organizationConfig.name(authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); + organizationConfig.name(authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); //TODO: add display name and maybe update name @@ -187,7 +188,7 @@ public class EidasMetaDataRequest implements IAction { metadataConfigBuilder.supportContact(ContactData.builder(technicalContact.build()).build()); - } catch (ConfigurationException | NullPointerException e) { + } catch (NullPointerException | EAAFException e) { Logger.warn("Can not load Organisation or Contact from Configuration", e); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java index 15060fb52..84b68f91a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java @@ -22,12 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; /** * @author tlenz * */ -public interface IeIDASAttribute extends IAttributeBuilder{ +public interface IeIDASAttribute extends IAttributeBuilder{ } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java index 64e5ae770..2f42cc43e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java @@ -22,14 +22,15 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilder; /** * @author tlenz * */ +@eIDASMetadata public class eIDASAttrDateOfBirth extends BirthdateAttributeBuilder implements IeIDASAttribute { - + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri().toString(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java index 4195eeeef..9505a0a62 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java @@ -22,21 +22,22 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz * */ +@eIDASMetadata public class eIDASAttrFamilyName implements IeIDASAttribute{ /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName() */ - @Override + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri().toString(); } @@ -45,8 +46,8 @@ public class eIDASAttrFamilyName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java index 2a654ac44..7307b4f2a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java @@ -22,15 +22,16 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz * */ +@eIDASMetadata public class eIDASAttrGivenName implements IeIDASAttribute{ /* (non-Javadoc) @@ -45,8 +46,8 @@ public class eIDASAttrGivenName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java index 63a4e89d5..1ac4560b0 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java @@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * */ @Deprecated +@eIDASMetadata public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index 4d89aec3d..66359e240 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -35,27 +36,30 @@ import at.gv.egovernment.moa.util.MiscUtil; * */ @Deprecated +@eIDASMetadata public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java index cb659c2b1..76ca3a94d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java @@ -24,14 +24,14 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@eIDASMetadata public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ /* (non-Javadoc) @@ -54,8 +55,8 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { String personalID = authData.getBPK(); //generate eIDAS conform 'PersonalIdentifier' attribute @@ -64,7 +65,7 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java index 43d2f96c2..ed86d6e4b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeDateOfBirth extends MandateNaturalPersonBirthDateAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java index 924a275b1..5db88e71e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeFamilyName extends MandateNaturalPersonFamilyNameAttributeBuilder implements IeIDASAttribute{ /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java index 2de585918..0a7c514aa 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeGivenName extends MandateNaturalPersonGivenNameAttributeBuilder implements IeIDASAttribute{ /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java index 92456d202..638b01bb1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute { @Override diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java index 47cc71e01..fd245c3eb 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -34,27 +35,31 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - if(authData.isUseMandate()) { - - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) - || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) + || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); + + } + + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index 52396ae90..f7e135bae 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -24,16 +24,16 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -42,6 +42,7 @@ import at.gv.egovernment.moa.util.MiscUtil; * @author tlenz * */ +@eIDASMetadata public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNaturalPersonBPKAttributeBuilder implements IeIDASAttribute{ /* (non-Javadoc) @@ -56,8 +57,8 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator<ATT> g) - throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator<ATT> g) + throws AttributeBuilderException { try { Pair<String, String> calcResult = internalBPKGenerator(oaParam, authData); @@ -71,7 +72,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat if (MiscUtil.isEmpty(type) || !type.startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java new file mode 100644 index 000000000..db072203d --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java @@ -0,0 +1,5 @@ +package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; + +public @interface eIDASMetadata { + +} diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index ee0f72f34..f6a67db9d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -36,19 +36,20 @@ import org.springframework.stereotype.Service; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -71,9 +72,9 @@ import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils; */ @Service("eIDASAuthenticationRequest") -public class eIDASAuthenticationRequest implements IAction { +public class eIDASAuthenticationRequest implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -93,7 +94,8 @@ public class eIDASAuthenticationRequest implements IAction { ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes(); //add mandate attr. to requested attributes of eMandates are used an no mandate attr. are requested - if (authData.isUseMandate()) { + if (authData instanceof IMOAAuthData + && ((IMOAAuthData)authData).isUseMandate()) { Logger.trace("eMandates are used. Starting eIDAS requsted attr. update process ...."); Builder reqAttrWithMandates = ImmutableAttributeMap.builder(reqAttributeList); @@ -154,7 +156,7 @@ public class eIDASAuthenticationRequest implements IAction { //add attributes responseBuilder.attributes(eIDASAttrbutMap); - //set success statuscode + //set success statuscode responseBuilder.statusCode(StatusCode.SUCCESS_URI); //build response @@ -246,7 +248,7 @@ public class eIDASAuthenticationRequest implements IAction { private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition<?> attr, IRequest req, IAuthData authData) throws MOAIDException { Pair<AttributeDefinition<?>, ImmutableSet<AttributeValue<?>>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( - attr, req.getOnlineApplicationConfiguration(), authData); + attr, req.getServiceProviderConfiguration(), authData); if(eIDASAttr == null) { if (attr.isRequired()) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java index f0527bc5e..5dcd9499e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java @@ -22,12 +22,13 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.validator; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.data.Trible; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.protocol.IAuthenticationResponse; @@ -46,7 +47,7 @@ public class eIDASResponseValidator { * validate received LoA against minimum required LoA | *_____________________________________________________| */ - LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel()); + LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getQaaLevel()); LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance()); if (respLoA.numericValue() < reqLoA.numericValue()) { Logger.error("eIDAS Response LevelOfAssurance is lower than the required! " diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder index 3c11c725d..3c11c725d 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder +++ b/id/server/modules/moa-id-module-eIDAS/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java index 7ca4590bb..72c95d9c7 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthConstants.java @@ -26,7 +26,7 @@ import java.util.ArrayList; import java.util.Collections; import java.util.List; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java index f14ffb111..0d460f293 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java @@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -40,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil; public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl { @Autowired private AuthConfiguration authConfig; - + private int priority = 0; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @Override - public int getPriority() { + public int getPriority() { return priority; } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java index 5743590f9..482d8ef85 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesMetadataConfiguration.java @@ -33,14 +33,14 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,11 +51,12 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon private String authURL; private ELGAMandatesCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; - public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider) { + public ELGAMandatesMetadataConfiguration(String authURL, ELGAMandatesCredentialProvider credentialProvider, IPVP2BasicConfiguration pvpConfiguration) { this.authURL = authURL; this.credentialProvider = credentialProvider; - + this.pvpConfiguration = pvpConfiguration; } @@ -118,9 +119,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon @Override public List<ContactPerson> getContactPersonInformation() { try { - return PVPConfiguration.getInstance().getIDPContacts(); + return pvpConfiguration.getIDPContacts(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Contect Person", e); return null; @@ -134,9 +135,9 @@ public class ELGAMandatesMetadataConfiguration implements IPVPMetadataBuilderCon @Override public Organization getOrgansiationInformation() { try { - return PVPConfiguration.getInstance().getIDPOrganisation(); + return pvpConfiguration.getIDPOrganisation(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Organisation", e); return null; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java index b67d263fc..6548f9fcf 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.elgamandates.config; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; @@ -38,9 +40,10 @@ import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Document; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; /** @@ -298,6 +301,22 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest } + + @Override + public List<EAAFRequestedAttribute> getRequestedAttributes() { + return null; + + } + + @Override + public String getProviderName() { + return null; + } + + @Override + public String getScopeRequesterId() { + return null; + } } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java index ca7401ab7..d52cd750a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java @@ -34,14 +34,15 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -54,6 +55,7 @@ public class ELGAMandateMetadataController extends AbstractController { @Autowired PVPMetadataBuilder metadatabuilder; @Autowired AuthConfiguration authConfig; @Autowired ELGAMandatesCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; public ELGAMandateMetadataController() { super(); @@ -76,7 +78,7 @@ public class ELGAMandateMetadataController extends AbstractController { } else { //initialize metadata builder configuration IPVPMetadataBuilderConfiguration metadataConfig = - new ELGAMandatesMetadataConfiguration(authURL, credentialProvider); + new ELGAMandatesMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); //build metadata String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java index 585e72c2f..503884edd 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java @@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java index f05446771..5c1f8e7bb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java @@ -28,14 +28,14 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -50,7 +50,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { @@ -68,7 +68,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask { if (useELGA) { //validate service-provider again if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) { - Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + Logger.info("Service-Provider: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() + " does not fulfill requirements to use ELGA-MandateService."); throw new MOAIDException("service.10", new Object[]{ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 81c3322c9..b1db1564e 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -37,30 +37,31 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -70,7 +71,7 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Component("ReceiveElgaMandateResponseTask") public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { - + @Autowired SAMLVerificationEngineSP samlVerificationEngine; @Autowired ELGAMandatesCredentialProvider credentialProvider; @Autowired ELGAMandateServiceMetadataProvider metadataProvider; @@ -78,24 +79,24 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { InboundMessage msg = null; try { IDecoder decoder = null; - MOAURICompare comperator = null; + EAAFURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + comperator = new EAAFURICompare(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_POST); Logger.debug("Receive PVP Response from ELGA mandate-service, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + comperator = new EAAFURICompare(pendingReq.getAuthURL() + ELGAMandatesAuthConstants.ENDPOINT_REDIRECT); Logger.debug("Receive PVP Response from ELGA mandate-service, by using Redirect-Binding."); @@ -130,7 +131,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { //validate assertion - MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //write ELGA mandate information into MOASession AssertionAttributeExtractor extractor = @@ -144,12 +145,6 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } - - - //load MOASession object - defaultTaskInitialization(request, executionContext); - - /** * Mandate Reference-Value is generated from ELGA MandateServie --> * MOA-ID generated reference value is not equal to reference-value from ELGA MandateService @@ -168,8 +163,11 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { Logger.debug("Validation of PVP Response from ELGA mandate-service is complete."); Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + + AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); for (String el : includedAttrNames) { - moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + session.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + //pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } @@ -186,11 +184,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { extractor.getSingleAttributeValue(PVPConstants.MANDATE_TYPE_NAME)); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, MOAReversionLogger.NAT_PERSON); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, - revisionsLogger.buildPersonInformationHash( - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME))); + + //TODO!!!! +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, +// revisionsLogger.buildPersonInformationHash( +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME))); Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID()); @@ -220,7 +220,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("ELGA mandate-service: PVP response validation FAILED. Msg:" + e.getMessage()); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getMessageId()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_ELGA_MANDATE_ERROR_RECEIVED, e.getErrorId()); throw new TaskExecutionException(pendingReq, "ELGA mandate-service: PVP response validation FAILED.", e); } catch (Exception e) { @@ -242,13 +242,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { * @throws AssertionValidationExeption * @throws AuthnResponseValidationException */ - private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { Logger.debug("Start PVP-2.1 assertion processing... "); Response samlResp = (Response) msg.getResponse(); //validate 'inResponseTo' attribute - String authnReqID = pendingReq.getGenericData( - PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, String.class); + String authnReqID = pendingReq.getRawData( + MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class); String inResponseTo = samlResp.getInResponseTo(); if (MiscUtil.isEmpty(authnReqID) || MiscUtil.isEmpty(inResponseTo) || diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java index 76108cafe..625623f4a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java @@ -28,13 +28,13 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.logging.Logger; public class RedirectToMandateSelectionTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index 299eb442e..50fb2cb4a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -35,23 +35,24 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @@ -67,7 +68,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { @Autowired ELGAMandatesCredentialProvider credential; @Autowired AuthConfiguration authConfig; @Autowired ELGAMandateServiceMetadataProvider metadataService; - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -76,7 +77,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ // get IDP entityID from Online Application configuration - String elgaMandateServiceEntityID = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); + String elgaMandateServiceEntityID = pendingReq.getServiceProviderConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); // use first ELGA Mandate-Service from general MOA-ID configuration, of no OA specific exists if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) { @@ -100,7 +101,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { } //load metadata with metadataURL, as backup - String metadataURL = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL); + String metadataURL = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL); if (MiscUtil.isNotEmpty(metadataURL)) { Logger.warn("Use not recommended metadata-provider initialization!" + " SAML2 'Well-Known-Location' is the preferred methode."); @@ -113,7 +114,8 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID); //load MOASession from database - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + //setup AuthnRequestBuilder configuration ELGAMandatesRequestBuilderConfiguration authnReqConfig = new ELGAMandatesRequestBuilderConfiguration(); @@ -125,7 +127,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { //set bPK of representative String representativeBPK = null; - String configTarget = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET); + String configTarget = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET); if (MiscUtil.isEmpty(configTarget)) { Logger.warn("Connect ELGA Mandate-Service FAILED -> No bPK-Type for SubjectNameID found."); throw new MOAIDException("service.10", @@ -190,8 +192,8 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { //set MandateReferenceValue as RequestID authnReqConfig.setRequestID(moasession.getMandateReferenceValue()); - pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_REQUESTID, + pendingReq.setRawDataToTransaction( + MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, authnReqConfig.getRequestID()); //set SubjectConformationDate diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java index 52970e240..854f9d2bb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java @@ -28,18 +28,18 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,7 +51,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -67,7 +67,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, GeneralProcessEngineSignalController.ENDPOINT_GENERIC, - authConfig.getRootConfigFileDir()); + authConfig.getConfigurationRootDirectory().toURL().toString()); guiBuilder.build(response, config, "Mandate-Service selection"); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index adc2a310b..e8cfae10a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -22,11 +22,15 @@ */ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; +import java.net.MalformedURLException; import java.util.List; import java.util.Timer; import javax.xml.namespace.QName; +import org.apache.commons.httpclient.HttpClient; +import org.apache.commons.httpclient.MOAHttpClient; +import org.apache.commons.httpclient.params.HttpClientParams; import org.opensaml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.saml2.metadata.RoleDescriptor; @@ -37,14 +41,19 @@ import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.opensaml.saml2.metadata.provider.MetadataProviderException; import org.opensaml.xml.XMLObject; import org.opensaml.xml.parse.BasicParserPool; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egovernment.moa.id.auth.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.IDestroyableObject; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException; +import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.SchemaValidationFilter; -import at.gv.egovernment.moa.id.saml2.MetadataFilterChain; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -54,9 +63,10 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Service("ELGAMandate_MetadataProvider") -public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvider +public class ELGAMandateServiceMetadataProvider extends SimpleMetadataProvider implements IDestroyableObject { - + @Autowired(required=true) AuthConfiguration moaAuthConfig; + private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider(); private Timer timer = null; @@ -238,7 +248,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide //Metadata provider seems not loaded --> Add new metadata provider Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ELGA Mandate-Service"); - String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); + String trustProfileID = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); if (MiscUtil.isEmpty(trustProfileID)) { Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." ); throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); @@ -253,11 +263,12 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide filter.addFilter(new SchemaValidationFilter(true)); filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID)); - MetadataProvider idpMetadataProvider = createNewMoaMetadataProvider(metdataURL, + MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, filter, ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, timer, - new BasicParserPool()); + new BasicParserPool(), + createHttpClient(metdataURL)); if (idpMetadataProvider == null) { Logger.error("Create ELGA Mandate-Service Client FAILED."); @@ -300,4 +311,35 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide timer.cancel(); } + + private HttpClient createHttpClient(String metadataURL) { + MOAHttpClient httpClient = new MOAHttpClient(); + HttpClientParams httpClientParams = new HttpClientParams(); + httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT); + httpClient.setParams(httpClientParams); + + if (metadataURL.startsWith("https:")) { + try { + //FIX: change hostname validation default flag to true when httpClient is updated to > 4.4 + MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory( + PVPConstants.SSLSOCKETFACTORYNAME, + moaAuthConfig.getTrustedCACertificates(), + null, + AuthConfiguration.DEFAULT_X509_CHAININGMODE, + moaAuthConfig.isTrustmanagerrevoationchecking(), + moaAuthConfig.getRevocationMethodOrder(), + moaAuthConfig.getBasicMOAIDConfigurationBoolean( + AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false)); + + httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory); + + } catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) { + Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e); + + } + } + + return httpClient; + + } } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java index 03f8fa195..6fa9c5a77 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java @@ -24,10 +24,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import java.util.List; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; /** * @author tlenz @@ -39,11 +40,11 @@ public class ELGAMandateUtils { * * @return true, if ELGA mandateservice is allowed, otherwise false */ - public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) { + public static boolean checkServiceProviderAgainstELGAModulConfigration(IConfiguration authConfig, IRequest pendingReq) { String allowedMandateTypesCSV = - authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); + authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); List<String> allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV); - List<String> spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles(); + List<String> spMandateProfiles = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getMandateProfiles(); boolean isELGAMandateServiceAllowed = false; if (spMandateProfiles != null) { diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java index f5bcdb70b..dd4e5d340 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java @@ -25,10 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** * @author tlenz @@ -43,9 +44,9 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), authConfig.getRootConfigFileDir()); } @@ -54,7 +55,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + return authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); } @@ -63,7 +64,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getMetadataKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); } @@ -72,7 +73,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getMetadataKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); } @@ -81,7 +82,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getSignatureKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); } @@ -90,7 +91,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getSignatureKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); } @@ -99,7 +100,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); } @@ -108,7 +109,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml index d41e8a017..60fd120d0 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml @@ -17,6 +17,8 @@ <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> <pd:Task id="getForeignID" class="GetForeignIDTask" async="true" /> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> + <!-- ELGA Mandate-Service Tasks --> <pd:Task id="redirectToMandateSelectionTask" class="RedirectToMandateSelectionTask" /> <pd:Task id="selectMandateServiceTask" class="SelectMandateServiceTask" async="true"/> @@ -47,7 +49,7 @@ <pd:Transition from="verifyCertificate" to="getForeignID" /> <pd:Transition from="verifyAuthBlock" to="redirectToMandateSelectionTask" conditionExpression="ctx['useMandate']" /> - <pd:Transition from="verifyAuthBlock" to="finalizeAuthentication" /> + <pd:Transition from="verifyAuthBlock" to="userRestrictionTask" /> <pd:Transition from="redirectToMandateSelectionTask" to="prepareGetMISMandate" conditionExpression="ctx['useMISMandate']" /> <pd:Transition from="redirectToMandateSelectionTask" to="selectMandateServiceTask" /> @@ -60,13 +62,14 @@ <pd:Transition from="requestELGAMandateTask" to="receiveElgaMandateResponseTask" /> - <pd:Transition from="receiveElgaMandateResponseTask" to="finalizeAuthentication" /> + <pd:Transition from="receiveElgaMandateResponseTask" to="userRestrictionTask" /> <pd:Transition from="prepareGetMISMandate" to="getMISMandate" /> - <pd:Transition from="getMISMandate" to="finalizeAuthentication" /> - - <pd:Transition from="getForeignID" to="finalizeAuthentication" /> + <pd:Transition from="getMISMandate" to="userRestrictionTask" /> + <pd:Transition from="getForeignID" to="userRestrictionTask" /> + + <pd:Transition from="userRestrictionTask" to="finalizeAuthentication" /> <pd:Transition from="finalizeAuthentication" to="end" /> <pd:EndEvent id="end" /> diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 971751e9e..9a8dbb236 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -6,9 +6,7 @@ <version>${moa-id-version}</version> </parent> - <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-openID</artifactId> - <version>${moa-id-version}</version> <packaging>jar</packaging> <name>MOA ID-Module OpenID Connect</name> @@ -34,7 +32,6 @@ <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> - <version>${junit.version}</version> <scope>test</scope> </dependency> diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java index 9060f35c5..76e7f0901 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/OAuth20Configuration.java @@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20; import java.util.Properties; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.util.FileUtils; public class OAuth20Configuration { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 9b19e0a4d..19fdb3fee 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -30,23 +30,25 @@ import org.apache.commons.lang.StringUtils; import com.google.gson.JsonObject; import com.google.gson.JsonPrimitive; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -61,8 +63,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateProfRepOIDAt import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceValueAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; public final class OAuth20AttributeBuilder { @@ -70,7 +70,7 @@ public final class OAuth20AttributeBuilder { private OAuth20AttributeBuilder() { throw new InstantiationError(); } - + private static IAttributeGenerator<Pair<String, JsonPrimitive>> generator = new IAttributeGenerator<Pair<String, JsonPrimitive>>() { public Pair<String, JsonPrimitive> buildStringAttribute(final String friendlyName, final String name, final String value) { @@ -206,7 +206,7 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List<IAttributeBuilder> builders, final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { + final ISPConfiguration oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { //TODO: better solution requires more refactoring :( @@ -222,40 +222,40 @@ public final class OAuth20AttributeBuilder { jsonObject.add(attribute.getFirst(), attribute.getSecond()); } } - catch (AttributeException e) { + catch (AttributeBuilderException e) { Logger.info("Cannot add attribute " + b.getName()); } } } public static void addScopeOpenId(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, + final ISPConfiguration oaParam, final IAuthData authData, final OAuth20AuthRequest oAuthRequest) { addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java index a43c8fce9..b3586245b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAudiencesAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAudiencesAttribute implements IAttributeBuilder { return "aud"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix()); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", oaParam.getUniqueIdentifier()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index c6775b692..933ee8904 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { return "auth_time"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000))); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildLongAttribute(this.getName(), "", ((long) (authData.getAuthenticationIssueInstant().getTime() / 1000))); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index 5f32e32a2..04efa3979 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { @@ -39,8 +38,8 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { return "exp"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index 04f38faf6..459d2b1cd 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssueInstantAttribute implements IAttributeBuilder { @@ -37,8 +36,8 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder { return "iat"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index ff19a618a..2f4124c32 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssuerAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder { return "iss"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", authData.getIssuer()); + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", authData.getAuthenticationIssuer()); } public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index eda276df2..66b6a2518 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -22,27 +22,27 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.util.MiscUtil; public class OpenIdNonceAttribute implements IAttributeBuilder { - public String getName() { + public String getName() { return "nonce"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", null); } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); else diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index 7de90e98e..e3e717ec3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { return "sub"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getBPK()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index 3ebadba52..d23877395 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileDateOfBirthAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder { return "birthdate"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index 89209b062..540962a29 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileFamilyNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder { return "family_name"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index 895037b2e..f6f774a46 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileGivenNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder { return "given_name"; } - public <ATT> ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator<ATT> g) throws AttributeException { + public <ATT> ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator<ATT> g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java index cd7b8312d..17ed6b40d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/json/OAuth20SignatureUtil.java @@ -34,11 +34,11 @@ import java.security.interfaces.RSAPublicKey; import org.apache.commons.lang.StringUtils; import org.opensaml.xml.security.x509.BasicX509Credential; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Configuration; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20CertificateErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.KeyStoreUtils; public final class OAuth20SignatureUtil { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b7c54203f..b00675e7c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -33,16 +33,18 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; @@ -53,21 +55,19 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20AuthAction") class OAuth20AuthAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; - String responseType = oAuthRequest.getResponseType(); + String responseType = oAuthRequest.getResponseType(); revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); @@ -111,7 +111,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getServiceProviderConfiguration().getUniqueIdentifier(), accessToken, null, null, req.requestedModule()); return sloInformation; } @@ -156,9 +156,9 @@ class OAuth20AuthAction implements IAction { private Pair<String, String> buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = oAuthRequest.getServiceProviderConfiguration(); - OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); + OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getAuthenticationIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 258b77b98..0350a113c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -22,30 +22,23 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; -import java.util.HashMap; -import java.util.Map; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; -import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.logging.Logger; @Component("OAuth20AuthRequest") @@ -102,7 +95,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { * the state to set */ public void setState(String state) { - this.state = state; + this.state = state; } /** @@ -167,7 +160,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true)); this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true)); this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true)); @@ -188,7 +181,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -200,46 +193,46 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); - } catch (ConfigurationException e) { + } catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - Map<String, String> reqAttr = new HashMap<String, String>(); - for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) - reqAttr.put(el, ""); - - for (String s : scope.split(" ")) { - if (s.equalsIgnoreCase("profile")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID_gov")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("mandate")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("stork")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) - reqAttr.put(el.getName(), ""); - - } - } - - //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); - return reqAttr.keySet(); - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// Map<String, String> reqAttr = new HashMap<String, String>(); +// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) +// reqAttr.put(el, ""); +// +// for (String s : scope.split(" ")) { +// if (s.equalsIgnoreCase("profile")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID_gov")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("mandate")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("stork")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) +// reqAttr.put(el.getName(), ""); +// +// } +// } +// +// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); +// return reqAttr.keySet(); +// } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 3ab283db5..118de861c 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -31,11 +31,11 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; @@ -48,7 +48,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { private static final long serialVersionUID = 1L; protected Set<String> allowedParameters = new HashSet<String>(); - + protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { String param = request.getParameter(name); Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); @@ -62,7 +62,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { return param; } - protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception { + protected void populateParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { // moa id - load oa with client id! try { @@ -70,8 +70,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { if (!ParamValidatorUtils.isValidOA(oaURL)) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - this.setOAURL(oaURL); - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); + this.setSPEntityId(oaURL); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); @@ -83,12 +83,12 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20OANotSupportedException(); } } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } // oAuth - this.populateSpecialParameters(request); + this.populateSpecialParameters(request, authConfig); // cleanup parameters this.checkAllowedParameters(request); @@ -112,6 +112,6 @@ abstract class OAuth20BaseRequest extends RequestImpl { } - protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception; + protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception; } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index d72fe9686..9f4174bf0 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -17,24 +17,24 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Controller -public class OAuth20Protocol extends AbstractAuthProtocolModulController { +public class OAuth20Protocol extends AbstractAuthProtocolModulController implements IModulInfo { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; @@ -48,15 +48,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { PVPConstants.BPK_NAME }); - public String getName() { + public String getName() { return NAME; } - - public String getPath() { + + @Override + public String getAuthProtocolIdentifier() { return PATH; } - /** + /** * */ public OAuth20Protocol() { @@ -67,22 +68,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { //OpenID Connect auth request @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) - public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); - pendingReq.populateParameters(req); + pendingReq.populateParameters(req, authConfig); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e); } @@ -101,22 +102,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); - pendingReq.populateParameters(req); + pendingReq.populateParameters(req, authConfig); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e); } @@ -148,18 +149,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController { String errorUri = protocolRequest.getAuthURL() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (e instanceof OAuth20Exception) { errorCode = ((OAuth20Exception) e).getErrorCode(); errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8"); - moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); + moaError = statusMessager.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); } else { errorCode = OAuth20Constants.ERROR_SERVER_ERROR; errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8"); - moaError = errorUtils.getResponseErrorCode(e); + moaError = statusMessager.getResponseErrorCode(e); } String paramRedirect = null; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 2117e2ab8..f3dcbd295 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -31,31 +31,31 @@ import org.springframework.stereotype.Service; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20TokenAction") class OAuth20TokenAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - + OAuth20SessionObject auth20SessionObject = null; try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 50638ebf8..89e4252b1 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -22,19 +22,17 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -127,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { } @Override - protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception { + protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception { this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true)); this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true)); this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true)); @@ -141,7 +139,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); @@ -154,7 +152,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.setOnlineApplicationConfiguration(oaParam); } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } @@ -165,11 +163,11 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - return null; - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// return null; +// } } diff --git a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java index 35bbac6e7..824d64171 100644 --- a/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java +++ b/id/server/modules/moa-id-module-openID/src/test/java/test/at/gv/egovernment/moa/id/auth/oauth/CertTest.java @@ -30,10 +30,9 @@ import org.opensaml.xml.security.x509.BasicX509Credential; import org.testng.Assert; import org.testng.annotations.Test; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Signer; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SHA256Verifier; -import at.gv.egovernment.moa.util.KeyStoreUtils; - import net.oauth.jsontoken.crypto.Signer; import net.oauth.jsontoken.crypto.Verifier; diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml new file mode 100644 index 000000000..74aa6682b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -0,0 +1,80 @@ +<?xml version="1.0"?> +<project xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd" xmlns="http://maven.apache.org/POM/4.0.0" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> + <modelVersion>4.0.0</modelVersion> + <parent> + <groupId>MOA.id.server.modules</groupId> + <artifactId>moa-id-modules</artifactId> + <version>${moa-id-version}</version> + </parent> + <artifactId>moa-id-module-sl20_authentication</artifactId> + <name>moa-id-module-sl20_authentication</name> + <url>http://maven.apache.org</url> + + <properties> + <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> + <repositoryPath>${basedir}/../../../../repository</repositoryPath> + </properties> + + <profiles> + <profile> + <id>default</id> + <activation> + <activeByDefault>true</activeByDefault> + </activation> + <repositories> + <repository> + <id>local</id> + <name>local</name> + <url>file:${basedir}/../../../../repository</url> + </repository> + <repository> + <id>egiz-commons</id> + <url>https://demo.egiz.gv.at/int-repo/</url> + <releases> + <enabled>true</enabled> + </releases> + </repository> + </repositories> + </profile> + </profiles> + + + <dependencies> + <dependency> + <groupId>MOA.id.server</groupId> + <artifactId>moa-id-lib</artifactId> + </dependency> + + <dependency> + <groupId>com.google.code.gson</groupId> + <artifactId>gson</artifactId> + <version>2.8.2</version> + </dependency> + <dependency> + <groupId>org.bitbucket.b_c</groupId> + <artifactId>jose4j</artifactId> + <version>0.6.3</version> + </dependency> + + <dependency> + <groupId>org.bouncycastle</groupId> + <artifactId>bcprov-jdk15on</artifactId> + <version>1.52</version> + <!-- <scope>provided</scope> --> +</dependency> + + + <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-test</artifactId> + <scope>test</scope> + </dependency> + <dependency> + <groupId>junit</groupId> + <artifactId>junit</artifactId> + <scope>test</scope> + </dependency> + </dependencies> + +</project> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java new file mode 100644 index 000000000..f474461bf --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +public class Constants { + + public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl"; + public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume"; + + public static final String CONFIG_PROP_PREFIX = "modules.sl20"; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint."; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = "default"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.keystore.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = CONFIG_PROP_PREFIX + ".security.sign.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password"; + + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID; + public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; + + public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable"; + public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled"; + public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.required"; + public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = CONFIG_PROP_PREFIX + ".security.eID.signed.result.required"; + + public static final String CONFIG_PROP_IPC_RETURN_URL = CONFIG_PROP_PREFIX + ".ipc.return.url"; + + public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_"; + + /** + * Only dummy data for development!!!!!! + */ + public static final String DUMMY_SIGNING_CERT = + "MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n" + + "BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n" + + "HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n" + + "MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n" + + "cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n" + + "Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n" + + "WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n" + + "WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n" + + "Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n" + + "V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n" + + "LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n" + + "8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n" + + "60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n" + + "3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n" + + "8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n" + + "TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg=="; + + public static final String DUMMY_SIGNING_CERT_FINGERPRINT = "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW"; + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java new file mode 100644 index 000000000..9c2d47ca7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -0,0 +1,127 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.util.Arrays; +import java.util.List; + +import javax.annotation.PostConstruct; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +/** + * @author tlenz + * + */ +public class SL20AuthenticationModulImpl implements AuthModule { + private int priority = 3; + public static final List<String> VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4"); + + @Autowired(required=true) protected AuthConfiguration authConfig; + @Autowired(required=true) private AuthenticationManager authManager; + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + @PostConstruct + protected void initalSL20Authentication() { + //parameter to whiteList + authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE); + authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + ISPConfiguration spConfig = (ISPConfiguration) context.get(EAAFConstants.PROCESSCONTEXT_SP_CONFIG); +// if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters) +// spConfig = (IOAAuthParameters)spConfigObj; + + String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); + String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + + if (spConfig != null && + MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)) && + Boolean.valueOf(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) { + Logger.debug("SL2.0 is enabled for " + spConfig.getUniqueIdentifier()); + Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + ": " + sl20ClientTypeHeader); + Logger.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE + ": " + sl20VDATypeHeader); + return "SL20Authentication"; + + } else { + Logger.trace("SL2.0 is NOT enabled for " + spConfig.getUniqueIdentifier()); + return null; + + } + + +// if ( StringUtils.isNotBlank(sl20ClientTypeHeader) +//// && ( +//// StringUtils.isNotBlank(sl20VDATypeHeader) +//// //&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim()) +//// ) +// ) { +// Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); +// return "SL20Authentication"; +// +// } else { +// Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); +// return null; +// +// } + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:sl20.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..2658a363d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class SL20AuthenticationSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "MOA-ID Security-Layer 2.0 Authentication SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource sl20AuthConfig = new ClassPathResource("/moaid_sl20_auth.beans.xml", SL20AuthenticationSpringResourceProvider.class); + + return new Resource[] {sl20AuthConfig}; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java new file mode 100644 index 000000000..87e9e933d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -0,0 +1,61 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class SL20SignalServlet extends AbstractProcessEngineSignalController { + + public SL20SignalServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + + " and " + Constants.HTTP_ENDPOINT_RESUME + + "'."); + + } + + @RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL, + Constants.HTTP_ENDPOINT_RESUME + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java new file mode 100644 index 000000000..2a24096f9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.data; + +import java.security.cert.X509Certificate; +import java.util.List; + +import com.google.gson.JsonObject; + +public class VerificationResult { + + private Boolean validSigned = null; + private List<X509Certificate> certs = null; + private JsonObject payload = null; + + public VerificationResult(JsonObject payload) { + this.payload = payload; + + } + + public VerificationResult(JsonObject string, List<X509Certificate> certs, boolean wasValidSigned) { + this.payload = string; + this.certs = certs; + this.validSigned = wasValidSigned; + + } + + public Boolean isValidSigned() { + return validSigned; + } + public List<X509Certificate> getCertChain() { + return certs; + } + public JsonObject getPayload() { + return payload; + } + + + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java new file mode 100644 index 000000000..898bd7097 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java @@ -0,0 +1,19 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + +public class SL20Exception extends MOAIDException { + + private static final long serialVersionUID = 1L; + + public SL20Exception(String messageId, Object[] parameters) { + super(messageId, parameters); + + } + + public SL20Exception(String messageId, Object[] parameters, Throwable wrapped) { + super(messageId, parameters, wrapped); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java new file mode 100644 index 000000000..3bea12cb1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java @@ -0,0 +1,20 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SL20SecurityException extends SL20Exception { + + private static final long serialVersionUID = 3281385988027147449L; + + public SL20SecurityException(Object[] parameters) { + super("sl20.05", parameters); + } + + public SL20SecurityException(String parameter) { + super("sl20.05", new Object[] {parameter}); + } + + public SL20SecurityException(Object[] parameters, Throwable wrapped) { + super("sl20.05", parameters, wrapped); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java new file mode 100644 index 000000000..957ace0fb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SL20eIDDataValidationException extends SL20Exception { + private static final long serialVersionUID = 1L; + + public SL20eIDDataValidationException(Object[] parameters) { + super("sl20.07", parameters); + + } + + public SL20eIDDataValidationException(Object[] parameters, Throwable e) { + super("sl20.07", parameters, e); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java new file mode 100644 index 000000000..35cf728f6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SLCommandoBuildException extends SL20Exception { + + private static final long serialVersionUID = 1L; + + + public SLCommandoBuildException(String msg) { + super("sl20.01", new Object[]{msg}); + + } + + public SLCommandoBuildException(String msg, Throwable e) { + super("sl20.01", new Object[]{msg}, e); + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java new file mode 100644 index 000000000..f36e8ad82 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SLCommandoParserException extends SL20Exception { + + private static final long serialVersionUID = 1L; + + + public SLCommandoParserException(String msg) { + super("sl20.02", new Object[]{msg}); + + } + + public SLCommandoParserException(String msg, Throwable e) { + super("sl20.02", new Object[]{msg}, e); + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java new file mode 100644 index 000000000..6fd1c3c4d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java @@ -0,0 +1,49 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.security.cert.X509Certificate; + +import com.google.gson.JsonElement; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; + +public interface IJOSETools { + + /** + * Create a JWS signature + * + * @param payLoad Payload to sign + * @throws SLCommandoBuildException + */ + public String createSignature(String payLoad) throws SLCommandoBuildException; + + /** + * Validates a JWS signature + * + * @param serializedContent + * @return + * @throws SLCommandoParserException + * @throws SL20Exception + */ + public VerificationResult validateSignature(String serializedContent) throws SL20Exception; + + /** + * Get the encryption certificate for SL2.0 End-to-End encryption + * + * @return + */ + public X509Certificate getEncryptionCertificate(); + + /** + * Decrypt a serialized JWE token + * + * @param compactSerialization Serialized JWE token + * @return decrypted payload + * @throws SL20Exception + */ + public JsonElement decryptPayload(String compactSerialization) throws SL20Exception; + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java new file mode 100644 index 000000000..42783468d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -0,0 +1,359 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.io.IOException; +import java.security.Key; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Enumeration; +import java.util.List; + +import javax.annotation.PostConstruct; + +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jwe.JsonWebEncryption; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.keys.X509Util; +import org.jose4j.keys.resolvers.X509VerificationKeyResolver; +import org.jose4j.lang.JoseException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import com.google.gson.JsonElement; +import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; + +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyStoreUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.X509Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; + +@Service +public class JsonSecurityUtils implements IJOSETools{ + + @Autowired(required=true) AuthConfiguration authConfig; + private Key signPrivKey = null; + private X509Certificate[] signCertChain = null; + + private Key encPrivKey = null; + private X509Certificate[] encCertChain = null; + + private List<X509Certificate> trustedCerts = new ArrayList<X509Certificate>(); + + @PostConstruct + protected void initalize() { + Logger.info("Initialize SL2.0 authentication security constrains ... "); + try { + KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); + + //load signing key + signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); + Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); + signCertChain = new X509Certificate[certChainSigning.length]; + for (int i=0; i<certChainSigning.length; i++) { + if (certChainSigning[i] instanceof X509Certificate) { + signCertChain[i] = (X509Certificate)certChainSigning[i]; + } else + Logger.warn("NO X509 certificate for signing: " + certChainSigning[i].getType()); + + } + + //load encryption key + try { + encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); + if (encPrivKey != null) { + Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); + encCertChain = new X509Certificate[certChainEncryption.length]; + for (int i=0; i<certChainEncryption.length; i++) { + if (certChainEncryption[i] instanceof X509Certificate) { + encCertChain[i] = (X509Certificate)certChainEncryption[i]; + } else + Logger.warn("NO X509 certificate for encryption: " + certChainEncryption[i].getType()); + } + } else + Logger.info("No encryption key for SL2.0 found. End-to-End encryption is not used."); + + } catch (Exception e) { + Logger.warn("No encryption key for SL2.0 found. End-to-End encryption is not used. Reason: " + e.getMessage(), e); + + } + + //load trusted certificates + Enumeration<String> aliases = keyStore.aliases(); + while(aliases.hasMoreElements()) { + String el = aliases.nextElement(); + Logger.trace("Process TrustStoreEntry: " + el); + if (keyStore.isCertificateEntry(el)) { + Certificate cert = keyStore.getCertificate(el); + if (cert != null && cert instanceof X509Certificate) + trustedCerts.add((X509Certificate) cert); + else + Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + + } + } + + //some short validation + if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { + Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + throw new SL20Exception("sl20.03", new Object[]{"Can NOT open private key for signing"}); + + } + + if (signCertChain == null || signCertChain.length == 0) { + Logger.info("NO certificate for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); + throw new SL20Exception("sl20.03", new Object[]{"NO certificate for SL2.0 signing"}); + + } + + Logger.info("SL2.0 authentication security constrains initialized."); + + } catch ( Exception e) { + Logger.error("SL2.0 security constrains initialization FAILED.", e); + + } + + } + + + @Override + public String createSignature(String payLoad) throws SLCommandoBuildException { + try { + JsonWebSignature jws = new JsonWebSignature(); + + //set payload + jws.setPayload(payLoad); + + //set basic header + jws.setContentTypeHeaderValue(SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND); + + //set signing information + jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); + jws.setKey(signPrivKey); + + //TODO: + jws.setCertificateChainHeaderValue(signCertChain); + jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]); + + return jws.getCompactSerialization(); + + } catch (JoseException e) { + Logger.warn("Can NOT sign SL2.0 command.", e); + throw new SLCommandoBuildException("Can NOT sign SL2.0 command.", e); + + } + + } + + @Override + public VerificationResult validateSignature(String serializedContent) throws SL20Exception { + try { + JsonWebSignature jws = new JsonWebSignature(); + //set payload + jws.setCompactSerialization(serializedContent); + + //set security constrains + jws.setAlgorithmConstraints(new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()]))); + + //load signinc certs + Key selectedKey = null; + List<X509Certificate> x5cCerts = jws.getCertificateChainHeaderValue(); + String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + Logger.debug("Found x509 certificate in JOSE header ... "); + Logger.trace("Sorting received X509 certificates ... "); + List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (trustedCerts.contains(sortedX5cCerts.get(0))) { + selectedKey = sortedX5cCerts.get(0).getPublicKey(); + + } else { + Logger.info("Can NOT find JOSE certificate in truststore."); + Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); + try { + Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); + } catch (CertificateEncodingException | IOException e) { + e.printStackTrace(); + } + + } + + } else if (MiscUtil.isNotEmpty(x5t256)) { + Logger.debug("Found x5t256 fingerprint in JOSE header .... "); + X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.<JsonWebStructure>emptyList()); + + } else { + Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + + } + + if (selectedKey == null) { + Logger.info("Can NOT select verification key for JWS. Signature verification FAILED."); + throw new SLCommandoParserException("Can NOT select verification key for JWS. Signature verification FAILED"); + + } + + //set verification key + jws.setKey(selectedKey); + + //validate signature + boolean valid = jws.verifySignature(); + if (!valid) { + Logger.info("JWS signature invalide. Stopping authentication process ..."); + Logger.debug("Received JWS msg: " + serializedContent); + throw new SL20SecurityException("JWS signature invalide."); + + } + + + //load payLoad + Logger.debug("SL2.0 commando signature validation sucessfull"); + JsonElement sl20Req = new JsonParser().parse(jws.getPayload()); + + return new VerificationResult(sl20Req.getAsJsonObject(), null, valid) ; + + } catch (JoseException e) { + Logger.warn("SL2.0 commando signature validation FAILED", e); + throw new SL20SecurityException(new Object[]{e.getMessage()}, e); + + } + + } + + + @Override + public JsonElement decryptPayload(String compactSerialization) throws SL20Exception { + try { + JsonWebEncryption receiverJwe = new JsonWebEncryption(); + + //set security constrains + receiverJwe.setAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.size()]))); + receiverJwe.setContentEncryptionAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.size()]))); + + //set payload + receiverJwe.setCompactSerialization(compactSerialization); + + + //validate key from header against key from config + List<X509Certificate> x5cCerts = receiverJwe.getCertificateChainHeaderValue(); + String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + Logger.debug("Found x509 certificate in JOSE header ... "); + Logger.trace("Sorting received X509 certificates ... "); + List<X509Certificate> sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { + Logger.info("Certificate from JOSE header does NOT match encryption certificate"); + Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); + + try { + Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); + } catch (CertificateEncodingException | IOException e) { + e.printStackTrace(); + } + throw new SL20Exception("sl20.05", new Object[]{"Certificate from JOSE header does NOT match encryption certificate"}); + } + + } else if (MiscUtil.isNotEmpty(x5t256)) { + Logger.debug("Found x5t256 fingerprint in JOSE header .... "); + String certFingerPrint = X509Util.x5tS256(encCertChain[0]); + if (!certFingerPrint.equals(x5t256)) { + Logger.info("X5t256 from JOSE header does NOT match encryption certificate"); + Logger.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); + throw new SL20Exception("sl20.05", new Object[]{"X5t256 from JOSE header does NOT match encryption certificate"}); + + } + + } else { + Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + + } + + //set key + receiverJwe.setKey(encPrivKey); + + + //decrypt payload + return new JsonParser().parse(receiverJwe.getPlaintextString()); + + } catch (JoseException e) { + Logger.warn("SL2.0 result decryption FAILED", e); + throw new SL20SecurityException(new Object[]{e.getMessage()}, e); + + } catch ( JsonSyntaxException e) { + Logger.warn("Decrypted SL2.0 result is NOT a valid JSON.", e); + throw new SLCommandoParserException("Decrypted SL2.0 result is NOT a valid JSON.", e); + + } + + } + + + + @Override + public X509Certificate getEncryptionCertificate() { + //TODO: maybe update after SL2.0 update on encryption certificate parts + if (encCertChain !=null && encCertChain.length > 0) + return encCertChain[0]; + else + return null; + } + + private String getKeyStoreFilePath() throws ConfigurationException { + return FileUtils.makeAbsoluteURL( + authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), + authConfig.getRootConfigFileDir()); + } + + private String getKeyStorePassword() { + return authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim(); + + } + + private String getSigningKeyAlias() { + return authConfig.getBasicConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); + } + + private String getSigningKeyPassword() { + return authConfig.getBasicConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); + } + + private String getEncryptionKeyAlias() { + return authConfig.getBasicConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); + } + + private String getEncryptionKeyPassword() { + return authConfig.getBasicConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim(); + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java new file mode 100644 index 000000000..645b043ce --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java @@ -0,0 +1,232 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.util.Arrays; +import java.util.List; + +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; +import org.jose4j.jws.AlgorithmIdentifiers; + +public class SL20Constants { + public static final int CURRENT_SL20_VERSION = 10; + + //http binding parameters + public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; + public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; + + public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl"; + public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; + + public static final String HTTP_HEADER_SL20_CLIENT_TYPE = "SL2ClientType"; + public static final String HTTP_HEADER_SL20_VDA_TYPE = "X-MOA-VDA"; + public static final String HTTP_HEADER_VALUE_NATIVE = "nativeApp"; + + + //******************************************************************************************* + //JSON signing and encryption headers + public static final String JSON_ALGORITHM = "alg"; + public static final String JSON_CONTENTTYPE = "cty"; + public static final String JSON_X509_CERTIFICATE = "x5c"; + public static final String JSON_X509_FINGERPRINT = "x5t#S256"; + public static final String JSON_ENCRYPTION_PAYLOAD = "enc"; + + public static final String JSON_ALGORITHM_SIGNING_RS256 = AlgorithmIdentifiers.RSA_USING_SHA256; + public static final String JSON_ALGORITHM_SIGNING_RS512 = AlgorithmIdentifiers.RSA_USING_SHA512; + public static final String JSON_ALGORITHM_SIGNING_ES256 = AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256; + public static final String JSON_ALGORITHM_SIGNING_ES512 = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512; + public static final String JSON_ALGORITHM_SIGNING_PS256 = AlgorithmIdentifiers.RSA_PSS_USING_SHA256; + public static final String JSON_ALGORITHM_SIGNING_PS512 = AlgorithmIdentifiers.RSA_PSS_USING_SHA512; + + public static final List<String> SL20_ALGORITHM_WHITELIST_SIGNING = Arrays.asList( + JSON_ALGORITHM_SIGNING_RS256, + JSON_ALGORITHM_SIGNING_RS512, + JSON_ALGORITHM_SIGNING_ES256, + JSON_ALGORITHM_SIGNING_ES512, + JSON_ALGORITHM_SIGNING_PS256, + JSON_ALGORITHM_SIGNING_PS512 + ); + + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = KeyManagementAlgorithmIdentifiers.RSA_OAEP; + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 = KeyManagementAlgorithmIdentifiers.RSA_OAEP_256; + + public static final List<String> SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Arrays.asList( + JSON_ALGORITHM_ENC_KEY_RSAOAEP, + JSON_ALGORITHM_ENC_KEY_RSAOAEP256 + ); + + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512 = ContentEncryptionAlgorithmIdentifiers.AES_256_CBC_HMAC_SHA_512; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128GCM = ContentEncryptionAlgorithmIdentifiers.AES_128_GCM; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = ContentEncryptionAlgorithmIdentifiers.AES_256_GCM; + + public static final List<String> SL20_ALGORITHM_WHITELIST_ENCRYPTION = Arrays.asList( + JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, + JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, + JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, + JSON_ALGORITHM_ENC_PAYLOAD_A256GCM + ); + + + //********************************************************************************************* + //Object identifier for generic transport container + public static final String SL20_CONTENTTYPE_SIGNED_COMMAND ="application/sl2.0;command"; + public static final String SL20_CONTENTTYPE_ENCRYPTED_RESULT ="application/sl2.0;result"; + + public static final String SL20_VERSION = "v"; + public static final String SL20_REQID = "reqID"; + public static final String SL20_RESPID = "respID"; + public static final String SL20_INRESPTO = "inResponseTo"; + public static final String SL20_TRANSACTIONID = "transactionID"; + public static final String SL20_PAYLOAD = "payload"; + public static final String SL20_SIGNEDPAYLOAD = "signedPayload"; + + //Generic Object identifier for commands + public static final String SL20_COMMAND_CONTAINER_NAME = "name"; + public static final String SL20_COMMAND_CONTAINER_PARAMS = "params"; + public static final String SL20_COMMAND_CONTAINER_RESULT = "result"; + public static final String SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT = "encryptedResult"; + + //COMMAND Object identifier + public static final String SL20_COMMAND_IDENTIFIER_REDIRECT = "redirect"; + public static final String SL20_COMMAND_IDENTIFIER_CALL = "call"; + public static final String SL20_COMMAND_IDENTIFIER_ERROR = "error"; + public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID"; + //public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig"; + + public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate"; + public static final String SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES = "createCAdES"; + + + public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey"; + public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert"; + + public static final String SL20_COMMAND_IDENTIFIER_AUTH_IDANDPASSWORD = "idAndPassword"; + public static final String SL20_COMMAND_IDENTIFIER_AUTH_JWSTOKENFACTOR = "jwsTokenAuth"; + public static final String SL20_COMMAND_IDENTIFIER_AUTH_QRCODEFACTOR = "qrCodeFactor"; + + //*****COMMAND parameter identifier****** + //general Identifier + public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE = "value"; + public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY = "key"; + public static final String SL20_COMMAND_PARAM_GENERAL_DATAURL = "dataUrl"; + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE = "x5cEnc"; + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK = "jwkEnc"; + + //Redirect command + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL = "url"; + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND = "command"; + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND = "signedCommand"; + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT = "IPCRedirect"; + + //Call command + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD = "method"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET = "get"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_POST = "post"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = "includeTransactionID"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER = "reqParams"; + + //error command + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE = "errorCode"; + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE = "errorMessage"; + + //qualified eID command + public static final String SL20_COMMAND_PARAM_EID_AUTHBLOCKID = "authBlockTemplateID"; + public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE"; + public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_EID_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; + public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK"; + public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK"; + public static final String SL20_COMMAND_PARAM_EID_RESULT_CCSURL = "EID-CCS-URL"; + public static final String SL20_COMMAND_PARAM_EID_RESULT_LOA = "EID-CITIZEN-QAA-LEVEL"; + + //qualified Signature comamnd +// public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; +// public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + + + //getCertificate + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_KEYID = "keyId"; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_RESULT_CERTIFICATE = "x5c"; + + //createCAdES Signture + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL = "cadesLevel"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_RESULT_SIGNATURE = "signature"; + + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC = "cAdES"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_T = "cAdES-T"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_C = "cAdES-C"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_X = "cAdES-X"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A"; + + + + //create binding key command + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_SN = "SN"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH = "keyLength"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG = "keyAlg"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES = "policies"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST = "x5cVdaTrust"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = "reqUserPassword"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_RSA = "RSA"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_SECPR256R1 = "secp256r1"; + + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_LIFETIME = "lifeTime"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = "useSecureElement"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_KEYTIMEOUT = "keyTimeout"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = "needUserAuth"; + + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID = "appID"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR = "csr"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = "attCert"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD = "encodedPass"; + + + //store binding certificate command + public static final String SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE = "x5c"; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS = "success"; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE = "OK"; + + // Username and password authentication + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG = "keyAlg"; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG_VALUE_PLAIN = "plain"; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG_VALUE_PBKDF2 = "PBKDF2"; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID = SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD = SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD; + + //JWS Token authentication + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE = "nonce"; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA = "displayData"; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL = "displayUrl"; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE = SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE; + + //QR-Code authentication + public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_QRCODE = "qrCode"; + public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java new file mode 100644 index 000000000..169cb8e73 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java @@ -0,0 +1,45 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.io.IOException; +import java.io.StringWriter; +import java.net.URISyntaxException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moaspss.logging.Logger; + +public class SL20HttpBindingUtils { + + public static void writeIntoResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20Forward, String redirectURL) throws IOException, URISyntaxException { + //forward SL2.0 command + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + Logger.debug("Client request containts 'native client' header ... "); + StringWriter writer = new StringWriter(); + writer.write(sl20Forward.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + } else { + Logger.debug("Client request containts is no native client ... "); + URIBuilder clientRedirectURI = new URIBuilder(redirectURL); + clientRedirectURI.addParameter( + SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, + Base64Url.encode(sl20Forward.toString().getBytes())); + response.setStatus(307); + response.setHeader("Location", clientRedirectURI.build().toString()); + + } + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java new file mode 100644 index 000000000..d5dec1fe1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java @@ -0,0 +1,617 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Base64; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; + +public class SL20JSONBuilderUtils { + + /** + * Create command request + * @param name + * @param params + * @throws SLCommandoBuildException + * @return + */ + public static JsonObject createCommand(String name, JsonElement params) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); + return command; + + } + + /** + * Create signed command request + * + * @param name + * @param params + * @param signer + * @return + * @throws SLCommandoBuildException + */ + public static String createSignedCommand(String name, JsonElement params, IJOSETools signer) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); + return signer.createSignature(command.toString()); + + } + + + /** + * Create encrypted command result + * + * @param result + * @param encrypter + * @return + * @throws SLCommandoBuildException + */ + public static String createEncryptedCommandoResult(JsonObject result, JsonSecurityUtils encrypter) throws SLCommandoBuildException { + //TODO: add real implementation + //create header and footer + String dummyHeader = createJsonEncryptionHeader(encrypter).toString(); + String payLoad = result.toString(); + String dummyFooter = createJsonSignedFooter(encrypter); + + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(payLoad.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); + + } + + + /** + * Create command result + * + * @param name + * @param result + * @param encryptedResult + * @throws SLCommandoBuildException + * @return + */ + public static JsonObject createCommandResponse(String name, JsonElement result, String encryptedResult) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addOnlyOnceOfTwo(command, + SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, + result, encryptedResult); + return command; + + } + + /** + * Create command result + * + * @param name + * @param result + * @param encryptedResult + * @throws SLCommandoBuildException + * @return + */ + public static String createSignedCommandResponse(String name, JsonElement result, String encryptedResult, JsonSecurityUtils signer) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addOnlyOnceOfTwo(command, + SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, + result, encryptedResult); + String encodedCommand = command.toString(); + + //TODO: add real implementation + //create header and footer + String dummyHeader = createJsonSignedHeader(signer).toString(); + String dummyFooter = createJsonSignedFooter(signer); + + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); + + } + + /** + * Create parameters for Redirect command + * + * @param url + * @param command + * @param signedCommand + * @param ipcRedirect + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createRedirectCommandParameters(String url, JsonElement command, JsonElement signedCommand, Boolean ipcRedirect) throws SLCommandoBuildException{ + JsonObject redirectReqParams = new JsonObject(); + addOnlyOnceOfTwo(redirectReqParams, + SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, + command, signedCommand); + addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, url, false); + addSingleBooleanElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, ipcRedirect, false); + return redirectReqParams; + + } + + /** + * Create parameters for Call command + * + * @param url + * @param method + * @param includeTransactionId + * @param reqParameters + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createCallCommandParameters(String url, String method, Boolean includeTransactionId, Map<String, String> reqParameters) throws SLCommandoBuildException { + JsonObject callReqParams = new JsonObject(); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, true); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, method, true); + addSingleBooleanElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, includeTransactionId, false); + addArrayOfStringElements(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters); + return callReqParams; + + } + + /** + * Create result for Error command + * + * @param errorCode + * @param errorMsg + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createErrorCommandResult(String errorCode, String errorMsg) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, errorCode, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, errorMsg, true); + return result; + + } + + + /** + * Create parameters for qualifiedeID command + * + * @param authBlockId + * @param dataUrl + * @param additionalReqParameters + * @param x5cEnc + * @return + * @throws CertificateEncodingException + * @throws SLCommandoBuildException + */ + public static JsonObject createQualifiedeIDCommandParameters(String authBlockId, String dataUrl, + Map<String, String> additionalReqParameters, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, additionalReqParameters); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); + return params; + + } + + /** + * Create result for qualifiedeID command + * + * @param idl + * @param authBlock + * @param ccsURL + * @param LoA + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createQualifiedeIDCommandResult(byte[] idl, byte[] authBlock, String ccsURL, String LoA) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idl, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsURL, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, LoA, true); + return result; + + } + + + /** + * Create Binding-Key command parameters + * + * @param kontoId + * @param subjectName + * @param keySize + * @param keyAlg + * @param policies + * @param dataUrl + * @param x5cVdaTrust + * @param reqUserPassword + * @param x5cEnc + * @return + * @throws SLCommandoBuildException + * @throws CertificateEncodingException + */ + public static JsonObject createBindingKeyCommandParams(String kontoId, String subjectName, int keySize, String keyAlg, + Map<String, String> policies, String dataUrl, X509Certificate x5cVdaTrust, Boolean reqUserPassword, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, true); + addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, keySize, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, true); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, policies); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, x5cVdaTrust, false); + addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, reqUserPassword, false); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, x5cEnc, false); + return params; + + } + + /** + * Create Binding-Key command result + * + * @param appId + * @param csr + * @param attCert + * @param password + * @return + * @throws SLCommandoBuildException + * @throws CertificateEncodingException + */ + public static JsonObject createBindingKeyCommandResult(String appId, byte[] csr, X509Certificate attCert, byte[] password) throws SLCommandoBuildException, CertificateEncodingException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, appId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, true); + addSingleCertificateElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, false); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false); + return result; + + } + + /** + * Create Store Binding-Certificate command parameters + * + * @param cert + * @param dataUrl + * @return + * @throws CertificateEncodingException + * @throws SLCommandoBuildException + */ + public static JsonObject createStoreBindingCertCommandParams(X509Certificate cert, String dataUrl) throws CertificateEncodingException, SLCommandoBuildException { + JsonObject params = new JsonObject(); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, cert, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, true); + return params; + + } + + /** + * Create Store Binding-Certificate command result + * + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createStoreBindingCertCommandSuccessResult() throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS, + SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE, true); + return result; + + } + + + /** + * Create idAndPassword command parameters + * + * @param keyAlg + * @param dataUrl + * @param x5cEnc + * @return + * @throws SLCommandoBuildException + * @throws CertificateEncodingException + */ + public static JsonObject createIdAndPasswordCommandParameters(String keyAlg, String dataUrl, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, keyAlg, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, x5cEnc, false); + return params; + + } + + /** + * Create idAndPassword command result + * + * @param kontoId + * @param password + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createIdAndPasswordCommandResult(String kontoId, byte[] password) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, true); + return result; + + } + + /** + * Create JWS Token Authentication command + * + * @param nonce + * @param dataUrl + * @param displayData + * @param displayUrl + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createJwsTokenAuthCommandParams(String nonce, String dataUrl, List<String> displayData, List<String> displayUrl) throws SLCommandoBuildException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, true); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, displayData); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, displayUrl); + return params; + + } + + /** + * Create JWS Token Authentication command result + * + * @param nonce + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createJwsTokenAuthCommandResult(String nonce) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, nonce, true); + return result; + + } + + + /** + * Create Generic Request Container + * + * @param reqId + * @param transactionId + * @param payLoad + * @param signedPayload + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createGenericRequest(String reqId, String transactionId, JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { + JsonObject req = new JsonObject(); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true); + addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + payLoad, signedPayload); + return req; + + } + + /** + * Create Generic Response Container + * + * @param respId + * @param inResponseTo + * @param transactionId + * @param payLoad + * @param signedPayload + * @return + * @throws SLCommandoBuildException + */ + public static final JsonObject createGenericResponse(String respId, String inResponseTo, String transactionId, + JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { + + JsonObject req = new JsonObject(); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true); + addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true); + addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + payLoad, signedPayload); + return req; + + } + + /** + * Add one element of two possible elements <br> + * This method adds either the first element or the second element to parent JSON, but never both. + * + * @param parent Parent JSON element + * @param firstKeyId first element Id + * @param secondKeyId second element Id + * @param first first element + * @param second second element + * @throws SLCommandoBuildException + */ + public static void addOnlyOnceOfTwo(JsonObject parent, String firstKeyId, String secondKeyId, JsonElement first, String second) throws SLCommandoBuildException { + if (first == null && (second == null || second.isEmpty())) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); + + else if (first != null && second != null) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " can not SET TWICE"); + + else if (first != null) + parent.add(firstKeyId, first); + + else if (second != null && !second.isEmpty()) + parent.addProperty(secondKeyId, second); + + else + throw new SLCommandoBuildException("Internal build error"); + } + + + + //TODO!!!! + private static JsonObject createJsonSignedHeader(JsonSecurityUtils signer) throws SLCommandoBuildException { + JsonObject header = new JsonObject(); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); + addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, Arrays.asList(Constants.DUMMY_SIGNING_CERT)); + + return header; + } + + //TODO!!!! + private static JsonObject createJsonEncryptionHeader(JsonSecurityUtils signer) throws SLCommandoBuildException { + JsonObject header = new JsonObject(); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); + addSingleStringElement(header, SL20Constants.JSON_ENCRYPTION_PAYLOAD, SL20Constants.JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, true); + addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true); + + return header; + } + + //TODO!!!! + private static String createJsonSignedFooter(JsonSecurityUtils signer) { + return "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7\n" + + " AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n" + + " BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n" + + " 0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv\n" + + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" + + " p0igcN_IoypGlUPQGe77Rw"; + } + + + + private static void addArrayOfStrings(JsonObject parent, String keyId, List<String> values) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + if (values != null) { + JsonArray callReqParamsArray = new JsonArray(); + parent.add(keyId, callReqParamsArray ); + for(String el : values) + callReqParamsArray.add(el); + + } + } + + + private static void addArrayOfStringElements(JsonObject parent, String keyId, Map<String, String> keyValuePairs) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + if (keyValuePairs != null) { + JsonArray callReqParamsArray = new JsonArray(); + parent.add(keyId, callReqParamsArray ); + + for(Entry<String, String> el : keyValuePairs.entrySet()) { + JsonObject callReqParams = new JsonObject(); + //callReqParams.addProperty(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY, el.getKey()); + //callReqParams.addProperty(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE, el.getValue()); + callReqParams.addProperty(el.getKey(), el.getValue()); + callReqParamsArray.add(callReqParams); + + } + } + } + + private static void addSingleCertificateElement(JsonObject parent, String keyId, X509Certificate cert, boolean isRequired) throws CertificateEncodingException, SLCommandoBuildException { + if (cert != null) + addSingleByteElement(parent, keyId, cert.getEncoded(), isRequired); + + else if (isRequired) + throw new SLCommandoBuildException(keyId + " is marked as REQUIRED"); + + } + + + + private static void addSingleByteElement(JsonObject parent, String keyId, byte[] value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has NULL value"); + + else if (value != null) + parent.addProperty(keyId, Base64.getEncoder().encodeToString(value)); + + } + + private static void addSingleBooleanElement(JsonObject parent, String keyId, Boolean value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has a NULL value"); + + else if (value != null) + parent.addProperty(keyId, value); + + } + + private static void addSingleNumberElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has a NULL value"); + + else if (value != null) + parent.addProperty(keyId, value);; + + } + + private static void addSingleStringElement(JsonObject parent, String keyId, String value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && (value == null || value.isEmpty())) + throw new SLCommandoBuildException(keyId + " has an empty value"); + + else if (value != null && !value.isEmpty()) + parent.addProperty(keyId, value); + + } + + private static void addSingleIntegerElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has an empty value"); + + else if (value != null) + parent.addProperty(keyId, value); + + } + + private static void addSingleJSONElement(JsonObject parent, String keyId, JsonElement element, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && element == null) + throw new SLCommandoBuildException("No commando name included"); + + else if (element != null) + parent.add(keyId, element); + + } + + private static void addOnlyOnceOfTwo(JsonObject parent, String firstKeyId, String secondKeyId, JsonElement first, JsonElement second) throws SLCommandoBuildException { + if (first == null && second == null) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); + + else if (first != null && second != null) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " can not SET TWICE"); + + else if (first != null) + parent.add(firstKeyId, first); + + else if (second != null) + parent.add(secondKeyId, second); + + else + throw new SLCommandoBuildException("Internal build error"); + } + + private static void validateParentAndKey(JsonObject parent, String keyId) throws SLCommandoBuildException { + if (parent == null) + throw new SLCommandoBuildException("NO parent JSON element"); + + if (keyId == null || keyId.isEmpty()) + throw new SLCommandoBuildException("NO JSON element identifier"); + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java new file mode 100644 index 000000000..759d9c838 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -0,0 +1,350 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.io.InputStreamReader; +import java.util.ArrayList; +import java.util.Base64; +import java.util.HashMap; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.http.Header; +import org.apache.http.HttpEntity; +import org.apache.http.HttpResponse; +import org.apache.http.client.utils.URIBuilder; +import org.apache.log4j.Logger; +import org.jose4j.base64url.Base64Url; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; + +public class SL20JSONExtractorUtils { + private static final Logger log = Logger.getLogger(SL20JSONExtractorUtils.class); + + /** + * Extract String value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static String getStringValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + try { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) + return internal.getAsString(); + else + return null; + + } catch (SLCommandoParserException e) { + throw e; + + } catch (Exception e) { + throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); + + } + } + + /** + * Extract Boolean value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException { + try { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) + return internal.getAsBoolean(); + else + return defaultValue; + + } catch (SLCommandoParserException e) { + throw e; + + } catch (Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract JSONObject value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + try { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) + return internal.getAsJsonObject(); + else + return null; + + } catch (SLCommandoParserException e) { + throw e; + + } catch (Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract a List of String elements from a JSON element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static List<String> getListOfStringElements(JsonElement input) throws SLCommandoParserException { + List<String> result = new ArrayList<String>(); + if (input != null) { + if (input.isJsonArray()) { + Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator(); + while(arrayIterator.hasNext()) { + JsonElement next = arrayIterator.next(); + if (next.isJsonPrimitive()) + result.add(next.getAsString()); + } + + } else if (input.isJsonPrimitive()) { + result.add(input.getAsString()); + + } else { + log.warn("JSON Element IS NOT a JSON array or a JSON Primitive"); + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive"); + + } + } + + return result; + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static Map<String, String> getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + JsonElement internal = getAndCheck(input, keyID, isRequired); + return getMapOfStringElements(internal); + + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static Map<String, String> getMapOfStringElements(JsonElement input) throws SLCommandoParserException { + Map<String, String> result = new HashMap<String, String>(); + + if (input != null) { + if (input.isJsonArray()) { + Iterator<JsonElement> arrayIterator = input.getAsJsonArray().iterator(); + while(arrayIterator.hasNext()) { + JsonElement next = arrayIterator.next(); + Iterator<Entry<String, JsonElement>> entry = next.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, entry); + + } + + } else if (input.isJsonObject()) { + Iterator<Entry<String, JsonElement>> objectKeys = input.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, objectKeys); + + } else + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); + + } + + return result; + } + + private static void entitySetToMap(Map<String, String> result, Iterator<Entry<String, JsonElement>> entry) { + while (entry.hasNext()) { + Entry<String, JsonElement> el = entry.next(); + if (result.containsKey(el.getKey())) + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); + + result.put(el.getKey(), el.getValue().getAsString()); + + } + + } + + + public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { + JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); + JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + + if (result == null && encryptedResult == null) + throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); + + else if (encryptedResult == null && mustBeEncrypted) + throw new SLCommandoParserException("result MUST be signed."); + + else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { + try { + return decrypter.decryptPayload(encryptedResult.getAsString()); + + } catch (Exception e) { + log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); + if (!mustBeEncrypted) { + log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); + + //dummy code + try { + String[] signedPayload = encryptedResult.toString().split("\\."); + JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); + return payLoad; + + } catch (Exception e1) { + log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); + throw new SL20Exception(e.getMessage(), null, e); + + } + + } else + throw e; + + } + + } else if (result != null) { + return result; + + } else + throw new SLCommandoParserException("Internal build error"); + + + } + + /** + * Extract payLoad from generic transport container + * + * @param container + * @param joseTools + * @return + * @throws SLCommandoParserException + */ + public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception { + + JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); + JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); + + if (mustBeSigned && joseTools == null) + throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); + + if (sl20Payload == null && sl20SignedPayload == null) + throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); + + else if (sl20SignedPayload == null && mustBeSigned) + throw new SLCommandoParserException("payLoad MUST be signed."); + + else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { + return joseTools.validateSignature(sl20SignedPayload.getAsString()); + + } else if (sl20Payload != null) + return new VerificationResult(sl20Payload.getAsJsonObject()); + + else + throw new SLCommandoParserException("Internal build error"); + + + } + + + /** + * Extract generic transport container from httpResponse + * + * @param httpResp + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) throws SLCommandoParserException { + try { + JsonObject sl20Resp = null; + if (httpResp.getStatusLine().getStatusCode() == 307) { + Header[] locationHeader = httpResp.getHeaders("Location"); + if (locationHeader == null) + throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); + + String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); + sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject(); + + } else if (httpResp.getStatusLine().getStatusCode() == 200) { + if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) + throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else if ( (httpResp.getStatusLine().getStatusCode() == 500) || + (httpResp.getStatusLine().getStatusCode() == 401) || + (httpResp.getStatusLine().getStatusCode() == 400) ) { + log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + + ". Search for error message"); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + + } else + throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); + + log.info("Find JSON object in http response"); + return sl20Resp; + + } catch (Exception e) { + throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); + + } + } + + private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { + if (resp != null && resp.getContent() != null) { + JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); + if (sl20Resp != null && sl20Resp.isJsonObject()) { + return sl20Resp.getAsJsonObject(); + + } else + throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); + + + } else + throw new SLCommandoParserException("Can NOT find content in http response"); + + } + + + private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + JsonElement internal = input.get(keyID); + + if (internal == null && isRequired) + throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); + + return internal; + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java new file mode 100644 index 000000000..599a67dfd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -0,0 +1,221 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.util.Date; +import java.util.List; + +import org.opensaml.Configuration; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; +import at.gv.egovernment.moa.util.Base64Utils; + + +public class QualifiedeIDVerifier { + public static void verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + // validates the identity link + IdentityLinkValidator.getInstance().validate(idl); + + // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(idl, authConfig.getMoaSpIdentityLinkTrustProfileID(oaParam.isUseIDLTestTrustStore())); + + // invokes the call + Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the <VerifyXMLSignatureResponse> + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + + // validates the <VerifyXMLSignatureResponse> + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConfig.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + oaParam, + authConfig); + + + } + + public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException { + String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); + List<String> verifyTransformsInfoProfileID = + KeyValueUtils.getListOfCSVValues( + KeyValueUtils.normalizeCSVValueString( + authConfig.getBasicConfiguration( + at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID))); + + SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); + IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID); + + // validates the <VerifyXMLSignatureResponse> + VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult, + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam, authConfig); + + return sigVerifyResult; + + } + + public static boolean checkConsistencyOfeIDData(String sl20ReqId, IIdentityLink idl, AssertionAttributeExtractor authBlockExtractor, IVerifiyXMLSignatureResponse sigVerifyResult) throws SL20eIDDataValidationException { + + try { + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(sigVerifyResult, idl); + + //compare requestId from SL20 qualifiedeID command to ID from SAML2 assertion + String authBlockId = authBlockExtractor.getAssertionID(); + if (MiscUtil.isEmpty(authBlockId)) { + Logger.info("AuthBlock containts no ID, but ID MUST be included"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock containts no ID, but ID MUST be included" + }); + } + + if (!authBlockId.equals(sl20ReqId)) { + Logger.info("SL20 'requestId' does NOT match to AuthBlock Id." + + " Expected : " + sl20ReqId + + " Authblock: " + authBlockId); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "SL20 'requestId' does NOT match to AuthBlock Id." + }); + } + + + // Compare AuthBlock Data with information stored in session, especially + // date and time + validateSigningDateTime(sigVerifyResult, authBlockExtractor); + + } catch ( Exception e) { + Logger.warn("Validation of eID information FAILED. ", e); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + e.getMessage() + }); + + } + + + return false; + + } + + public static Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException { + try { + //parse authBlock into SAML2 Assertion + byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); + Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); + + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); + XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); + + //validate SAML2 Assertion + SAML2Utils.schemeValidation(samlAssertion); + + if (samlAssertion instanceof Assertion) + return (Assertion) samlAssertion; + else + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock is NOT of type SAML2 Assertion" + }); + + } catch (SL20eIDDataValidationException e) { + throw e; + + } catch (SAXException e) { + Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage()); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } catch (Exception e) { + Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage()); + Logger.trace("FullAuthBlock: " + authblockB64); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } + + } + + private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException { + Date signingDate = sigVerifyResult.getSigningDateTime(); + Date notBefore = authBlockExtractor.getAssertionNotBefore(); + Date notOrNotAfter = authBlockExtractor.getAssertionNotOnOrAfter(); + + if (signingDate == null) { + Logger.info("AuthBlock signature contains NO signing data"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock signature contains NO signing data" + }); + + } + + Logger.debug("AuthBlock signing data: " + signingDate.toString()); + + if (notBefore == null || notOrNotAfter == null) { + Logger.info("AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates" + }); + + } + + Logger.debug("AuthBlock valid period." + + " NotBefore:" + notBefore.toString() + + " NotOrNotAfter:" + notOrNotAfter.toString()); + + if ((signingDate.after(notBefore) || signingDate.equals(notBefore)) + && signingDate.before(notOrNotAfter)) + Logger.debug("Signing date validation successfull"); + + + else { + Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock signing date does NOT match to AuthBlock constrains" + }); + + } + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java new file mode 100644 index 000000000..3408cf538 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -0,0 +1,243 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.HttpResponse; +import org.apache.http.NameValuePair; +import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.message.BasicNameValuePair; +import org.jose4j.base64url.Base64Url; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonObject; + +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; +import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; + +@Component("CreateQualeIDRequestTask") +public class CreateQualeIDRequestTask extends AbstractAuthServletTask { + + @Autowired(required=true) private IJOSETools joseTools; + @Autowired private AuthConfiguration moaAuthConfig; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Starting SL2.0 authentication process .... "); + + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, "sl20auth"); + + try { + //get service-provider configuration + ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); + + //get basic configuration parameters + String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext); + if (MiscUtil.isEmpty(vdaQualeIDUrl)) { + Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); + throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); + + } + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, vdaQualeIDUrl); + + + String authBlockId = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID); + if (MiscUtil.isEmpty(authBlockId)) { + Logger.error("NO AuthBlock Template identifier for qualified eID (" + Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID + ")"); + throw new SL20Exception("sl20.03", new Object[]{"NO AuthBlock Template identifier for qualified eID"}); + + } + + //build DataURL for qualified eID response + String dataURL = new DataURLBuilder().buildDataURL( + pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getPendingRequestId()); + + //build qualifiedeID command + Map<String, String> qualifiedeIDParams = new HashMap<String, String>(); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getUniqueIdentifier()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT"); + //qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString()); + + + X509Certificate encCert = null; + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true)) + encCert = joseTools.getEncryptionCertificate(); + else + Logger.info("eID data encryption is disabled by configuration"); + + JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters( + authBlockId, + dataURL, + qualifiedeIDParams, + encCert + ); + + //String qualeIDReqId = UUID.randomUUID().toString(); + String qualeIDReqId = SAML2Utils.getSecureIdentifier(); + String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools); + JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); + + //open http client + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + moaAuthConfig, + vdaQualeIDUrl); + CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( + sslFactory, + moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + + //build http POST request + HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); + List<NameValuePair> parameters = new ArrayList<NameValuePair>();; + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()))); + httpReq.setEntity(new UrlEncodedFormEntity(parameters )); + + //build http GET request +// URIBuilder sl20ReqUri = new URIBuilder(vdaQualeIDUrl); +// sl20ReqUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())); +// HttpGet httpReq = new HttpGet(sl20ReqUri.build()); + + //set native client header + httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); + + Logger.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes())); + + //request VDA + HttpResponse httpResp = httpClient.execute(httpReq); + + //parse response + Logger.info("Receive response from VDA ... "); + JsonObject sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); + VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); + + if (respPayloadContainer.isValidSigned() == null) { + Logger.debug("Receive unsigned payLoad from VDA"); + + } + + JsonObject respPayload = respPayloadContainer.getPayload(); + if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) { + Logger.debug("Find 'redirect' command in VDA response ... "); + JsonObject params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true); + String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true); + JsonObject command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false); + String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false); + + //create forward SL2.0 command + JsonObject sl20Forward = sl20Resp.deepCopy().getAsJsonObject(); + SL20JSONBuilderUtils.addOnlyOnceOfTwo(sl20Forward, + SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + command, signedCommand); + + //store pending request + pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + qualeIDReqId); + requestStoreage.storePendingRequest(pendingReq); + + //forward SL2.0 command + //TODO: maybe add SL2ClientType Header from execution context + SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL); + + } else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false); + if (result == null) + result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); + + String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); + String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); + + Logger.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg); + throw new SL20Exception("sl20.08", new Object[]{errorCode, errorMsg}); + + } else { + //TODO: update to add error handling + Logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()); + throw new SLCommandoParserException("Received an unrecognized command: \" + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()"); + } + + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + + } + + private String extractVDAURLForSpecificOA(ISPConfiguration oaConfig, ExecutionContext executionContext) { + String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); + Map<String, String> endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) { + endPointMap.putAll(KeyValueUtils.convertListToMap( + KeyValueUtils.getListOfCSVValues( + KeyValueUtils.normalizeCSVValueString(spSpecificVDAEndpoints)))); + Logger.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... "); + + } + + Logger.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... "); + + //selection based on request Header + String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) { + String vdaURL = endPointMap.get(sl20VDATypeHeader); + if (MiscUtil.isNotEmpty(vdaURL)) + return vdaURL.trim(); + + else + Logger.info("Can NOT find VDA with Id: " + sl20VDATypeHeader + ". Use default VDA"); + + } + + Logger.info("NO SP specific VDA endpoint found. Use default VDA"); + return endPointMap.getOrDefault(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT, + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java new file mode 100644 index 000000000..fc386b796 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -0,0 +1,323 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.io.IOException; +import java.io.StringWriter; +import java.security.cert.X509Certificate; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.StreamUtils; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; + + +@Component("ReceiveQualeIDTask") +public class ReceiveQualeIDTask extends AbstractAuthServletTask { + + @Autowired(required=true) private IJOSETools joseTools; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + String sl20Result = null; + + try { + Logger.debug("Receiving SL2.0 response process .... "); + JsonObject sl20ReqObj = null; + try { + //get SL2.0 command or result from HTTP request + Map<String, String> reqParams = getParameters(request); + sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + + if (MiscUtil.isEmpty(sl20Result)) { + //Workaround for SIC Handy-Signature, because it sends result in InputStream + String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8"); + if (MiscUtil.isNotEmpty(isReqInput)) { + Logger.info("Use SIC Handy-Signature work-around!"); + sl20Result = isReqInput.substring("slcommand=".length()); + + } else { + Logger.info("NO SL2.0 commando or result FOUND."); + throw new SL20Exception("sl20.04", null); + } + + } + + Logger.trace("Received SL2.0 result: " + sl20Result); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, request.getRemoteAddr()); + + //parse SL2.0 command/result into JSON + try { + JsonParser jsonParser = new JsonParser(); + JsonElement sl20Req = jsonParser.parse(Base64Url.decodeToUtf8String(sl20Result)); + sl20ReqObj = sl20Req.getAsJsonObject(); + + } catch (JsonSyntaxException e) { + Logger.warn("SL2.0 command or result is NOT valid JSON.", e); + Logger.debug("SL2.0 msg: " + sl20Result); + throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); + + } + + //validate reqId with inResponseTo + String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); + if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { + Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + } + + + //validate signature + VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad( + sl20ReqObj, joseTools, + authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); + + if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { + Logger.info("SL20 result from VDA was not valid signed"); + throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); + + } else { + Logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!"); + + } + } + + /*TODO validate certificate by using MOA-SPSS + * currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore + */ + List<X509Certificate> sigCertChain = payLoadContainer.getCertChain(); + + + //extract payloaf + JsonObject payLoad = payLoadContainer.getPayload(); + + //check response type + if (SL20JSONExtractorUtils.getStringValue( + payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) { + Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... "); + + JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( + payLoad, joseTools, + authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true)); + + //extract attributes from result + Map<String, String> eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult); + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + String ccsURL = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL); + String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA); + + + + if (MiscUtil.isEmpty(idlB64) || MiscUtil.isEmpty(authBlockB64) + || MiscUtil.isEmpty(LoA) || MiscUtil.isEmpty(ccsURL)) { + Logger.info("SL20 'qualifiedeID' result does NOT contain all required attributes."); + throw new SLCommandoParserException("SL20 'qualifiedeID' result does NOT contain all required attributes."); + + } + + //cache qualified eID data into pending request + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + idlB64); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + authBlockB64); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, + ccsURL); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, + LoA); + + } else { + Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + } + + + } catch (MOAIDException e) { + Logger.warn("SL2.0 processing error:", e); + if (sl20Result != null) + Logger.debug("Received SL2.0 result: " + sl20Result); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); + + } catch (Exception e) { + Logger.warn("ERROR:", e); + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + if (sl20Result != null) + Logger.debug("Received SL2.0 result: " + sl20Result); + pendingReq.setRawDataToTransaction( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + new TaskExecutionException(pendingReq, e.getMessage(), e)); + + } finally { + //store pending request + requestStoreage.storePendingRequest(pendingReq); + + //write SL2.0 response + if (sl20ReqObj != null) + buildResponse(request, response, sl20ReqObj); + else + buildErrorResponse(request, response, "2000", "General transport Binding error"); + + } + + } catch (Exception e) { + //write internal server errror 500 according to SL2.0 specification, chapter https transport binding + Logger.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e); + if (sl20Result != null) + Logger.debug("Received SL2.0 result: " + sl20Result); + try { + response.sendError(500, "Internal Server Error."); + + } catch (IOException e1) { + Logger.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e); + + } + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + } + + private void buildErrorResponse(HttpServletRequest request, HttpServletResponse response, String errorCode, String errorMsg) throws Exception { + JsonObject error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + null, + error , + null); + + Logger.debug("Client request containts 'native client' header ... "); + Logger.trace("SL20 response to VDA: " + respContainer); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + } + + private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20ReqObj) throws IOException, SL20Exception { + //create response + Map<String, String> reqParameters = new HashMap<String, String>(); + reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); + JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), + SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, + false, + reqParameters); + JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + + //build first redirect command for app + JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + generateICPRedirectURLForDebugging(), + callCommand, null, true); + JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + + //build second redirect command for IDP + JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), + redirectOneCommand, null, true); + JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + + //build generic SL2.0 response container + String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + transactionId, + redirectTwoCommand, + null); + + //workaround for A-Trust + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE) + || true) { + Logger.debug("Client request containts 'native client' header ... "); + Logger.trace("SL20 response to VDA: " + respContainer); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + + } else { + Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + throw new SL20Exception("sl20.06", + new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); + + } + } + + /** + * Generates a IPC redirect URL that is configured on IDP side + * + * @return IPC ReturnURL, or null if no URL is configured + */ + private String generateICPRedirectURLForDebugging() { + final String PATTERN_PENDING_REQ_ID = "#PENDINGREQID#"; + + String ipcRedirectURLConfig = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); + if (MiscUtil.isNotEmpty(ipcRedirectURLConfig)) { + if (ipcRedirectURLConfig.contains(PATTERN_PENDING_REQ_ID)) { + Logger.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... "); + ipcRedirectURLConfig = ipcRedirectURLConfig.replaceAll( + "#PENDINGREQID#", + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + pendingReq.getPendingRequestId()); + + } + + return ipcRedirectURLConfig; + } + + return null; + + } + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java new file mode 100644 index 000000000..6811d1016 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.io.ByteArrayInputStream; +import java.util.Calendar; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.saml2.core.Assertion; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moaspss.logging.Logger; + + +@Component("VerifyQualifiedeIDTask") +public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Verify qualified eID data from SL20 response .... "); + try { + //check if there was an error + TaskExecutionException sl20Error = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + TaskExecutionException.class); + if (sl20Error != null) { + Logger.info("Found SL2.0 error after redirect ... "); + throw sl20Error; + + } + + //get data from pending request + String sl20ReqId = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + String.class); + String idlB64 = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + String.class); + String authBlockB64 = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + String.class); + String ccsURL = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, + String.class); + String LoA = pendingReq.getRawData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, + String.class); + + //parse eID data + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + IVerifiyXMLSignatureResponse authBlockVerificationResult = null; + try { + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + + + //validate eID data + QualifiedeIDVerifier.verifyIdentityLink(idl, + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), + (AuthConfiguration) authConfig); + + authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock( + authBlockB64, + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), + (AuthConfiguration) authConfig); + + QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult); + + //TODO: add LoA verification + + } catch (MOAIDException e) { + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { + Logger.warn("SL20 eID data validation IS DISABLED!!"); + Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e); + + } else + throw e; + + } + + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + + + + //add into session + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + moasession.setIdentityLink(idl); + moasession.setBkuURL(ccsURL); + //TODO: from AuthBlock + if (authBlockVerificationResult != null) + moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime())); + else + moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); + + moasession.setQAALevel(LoA); + + //store pending request + requestStoreage.storePendingRequest(pendingReq); + + } catch (MOAIDException e) { + Logger.warn("ERROR:", e); + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("ERROR:", e); + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..48a3d2450 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20AuthenticationSpringResourceProvider
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml new file mode 100644 index 000000000..a9c9bac8e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml @@ -0,0 +1,37 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + <context:annotation-config /> + + <bean id="sl20AuthModule" class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20AuthenticationModulImpl"> + <property name="priority" value="3" /> + </bean> + + <bean id="SL20SignalServlet" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20SignalServlet"/> + + <bean id="firstJOSETests" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.JsonSecurityUtils"/> + +<!-- Authentication Process Tasks --> + <bean id="CreateQualeIDRequestTask" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.CreateQualeIDRequestTask" + scope="prototype"/> + + <bean id="ReceiveQualeIDResponseTask" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.ReceiveQualeIDTask" + scope="prototype"/> + + <bean id="VerifyQualifiedeIDTask" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks.VerifyQualifiedeIDTask" + scope="prototype"/> + +</beans>
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml new file mode 100644 index 000000000..673144b06 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml @@ -0,0 +1,22 @@ +<?xml version="1.0" encoding="UTF-8"?> +<pd:ProcessDefinition id="SL20Authentication" xmlns:pd="http://reference.e-government.gv.at/namespace/moa/process/definition/v1"> + + <pd:Task id="createQualifiedeIDRequest" class="CreateQualeIDRequestTask" /> + <pd:Task id="receiveQualifiedeID" class="ReceiveQualeIDResponseTask" async="true"/> + <pd:Task id="verifyQualifiedeIDTask" class="VerifyQualifiedeIDTask" async="true"/> + <pd:Task id="userRestrictionTask" class="UserRestrictionTask" /> + <pd:Task id="finalizeAuthentication" class="FinalizeAuthenticationTask" /> + + <pd:StartEvent id="start" /> + <pd:Transition from="start" to="createQualifiedeIDRequest" /> + <pd:Transition from="createQualifiedeIDRequest" to="receiveQualifiedeID" /> + <pd:Transition from="receiveQualifiedeID" to="verifyQualifiedeIDTask" /> + <pd:Transition from="verifyQualifiedeIDTask" to="userRestrictionTask" /> + <pd:Transition from="userRestrictionTask" to="finalizeAuthentication" /> + <pd:Transition from="finalizeAuthentication" to="end" /> + + + + <pd:EndEvent id="end" /> + +</pd:ProcessDefinition> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java new file mode 100644 index 000000000..35f1d0052 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -0,0 +1,51 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.opensaml.xml.ConfigurationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context.xml") +public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { + + @Autowired IJOSETools joseTools; + + + @Before + public void init() throws IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException, SL20Exception { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); + JsonParser jsonParser = new JsonParser(); + JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); + + //JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); + VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true); +// JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); + JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true); + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_2ac94139a4451f7ef0893a5b823aff16"; + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java new file mode 100644 index 000000000..419142c7d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -0,0 +1,43 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.opensaml.xml.ConfigurationException; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/SpringTest-context.xml" }) +public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { + + @Before + public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json"))); + JsonParser jsonParser = new JsonParser(); + JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject(); + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getAsJsonObject(), "result", true); + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_57010b7fcc93cc4cf3f2b764389137c2"; + } + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java new file mode 100644 index 000000000..1c41b22fd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +//import java.io.IOException; +//import java.io.InputStreamReader; +// +//import org.apache.commons.io.IOUtils; +//import org.junit.Before; +//import org.junit.runner.RunWith; +//import org.opensaml.xml.ConfigurationException; +//import org.springframework.test.context.ContextConfiguration; +//import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +// +//import com.google.gson.JsonElement; +//import com.google.gson.JsonParser; +// +//import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +//import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +//@RunWith(SpringJUnit4ClassRunner.class) +//@ContextConfiguration({ "/SpringTest-context.xml" }) +//public class EIDDataVerifier_SIC extends eIDDataVerifierTest { +// +// @Before +// public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { +// String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_sic.json"))); +// JsonParser jsonParser = new JsonParser(); +// JsonElement result = jsonParser.parse(eIDDataString).getAsJsonObject(); +// +// eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); +// if (eIDData == null || eIDData.isEmpty()) +// throw new SLCommandoParserException("Can not load eID data"); +// +// } +// +// @Override +// protected String getSl20ReqId() { +// return "_40972fd777c59da1ebeed2b8d633a300"; +// } +// +// +//} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java new file mode 100644 index 000000000..fe12e9b76 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -0,0 +1,439 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; + +import java.io.IOException; +import java.net.URI; +import java.net.URL; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IStorkConfig; +import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + +public class DummyAuthConfig implements AuthConfiguration { + + private boolean requireAuthBlockQC = true; + + + + public void setRequireAuthBlockQC(boolean requireAuthBlockQC) { + this.requireAuthBlockQC = requireAuthBlockQC; + } + + @Override + public String getRootConfigFileDir() { + try { + return new java.io.File( "." ).getCanonicalPath(); + + } catch (IOException e) { + return null; + + } + } + + @Override + public String getDefaultChainingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getTrustedCACertificates() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isTrustmanagerrevoationchecking() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getActiveProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralPVP2ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralOAuth20ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ProtocolAllowed getAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map<String, String> getConfigurationWithPrefix(String Prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationWithKey(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBasicConfiguration(String key) { + if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID.equals(key)) + return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key)) + return "/src/test/resources/sl20.jks"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD.equals(key)) + return "password"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS.equals(key)) + return "sl20signing"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD.equals(key)) + return "password"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS.equals(key)) + return "sl20encryption"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD.equals(key)) + return "password"; + + else + return null; + } + + @Override + public String getBasicConfiguration(String key, String defaultValue) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getTransactionTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOCreatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOUpdatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getAlternativeSourceID() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getLegacyAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten"; + else + return "MOAIDBuergerkarteAuthentisierungsDaten"; + } + + @Override + public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkartePersonenbindungMitTestkarten"; + else + return "MOAIDBuergerkartePersonenbindung"; + } + + @Override + public List<String> getTransformsInfos() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getSLRequestTemplates() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSLRequestTemplates(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getDefaultBKUURLs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultBKUURL(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOTagetIdentifier() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOSpecialText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOASessionEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOAConfigurationEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIdentityLinkResigning() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getIdentityLinkResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isMonitoringActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getMonitoringTestIdentityLinkURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMonitoringMessageSuccess() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isAdvancedLoggingActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getPublicURLPrefix() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isVirtualIDPsEnabled() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPVP2AssertionEncryptionActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isCertifiacteQCActive() { + return this.requireAuthBlockQC; + } + + @Override + public IStorkConfig getStorkConfig() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDocumentServiceUrl() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isStorkFakeIdLActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getStorkFakeIdLCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getStorkNoSignatureCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getStorkFakeIdLResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPVPSchemaValidationActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Map<String, String> getConfigurationWithWildCard(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<Integer> getDefaultRevisionsLogEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isHTTPAuthAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getRevocationMethodOrder() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + // TODO Auto-generated method stub + return false; + } + + @Override + public URI getConfigurationFilePath() { + // TODO Auto-generated method stub + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getFullConfigurationProperties() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(String arg0) throws EAAFConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public <T> T getServiceProviderConfiguration(String arg0, Class<T> arg1) throws EAAFConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String validateIDPURL(URL arg0) throws EAAFException { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java new file mode 100644 index 000000000..69e3e7995 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -0,0 +1,326 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; + +import java.security.PrivateKey; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +public class DummyOA implements IOAAuthParameters { + + @Override + public Map<String, String> getFullConfiguration() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationValue(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPublicURLPrefix() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInderfederationIDP() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isSTORKPVPGateway() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRemovePBKFromAuthBlock() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public SAML1ConfigurationParameters getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean useSSO() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection<StorkAttribute> getRequestedSTORKAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Collection<CPEPS> getPepsList() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIDPAttributQueryServiceURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isTestCredentialEnabled() { + return true; + } + + @Override + public List<String> getTestCredentialOIDs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isUseIDLTestTrustStore() { + return true; + } + + @Override + public boolean isUseAuthBlockTestTestStore() { + return true; + } + + @Override + public PrivateKey getBPKDecBpkDecryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection<StorkAttributeProviderPlugin> getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<Integer> getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> foreignbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationValue(String arg0, String arg1) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getUniqueIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Boolean isConfigurationValue(String arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isConfigurationValue(String arg0, boolean arg1) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java new file mode 100644 index 000000000..20ff41fe7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -0,0 +1,147 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.util.Map; + +import org.junit.BeforeClass; +import org.junit.Test; +import org.opensaml.DefaultBootstrap; +import org.opensaml.saml2.core.Assertion; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +public abstract class eIDDataVerifierTest { + + protected Map<String, String> eIDData = null; + + @Autowired DummyAuthConfig authConfig; + + @BeforeClass + public static void moaSPSSInitialize() throws ConfigurationException, org.opensaml.xml.ConfigurationException, IOException { + Logger.info("Loading Java security providers."); + //System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); + String current = new java.io.File( "." ).getCanonicalPath(); + System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); + + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + DefaultBootstrap.bootstrap(); + + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + Logger.debug("Starting MOA-SPSS initialization process ... "); + Configurator.getInstance().init(); + Logger.info("MOA-SPSS initialization complete "); + + } catch (MOAException e) { + Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new ConfigurationException("config.10", new Object[] { e + .toString() }, e); + } + + } + + @Test + public void dummyTest() throws Exception { + + + } + + @Test + public void parseIdl() throws Exception { + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + //IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); + if (idl == null) + throw new Exception("IDL parsing FAILED"); + + } + + @Test + public void verifyIdl() throws Exception { + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); +// IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); + + if (idl == null) + throw new Exception("IDL parsing FAILED"); + + IOAAuthParameters dummyOA = new DummyOA(); + QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , authConfig); + + } + + @Test + public void parseAuthBlock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + new AssertionAttributeExtractor(authBlock); + + } + + + + @Test + public void verifyAuthBlock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + IOAAuthParameters dummyOA = new DummyOA(); + authConfig.setRequireAuthBlockQC(false); + QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , authConfig); + authConfig.setRequireAuthBlockQC(true); + + } + + @Test + public void checkIDLAgainstAuthblock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, new DummyOA() , authConfig); + QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult); + + + + } + + protected abstract String getSl20ReqId(); +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml new file mode 100644 index 000000000..c1f185208 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml @@ -0,0 +1,18 @@ +<?xml version="1.0" encoding="UTF-8"?> +<beans xmlns="http://www.springframework.org/schema/beans" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xmlns:context="http://www.springframework.org/schema/context" + xmlns:tx="http://www.springframework.org/schema/tx" + xmlns:aop="http://www.springframework.org/schema/aop" + xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd + http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd + http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd + http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + + <bean id="firstJOSETests" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.JsonSecurityUtils"/> + + <bean id="DummyAuthConfig" + class="at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig"/> +</beans> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml new file mode 100644 index 000000000..0840ecd94 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml @@ -0,0 +1,90 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper--> +<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> +<cfg:Common> + <cfg:PermitExternalUris> + <cfg:BlackListUri> + <cfg:IP>192.168</cfg:IP> + </cfg:BlackListUri> + </cfg:PermitExternalUris> + </cfg:Common> + <cfg:SignatureVerification> + <cfg:CertificateValidation> + <cfg:PathConstruction> + <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates> + <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess> + <cfg:CertificateStore> + <cfg:DirectoryStore> + <cfg:Location>certstore</cfg:Location> + </cfg:DirectoryStore> + </cfg:CertificateStore> + </cfg:PathConstruction> + <cfg:PathValidation> + <cfg:ChainingMode> + <cfg:DefaultMode>pkix</cfg:DefaultMode> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName> + <dsig:X509SerialNumber>536</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + <cfg:TrustAnchor> + <cfg:Identification> + <dsig:X509IssuerName>C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1</dsig:X509IssuerName> + <dsig:X509SerialNumber>376503867878755617282523408360935024869</dsig:X509SerialNumber> + </cfg:Identification> + <cfg:Mode>chaining</cfg:Mode> + </cfg:TrustAnchor> + </cfg:ChainingMode> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + <cfg:TrustProfile> + <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id> + <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation> + </cfg:TrustProfile> + + </cfg:PathValidation> + <cfg:RevocationChecking> + <cfg:EnableChecking>false</cfg:EnableChecking> + <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge> + <cfg:ServiceOrder> + <cfg:Service>CRL</cfg:Service> + <cfg:Service>OCSP</cfg:Service> + </cfg:ServiceOrder> + <cfg:Archiving> + <cfg:EnableArchiving>false</cfg:EnableArchiving> + <cfg:ArchiveDuration>365</cfg:ArchiveDuration> + <cfg:Archive> + <cfg:DatabaseArchive> + <cfg:JDBCURL>jdbc:url</cfg:JDBCURL> + <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName> + </cfg:DatabaseArchive> + </cfg:Archive> + </cfg:Archiving> + </cfg:RevocationChecking> + </cfg:CertificateValidation> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_SIC</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_SIC.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + <cfg:VerifyTransformsInfoProfile> + <cfg:Id>SL20Authblock_v1.0_OWN</cfg:Id> + <cfg:Location>profiles/SL20_authblock_v1.0_own.xml</cfg:Location> + </cfg:VerifyTransformsInfoProfile> + </cfg:SignatureVerification> +</cfg:MOAConfiguration> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD Binary files differnew file mode 100644 index 000000000..61bfd22bc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 Binary files differnew file mode 100644 index 000000000..55707d69f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 Binary files differnew file mode 100644 index 000000000..815f53d95 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 Binary files differnew file mode 100644 index 000000000..882753986 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A Binary files differnew file mode 100644 index 000000000..f28aa4b8e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 Binary files differnew file mode 100644 index 000000000..6e17b9db5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 Binary files differnew file mode 100644 index 000000000..911640d0e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE Binary files differnew file mode 100644 index 000000000..1bb449441 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D Binary files differnew file mode 100644 index 000000000..807fa786c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 Binary files differnew file mode 100644 index 000000000..b2a1e145f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 Binary files differnew file mode 100644 index 000000000..22d64fb5f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C Binary files differnew file mode 100644 index 000000000..8588ce58a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 Binary files differnew file mode 100644 index 000000000..7bbf658e9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E Binary files differnew file mode 100644 index 000000000..2fa45b280 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 Binary files differnew file mode 100644 index 000000000..c79d3e6b0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 Binary files differnew file mode 100644 index 000000000..01965769d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 Binary files differnew file mode 100644 index 000000000..5026d395f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 Binary files differnew file mode 100644 index 000000000..9b2ee0fc6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 Binary files differnew file mode 100644 index 000000000..9d2132e7f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F Binary files differnew file mode 100644 index 000000000..c34d0f380 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 Binary files differnew file mode 100644 index 000000000..d894e92ca --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D Binary files differnew file mode 100644 index 000000000..380486f65 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E Binary files differnew file mode 100644 index 000000000..0f0db03b3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E Binary files differnew file mode 100644 index 000000000..39e377edf --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 Binary files differnew file mode 100644 index 000000000..0a1fcff85 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C Binary files differnew file mode 100644 index 000000000..61d346a8f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 Binary files differnew file mode 100644 index 000000000..9ae7ffa0c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 Binary files differnew file mode 100644 index 000000000..a68ae2db7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 Binary files differnew file mode 100644 index 000000000..28cb48bb0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E Binary files differnew file mode 100644 index 000000000..c9da41583 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 Binary files differnew file mode 100644 index 000000000..28fbdf42f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 Binary files differnew file mode 100644 index 000000000..b9a0e5a61 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 Binary files differnew file mode 100644 index 000000000..24d1795f5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 Binary files differnew file mode 100644 index 000000000..6da18c620 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 Binary files differnew file mode 100644 index 000000000..3a274af3c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F Binary files differnew file mode 100644 index 000000000..3beb4529a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 Binary files differnew file mode 100644 index 000000000..da38ce028 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 Binary files differnew file mode 100644 index 000000000..7e9fd5b0b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 Binary files differnew file mode 100644 index 000000000..41dc7c553 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F Binary files differnew file mode 100644 index 000000000..b596d82e3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D Binary files differnew file mode 100644 index 000000000..4adc3b7ec --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 Binary files differnew file mode 100644 index 000000000..1e4f22777 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 Binary files differnew file mode 100644 index 000000000..fe561ad6a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA Binary files differnew file mode 100644 index 000000000..5205ec519 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 Binary files differnew file mode 100644 index 000000000..10a1f7141 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 Binary files differnew file mode 100644 index 000000000..dae019650 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E Binary files differnew file mode 100644 index 000000000..b9fe1280c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 Binary files differnew file mode 100644 index 000000000..ea1585a6e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 Binary files differnew file mode 100644 index 000000000..0c2494a4b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 Binary files differnew file mode 100644 index 000000000..424f849a1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B Binary files differnew file mode 100644 index 000000000..06b40aa67 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E Binary files differnew file mode 100644 index 000000000..3be7b6a06 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E Binary files differnew file mode 100644 index 000000000..b2beddaa5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 Binary files differnew file mode 100644 index 000000000..73553b996 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 Binary files differnew file mode 100644 index 000000000..6368a6cc6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 Binary files differnew file mode 100644 index 000000000..08d7b28e2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE Binary files differnew file mode 100644 index 000000000..e47d2b8ba --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA Binary files differnew file mode 100644 index 000000000..5168e1af0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D Binary files differnew file mode 100644 index 000000000..c5bcc42e2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A Binary files differnew file mode 100644 index 000000000..3c7775b6e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A Binary files differnew file mode 100644 index 000000000..b6f39e354 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 Binary files differnew file mode 100644 index 000000000..f9fef65fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F Binary files differnew file mode 100644 index 000000000..69de75609 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE Binary files differnew file mode 100644 index 000000000..efa28178e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 Binary files differnew file mode 100644 index 000000000..8c434777e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 Binary files differnew file mode 100644 index 000000000..b7d4b08a6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 Binary files differnew file mode 100644 index 000000000..89cfe44fd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C Binary files differnew file mode 100644 index 000000000..d9d633e32 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE Binary files differnew file mode 100644 index 000000000..c3fc91352 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 Binary files differnew file mode 100644 index 000000000..640918641 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A Binary files differnew file mode 100644 index 000000000..ad13d7b28 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B Binary files differnew file mode 100644 index 000000000..d361d919f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 Binary files differnew file mode 100644 index 000000000..69a8e4872 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D Binary files differnew file mode 100644 index 000000000..1a3106742 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 Binary files differnew file mode 100644 index 000000000..558ce15e3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D Binary files differnew file mode 100644 index 000000000..0bab77032 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F Binary files differnew file mode 100644 index 000000000..b60dea248 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 Binary files differnew file mode 100644 index 000000000..ac2e3c2b4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C Binary files differnew file mode 100644 index 000000000..4dd2c49bf --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 Binary files differnew file mode 100644 index 000000000..1bfd4d661 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 Binary files differnew file mode 100644 index 000000000..c478bf0fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 Binary files differnew file mode 100644 index 000000000..09bd4626c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 Binary files differnew file mode 100644 index 000000000..592c96230 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 Binary files differnew file mode 100644 index 000000000..c171b6d31 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB Binary files differnew file mode 100644 index 000000000..6f97837a2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 Binary files differnew file mode 100644 index 000000000..d7799119f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B Binary files differnew file mode 100644 index 000000000..508f7f076 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B Binary files differnew file mode 100644 index 000000000..c0feb0d0e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 Binary files differnew file mode 100644 index 000000000..ebfbce9a0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 Binary files differnew file mode 100644 index 000000000..5c75689fb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB Binary files differnew file mode 100644 index 000000000..e08466c5a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E Binary files differnew file mode 100644 index 000000000..ed5ba194c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA Binary files differnew file mode 100644 index 000000000..bc5ed1e62 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B Binary files differnew file mode 100644 index 000000000..cb519b7eb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 Binary files differnew file mode 100644 index 000000000..f2bbe24c8 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 Binary files differnew file mode 100644 index 000000000..a592bd280 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 Binary files differnew file mode 100644 index 000000000..6114ab414 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 Binary files differnew file mode 100644 index 000000000..beff53663 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 Binary files differnew file mode 100644 index 000000000..60405d6be --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 Binary files differnew file mode 100644 index 000000000..4132c67c9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 Binary files differnew file mode 100644 index 000000000..36c381da7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE Binary files differnew file mode 100644 index 000000000..e20156afc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A Binary files differnew file mode 100644 index 000000000..6f92cf716 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 Binary files differnew file mode 100644 index 000000000..0cba97eec --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD Binary files differnew file mode 100644 index 000000000..1de8f2cdf --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 Binary files differnew file mode 100644 index 000000000..23d9533dc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 Binary files differnew file mode 100644 index 000000000..a7948e488 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE Binary files differnew file mode 100644 index 000000000..c4d97cda3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 Binary files differnew file mode 100644 index 000000000..a63cd9ad4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 Binary files differnew file mode 100644 index 000000000..f5e70ea0f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 Binary files differnew file mode 100644 index 000000000..a5e651f86 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B Binary files differnew file mode 100644 index 000000000..b15880c29 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA Binary files differnew file mode 100644 index 000000000..d53dce92b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE Binary files differnew file mode 100644 index 000000000..5375c57c3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 Binary files differnew file mode 100644 index 000000000..7085c5ac9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 Binary files differnew file mode 100644 index 000000000..97dc187db --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 Binary files differnew file mode 100644 index 000000000..ad5d7dea1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B Binary files differnew file mode 100644 index 000000000..2bf4ad712 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E Binary files differnew file mode 100644 index 000000000..c3363a922 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC Binary files differnew file mode 100644 index 000000000..750c08573 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 Binary files differnew file mode 100644 index 000000000..069640ffc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 Binary files differnew file mode 100644 index 000000000..391ffc14d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C Binary files differnew file mode 100644 index 000000000..255c513af --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 Binary files differnew file mode 100644 index 000000000..6225c0ca7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 Binary files differnew file mode 100644 index 000000000..83aeb1fce --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 Binary files differnew file mode 100644 index 000000000..f8a8957ac --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 Binary files differnew file mode 100644 index 000000000..6bbb4b5a3 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 Binary files differnew file mode 100644 index 000000000..3536bd3cd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D Binary files differnew file mode 100644 index 000000000..8e513a9f0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA Binary files differnew file mode 100644 index 000000000..8ddc7d79b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 Binary files differnew file mode 100644 index 000000000..c9fd41f7f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 Binary files differnew file mode 100644 index 000000000..61a7ccb15 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 Binary files differnew file mode 100644 index 000000000..e4bd48dac --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A Binary files differnew file mode 100644 index 000000000..f6df0f4fd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 Binary files differnew file mode 100644 index 000000000..0668256a9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 Binary files differnew file mode 100644 index 000000000..46d4477ab --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C Binary files differnew file mode 100644 index 000000000..4989f3e73 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 Binary files differnew file mode 100644 index 000000000..7c6adedf5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 Binary files differnew file mode 100644 index 000000000..70f5b7c91 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A Binary files differnew file mode 100644 index 000000000..141b05ef4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Binary files differnew file mode 100644 index 000000000..95500f6bd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC Binary files differnew file mode 100644 index 000000000..87d8b52d4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 Binary files differnew file mode 100644 index 000000000..91acd396a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A Binary files differnew file mode 100644 index 000000000..b5f5fa6ca --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 Binary files differnew file mode 100644 index 000000000..abeb964dd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 Binary files differnew file mode 100644 index 000000000..34c8cf8a5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE Binary files differnew file mode 100644 index 000000000..cc35ba691 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B Binary files differnew file mode 100644 index 000000000..783dd271a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC Binary files differnew file mode 100644 index 000000000..74c4ce3b8 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 Binary files differnew file mode 100644 index 000000000..f3cf5e676 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC Binary files differnew file mode 100644 index 000000000..fc5bd433b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 Binary files differnew file mode 100644 index 000000000..0a8de4bb9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 Binary files differnew file mode 100644 index 000000000..d2e7db667 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 Binary files differnew file mode 100644 index 000000000..f2f1c6562 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 Binary files differnew file mode 100644 index 000000000..476a3efb2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 Binary files differnew file mode 100644 index 000000000..5c88b668a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 Binary files differnew file mode 100644 index 000000000..38c2de589 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B Binary files differnew file mode 100644 index 000000000..f1d7b6a28 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD Binary files differnew file mode 100644 index 000000000..c1b90c0f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E Binary files differnew file mode 100644 index 000000000..3c77b90d2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 Binary files differnew file mode 100644 index 000000000..29d93550e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F Binary files differnew file mode 100644 index 000000000..2a88295a7 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 Binary files differnew file mode 100644 index 000000000..84a1690d2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 Binary files differnew file mode 100644 index 000000000..0dc186019 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 Binary files differnew file mode 100644 index 000000000..a699436ca --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 Binary files differnew file mode 100644 index 000000000..05a8b86f9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA Binary files differnew file mode 100644 index 000000000..836ba3767 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B Binary files differnew file mode 100644 index 000000000..87b13faaa --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F Binary files differnew file mode 100644 index 000000000..f1c03d688 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 Binary files differnew file mode 100644 index 000000000..781d1e4f2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B Binary files differnew file mode 100644 index 000000000..8286cabbc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B Binary files differnew file mode 100644 index 000000000..a0148f63b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C Binary files differnew file mode 100644 index 000000000..42a64da07 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C Binary files differnew file mode 100644 index 000000000..277b6083a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 Binary files differnew file mode 100644 index 000000000..afe6fdf09 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF Binary files differnew file mode 100644 index 000000000..d71177a4e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 000000000..e67b1f5ce --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default" /><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue" /></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue" /></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue" /></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)" /><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)" /></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)" /><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)" /></td></tr><tr><td class="italicstyle">TransaktionsToken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID" /></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue" /></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience" /></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter" /></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml new file mode 100644 index 000000000..741013cd1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml @@ -0,0 +1,8 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xmlns:xml="http://www.w3.org/XML/1998/namespace" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></ds:Transform><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms></VerifyTransformsInfoProfile> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml new file mode 100644 index 000000000..517f6437c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml @@ -0,0 +1,11 @@ +<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> + <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="saml2" version="1.0" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"><xsl:output method="xml" xml:space="default"/><xsl:template xmlns="http://www.w3.org/1999/xhtml" match="/"><html xmlns="http://www.w3.org/1999/xhtml"><head><title>Signatur der Anmeldedaten</title><style media="screen" type="text/css"> + .normalstyle { font-size: medium; } + .italicstyle { font-size: medium; font-style: italic; } + .titlestyle { text-decoration:underline; font-weight:bold; font-size: medium; } + .h4style { font-size: large; } + .hidden {display: none; } + </style></head><body><h4 class="h4style">Anmeldedaten:</h4><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue)"><tr><td class="italicstyle">Vorname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:2.5.4.42']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue)"><tr><td class="italicstyle">Nachname: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.20']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.55']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle">Vollmacht: </td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Identifikator: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderUniqueId']/saml2:AttributeValue"/></td></tr><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue)"><tr><td class="italicstyle">Name: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderFriendlyName']/saml2:AttributeValue"/></td></tr></xsl:if><xsl:if test="string(/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue)"><tr><td class="italicstyle">Staat: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='http://eid.gv.at/eID/attributes/ServiceProviderCountryCode']/saml2:AttributeValue"/></td></tr></xsl:if></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(/saml2:Assertion/@IssueInstant,18,2)"/></td></tr><tr><td class="italicstyle">TransaktionsTokken: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/@ID"/></td></tr><xsl:if test="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"><tr><td class="italicstyle"> + Vollmachten-Referenz: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:oid:1.2.40.0.10.2.1.1.261.90']/saml2:AttributeValue"/></td></tr></xsl:if><tr class="hidden"><td class="italicstyle">DataURL: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/saml2:AudienceRestriction/saml2:Audience"/></td></tr><xsl:if test="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"><tr class="hidden"><td class="italicstyle">AuthBlockValidTo: </td><td class="normalstyle"><xsl:value-of select="/saml2:Assertion/saml2:Conditions/@NotOnOrAfter"/></td></tr></xsl:if></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform> + <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> + </dsig:Transforms></VerifyTransformsInfoProfile> diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..d361d919f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ad13d7b28 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..b6f39e354 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9fef65fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer Binary files differnew file mode 100644 index 000000000..3c7775b6e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer Binary files differnew file mode 100644 index 000000000..01965769d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer Binary files differnew file mode 100644 index 000000000..b9a0e5a61 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt new file mode 100644 index 000000000..9befb53fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt +MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B +AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv +YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt +cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b +DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk +hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP +IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A +e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ +67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG +36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t +zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky +zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi +v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S +nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B +o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM +TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6 +czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ +/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB +0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ +YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j +uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw +0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs +p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi +lm2dyCqZ9RUD5ZN2YRntJoo= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..b7d4b08a6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..69de75609 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..8c434777e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..efa28178e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt new file mode 100644 index 000000000..203c416fe --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGfzCCBGegAwIBAgIHAJZY0iYXUjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQG +EwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5IG9m +IFRlY2hub2xvZ3kxDTALBgNVBAsTBElBSUsxIjAgBgNVBAMTGUlBSUsgVGVzdCBJ +bnRlcm1lZGlhdGUgQ0EwHhcNMTgwNTI4MTQ0NTIxWhcNMjEwNTI4MTQ0NTIxWjAw +MQwwCgYDVQQqEwNFaWQxDTALBgNVBAQTBFRlc3QxETAPBgNVBAMTCEVpZCBUZXN0 +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKs+u9OdjFmRGF1Cbsa+XSuvzPoIG +pPtcJs+4thMbCubwSQMvUOssrCzrC1Ji9YVxeqHs3DU2RDEosoSUROJH3KOCAyAw +ggMcMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMIIBNgYIKwYBBQUHAQEE +ggEoMIIBJDCBggYIKwYBBQUHMAKGdmxkYXA6Ly9jYXBzby10ZXN0LmlhaWsudHVn +cmF6LmF0OjEzODkvY249aWFpay10ZXN0LWludGVybWVkaWF0ZS1jYSxvdT1wa2ks +ZGM9aWFpayxkYz10dWdyYXosZGM9YXQ/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnkwUAYI +KwYBBQUHMAKGRGh0dHA6Ly9jYXBzby10ZXN0LmlhaWsudHVncmF6LmF0L2NlcnRz +L2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEsGCCsGAQUFBzABhj9odHRw +Oi8vY2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdC9vY3NwL2lhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2EwHwYDVR0jBBgwFoAUedgPAoHlywvut/xEv9Nn+hCGURIwgaAG +A1UdIASBmDCBlTCBkgYMKwYBBAGVEgECBwEBMIGBMH8GCCsGAQUFBwICMHMMcVRo +aXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBieSBhICoqY29weSoqIG9mIGFuIElB +SUsgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgYW5kIG1heSBiZSB1c2VkIGZvciB0ZXN0 +IHB1cnBvc2VzIG9ubHkuMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYJsZGFwOi8v +Y2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdDoxMzg5L2NuPWlhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2Esb3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRp +ZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5hkNodHRwOi8vY2Fwc28tdGVzdC5p +YWlrLnR1Z3Jhei5hdC9jcmxzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY3Js +MB0GA1UdDgQWBBSOwKEfd5HkkkiziZBb5Yj4HWy1DDANBgkqhkiG9w0BAQsFAAOC +AgEAAjjDMSWxbUHvklPKS4xTJJV7Bl5Gy++/LZ39Mb8ZCgjIsGIP9w3hhz0kfi4z +Iz6hvf/Yx9zlKZ/wRIU8R4iygqQSY5Zm28WKVm3Vbhfs4ewN4FJTP8w8LgUSHJ02 +V+JIHtUt5i9U2a/I01bmzIIfBYL0IW8s1K3VMAzADyHDGW/U6h9ck7dayw8OWi8t +NT4tnKX4mEhH6z2kUPnv7fqFlSRrD0uqkeKZad3A1a155S0Dgj1cZmNjR4sRhQhh +gba/EGuHNyEXchVasIITohORuJV9BAq4CckbSLo/qCSf+uiQUJm336LwavjGZked +O/auvRTETctPipjdONSxF/jbjAQ3fmYR/VqvoCm6K3ZgWTzxk0S4mfarrwooDvlE +rkSnrlLf+D6EyQt9LCw/i5LvH/+E+ZQ4AKwTHmJok4xdSgywyNrxsciZrvUGgwe9 +n+CV3IzEymYfL28qykKWpqbPTlSHqa3SlImdl8ywJI4hAW7mzZDp4OjhibRydJsR +7uiFnfhIKMTDicnZGgPZZqIuS4qGwYBszU77R+XmwmZqZBkNP88eYW1qnxCFGEtI +OiiETwO4zxXFF21CeB06PEwRCVgebBg0zBnX+hIsT/nJqwHK8I0Yh24BCudESUC2 +gE9xrujrk3e7r+lOqbYbzeWRJnXILg+SnflzC9kS3LxRfJI= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer Binary files differnew file mode 100644 index 000000000..911640d0e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer Binary files differnew file mode 100644 index 000000000..1bb449441 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer Binary files differnew file mode 100644 index 000000000..1bb449441 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt new file mode 100644 index 000000000..803b30eb1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIEOWntwTANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC +QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg +aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1U +ZXN0LVF1YWwtMDIxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1RdWFsLTAyMB4XDTE0 +MTEyNDE0NDkxN1oXDTI0MTExODEzNDkxN1owgaExCzAJBgNVBAYTAkFUMUgwRgYD +VQQKDD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0 +ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsMGmEtc2lnbi1QcmVtaXVtLVRl +c3QtU2lnLTAyMSMwIQYDVQQDDBphLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANwJSfWpRaziThddTTup72Cl +tlXl8oc7HQoK2SWsYQwZGAd5nJZbwbI4K8VFKlNnK72Zl8UhmQ2FxhzS6u+Q+qEz +JOM2xTfA2NB6A9/KFpTJXUjvCHgRvW16EEF9YpYXxKTSK+QrYCXAC5rL6SuYOzgA +7Q1ivq+zLbyXxroux2zVEBIiaBGpZhOHGDFJk6h/4QelIqzd2TIDCRzvhmLDVmhq +X2C1NQb5kZuMgrxxOhG5Cr1F8solkwyu43JiM+apY4bZJVQBwi9ATBMz5tfdoLRs +lQy1BCQ4X+b6u/2856gucU+1e/wa5pB9Ff0eP+xy+j2DZOXLNd8m/IQvnshjNusC +AwEAAaNLMEkwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIRgafjkGOFb0wEwYD +VR0jBAwwCoAIQg8xWXA9iecwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA +A4IBAQBq/owq5eGvhxegchLvnMjPnE9gTYIHEvMq8DN6h2J7pTEhKG2o09LLn/pN +HWRjKENU/LqZBIAJ5zebm5XqzB631BYcuu1abyPFfpMdAL9X4zFuDvg9EGaTir2c +81XaBYzVSLN7fxmNLKSmMwUt0JQQyqpe3V9iyoBE/WcQyKmKaEp7mCZsGFBm6KmJ +gqD6TPb7X9bWUr3yx6Z5gek71f3vQi69m1x811azXlxu1i/XFnVpzxkrKRXJWC+w +nQRxXmU7YnMzYPOA7UOpUG6J+7tYi29hY3EpMgyXM/T/BL5MdyzBefbPVzLHng5z +VaXNpO0ENCrlUyi1m3Yd/7QPDdJM +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt new file mode 100644 index 000000000..ee17cdb80 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS +BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp +gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR +cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls +5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d +s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka +hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE +/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 +kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh +5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu +IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj +AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 +3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy +8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG +x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM +tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 +76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra +nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN +sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp +FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy +Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq +C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 +85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK +6MsTXFjxlwpIacl4fkAxk6L22xfB +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer Binary files differnew file mode 100644 index 000000000..cac44093a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer Binary files differnew file mode 100644 index 000000000..32893db7f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer new file mode 100644 index 000000000..60bc9a557 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT +VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx +NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK +DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g +RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx +HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B +kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV +HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8 +fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK +shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61 +0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB +/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ +IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g +zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc +d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh +eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq +/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..d361d919f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ad13d7b28 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9f27442b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..b6f39e354 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..f9fef65fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer Binary files differnew file mode 100644 index 000000000..3c7775b6e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..ab9e0cd7d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer Binary files differnew file mode 100644 index 000000000..01965769d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer Binary files differnew file mode 100644 index 000000000..b9a0e5a61 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..b7d4b08a6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..289fc2198 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..69de75609 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..8c434777e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer Binary files differnew file mode 100644 index 000000000..efa28178e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der Binary files differnew file mode 100644 index 000000000..3be7b6a06 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer Binary files differnew file mode 100644 index 000000000..afe6fdf09 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer Binary files differnew file mode 100644 index 000000000..36a442b89 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer Binary files differnew file mode 100644 index 000000000..54f809962 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer new file mode 100644 index 000000000..2284687bb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy +OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM +EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj +lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ +znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH +2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 +k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs +2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD +VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1 +hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br +cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm +FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ +tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s +FJ6N46sU7LjJLqSKYEB8usoIiw== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer Binary files differnew file mode 100644 index 000000000..33e776369 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer Binary files differnew file mode 100644 index 000000000..277b6083a --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt new file mode 100644 index 000000000..b2de9da56 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHajCCBVKgAwIBAgIGRUnF8D5SMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYT +AkFUMQ0wCwYDVQQHEwRHcmF6MSYwJAYDVQQKEx1HcmF6IFVuaXZlcnNpdHkgb2Yg +VGVjaG5vbG9neTENMAsGA1UECxMESUFJSzEiMCAGA1UEAxMZSUFJSyBUZXN0IElu +dGVybWVkaWF0ZSBDQTAeFw0xNjA4MjUxMzA4MzhaFw0xOTA4MjUxMzA4MzhaMIH8 +MQswCQYDVQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2 +ZXJzaXR5IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBw +bGllZCBJbmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEa +MBgGA1UEBBMRU2lnbmF0dXJlIFNlcnZpY2UxHjAcBgNVBCoTFVNlcnZlckJLVSBE +ZXZlbG9wbWVudDEwMC4GA1UEAxMnU2VydmVyQktVIERldmVsb3BtZW50IFNpZ25h +dHVyZSBTZXJ2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd/3 +9il61ghIH781wRGg5m+12MRxFB/eKLTn8Aj3YpTmI9+4CTG8ESmu20i/d+mRc/Bg +5tzvITi+964gIsovynCdU9QEwWF9SKTQ7vjTMfkTWDll+KfSWjO71l7Dm9F/dRVW +xKcx1j6oSxbnYZio3UBsSF+vfEz7cJz2DzAgAtM9s/2wSiYyWwfQMQcgEgA4uWtW +/7vre8FDgxxtA3XOV7IgKoEfFA2c7a6gVGUjN90OWxn4ZdDGpjDY9mAnEJS2rQoZ +EnkI47rfx35FrEPt7Rdc5mTSwDvbJqLlxkCUrPi+CV/esMxryX4+mivaghxVy3GT +SpTxf2IAgX2uX2VbUwIDAQABo4ICdDCCAnAwDgYDVR0PAQH/BAQDAgeAMAwGA1Ud +EwEB/wQCMAAwggEXBggrBgEFBQcBAQSCAQkwggEFMHcGCCsGAQUFBzAChmtsZGFw +Oi8vbGRhcC5pYWlrLnR1Z3Jhei5hdC9jbj1pYWlrLXRlc3QtaW50ZXJtZWRpYXRl +LWNhLG91PXBraSxkYz1pYWlrLGRjPXR1Z3JheixkYz1hdD9jQUNlcnRpZmljYXRl +O2JpbmFyeTBIBggrBgEFBQcwAoY8aHR0cDovL2NhLmlhaWsudHVncmF6LmF0L2Nl +cnRzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEAGCCsGAQUFBzABhjRo +dHRwOi8vb2NzcC5pYWlrLnR1Z3Jhei5hdC9pYWlrLXRlc3QtaW50ZXJtZWRpYXRl +LWNhMB8GA1UdIwQYMBaAFEJur6/qQSp/lFcFhYLgkUYhyVdCMBkGA1UdIAQSMBAw +DgYMKwYBBAGVEgECBwEBMIHKBgNVHR8EgcIwgb8wgbyggbmggbaGd2xkYXA6Ly9s +ZGFwLmlhaWsudHVncmF6LmF0L2NuPWlhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2Es +b3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRpZmljYXRlUmV2b2Nh +dGlvbkxpc3Q7YmluYXJ5hjtodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY3Jscy9p +YWlrLXRlc3QtaW50ZXJtZWRpYXRlLWNhLmNybDANBgcqKAAKAQcBBAIFADAdBgNV +HQ4EFgQUCGcmNEgrFLwredMpRpa/34jEqY8wDQYJKoZIhvcNAQELBQADggIBAIAg +/Ft+vM0DUKKipcF2xSZCweqEr6bF9I8FruxKyHg4WcWiUvFs96Wkwj/GA8YMJkjE +SKad1nP+hFjiraYU6dSfpOnAUJyLV0q5DM8Y0cl8GDqazE2kNGNzjmH9HvGY9CWp +vwF8htBnBX8N4Evw2t86eD4V507k2Ev8JOPWKifZwO0OCnPkkBfq30H5GVm9JA8W +joEXYQzzX2TBYrxqkWNosAsN9StcOvv9sfTTtW+ozK5/VPvAp9SUOjC5Eww7BuKq +yBxDrTSQ8hlfW2j8cMtCmg00LISnspiq8PdvIWktDO0sriyh3YuIIUx86OE9rBcG +20qr9s2oXYzVxq+T6hIEzDC1v/sPbpeYFdU6DW7bz/3ObPcKjkGD7J06ZDZFbgXr +aucr01ZFjdgBcdH0UzmsIaAMG+HY5RU99AZ5bP5RH+DbSTZLlcm8Zzne5/b0rN+a +2Q1ctptQnaPlZYQMcTSqXcbM7Umzn4LgnOedjfAcp8Pk0r+bZojrzFGuoi9fqkqe +qTup+PkGj+I8D+pOG/sSMaPx/gPZ4llO9v17VGHKH+OyGIsefwd+jXhMTJMdt5kO +6fLyTFF1MP4Ld64pRuboagZqe3dmy9HCy7AVnq9dIl/BlhLjhLSTYWvwtduh33WV +qegwBldr6P9vuJTsOrre7bRvkA+VnuZhlNW9AC1/ +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt new file mode 100644 index 000000000..d69dc044e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIJAJav+zeqU/DMMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV +BAYTAkFUMQ0wCwYDVQQKEwRFR0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYw +JAYDVQQDFB1UZXN0X1NvZnR3YXJlY2FyZHNfSURMX1NpZ25lcjAeFw0xNjEwMTgx +MDM5MDdaFw0xOTA3MTQxMDM5MDdaMFwxCzAJBgNVBAYTAkFUMQ0wCwYDVQQKEwRF +R0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYwJAYDVQQDFB1UZXN0X1NvZnR3 +YXJlY2FyZHNfSURMX1NpZ25lcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBALkLgt+MFTxLfRzcEIZ0bycIFg7g/HPN7QWIZ67bHzrb6ehebzF9VinzDZXC +kfKWdUJbkNSuWKWrp2X62f7oGhdqK0yFc+Dlo+OpIDgQiWCpBfKJo8cPWsiAmNuT +xWVagU5faI1h7xvvOVMybWe92nivfqLOuEx6WvX/UoIawRHV2VmPGFgZocM5G0X6 +bUVEpqxAa3qOIlRr0poB+RA0PA86hRpRYal/Or93D8BfQH5l8zV9QcvPe/KeJSpJ +HgGWmEs593LtNuA1Rv1iDpuu10y7C2FeMBvcUpRkR7WAj7vIYVtQILXCh1FhfN1b +Hg6xLVTyshlgUn7ARQJYoJ3togdGamDRlnKU2rXN9j88Tw6fAdcCvWbWVtjy8pNj +WLkVJMlFWdfO6/5LAva1HxROMhFx7QOPhOzemetCtT2fI4FTAk9Vyf9wTUQOL8sq +K73t1A419lYS8WuUCzHDxLujLiTuwoIUgzMN/bqMEZrogPLY2Kj4vmZMZ4gU2PU7 +Yw+Xfang3+/yK1gYNEebpdvPi8SVUAnus/Cfmdwdn9O/naWiBpjc06GJvMbegjxw +oPBM5c0SkCR5xCaygZL2OBpRMKgdfrk4k0pj5ZUm+mtrOGojtRZJEZQCBpVPk1yD +3L4/Z4AZofOo8dSkUR+xJN0oKnIdfndvBxNF4sxY4IwOvFRrAgMBAAGjKTAnMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgWgMA0GByooAAoBBwEEAgUAMA0GCSqGSIb3DQEB +CwUAA4ICAQBcED7tE8qmAwFBdhyoz1D8yodEZmmdXZwksA/kI+o+5wQs6Y/qvw7j ++eBvlctyXCXWh1eFeb/FaiA5Cpoak8Nc/oY7T/yBj5gfKHlNqVT1owaBkHsEYMBv +aUXxyDCbnFMznJfkxjbvFbQdd1hceJht8Dx+ikpB6MJHqHIEry0WWgf3JdN5PErr +ATndjBE4BaTZ2q6sCv+SdK60Mk0mYA6l6nSC9eB8G9C4bA1cQEOu6+FPmFzSkiIF +temA1tjQnhxKZZigzxIN3EQAnq/23jf+CkxAt5GkpUjqF5bqKI1nerJOgn4Jm5j6 +sPZGpGllzHLBaybfY63Az4sERC28OlqFw1vxQs4hWIWNWEAMF3Oz4+pYg4OIIh5C +Nr1aqJgssWfOZrX2KSz2vqrZoU67zq84MQcJTSmgKVBb9OnrC5tYn5YVUlydPPjr +Um0iHlWC0MFiIgSzx6Ti2HnPgc0UHsA6IpSTo+UufYYNDiFCssRbu4r0/Syq4MP3 +ghYXdP9Tj0FISz2TvM6YQfzHej94bZcVNwnF4pWEnGZtBbNVvJRw9iJHHkDWLiYM +1B73zs7+pA8YgKqExDHXc1Shou5HvSuTXSmaTMUHrCkhotHfpqYhrJiAmJ+OftNv +6oxMPfNhZg01eOotm1J+WV2mJbgcPTNSC1ONcSFdQ5vZZLL24J2Hcw== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer Binary files differnew file mode 100644 index 000000000..592c96230 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer Binary files differnew file mode 100644 index 000000000..a699436ca --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer Binary files differnew file mode 100644 index 000000000..e4bd48dac --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer Binary files differnew file mode 100644 index 000000000..61a7ccb15 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer Binary files differnew file mode 100644 index 000000000..ebfbce9a0 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt new file mode 100644 index 000000000..fda99f2bd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer Binary files differnew file mode 100644 index 000000000..afe6fdf09 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer Binary files differnew file mode 100644 index 000000000..376d0753f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer Binary files differnew file mode 100644 index 000000000..592c96230 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer Binary files differnew file mode 100644 index 000000000..61a7ccb15 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer Binary files differnew file mode 100644 index 000000000..5171276f4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks Binary files differnew file mode 100644 index 000000000..a976d286b --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json new file mode 100644 index 000000000..221ab5351 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -0,0 +1,6 @@ +{ + "v": 10, + "respID": "NavkR2BWuvroWkIKWhAQ", + "inResponseTo": "_2ac94139a4451f7ef0893a5b823aff16", + "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAiZW5jcnlwdGVkUmVzdWx0IjogImV5SmhiR2NpT2lKU1UwRXRUMEZGVUMweU5UWWlMQ0psYm1NaU9pSkJNalUyUjBOTklpd2lZM1I1SWpvaVlYQndiR2xqWVhScGIyNHZjMnd5TGpBN2NtVnpkV3gwSWl3aWVEVjBJMU15TlRZaU9pSlJkRjl5UjNKalRWQm1jamxmYWpsaWRFTndhVXAyUTFWMmFVSlFSbFZqYzJwbWRsaGhVWGhJYmpkdkluMC5RQ1BLOHZrZzlvSkprUk5OTmR2cVE4V0hvTk1Id3hrRExlMEVFcmN3UDJHTVROM3gtR0Y4MFVoQno0Z3VrOFVFcXpqaFM0S09XOXVVbEdkdEJ2eVdlczNPaUM0SUQ3eFNmVDF6Z3R4QnlDcHJLOFQyREZTa1VqS1JpVGpqOHoyUWlWXy1NbzJKOVJmVl9LMWNseVQyTTNFdnNjMUQtNWkyS0dzbW9tcWlsVkpqaFhZSlZkZllBRFZVQ0pycnJFTms3YUNwZWxTWU4wZ1hGU2VNRUNyRWp3Y0lkaHM2TW5fU2JiUnRJTnVSUmF6aEZEM1Fhb2lKcjFTdy0zS0JUV19fUThKTlhkQW9KdkFqcmFvUTlMNk9JTEhwOGlVQUMtbVVGbDJ6bmVQYnBoTnktSlNzV2NzVlBpVG5HYzdKNDNyaEtvZlJTWmZQUmVxWlRQYi1ncXZCS3cuazNqZUprWXJucEZMUmdfY3dZZ09zN2QzQWRVWnpmTjM3YTROeW9aY214MC4yWUg0M0lzTWNsVFBuTGZMVGc2TjVlcjVQSmdmMlFmRWE0bGg1dFdxSlJHdUdPRUw3TVVUMDZLMTVxUV9jTWZ6M01XVnRDV0lSNE8xOG5yMVZtN3M1cWZjRUlmQVpTRk52OWo2SXViNkVTeUtDeWk2YktaM0VDWURxbS1ZMjZETk1GWU4zeFMwOG9UV3ZPbWprR0Rqb21xdzBUcjB4RF9saHBRZlhReTJ1WWZZSDBlc21NY1BnS3lyRmF5NzZnV3VQeWxBS1lXbzd2WVB0UmxMR3AteWZ0eDFVMGFQU1BCbE5sOTlxb2Vzdm9BVTFrSXh1aU94Q1BYVTBqYWZJamF6MklDT253QW9qV2xrVlJWeDE2TENEUEF2d256Ty1vbHR3eUNBNmNzbXZYN1VvVlAydFZLdVVGVnJRUVFkNTFsOGc4dmxpb2pwMjlMV3ZSdjJTeDR5UG84TS1qOGw3UlV6SlhwZzNsZV96WGJfOFRfYUpra0d3YWE2UV9hV0ZDQl9ISkRGYkUzbDJzeEtBeHYtYUd0QzhwVVp4RnppNHB5YUVMd25QVUhpalE5UnpRUm0tY3RlTUpZM0NhMHlpMXl3eERudGRic3JSQzJvdG84aTMtRnIwWWo3R0t1THBvZ1hHT0RLX1p2X3FoNFdIZTBjRkxZUUNuLVNUSEJtaVo0SHBxTU8ydXlmeGpSYUxqN29KUXRSdXJ2NjNvMGJpeWxtNTVqMHg3eGhrSDlPR3liTUtaWVE3cE04bnYyblg3ejhJTXZRdkl4UU5heWNQVlJycWFtNERVMDJCQ1VlWVc2T0x2TEg1bmtMaTRmeUhoQXJtdXA5R3JFU1BHeGRlcW1PcTRYeTMyNlE3MUNNMU14TUN2ZXdoU3R6RzBWZnFnTHJjSHl2bndSdW9sRnE2SVlsZU9mZ0JMOVNUR2M1WWxuUU05UTJYS3RabVVkMUk2VVhMS0UwbzYzU0JIbFFHSVlJaVBYMy1VYnMwcEtLLWJfbGhMNkszT29Pdkw1V3Q1OGljV2FCbFJqb25VbEQ1eGR2b0dLTjNZVmRxWDVSZ3BIUnQxMHVHcDN3cER5S3RYTy1OTWJjaVVTUURQMVlNMFZScE9oZVN6Nk15Vmx5eEZhMWxKNEVpVXRhYk5jYWMwMHJUaHdqMkpSWkJRUGlvb01YVk9mTmxGN2xGdm5UN2liQWNVTTNJcHo5bW1XM3VEQzFxNEUyd1p1bWk0aWloenBlRkNjZTRPVkZWYU1pMGxNaW44VnZNejVYRW1QMFlISFNGRS1LaExuZVdMeXlFYlBzendhU0I3ODdXTUNkZ1JmRU9PakdLVHAtWkNQeE5jUXY0ODVFSElEOWpzV29nRVBxZERoU0czSWRhT1ViY2EwOXJ6a2xQaWlqaTlaeE1lVml5dUd6M3dkc001Y3pmalRHT3BXM0hQOHlwM2JuYUVLMTJBdDNuTTZvUkdGekJLNmc5RDl4eTl0c1BiMkF6MFozc1hzV2RpbzVJV2J5UjhNWk5PdGlNOWxmYU5MMFY4X21ueGlrdWxlSExIaXlQc1JIZUotb2NSOFE3YWh1ZGJfX3Rkb0dFN1R4dC16U0tPZHllcWtOUll5cVd2MFByZloxTFp1bkNCMFZqeEFtVUt6N3RrWGpxeVFQZlFsc2dmblJ1blBhMGVvZHJvZEkzV0dYQmlkSUVjWkxHbjM4bEZyUWVJUkdfNG1hMmpteGp4NURFdXN5OGdqcEl4TElvZkxGQTZXWEtvU1pwWV9sMUxVQzJ2RzkxWGt1R2o0ODB6Z1NzcWFyN2NUd3ZUWnh3M1hqamtJTVFuS1RKa0s4QnByNnpqdEdJTTF4VEc3Ti1iUklhYWE1VHFjbGhGc0dMTmJTU3Y0a21EU19TX0x2cF80cWFHcWNjTHJGZlh0eE8zTnRXaFNpdXZzX0tsN1VfQmxIemZYV0lNQ1lZNlI1SDI2dWpRZ0ZEenpkV1pQVTBxM1hVdlltY2FXUHdMV1JWU2IyTVFjZnd2NThYSl82cUVxLVhaQjU5NHRaR294SlI3TmQwRFhqV1l1dVVTNExTYXBubnZ3eHRpTUF6X0diMjBwTmNBS3UwbDJGb1Etb0ZwQno0LUNRdVlZbE9pUVZhRjQwN0xlVUpWSFR6cG1USWdlZV92Z0VTUmtqTjY3RUowbVBtZDJQU01mVnZwXzBmLTZYN2NRSDlCOUdET05COHJXUFJLZnJBYkNBNWxaZkFSZHFkMnUxTTA0TDZjNW52OGh6NmptdnpIMEExSjJIMWNpT2I2QldoM0daNzd2NTlKZUxEZ0hoRDh5ZjRSOUdNSEo2dHlFMmpsVmZTd2lSc1JjMVhQS0Q1WTl4aWRoZDdKYWV1MmptakgxVXk0aXNrN3BjTDItWkxTOS1rZ0tFNlBxUVliQmI0U1lqN044UXdMQmVodkM2RzVYYjAyaFlGWUNpUzhIV3Z4djRpZTBjb0RkZmR0QVEyZDFpQUt0VlBBTW1saVRCZ1g0RGU3bW9oeGRRRVpTbG4wY3RRRDJsTzV3RVIzRnlkejN6M0lLbW56eXBXZnNkSHh5ZF8zUWM2b0RDZnlSV1NJVW5BQmdhQmV4ZmI1RUhXQ3NOeDVXUFI0ZE9mdDdrTWdBay1NNGI0NnAwSE1ieDdYamZ4U1NnUVprZmZRalZraXFUR1FGajVXS2hNS3h4YlVpRHZKa0laeEVCbWJiYVBQeXNjRXVxUHZvc3J2VjFadWtiWU01TWpobV9qMmk3RHBJNzIxMXRZdG1VZWZ2Sy1jUmp5TU5rN0dxb1kzRFdobWE3WXhHN1FlMmY5U1paemhOZlJ2T2lSak9TX3ZrTXFjUnB2bnlhN1lsc3lYZi1fVi1TNDU2SkVKeHFKNm03UDdkS0ZKTVdxQnlEb0NLWkJBdjB2TXRWem5JamhPa0oyS1o2dW9VdjlWcXg4NXBUaU5XWGEtYjhZelB4TkFTVS1IWWh1bUxLZE9jS01veGt1UENzcURaMzY3d2xpS1g0NFJCbW5fTGpTWjFqSmxNelByQVJyMlh1ZUtHbTVBQkNDSjBWclNhX1QtM2lNT2IyV0RVOE9EUFo2MHFmRklzTGRkRHk2QXk1c0RqbDZFa1RKc2hqZmNacXN0Ti1rc0kyN3d1VDYxVEh4dXRnS2tNWHZ0NFhoM3B0VGgtdVJGdWJmYy13cm90M0JXdXRzMjFnaGpkbk44VDd5TWJRaFNxd0N4anlYSXZWZXJoVEtKWkZ3aWQtTUVFLXE1VVhKQTN2R2FoWmlSN19XalEzX0NjM2dWLUgxLVAxZDhidnI3dTJURlRRam5CV0l6YXFIVW1QbWRyMzJoX1lkYWtpelQyNVlJNGkwMzJweE53cmFzdG0zY1BWa0tacnJCX1llSE1La005dm1QaThiSkhicGFSOFBkUTVuQk1XSkJkaUVuUTdoYVpPazRrWEltNXNyelJNVWhhRGxJaHR2T3hFUVRpMVd0RXdzcjd0OGl3YVdyekRaTXpGRVY0Uy11WUsyanhJeTJleW5CRXFzd2lBMTBnWVo4ZXhCSjJDU0VXM3lQeUhUWFIxN2lBZTdXUkJpYUhoNElXUnBJalI4MHExRjlRd0hVeEhQenJoSEFXN0JFLUVBU0xEMG1YN3hCWi05a094S1E3VjNNSXBIOFFhck1qRmJRelJRX0Ftb1E4eDdCMUdZLXBUeGdzMWduOVFxLUpRTU5peFhZSWdhM2dJQnV2ZE9GQjlQZXl0V3FpT18wV2Z1dVpHb1dkcEY4NFBoNjZlMEdCa0NuYjRkVnZyaHlZNlRvRXVzbTNtTFR5SVB4UWNTd3NnR0VQSHN2eUpxclpwdzNHVkppXzVfNUZqakNuMjhwSTVQTllEVE85aFNGYmhNcDNqMEdBam40NXpJUEYwdTlCa1Fick9WTFZrS1VCbEdHaWd2N3lSNWlvd1F2UjRvX05BX1ZVYWxndV93SWxVRXZZVC1Ba2hodzZJSFp0Q3lJYTd1aHJ0eV94TEYyX3lHRG1zRnZkZFBfeG5jY1dZVF92LXdIYm03NDVObmtoN2xVMlhrRUxkMVQ3bkVfb2p3aFlwWmhyUVNjanBfbUdSRmFuU2ZxOFVYNU9rZVh3bm4yTEVRQmJFOWEwak13ZE92M1FnZU5zYjIxd1I1QVE2RC1pNnRhaGxqWHVDMjBSbVFaTWs5Y1JPRE5abFNYUVZBQzhqTTEwb2lpRFJzdklWTXZjQWp1ZnBLbGNzdFFHdnlXZmZlQjNKbkFtYTRueFUyeVlYeHFyMWRkZEpQbVZ6c01xek4xbWNnZHFLWERHX0R3dGdCMUNNczJVd0tGaVoxQ2lpSk5vN3hPOEdaT3M1TzZncFpKMFh6cjFudFU4UUpYNXhoQlZUM3BRVFU1bUZ6SFNwdExkTU5ueTFjS2RITmMzQVlyUi1CdEdUVXV1Qnc2eERKbS0tT1FjS0RqMUJxSkxmMG01ekpqNlBKNHFQTXpWOEFHSDRrRzcwRHQ2bHI0eEJrQTM2MkpoN3B1eGFsWWh2aHJoR2UtOUhHVWZPNzZwVUlTS2o1WlplQXFfUWp0aTVVdzZGWU55bUM3ZWVUeDFPQUtsN012V1lUaVJiLVlLVHlNck5yY3V5RTRXWGtlVjBhQTllX09JQncxeHNpU25SQkYwTVJtbnpuX3J2NC1kNWtSSWNGc0xWenlHbzZaNFUzNk1odTB2a1R2MlRIU0pYc1ZEdzhvSWpEVUg3UFo4UDZrdEFmSmlLZXZ4cnZZdWw0Y2daaGxhNFBnUDVNR1RmYXlZdGZJU2NBbHZ0TG5pNDA3OG1ITmNoVTcyc2dheGtndERsSUhiVUpqdDlpZEZFR2dPcmdvODllMV83N2VxWklYaFlPdUpoOGVfUlhRd1o2bThOQjdvV1lWeDg3bmx4X1VKdFplZ090dGxnYUhwNXRWVEdPTk5jeUdtZENMU3lvRzZ1c1VRd0VqeFBGc1NTSXU5V0FwMTliOERzTWMxdzN1cGxIZnRMUXlnUDBzUXNRUG1FdndxOEpZc00wcjRfRENPcTJkcENvS1pUTlRDQkx3X0V6N3NzXzZpY1ZkWWhHekRpbUdZTWNOanZXcGQ3Q3pNczdkV1RjN2ZVeHVDWmstTmRwMUhvajVXTGJQd3cxWnVNOTBHWTZUVU4wMmdsVXZObEJ3Z2tTa1doclhDMU8wOXlGMFQ3akZMV3g5akMzY0VZSmhzTmxVbWVSeWdXalROajJQeE9WTDRTdHNZTXBUOS1VemxnSEZEbTdxZ3lMdlZhVGcyM0lWLW9LT3lraUkyT1Y0RG9PcndfR0hlMTlsdEQ0b1ZsMXRrQ2h6WDlVR3h1TTJJM0o2b1Q2Z25kN0FNdmRscUgyZkFQb0NfVHUzSUNFM1dRQXAtTFBVTm5lUkdJbnduR1Z2aVZmb1dUVzQwVVRadUlPNkdwOEJDUF9lZVFEYUVnV0VCUC1pV2M5bjZ5dW05LWhCbDNHS09YVlhnOXJsaHJSdDY4RkE4Qmt0WE9NaWZud29pNXR6Ry0tMTFPZVFmakRGbmJNUlh1WEpoT1RSLWNVYXZLQlV3RmFFc3pZdGJjQURmdTVJeC1lWHY5ZlM5d1pkZElOcHpzT3ZZb0t2cEd6MjVnNktxTjRXelF6bjY3WEhvbGs0VVMzVmRjRnYtQ3g1ZmV5MXlpXzFDc05acVlPSVZYaXRHRk1wdHZ1aThPLVp4Z3dhRDV3Ymh3TnpBbS1FTkhKRFNyV2Y3X1pwYTl0RUI1ZGM0SjdGbnpwX2xVcTQ4RkxlZGRuSmVoNnJhMzkyckh3NlpyQTJDUktsc3hlWTBZdGJwM1lyMXd2RWlYY0xZYTF4OWhBMnozM0V1aGFhUXFqWnBJQ2lYdXVxc21ZeklnVGU1WVZ6ekhZOGVkVGFCUE11QWdrMkFZTHQxZHhETGdndlJ4MXN6cUE1c3RUNEpFZEtXbGs3ZnFIeHJIOGoxdTNwTjNCaS1LTXdNekJ4bjNEZERncTV1ZTFPY2g1d3VmLWlhVHhnZVdfNmV0eGkxNWJ3Uko2STRuSUxTVGk0bG9aUDFTa0ZCVkR4el9FODg3Q0I1ckN4ZnhjY0kxRGsxSmlRWEFqNGtEMF9mRWRxRkllbnpnMWZ3VzBETkN3U2R5ampiNWlmSlk0cVZ2Y0dBSHpoX1dBOUFlYmw1eHcteGpqTkloZGplTEwtbzZ1aHdwLVZBSXE2SEtWMVFIZl9QMWEyNjR3NnBTZENHdGdvYjEweHdpZTA1SFY2R3g2MnI2ak81TE9QUHpkVldvbWJxTEUtZVJ5bVM5eE1JOWl4RG94dWhjcXh6bUZ1cU1mLUxlMjU1d0g0ODEyemVBSi1QTDBjU3FTdjNfXzUwRGRQMldVVHRHMmR1aTNlcDR0VkNObkVINlZFUnY0bUd6QUNwX2stZjlVcWVHTnoyejR6QnRWUGhKWi1rVUEtZ29uUnhKSEFUcU1iOWd0dWFpV2hIWk9mcEZaQi1EZnRuMks1MXZRaXZWWWx0Y1UyRzRYSDRMekJhRldjUjBZMEdVWk10SGxsMXVWSmdqZWVXYnBMaFE3Q3B2Q1djVjhlNlhsQ19BeWEzX2NnV2VNb2M2OG9GV3FBa040TFJ2blhLb0E1M0syRWdmNmhYcXFFLWhMM1RDRW5VQWhaNUkwVWVENnN5X25ndDJsSGV5ekRNT0Q1ZEpuLVpZdm1GZWdEMFlmd0FyWDlETnhrVExfelhzT1hzNERMWlhJMmJxUG5RU1dtbXdmQ2xkNFU2VlZhYklTdFVhdDE5eTYtTjZzMzJTelAtNm9QQUMyYWNqOWQ3c2ZoWHowR1JzNlVEM2ltdlF5MmNWbzg3MVhyX085OENFNENTZEM3cUFNSEM4TE9vTVB0ZWtNaGpkN1dXdW9BUWtUb3FzUkdRUzlRNDQycWNjeEhtVWhMYm0tYUFIXzBBR0dKY0psY09ObmlZY3p2dzFTSHRtZERiWU1BUFBqQ0FHWXlFT2NBUDNueTZEeTd1Zzh4c1QtZkZHNnUwTnZ3Y2RXSndTVHI0R2Y2Y3BtbXkzQTRwYk9wS1ZpdWJoYVJiMkxRb0pOanlxa2h2aTZVMDU3UFIzTkZiSEhSS2xPT19SVWhCMEotenFvWnVPb3NTdjk2RjZNZl9HSlpCUVZVcTBrQWI0dkVlNU95ZXg1aEcwSFVSMWtYZXB5Y0p0RG9FbmdqcWZqUmp3YW9HcTdJLXgtaV9qZjV6NXlNV0FqRkpkOGhiblV1WnB3ZG5iVGhLX2pHRXhWeW9zby1TM3BNQUM1dnA5MzR5MS1zbVo1ZXA1UW5xUGg4YUV4V0pfcVF1NGU4cnEyMzVtRFNmVGJOd1B1TTFJVElhWHAyaTA1aUZ1UVZPcEliOGpuUGNMN1Jua0dLMHV0TkhQOERJLW9HSFpiM2dVQWV0VHRINmwxUk9xZ0FFRkktVHQzVXlxQmotSVZmZ3QwRGNDbmNoYWlQUFhiSExjMjJSYm1jR2JjTjk4UWpQSlRSZDNjRDEyN2hLQVZIS010YWtiS0x3cV9abmpCZjlqMDZuVnZvWi1fc1RMNEZZSkhSRWJpLXhOcmw2SHBqOFMtRFZRRUpNMXlLLVRBUWI0UDR2X05uWU51R1dVTlhYYUh3bmNOcVFseWM1N3pJYWVkdzFUdm5UR0gwUDR1end5MWFnZFlXVWFXODE5c01ISVhBNWJmTzNEZDFSZVlUUzJjZ1NTaGwyclUwSUtrY3NsRlJqX1BicUt4RzJYSXlNdE01ZG9Eb2FONENFNHFfQmxNZjhXTENvNG5WLVVSRll3eVM1bVdkVWtSZzJJMWhJcXA1UGJyaHptUGI0RFBSclE2dWlNd1hXY3oxN3lOa1daYTRNTThIUW1EeVRwTC00eUJlREU2MmZwQlMzWkZERWxKVE9UMThRaXQ3Ny1PdTFjODl1V3EtVmhkRmd6UTBhT0Z1T0RyY2RmSlpEclJ2M2NXeHBvSG80SHp5Y3lsYlpFd21PS1FxdmhQN2NDRGJYbEFObGlPV1ZkRzZYeTQ3QWRIS2luYUhELXN0eWJGRnVHUl9KLXVibi1BVmhsYzI3bVlzbDl1X2VDbVpSWGE0bkFTa2YyYWNONFd2em9YWTJlZzFrNi1Qbld2bnZDeEVLVW9iRi1kdS1EY09nQWxSdnZzcGlweFRTS3FaNGZpeHBfdUJxYnlDOWR0YkJZTnBLNUM5dU8xQ3JVaE9iQWlMbC1NNVgwWGt1TjNYVzJ4TEpZWFhaenhGbkh4d2w1VlFpQXZDWEVlZTZaTXd1N0NZNVNqOVpkeXJfQV9uUExyQldHX0hvUEtlV0laWEQ3a21nVWVJYWQ5dUxrOWUwbjl6Mmx1elowWEF1YlJEOTIyRUYxLTlpR1VGUjQxdE1qX0JldDRhQi1aTW9YVDZGNGxKd0gwT2lLaERkUmpDRDFBazF1aEhjLVZjTDQtMUJHN3U0cVE4VWtWcWlnMFlldmlNaVJOTFZxMkwzTU83ekZEUnN0SURXamVZSDZkRFNqcF9hZVFhWDZXR0owZW9nSmxPUGNTTUZldjRCZm5pSGFOMHp6RmFaNHJjQ01wTUZwUHZCcHMyVmhhRHo4NVdnSUpxV2lNM2UyWEt3YVEta3pqU2J0T0EyVmNhQ2VKMjc1UTVmUkVvTDZ3WkoyQUYwVGo2OURpdnRWNnVfVFpTbGNjSHg5OWNHWWdtYTFQWnJMRy0yVTJiYkFfMG03azRzSUdYVmlJb0VyU3dEUThEU2tYcG5ZNDRLQXdFVkQwMTJaT0s2dWlsSVpsSlFHQmRCWENDa3JOeXRfUDk2ZlpzckotQkQyNzJFYUdiVWZVSkJqNkc1NU1DZnFFQnFCV3hWSlR1M3Y3QVA4R1pWeEEzREgzTFB2TEU5OFkxYW1yZlNrdmxieHlCQTVmb3ZDQ3NUMUI5WUJlZlhDZ0JULXZ4SjE4NkluYnA2eFpZbWd4YTVCcE1vLWt0RmZTcnRyNXNGNlgxV2JIaDlmQUY2emNta29kQ05CNXNaZnhvRnJzNlB5YVc5dF9yMjZZcFJmYnpLUGl6SjZlOXlyQ0tucmRaU1BNaVdBcnJJamtzWURDeExQWGZEaGlES05wbms1emwtTGRXWGVvR1VncmxnZ1V4Sm0zYnRnZzVDdFZYUTVfN0lxVUVibk5oMldMc2tlRzNQbW9zWjFjRWp4UmRiZzNBcTRWU0c2ZkU4ajRRSmloM1ZzTWgyUDVlUmFuRlF3STFJeUQ0ZzY2T3dIcEZ6Q1ViSTk1WEZ1VjNRMFc0TjNxaUhMR3BPaTEtWFdEUWhQc2FwTnhadkpKbW5FcjhoOVZyNGYxNzhZelFCUnNXTUVkOEhtdkFJYjN3UkFXOWxMUFRNMVJkR0V6ekNPUDBCQ3VnaEcteVdGcFNEMG9tSzdVN0otRWJzVHVGSHVEX0NlaEd2U1RJUDV2bS1BeTJ5LXBFT0daaVBCSk5HeWlTYktuRVI2WkpQbW1PUXpBNTQ2ck9xaDFDTmo0OXBuZjByaldKM2xXSDRhaGxsemFweGtqSWhDMDdqM20wSlZZcl9ZNWFkS3VkbV9SSDA3bHpRRzJJRXY3YzZnT3JwR2pYeXVOeUUwWkFfMHVrT2xRVG1icENpS1BJNWprUzZ0MXNtNVItQk44TGJDTlR6QjlCSk9SZGt2WmRESWhMa3BUak9aRnU4Wk9raWFPZUx6cTZRNHVBZVhoYlo4MldVQnY3OC1NbDNIVzZiMkswREQ3cE9lZ19LOVBRZGxaVnFiRzAycXc0WDRwOXBiUmV6S2tQMFYxdzhXQnNMdkdkbWp5Y2h2RnBiSDJwZkZHNzJtdGhoeTVBVjg1dmRDVU5ZYldBd3RsSTFiM1Y5SVZoMzRzWEtjUHowYWhKdV80N0dmNm40ZDlsQVc0c0VRTWtoTDQ5NjZwTno4eGczeHdWZVBQUndTNU9SdWU0TGNCWEdzYXZ6cHFCYnVIQ182ZGJ5VFJSZlRBOEVObWNzUWJrMzBGenNXR1VLS0Rmb2N2WWx1bjR3amZ5cVlQWkE0Skhja1liUnNZS2llUnNFTTZVRUFrMGNOQkUzRVlueHZnU3JtRWtqdHJQR2lheE15U05QNWR4S19oVEVDZTJoNWxpSVVKaThJYUpSc1g5YWR1VHFGRVowMmdQamhwTFY5TU9JTjRYZ0d5S2hhMnhxdVFfM3A2RkxXaUljVlJiR1lTS1I3cDFIXzI0OGYwOVVnUGtuRV83ZlBrQWFnamFfQWxqV2xHX2F3UXhCOWpGTGNHNldIU2p2ckpWOTRZOFQyV3VDYU15WHpMZFUtaWhpeXBYajB6N0doRk1UUktUVlBqbGZ2UEtJMEVBdUM4U1J5dVFkYXd5MzVGbTVpSGFsbnNTY25TOU9GdENzeVRxamkwNWt0OURpRU92Y01qcldEOVFrQm1aUzJrNWg3QzZFS1dWR0sxeWVOZjQ4YmpqSGZMWmswTjlRQ0dIRDhFeVY3NHhmV1BWUWNfQmd4SzBRMDV0VUlYTFZOV1g1WlVySFh4MVFtVWc3RlhhejR2cmVCZUp4enhSSnJaZjBWWlEzNDFPNG95Sk5KN3ZWc2dVcU5Rc1Z5dFdKNkVKRC1pTWJBZVZkeXM4OTk2UmY1LU9XcVhsUUs3dVVJbVZmMjBxTDJpMHlVY3NmX3ctUFM3dDJnNVh6Vk1feUlXZmVSSE9obTJ4Mzh5UUY0dGROelBtMjNsSkNXc0VuOTBhSXBJdFBraVk2T2FCTG5tdzByNWNpNi1ZR2xocWk0cmxVSDI2TnFvTUZNeGRqQ29kVzFHb0VkdUw3T19VbzJib1dIaGUtTUF1YzVxR2R0RVhac3BCTGd6WG0wOVdpaWF3OXhWSUYzQU5DbE1pZXRobXRBQ0pRd2pNeC1rckdTZmtyX25ScmwweEh3ZlJwajIwX2VWdHdKX2xLcUh5Q1FzT0ZHemlLWU5tVDhDbXU0enV6dXhRc2sxVVZmbkJ5SVBGOTFNSEFPZUo0RGVaMHNyZjM5UFZLd0I1RjNpcW1QSmYxVE1jUXluZFlYbFpITzh4SnlIZWhRVWJDTlNoX0hMeHpCVF9CX3B5T2d0N3l5V2c5ZmNLTUtodUtJaTFhTXJsb2FNaTEwN2xXY09OTWdQbTdOSWJURjRyOUUySi1oU0lEWlFrb0tCQkoteno3TUpvRnMyTjh0OWxqSW1IRGFrUnhYV016TFFKWC1WMXhkbktaZS1zek1XaEdMRW9XckNMeHNOQXZzNzlSTHBBVV8tdmVfWld3bWJQN05jYm42V05aa2tUWXZuX2tuQzV4LWhkZTU2OUw5aXgwOHdTNllDTFNxb1JvRVdveE1pT0ltU0p6ZkZTMTFnWHdOcnZxOGtYSkhzMjI4OWlsckEzOG56LVhQSWVsaW9EN1Vfc2hSSXQyRmhsT1BlMVcyRWNSbGNvVm53NDh6UGpiTHBLNTNTNlB6V3NuV19GbU5aejVVWV9oY09NZnljZkNSenN1N0s2VHU4WWxKWXVTWTM5ZUdlVWpjaWI4OUE0OFRLQ0w4Ui1kQUJyY0QxaldCUWg3ekxxckJfMnkweGd0QkVWY1k4bjdmRkNNa1Jac2d6bV85cDhKRGdjM0tvZGFtVHRDTHUxRDNNNXBTWDMybXh5WUNReW5EZjBfdXpzZlBHcHpQZEhYSUdEQlRNcjdpOUU0RWgwSGhUaUowSFk3VUNPeW9WUjBrMDQxNUlVV0d3dXpUelY0MlhDS1NQazE0ZnhaeUNVR3M5LUtsOXNtaHpOajZrTTc0NkQxSGI5QkVLdU4xRDkwSUFHTnhucHFlMHl0OGJZQjlHcWc1NzJ4cGVpbVRCQVNkemh2aEVTZ1VoNUNwY2JXR2hsekVEcS1BazgzbUFyXzJDdFpnVlB3LXRqRzF6NkladnhfekVyUWh1REhyV0FvcjB4cWdSM053TzlJQVBYUDlNbVdFMEhsSzlmS1E1TWpISXZiSkZvdGFOUno4N2RVNkRPbkV5Q0syazFSRkRFekM5Q0drbjdSY2dDWDh3alZCdE9LcW1vNlpHTThjZW9BMjJ0TjlmT2dRWko1b2N3OVg3YkEzZDNhMlRsUHJSODZvVExrYzctNFdUYmVxTWdiZVBXUUgwQzZBNGJxN3VScF9qaVl1V1pZN09VWS1TcWpvdjd3UzAwT3drSVN2WWhhYTRqd3NKODVSNXR6UlZuT0JlTGs4YVU5QmhVMEY3RzRhMHZKTDlKSG50SFpiLVotMWR3U29MUHhjT1NfdXVhemlZdXlyQ3hvQ0dld3lKQVJ4dzJsazJjRmVaVFRxRV9DYmVZcHV2OHpOR2piVzM5dUZoOHYyXzd3X0tINUJvTm5ZU1VtcVZHOUF1b2dqbnVMakRfSzdIRF9hdnV2LTNrQnUwSDVuelJnaHZCLVZacUl0dTVNSjlNQ1h4aVcwYmZhOXduYk1KU0gtZ3pXX2NJY0hXWGRzUFlScE1JWHBCVUg5b0xRZ2Ruemx0ekpvVkJkdWlsWmR5NnFfb1RfRkJNV1N0N2N6NmZ5U3E1TXNQZTFkYVRqLXE2b2lvcDNBd3d5d1ZsOUhvUlpKUVF4Q29JN1F6SjhURlYzRGJ5aG1Bb0xScU5Oc1FOc2ZEMDBhZ05lc0d1a0xuN0hDNzFKdm9qWmZWWHBKRGdmdWFiTkkzTUxhR3VJSDB3a01aS1dQSE96SHlBbEJuaE5iRDM2U3NYcHdhdEVOX0k3U2VQbVFWR09fSE5fRjhZajFjYm1KLXY4VkdtT0pQM0xyRlF6d1hQb1piMmNZWmlOd09hMWJtOU8zdGdDYXFhS3p1ek4wQlV3NU9HdDBsNVAxZG5PMEs4V3F5V0Y5cG5Mc2dpQm9KbFQxYUpaVlI2djlDRFlreC1HRnJEejF0b0MtdDZmVWhFQl9ZaUN2cWJSYkJybzFhT2pMRWVsVUxVSGd1OVBzblNKTlQyTGczTW1kQWtDS3NrUldhVEt2QWl5OEdwenA2QXA4WFk2ZDdjQ0lKZ3ZOQXpkNlVPUF92TERjZXJ4UktRYUdDbTBWejVSWWZRcGM4T1lKUmhEM3MzNFBhMVoweFRBLU1uWjVkSDBMU21ZRTlDWkFXWFFzZ0s3dXROWUVBbUZWN3h5cFA1UENHemJieEt1ZFVaLWdJYnBXQ215WGVobGN6bFNmbXhiOHRqT1Q5Qkt6bDFpU01fZ0cxVmFjUFZTQWJhWWVmMjRVZHViOG9tRGkyWFBwN19MeHFXakJDS0JMa09Ec09WNm8tLThFd3k5UHVIcFVWSlRJWjdnaV9aRlJfMXUyMWt2aHB2bGF6OW5GeEV5a0JQYmxyWWVsekxrOWdGQ2FoUDNOQXFjWVp2d0xWb1VTQU56YTliRGdodThOYTN6a0JtaG1USlJmdTBTdnpqRGJZbnNMd3EwRDZjOG9MYjVqaExka3lBN09TSWlaWkdMeVBicDloUTdXU21kSjA5VmVTS2VweUJmLXdtSzB1VmU5MF9mdHNORGpQSU83djFkYVh0YXJpUWc0MXhGY1RsMmJ6WVphYXV3N09IYjEtZDlzdk1vNnBjMFU1TlZzY1B5TDUwLTVhVmtZZHlOcU5uV1hmU3VfOFB0MC15YnRBNU5Rd2ZSNll2MjhLeGpLTWh5THRvQl9lcUV6Y0lneGVCNUhsRkMwTlFwY2VXUU1UelM3V01wTjJ5VTNIcVlocXNESXoyV3UxVEFQMFBCYnM3MHdFUnR1R0dwRHhPdk1ZRmxKa0FkTXRlamJ1bkVsWVBNYzJHMHZFQXFvNUxPWEhJNVVEQzhVVHhHY010QUFJdGw2Z2llXzB5ZFFiRjhpUHdMYWEwUlJBemZzZ3lLdExFZkR2dVVNNmpvVmxoS2x2LVhiVVBvYTR6Ry1aWlRQTTFUdHU0dS1BRjlJUWtEcDlHeEpwU0hfd1l5aGFqWFp5UUF6M0NScFJPTXBRSmRmYnhuNTFMUDUxLXJwR2ZQamM5cG54OVc0OG9OSDFnbGVySmR5dXVOSUVNOXVkN0h6ZG5rWXJNZ1NDZGNVVzdCZnZjTnNWcFJPR1MtdmRhSm0zdjJ6QTJYLTNaRjFEMFVFVm9jbHBvbllYWDNIQnowTm5tZXc4U3l0TDJsa0tyeGhoX0dRcERNSGxOakttZzlZcFd0NktLM0NTQXJFX2ZDd0hpOHd4NElwal9teER3LXI0Q0dZYmlwcy1QRVMwc1V4eHRLMG5HZ2pORGpuUU9FSVdSLVNqdVhjZUhIZnQ1dTlVMzFXbTdRamxtQTFhNWdSTTd0Ul9XMl9iZFMyc01mYUtkR2wtVERIVm84UkxZSE1WVXoxTXNWTVEwV3NuTENhTElmT040YmxpYXN0WDJvakF2VVZkY29YUWNTVDBqVEhFNUk0el8yNXdiaUhwTW9mSkRRb2NiUi1Edks1TDNON1JHX2FYYUhGSDVIeEtrRWZBa0JSVjJmOXREV1ZxelNiTjVuOUl1aDE4YVV1SzhxYmV2aEp5T2p2M01ESUdMX1lkZ0R3TFFlU0tjRWFFSUpzamlTMGdIY2V0WDhua1RZYTEyMlFKYWpzY244OWszZVVZeVBkNDhrZ2FldjUtVXZ5NHJsQnRJeVZRaEk2OUVGOHB4ZDlWZWJYNkF1cFZuSGR4aDRTejFWU2x2NU5WRS1ycU83cWQxRGxwVXJIYzhTMkpybU8tSHAwLXpadjJUM1hRT1F3MXJTYy1KRHp5WWJ4dTVzWjI3VmFlSlFuU0Jzb3NSVUZtNktaY3JPdzVoMk5qVkR0b1laSjVhQm5sWmY0aVQ4RHBDSzhzTzhacXFaLWRueEpuQ3RQZ1FLLVAwdzU5ZjFVMXIzV3Y5bnoyS09XWC1wdEQ5ZnVNODhPYjZyNndpdTJsVW5qS0dlTExKUmFVYTFPU09LemduTVZCbHowVGU0RWhmVTFud0lxMWZybm5BaTBNcmlWSUtNZlhGQjVtNnF5RWpOSDVUWUtCMk9MSGxDajRlTklyeW9UdGZIWUxneHY2YTUxRlFGSXJTazBhWTQ5U1NpRW9LN2hsRlZod2tGYkloWVBFMVBkQ1dGb3phN0Z2eVZIUC1GbXBzNmlPV0EwWjFiQlVXVnlNRUpDNXJWMXhMYjdUNXljaEg4N1E1Wm1waFVpb1lMN2FHVEdoZjJvaGw1Vk5YcWNXSlpDbUtUTUI1aXJmdzBlajVtaDg3VUYySnZFVm5YUTVhY0xWaXdiZ3N0bnRpUkJSZUpSNWxfUzhjek5BZzRXcWR2OHd0ZmhQM0djQmJ5R1p6VkJsVzRmSHRJUjhMN1gtSVhlSDBQaEtvS3F2ZUFXN2xfUDlSaVVINTdha2xPLVU3dWR6SXhrWXQxMzVWdzYtS2sxMm9nUmlYaUpEcWtkSFE4ZHZaR0VqNEtIelFUQlVVamVnOFVYRWUzc3VzMzNNQ1ZNZHJNMG5ORnIzRXk5SHFFa01PcTFIbmlRaFdKb2FIcWlYLXFISzBLYWR5eTNueVp4TG5MSl9udXdkMUMzX2V2UEVxLUR2LW90TXBvYmt1QnR0eTd6NElGbGpHM2lOZVZFekk4M1FKNkJRZjNmWFZhclpta1N0eDh1b05jMXZPWWRCQkdiVmduUExidWFtSnFkd01ITjhKXzVPUHY5SW9vVFFjZ1YzLU1BalV3ZVpyVm9SbTF5V1FZVnBsRTFUUld0NENFQ2NoQ05jczZaVzZCUTVldkJ3TC13enNQSFVBTXVTcTB2N3VRSnJaT0cwd2hDXzFtRFJWMUlWeHk1TEw4SXQ2TDhTSXhhRC1yN19JSkpFYnk5c0dodHhpdFloN2pRNS1qb2V6Y1M0TEttcWtGemhVSVlYa1BWZ2pGQzdyYV9SbzNIdElhamVwWFkyV0p3OEo4QUxaSTk4Wl9TMGw5RF9BekY1UmZXWGdVdVFjY2NQTG05MXg4RDU1Q2F1bFJjb0tRTWZvR1plMDFGMXppR2t0U0RUSWJNa1BzU255a0tteGk5UDh1QXlncUZFVjJyRkRvaGx3TlJvN1JEOExTRXprbFhZOUFGWVlpdzNfLTI0d1oyS2tUeTI5Y2MyZUZVWlUtVHctQ05ONWFLLUdWMUNvU2NscEhoTDdRemJkVkl6NzhFU0VVY3UwS3V0QW12RzBZbUVTaDZnZnJYaVJzd1FZdzBiblVHdThKZHZsZjFFNnFhMk5MY0lwRnRtdXprbmxkMEgzUml2NXdTMjZGRDY3TlhvMFZkZ04xYWNCTDE5QjVWSVJaSENLeU9LMFBwN2w3OFhfcVl4T05OaDZYemZkYnBHWjZySG1fazhCM0xndW9lNlpxMU1IZFFlU29OWlNicmMzVDhtUmh0REhta1RBX00tMTVoMktaa3AteGtiVGE4SnVaUEZnY3djd1VNM2JTLW00V3JORDQtNVJ5NEFOOVZXVTRiN1hhWWc4d1FNODZ0bUk0QnRzSGVkb1QxTGNMSWJlQWtrNzB2U1o1U3JkMWtoNVdtQ2tNaHdsbnNrUGhhVEk1bkNGWEs4T3Q2em1GSkg1MGJLUFNucWlMaHVuODlkU2tJbzJCM19QOUMxcUpXaS0xdmphd3RSelBfdlcwaHBISlowWF94QVZrQ2pJbFU4OVoySHM3aWljUlpZdWstd282VDhXUm8tTHRBaW41bXRIbTFGOWhJNUNJczF0M2g3dWRRZ2xMdE8zd0RwNElCcVpyZ3M2UlhfTDdHX0E5SzNlT0lwREFxU3R0M3QxY3JFaWpjUmhQZzNORkRTeVFSZUtUYW5Jckl1NE4wQ0pSWUg1MnRxUE5IQ1I4NE1INDd4RGxKMkZzUC10aHpmWXdhSnJtVVdrS2hBNkFZSEx2VmdMcmJZdmZ0SEk0NmMxekp0NER5cjZ5XzFJVnd5eW5iUEZVM215cDJJeVpFOHFqQ1NRRmxjNUh1QzRxYmR6cW5xWTIxM3gxd19HZ3pUcEhPRnpRYnJlWk5qWjl0VGFDeF9vRXR3NXctcEFkbTJzOTlvUHdqaHJtYkJRQXllZ2xZUExwOWp0STZkY1JfLXBKSlhISTE0MzBXMnFPU0lkaVBmSHZRUzBiOUxENEhTaVZaN20tM0J1VlVEbm82SGh4bnV5MjV5T0drX2cteDR1OE9odU1KNEY3MGVYVTdNNUp6dGM2aXVfODBORUhwR0xxSWFyUWlWUWJnM18ybGMxVTlQVkhpWWQtSjF6MjlvVkc2RlBaTlRUWVpsQ25XMkEtVnB0YzI1a0RHdVpxSEo5cFRwVDctTTI1X0VLdGVmUjg0enRrTnEyV0ltTVZpV1JONlBkY2l6NW9qWmVrYWN0SXgtT2NCd0FiVXRkN05tRVNrMEVlc0FXQWp5cHNjWXZ6ODhQMF9ULWI4RG5KaGg0OUc0Z2dWTDhpek90bl9QU1d1Qm1LdTRJeWV1V05uZTZGR1RtQ2pyX0t0cmZvQ19NSUd2a3dHbFVvdWwtSWN0aUxZMG9CbkVKWGgxdVFDWVpmSWRwTG5nbHVpQms1ME9FYXlHZzMwdEpobmtkZzRYSUxqdENEeGNFQTlOa1hCMDRTV0QxNGNXaEFWVlRiY3p4ZFpvWWJnbEM0aUVONWRhWDEySFdKZlNSNVh1ZlVuQkpUYzFvbHFUN0VwemhTMXRLeGx4aUlzdm4xaVBOZ3ZFOEUwODJIcFBuOGoxcjBsVFF0OC1Fc2xfeTFnZlRiTEUzSXMtZ2NDNHd1bkMwR09MaEcyMkZST1NsRXNOQk9KV19nTFB2RW9nRHVoYkdmX2dmdHR5cHhnMmcxd25PdUREV1N1MURtY0ExaWdkQ0Q3MGNtOUVEX1REa3lJM20yelNhejZBTHFUQl84czFxSkEtakduOUJxdVpMRkNfdVUtUGt5cW9wLWJ6M0dyTmhhcmxtYTc2NlFoM1lIdkt3YjVvaGQ0OFNaOF9WWEI1T2xiOHRwdVdUZUFSMElybU9kZGs1QTFpYXFoUUpkZlNjLTV4aFBORmxIZ0hxYkMzcXI2dVhCZGhGNE1XMjVMdTN2U2xUczhuZ3N0SVZlNnQ4YkxOQmFpWjJTY25VR2UycXo0cjBzRy01Y1p5a1RKQUdsSjFwTmhfMHFhWDlEeF9qSmd3TnpqQ0FYaGRreWphVXhwZHN1dW02bkJKOFFUaHBnbDlVYVBfcFNtZzY2Sm5qSmJLeVRVUFBqZnF2aTJwQlZjOXV2ZXlocHdwdXpISGs5S3FiZHNPQkxGMEo1X1NBdVFQSllSdGg4ZDJTLXlGRVJsQ3ZoeHRMUTBOS2R2QldqV3V6Vmt1dmQ5N2tySVZuSWdaczk4V1V4TG11d3YxbDBJQ2FLNEpYVkszYTIzVktSeXBPZ3dGX29IMC1rVzlnSGpKZ05Xdk9XUzFUdzNqMUMtMDRhanB0ZFIyU3JnMFBKMnE0T19Dc3pCRGx5c1VnZ2ctV1dxeFJZdkhSWVloNXdqQmVmcVRWbjNESElEaGp3cjBXaG15WG1FQ2oxMW1UbFQ3VWRUMXVoYTY1cTZ2SWJCbnJ4cmZSM3kwaVA3Q1d4NWk1QWY5QVdfaHdnSGJLN042WlliLTEzODhWQ1dIcnZrQTFnM0ZOVE1nTDRVaHdNcGZkRlg0SGp0d2ZqRGlEVkxuVlZmSVZwMWNnRGNTMUVGV0pIZjVNSzlnZER2TlBsZVFudEYyTkU5QTJoVjhPenhJcktHTnpRVWYzQXdVZ05sZUduMl9VM2EzcUtGMzY3bWZwckltUDJ4ZGlfa0E1Mnd3VUF3VjN3alZHUndaX3RfSC1PaTdYMDZfcUoxSnNtUnJUN0stc2ZKNHRLWFdtemVCZVUzUGh4OGVyYzVHekE2R2xyTHlkSmhsWnZNdlJSRGR5MVc0SVRTMXo4R2EteUdNMlZvaURGUG1Sek9qa1B6MXpONEFpYzR2Q1JqQkFPVUJqb3J4VjYzbndzLUNkZm9rUDEwZjNCZEVKUk1tVkIyWU5NUU8wTmRRM2pPTU9GdE9fOEVyYU52WGtVTzJ5VGp5RUxkaEczZENCTWVxSU92Wm9NdVVNMkV2TjFfMjFrazN0VHNzZ1AyZW5oYTJQdi01dVpXZE1SNFdodTlfUlFTeTFtVUJIbXp5c3BfZVNDT3QtV2I5R2Y2c0RYZWZySXVhMURNUlE3bHhfa3otYkZtZ1E4WF9lZlhKeFE4WWVZMFQzNXNXVTQwZnVwTmo2N0tfYTU3UG83QllQT0lQMlBxS3ctRldLaUdLWl9NUGYyck4zQVRDXzJodC1Vd2dEcGJ0ZUY3ZENVU1haT0J5ZGVLcE5zRHd2c2EyRWVQZ1dLUjVtVlJxUUxuSEJxRllSVG1Vbm9QeUdRWDNXekRPNTVtRnY0TXBmOTZKeVdrMlgyUkFoUVNrcFl6MzlDX20yX09yeE90QWRVTFlJa0lqWlhEWTVzS21wS2lNYmk1U1pMUGpTMElBZFF6SXphdlI1TFBJWTdhenpodzZWM3dnVkszU0JiMXlhUzExRnEwT1VnaWpwaXI3TVo5OU5qNWlVLUtnS1JoZUNJZlRpRDRRcG9OV0F5REl6aXBnWlhZMFA2YnNRa3JkaTBaaXFiaDZQSHFwdlRYdWxTV2M2UDVUUlZUdWZ2Q212UUlOOVR4ZERKamVWWERjb29WSXlGVjFGYUJXRGl3SFU0NXZmTUpWTUpiUG5ZSWNUakdDeF9TQkllc2VXNGlNN2Q4Zld2MmlNbGY1bzZvVVNmNEtyM1RVdll4a2tXR1B6T3NGcWJXZ280aHB1NU9RTkdhR08weVZCMmpQcjBnMFYxTXMybHVwRWIwak9pWU9Mb05ueWkta3NQdDg1c3ptVWpwdXN6akxqU1pWX0NtRERiY2psZ0FFNXhaZGpQLXpCa1Q0Qm9XOEpEcFJubDA3V1JNT0JWaHd3WE1GeG5odDNjSzk5OExIU1VSR1RDZWxkUDAzZElzRlctbjA4WFlGakdMdTNSVERmOFVnMTBJajVlelE4a3JCaG5laDF5S0FHdzB6ZWdUblI1UjFGZFNlcldPRy1BTl9JZkFZQ1JHbllLb0pISWFwbjZqYXhicjRNNUgzY0Fydlk5Vi0tU3RXRDBRaHZVVXZpNkxRbHZGazJPeGhHM1Q5UGh3QjVYY1A0WDl3WkNmY0tfU25aMmRIWFd5SWY4NmxHUmp6N3dxalFFcFNvdUhfRXlYMGRNeGdYLVoyQWduZGxFR2h3TkR2U1BNaXZYb3VscWRpTFdSUmU2Zm0yZGMtdFlkM0lnQktoTDdJYURGRWx3Z0pHOW9pMFZ1R09wNG9TSFphZXFWVDYtWWtRRl9TU3JIZno4Wi1RU0t6UmJrZUNBZHowalRHSmw5MzdnS2tOdEc3WTQySTdfTGxpYWV3LUpkTEtYUFk1VHNRZHZWaTFZMjYyZFVCMExBU3RPdzM2SGJZNXI5UjlFanhVZl9XSkxObzd1a1gwZVJfZ2JIaFVqTG95LUhtSW5mekdHRm5QQWdFRmdtZjU0bEdjdEFIcERJVEZNYWUwam42Zm45NUJwejJsOW9iN3JCbEpLV29zTVluLU45M0t6c21ZSEZBMm11T2RtRHRkR2VmX2hwbG9MeWpYUmRVbk82R0pGODZqcGFxc1lTSGNtUXhLbi01NjBlT0UtSDI3SC1hM3VmOElrbTluQkZIc2ZJRG15ZzRwWkV1cTExNHpjSTFMX0M4NHc1bkE3Mlg1VHplZlBkTzlHNjhlYVpySUl2MS1LZ1YwMU0xanVVaEJ1YTV5R1I2Z3BEODVjRnBlZDVOOTd2ZDdKMF9nUlhrdjNBMldTWWc3akl2d0RIekNEVHlmeUowTXJWM0Q3RFpDUDZ6LURXMGhRUVhiUkdrRVVkNGxldmZuODdnRGhoQlFkSlNTS2NFeHMxOVFyM2xST2JmZjMwLURxdEF2Ym0yWlhBZ2UzODRBY0Vva19MNUVrem9LNW04dy1ySHRybFlwNU1HZmZKRGxPa3Q5amU2Q2QtSmY2MnFtSVhIbWpwN2p2NnlkamxObE5HYlRsRF9GMmpPcWVia295RFVJb2RmTzBCZGtlaGtnNGlVazZqdjYyRTE5MnF0YVlZOUgyaDF6UWRsLUxhU3JxOUhSX0Jfd0oxdTJmTmI2QkktUU9JM1lVLWFHMV9qY0hkb2NENWxtM0lEZDZJV25sZGRUd3ZPWmp1ZXBWQ2tKREpRWGV1UlRtM0E4bmJXem1GVVJLUEhkeTlWSXVNTWdHeUE3QW8waXlSR3dVS2gtNEE3ZGpxZHF2QmltdkRhTUNsSG9yTHRPVDRrV0xCTFJsZWZfa2dOOTJsdHF2cWZHYXNZQkVkS0xvLTB3XzVaZjk3a2lnWVU2SHdsYjhUYXU4d3pJSFV6a0lQVVJzbWZVbVBsTGMwRmdBOHdZaDEyeWo1M2NJdloySWxSTmxfZUJod24xT0I1UVVXUlhGaGYxdkJHOGx2N00zRnlYNGdUd21xVDg0Y0oyTmRRRkxFa2x6aXBlQU92NGZ4ZXFKbmJPUlRwaS1ibE5BMzlQMVIxV2JoS1V2eFZsMzJ5akRnVkNDMU10N20tR2pMVnhQZFdGNktCeGNtdXZZVFRGcTNmWHR2NUYyNElvNmloM2JxR2ZNeUpYaHVUOXBhVFNrc2QyZlczLTZESGl6SVdpVFdBZVptZi14ekJONjFoNHE0NFQzalpNc1g3RFR5cHVzU2xjUGhpTlFRdlMxOGRKSWYtNXBnVXlOa1Bjb24wUE1heXVpc3RBS3JGZDA5OWxjZ3hqeEpZUlIxcWc4WVF3VXY5a0NfbWduZ3g4UjlFMndHQml5YnJrWmtuV0Q3aGp6a1ZqMV9TR1hEb21QOE9FUmNENFE1d3dSVndLZmxfWWNySFZwSHh0ODhLdnlOUHhuT1hvN0F0Y0NZUUZPNUpKLVlsSVFHNXBkNHBxLWh4cEVuQ3NGdkJpSHBOLTBnQjBWNE00TFE1TjRCUmlDU2ZzTUlJcGZFcHYxa0s0dWRmam43SUoyOUlxdjA0ZExtSmMzRmFxQ25DWFh1cWVkeTVJeUJ1TExrYVkyQzhfb2xOakN4RkZEVXQwV0luNnNTdEdCR1NLa05KcVRzMFNkeV9vNDc4WFFCaDFnNkJQZTVKNGp0RldtaVhXR0tiMkFrQUw1VWxHYXBqem1McUdxT24yREtoR05ISEhaMkFYQnd6aEwtSHAxcTdERktRSmFLTE9SWEY3OEd4WHdvSUpfVjZ1bjhRZmxHek1EWTZ0OEhpQkpsYmxpWmlvX0JBZkNOOHY5LWVuNHJwQ29GVEZWbk1jVC1aVnFHNHhxaUpjTXdRRmVscS12QmN3LUlISzBRWkJlWU55S0RZN2ljdnZFWXhNcHlJM0MxZFBzTGhnQkVRa2kyc2RvMmVKMUxwZWRJRnV6QXpiR1BrczV0U3F0NmNpVTNNZ1pBUjZRQ3hLTW9rVWMxeUk2WjNUTmhuU09IQVFPbjUyTzF1M2VaS2ZQWEtWUEg1Y3FFTmJKZjVfUG82S0hueVR0el8xQTlUbERJWWd1NE1uMHV2TGNBNzlRM3JjU19VV0dyZy0zVlR4TDlYNVZuUy1oVEQ3dk5rd3pCcFR1eFI0R05YSy1SUWJNdGE3V25wdS1ULXFrMnpqZ0hNdmRRazliNnVhVm9LZFEydkNvaTMzMjlGM0ZRckozbUoxd1RBTXBqd1M2MkNwbi1pS0NqTENhd25IU3NtRGRSNjAwc1FHTGt2RXI3WDBZT1ZjR0ZZLUs4YURQNXRlcjNfd0dFeUdVWklFaG9tMEVUMVNKTy1TWGZtWDZOU0lEc2VYMVFyWjJ3TjVTT2x6WXBTNjVjZzAxSWZyUGZnX2dYY241V19aM3NBQnp0ckQ0MDlGcVYtS2JBN0p1VlNFT0hoUWNfSWwtUWxRNV82OHppbkl1aE9SZUV1cGZ0WmdRT0M3U2tNemRJRzZzcldfajQ1Z19nSkFWekladWUtdmstdXZnUDlmV3ZHVmthdVdOcEFTY3NSS2F3bWJUWnQwWXZpREZOZnJIbEpHX3ZwNEtQdmg5cHRyc2hTaVFKZGxqSEFCejlDTGp0TVFMRWI3UTlPcEV1M1pjcDZyam4ybkJQdnhtdWszQ1A1bmRIM0xoTjVwYThGd2ZSSlZreUp6SlNSYVExRlk2OXZ3b1IxY05sWW9tajZUVHJCM3MxMDdHamZjdFg4MEtXT0loanUzbTBRSWtWdVFEdUI5bE1OUTZaSDg5elUteGRxaFkxZGRvR05QM0dUSkZSSWxHYURqWFZXa1VGcmpRUEpvX1dNVFRpZ2U0bko2Mjd2ZjZxTEp5RkkzVno0SzBBbE9VMjVhelBSSFpxQWo1c1dBZ2RQQW1NY2hKY0RCV0RoSzB6UG9MLWN5dGJfOUVoU2ZDZmc1ZGFWYlhJNUkzREJSdXlKMnZ4RXlOMy15bDdod19FTkpCUmxmQW55MEhXc1U3UVVQVEx0aDlsRDhmWXFZeXQxLU5ZU1F5RFdmdlZxTkdoVTBXOG9mN3NqdHJYYkRBUWFSZDBBYVJMZnlxUG9kYndxbkt5NzM5Y044TmVCRkpvSTUxcEtZQkN6bTNSWFVVR01fX2RlYmUzMjlnOTVXWGhCcmVld0J3bXdPUV8wQVlDSzUzQUoxVHE0U3Y0aGRmSDRmYnJPOTRsZEJURGhmVjdIU29wNUIwN3VYTjEyWkF1VkI3OTQtYnFHbDMtSTkzS1NLU2hIY3huSUN1QWJDZFNGYnFhOTJvRVMyTlZCNk5SeGNHNHVPLUNMZXdUTEg5VHRZVE1zcUVaRWs5NkJibGJ0aTkwcTlhYUxOWFhQWWstTFR1SVdleC1SZE5GRXhZbDlpX1RPaDlOSGREZ2ZDWVZGeVprQWVRUzZsLW9QR1BZWHpleFdPbnZPZS00NTR3WC1LRFdEVlZJMHJzeDZRU19jLWZNdWppVDVBeC1KWlFtbkhMY1VUZlRJRnNqeHhsWm9uM2NLdTFSS3h5RURwa3BWdmVRNXJPbkNPZVZQQlZWdWJGU2hnb1N5aTVLdURoNldHZGJubDNpT3dobnluVnk3bnYtRXpxc01pbDlTNkk1NHc4RTVJLVYzRi1TNmFMM2ZwNEFhMkVHMEdXNHlGWTZCSzVjWU1sMzBWSGdhWjZmTnlzZmhoQ3FoTkk2WEU3ckc4UFJUUV9BZGpLMXE0R0l4anAtVUx1Rkh1Yll4Sk5PZzNMNlFjQmFUdTVCdlM4S2lrM0hpTEdaQUIyTWJrcDFCXy15R2NMeFhsN3FQVk5TQzIzZ0U5WEdzZXBxV1NUdWRJSkVzMlJfVHZuWEVCdTZMREM4bE1DTlpvYnY3Y1A2Q0xtbkMzRHk2akZhU1F0LTVpZjFTTVc4OXc1Uy1HVkVOV3ZkNU1hcm93d090SUtERlZ6TVE4alppdldydEV1ckVkM21LR1h0M2YzZXZKek9nMkZiekZJb19JYksza2hqOTRJeENkVGEwbnByRi1aTzVlT2NUS3BuRUNaSS1WX2Z0MGFpeEo1dkZ3bDh1OGNRelB0NUdhOXN2d3VMTDRnTHg5LVhvRHpqRjNrY3V4T3M2RXZ5VWlvOUExRC04dzc4OW1MbGhIWkdNX3BTMTQ3dlk3eFc5VnVucklrSUY1ZlhYOV8wZjBRMXJuZEktZ2FSM2h2Z2tMN3JPOVBoTnBUOHRkX3RNMWhrWk5yUWVFLWJHMWsza1NCM2Fmakh0SDJRREdFUHdpZ3RRb0VGTndnQ3lkekg1Qmx1UVJ3TjhsSXNHeThkLXg5ZVI5X09RZUNhcHRoNUM3UmxKMUstb01QVHNTbm5sbmVoNDJZcFoyOUh0Rk1CTVZvcVdtVk9DR0VxSHpkOVd3QXJ6YnJaQ1M5TjExellyNkxFcDRQblRkQ001Z2hWeEc0NmZCNjY2bFBDdWRnOEtCUzdGVHBSYkNtZW5uMFNsVzJfTVVsd3M5aUs0ODgzeTdXbmtFYllQSzlKSk1ZWFpEdXU5eHNmcXZvbC0zRGxfbjNkQzFUU3N0LW9GU2t2aUxoaHFscUI0YlhGUWxaaFdVT0FFTmJIR29SRHJrQnp0eW5JMVBJNkstcVdKdi1xMGtURUpZU2R5WU5jT2pYYXlMdU95UmFnaXdmQnpvOTJGUVJyX3piZ1RNQlE0c0pFdWRuVm16YlRodDhVR2JoaUh4Vmo3SFpFX1pGTUNHRWtHZG5CY2cxMUVsNnVQdlctRjRwSUVBZDdsanZXTnIxelhkVFpPTFNZell4VnFWWnVtLVNnNllZN3oyemh4UlN4NUttM1UwTTFrcUNwSHFqRWhobFZzalJwMFE3YkhKTTJBYVBKTGl1RjF2V19BVEdmcWFXZTNhbHgzb1VrZkdLNUJ1Wi1TcjZLLWxqX3czRDk4OEJSaEl5N0wza1RnR2RRaWp3NmcxTWlLT0RmZWtkbHN6YWRYN2FVTzgxam4zZXllbWYxUXRsenlyRUZCU2huYW9zVG5hTXo0RmdsY2lEeVpZLTVQX2ZOODFHc19ZUUxWZGVwYlJ3dGF4VWFkdkdLY2xzM1JGQlJZQmloTDNqcks4TElTd244Vkd2YVRiR0N3dUFTS2EwQ3lMNUJiZ19NQnI0SmdOYXE1cVVpZVExcjF3SjlNWkVZTzB6dXN4VHhyMlVBOHg2eVhmVVJGd0FONjVlVnJ0emFtWGhGbWZ5Y0tZME1RTkgxOHYyazJ3b0JFRkRud0hRaHRSMjEwMkd1bkFnMV9uMnZtUmktRmdtTW5ZTUk0ZmVUNDJMSW1PSXZja1VHN0dxSHV1dWZRc1dXS0lKNTAwNVFaS0NKS1hFdllzYUlIWHlDaVZPTGZ1cnk5RjBpS2EybWZrNjhUS3RHXzhma0REcUV1V1JzRE13eXVZZzY0NXNCSDJVUm9HUmR2bGhVcE1kenAxM3lnT3BSSTlqSG1pMVJXUkpoaVZydk5oM3pjUHlWdGxQbjdWNE1GUWtINXJkMl8zWVZkX1FCcnQ5Q1BKOGZEdmRjeTJQSTd2bFV5Y29MQlowQ2RlMUlJaWdlNVRFdTRvZ3Z6VUZaQVVfRVkzVVlIOGZIVFJQcjB6M1RrX09JeEtUZ2ttSE9MRGZoVnJaNWl3MGdqTGpJZ3V6d2pZeUFfY09YN2pOMlV3NS1uZVpzbWdZTTZOOEQ2UUozVFRRdG53LTlQbjhoazRHdDhLY0dnVFY5N051UkdhaFNxQ0d6OGppb2IwQ21fcDZ1c1gtYnVLSEQtejdhdVptSXlGUzRDRWFpRHJaVk9ZZGQyWUZabThaeVdWV1NvWHlpT2sxamNQQS1KdkJnVGtDUU9MUFp2U1drOVBMandBSHFVOUcyMXo0aXlQSEtyWjBDMVVsbUhRSUExVWFXWEd3OVZZbzltSGo0bllkY0FGa3RjX01IVXBOR1M5c29CUjdISWJpQVZhc2QzeGZOUmhrTW1FSFFnaERWSmxXZXk3TVJtdWliNEI4a2ltZDVpeWI3TDlHYndlSmlweTV2UHdxNGZZalJERlZia05vTDdZNTdFZWdLeVMzdnFubEpRV1RjS3h6RUNSTzc4b3Z3aFRmRU55XzNYNU9YZWRpenduM0RuQ1FTUnlxOFhnRFpyRFpENldMQUg2emNlejZnU2ZoN3FBLTB3NWFNTWpFUmQxdUFaWnlLUGNuVXJUYmhhNkd0dHJXdTVsVFB0QzNIMGhwNVdVWjI1bGNGYnNXNVJGX28yY2l0dnVTNzRYOVpSY3dYUzlDM2pUQWVDVC1uTDJJS2RVUXRGNnFFd3hZcGVmaGVHb1k1czZOUkRlQzBRTlJWWDNoQmpFbmF2dm40OFNHZkF2QlhNTG8zNThfbndXeUE0YjhtSVJadWU0Ym1Qa0R0aU9nWUdPNHVoY215aTROWU5kMVBUaENMVzA0WHFWb3pwQ1Vva1NueURYb0xMNFBnY1NpQWZMOV9nb3pwSHBWNGhQVm5hM3RsT0c1WEdmcFZscTNacFpEM2NENlpSUzdVN3hCSTdfR0laR2t1OThGWkRsUEVsRk5xcUV6cWlWeHFiUnF0X0prN1pBLWJ5V3g3ZXVQWVhicE4tLXMwZ2w3SHFBRnNrQTNCQW56ZXFyaHA4Nm1SbFc3NjZnMjQwZTg2S09hMFEzaGRkcG8wdnp5OFVxTEpCOVZURkNpNzBQdzN6WlZPdWl6OVVWTnc2UDRPVzRBYlJ2NWZYYVRzdy1PY3lzMjQ3YkRsdm9sMDl2NDhHa3ZSQ2ttWHZDQVgxU3R4X1FyNm5GMmwwcTBPVGNEU2FiVTJFWjZmZ2F3MGsxN21hdmIySFA0SkVtZnZwdkRwcmd5T1dUY2NWMDRVT2NBMDA3eGpaeTJNME5uRDZMZzVScFYwaDN0VGJjZFpHaHJXRG1icHItMkxhZmdiWG5wcXJ6N2hJVnhwa0c1Q3FaSVNJdnFYaDd0M0pxWVFGLU9XOU4wT2VqSmhsMVhvMzJlMFVOM0JNVmpzMnQtalU1bWlMSEVBYk0tUDd6Qk11WWdRY3JiRW9VaU40elFNdTBlazZpN1Vfem5ocUhDOG1OUVVnakhWSXZFelZyV0dRdjZhSmxfSFRUYUxYVmxKTWdGbkxfaEhiaFdoQlBxcUlHcXNvd3JXSUxVc2ZXUmtOdG5FOWhRSkM2OGtvUlVyMGs1UTlYd1RkZk1uNDlhNXgwRWdGcl96TTNIMjdXME9wLWs1VTlrLXZfa1JyVmpQSG9kcmRBZ1lsMTJqYkVvLXFqY0lFbFQtOVZGRE5fSE5BZ3dqMGJPaS0tTi1CZTRybWFNclZhYWh3ZXR5bGxBNjNGWlg5NWxoNGJzdjNKT01lNWNCTHRRU3hWRENvNUZVNDlZRnRhelpIOHA0S1hTd1MxZ3FnRko3ajd6Zi1iM1BfMUlLZFJfZURCSmt4RWc0UUFXTmg5UkdXU3BrU0lTRlZXZU91VV9DdGlVd1ZHRFVZSk1YWHd1RVA2V1RDcHplRnM3MlRMVkZUN1FJbkR2c181dTFRY3gzaUpFLUxBczdDZ2R4NldVZ2F2YmZXbkVpckpDanY0NlhtczZPa002Nk9OZ3U1YmNTWWtsQzdiem5JSFZpbWpxeTVXaVNHX3VISTFQdmVsZlNUdzFwM3JQekxQV1dldFlFeXFNbUtHM0lBUWRMdnY2cTVNY0lLUzdQcWhHYXFQWUR3NDhpN1I5aDNfelFjbDFUNU54ZTdCeUF0Q2ppeGZzdkRrenlCZm1CYXZza1l4ZWhNc3VNd2tIbWEzb2hab2U0NktuWU1KWU9JVmRHNEtmSEV4NFRnNzFwa2pMSkEtNUlvYlFIYU15NmNYLUxiUlVvRVlkaG9rOFY1WEtKdHpiRXlxa21tWHdLZnRHaWFEZlVGX0Zlb0xBYW9leUpCVHFfQUZ1N0pHNHNrdjZGaFAzNUN4NzlpWktsdXRCNS1aS3RJampEVnV5NmQ5TlpXMFRQYzNZY0VZdnJwLWQ0cVg3WXFiMFdGSGdnTGkzODk4akx0Q0pKZGlRbWdOTjVQVUdTNm1NNUp5LUpFQXYxRXBlNGFSOTY4MXM0dktac3FSbUljUjMwemotVDhQeUlqVlBhYkhyVjVlT0c4clUybUw1YlhhRkNiUGUyLWU1X0dTbVlaZ3hfSUlxazVMMHRTR2dDd2lBUFFiemdXU3FYSFRscFJwc09ELW1VZ3NwVTdxMVBENlI4NDB6a3ZFYWlOVlZCSGdLLUJkZnVuRnl0d3ZIRER3YjNUWldTTzBTbG14Zlotdkh1Mm16b19Gem1ZQ3N6ZkxqVWNyMmluRDI4aU9Jb2RSd1ktS2tuNXhLamhWQS1xUi01STNSd0tFb2EwZm5sbnluOGRfOTZKT3NRRFBjQllvLWJJN1dfdGJqd3p6TXE4cy1HS3BrekpSbVVJb0FRdXZCWm5TbTh6c1Q1Mkk5UkgwUEx5VzQ5aUtBRGhjb1ZtbkMzNkt2REZZVVlLU0IzMHZfUlk2WmNUQXlPSXRfVjQ3QndtQVkyeXZ3RV83ejQ2MEEyY1BTeGY2c1hRbGFPc21Sd0xGcm9yWVNHM1piYTcwSTVkWG9ha2ZETEc4ZkFxZUhIbnJHaHNnSlVqa2JYbG1rMFJBQ0s5WXlLak14Z2ZIU3o5S2ZtY01ycENxZXdTbVRhcE9kLWM4aW1RYmVveWJZamF0LXlIdE9FR1Ixai04VUIzb184YTZsOEdkQ2dJclQ2Qlp0WVpyYm03em1vV2hDT200Smw3WEFybmpCYmFLYU5aNy1hM2M3MDNJVjRSbGVpOTd5QV95blZVWG9JQ3A2LW9iMWd5Mkl0T2ZlSzRwbi1VOVBjdFEwOXN6T3BnbjVtYTA4YlFiZU8ySVdLT0NtOEQ4Tjh5S2lLeHZNbUd5U3FmYUtJY1JNNThHUnU3OFNCQWdBMkMwNlVTZUdFU2I5VFo0b2w4YVIyRkR1cHU2Sm9zZFh1RzVFSnd1VUFVaVB4OG5SajlSaEdCTUZKc29RejBZUndTWWpQQlFLbHdyak4zYTZDbTIzMTRaOXhTYkk1eW5MQ1c0SjVfQ1NLS2NFcnd0ZFY3QXJ3R2tWcUNGX0lDMjlQN3EzZEk2bmRSajJtQkt5QTB5VkVqcVVzcW9pYXdsM2puVlBjeFV1eC1rZFZHbnM2ZU1DdHVJX2I2UWtlM3gzRHRWa2c3czNJQ1VEaFBjS0lnRzdWY2t3ME9ORENtTVpmV25qUmhXWjlfTXY4ZXRzZnF6SFVSTkNWTlFBMkljZkVIRUJNS0VhbGtMSXJNZGFPNDBCeGZMR2VLQUMxN25aSFh0T1JUblcxM3FNcGE4X2w2X095SmprMWVsY1NmYm95ai0wV0ZVZmY2bEltXzROLVhGMEE4T1B5RTBuaVZvekpVRGJ3U0t0TUlJZDJqRjBiT0RKQkppV1EtcXlHdHVTNW54dDRQT0lWQzR4UmZhTnpZc3Q2YXRrUmstSTRybHpKcXNIemJuTGFpVElJRkFadnlJVFY0VzhoZ2hJaHpXdEZoOFZiVlJ3VVg2cVhWY0x5WGlXaDdOa3Nwdml2ZmVWYnRWVGdwZzlzcTNRdWhXZmoxMG5PMUoyUWlMZ0s4dXdRS001R2lHYlh6dzEyUC1lV2o2OUt6M2w2VVo3bTBTalVMOTJ4eGR0R0J2RGxEd2lJLVc0WjlzSV8tMWNNQVFWS215SHpfOTBCUF9CQmZWbzJkUWVrWE41bU5WOXFLMm9XQUs1TWpJS3NtWWZuX0FpeXQzWWUtdGFIbEdEWVg3R184d3oxVXpUdW5MN3hWRnE3eEpBWHJqSy1LdEdCMjJpZXVfME5IRmtEdGdPSWRaTFZJMlN4SUJwaE5Gd0g5WTdKQlAwS0F3d2o1M2ZyanFDZ0Nvamw1TEZ0UElpMzFKS3JiTEJxUmhSUW41RmxQNnZtbmZBaUVHTFR2U1JLNC1jTVZmdjF4Y3ZONjlOT3hYZHI3cWZwUU1aLXFwZWhaMFl6bUYyRUQ1bE03Q01vMUtvYV9yN2N2VVFnZnc1LUxnNDVMSkxEQk5LLU1aTFZBZlFOOTloREZhUzRTNlRmeGczc3g1Ynh5ZE1SV1VnaXJfNFN5M2ZZeDBBeDRrU244ZjlPTFQzN0hNOGFLSTI3NG9XaGVxSkQycXhzX05ULWYtQ04xYk13YVJ2dFl1aXVrOXYxYWVZdGFRX19xN1V1aHlCeDJZYm15a21qZDB2UVRYd1E5MW51VVdXZjZ0NWdtanR1VG1fZ3Q0cWVLdmdmcWY5NVVFcmM5Umh0dDQwNGhKNTg1Vl9hSUVOdnJpSjdtUF84NU5XWldoYTktSS1Ja1BaUGlSTTlzT2Q4T2l4aHIyYzA4MG1rZzhpZXBiOEVhMlFkNjBPNGlaMnEzTkJkWmNwT2ZjbkdhMXZidlhEUTJrZWtvMmZXSm92eFZUWE8yYlVsMk8tSTdESFBpUVZyYi1QVm13dTVrcGt4dUVOWVNRbE9QNGJJRkhQMkVlY05wQnM1QThjajkyR1BmYjNnUXc0NWNnaTdoekF6QTBmcmplWkFkekJlVGpiUGpIZURvb3NSdzNjdHhTVHRlUGRkTzVsdzJ1eTQtREEzTXBDWk5weTdOZS1YUGc3cHVwaXA5ektXZmJrWGVUcHJpTU4ySE1QNTJPUUU0R1d4eXNNNlVSbHdDZ0d1YW5SNWJNOVcyLXBwRHgxbWlEVTJyQ0dIemoxdWNjYkJmVWVvdFUtdmk5bkI5Rl9TVGVqT3oxbjl6UFpsbXJDMVc2Y1JDUV9OZzhCMlJBeGFEQmlDV0U4Tk83bC1aVmFSZFJ4TkVWbG93RmNQWWJzY0ktVnl5ejRFX3VzR2d5OFNHd0l5Q1FtOUxsZnVCS2t4bVhCTjFGV2lCTzIxanA0VTU2MngwLURJQTVadFBDZFFnRWNVTUFwZ2x1dkpxZEpBczdmTDZneE5tM3M3TjlxRnYteEJ2LXJsbDlfSGZrcGtWUktNTE1OTXBDd1lvUEFiUEE0N3FVMDVBOHhxQzN1c04xRGw0YkxLV0ZsWndkenI2OXBSUHZ3MWlHS1g0ZkNrd2d1VXdkc0VndlVuU1BkcldNLWJSRWdPV3pWa0hnYy1PSnpmUGM4Ylh3c1AyMC1mWU92SzVCbU9ueGNSZFg2aDNTY1VOV0FCOWl3ZUpPS0NzQnRHYkVIVkEyc0FLRElyd2tyZks3U1JwSE1odURCRWRUREYyNlFKWUhDY2ktNDRiMlVjRUZGaE9BMlBfYklqUjZ1LVpyMUNxMFVSa1R0R2kwTktDWjgwUTZQNi1sUFFvOVRFS1dMYXIwNWFDSng0dGV5anhLcTFZZC1XNHFyaEpIZ3duZi1WUjFaZE1aWU1Mems3cXVJRDdMSzFvTTlYQ0FtVDNwM1Eza1JuSWFsc1NRNXhUV1hnSXFUd1pwdWMyX0N5MENHcWtyWkhHSXJqT1dsUUZZaW54WkNxcVBBOVhRVmdwbGtXOFRJRHRNZHFyd3ktU05fcmFFcUhQek5ncjYyamFqNXpCbUxSUkpkODFqRTlpUUlUU2ZTamljZkhHS1NaT2RjTEFRRnZGakR4akhrbElvZjdMb0FqSTVVMlBqd29uWEI2S3hJQS1ZenV3UTkyR1hXUUhDTU5LMDBYd0lDazBiOFdVUXpaaGs0cWZxeUZrbG81TFJ4c1Y2TEJwZWdyTDZyUE9sdXNoNnhzNzQxME5HN2RiWWIwZzFsVW5RNFEwZ1N3SWdBel90Y1ZEWkZrQkJNY2ZWQm54SHY2SW44V2RjRXRxVnY2dmM1Ykp1azZNZkF4cFVObWxVbUR4UHdDSmNVcllHWXd2N29objJnOV80R2ZIWHhXLWNVYXdzRVd3bVBoOGhncUZ6UGtKbENIMDhiaDdNajd6QmhwbkJoMVNvTk1FQmZWMXk3dzc1c3NESjdwb3NibjlrckVhLVZwM3hjOVhKY1dxS21ESldCMlVjM1Y3bjUxVUhnSjJJanZIN2dNRUN1YkNXSmk0dm04RURjdDFreHV4bFBSU2FHN1JUbVBxWUZWQU1fTW9ZWDRYa1BmOFB3dEhkbXBoM1dTaUdtYnpBREI1Vi1KbzR2Rlg2TklYYjZqSWVGRmRmRmJ1TWJ6RTNwT3NKXzEzX19JRHF5RldjSXBudWVSZHhxMUJCZ3NvblFvNExuZmlPeUJScXpSX0x6X2hud0NDalRPbUg1cGlkcUVUc0o0bENDNjhhcEJ0UUozZUdNTUdjbi1ra0FRTXNGYW5sQVRxbFJOTW5sQmZsemRmWVZlbVFuM3A2TXZqS3A1WmRCSTEtWWliT2pfcGhZemtpdExMVWgzbEd6N1kxRjlpVGIxLW43cklST0kwajFnVTBaZ2NnZGxuZWozOTNSUDlWWWNlMkF5SHZ3R25PUmxxdDBZMFlwRFdRMU1rc0c3ZnlCTnZscUJPNU1wR1ROQzFPZXNwTktWaktxY2ZHb1VETlppMy1zTGhSc1ZMQkVyS3F0eUlpbk9yY21DUWhSMExFMGlXVHRIQVBnSU9FM3ZKWE9iMDlnQkxjcW9ZdTN3WThPaTRlWkY4WWdfZDFIeTNxOUlOUFpCcklRa1dMS1lDcnlJMzlVSzR4WFFhQXBzQ0tKcWNoR1V0V0gxYmJJMlVHTUQ5OGtrdWZjUkoxZVYzQVhyQ2NuazFMVzdBLUtRcFB5QWdHUkFVYkdLeUs3QUFPcWJxSUJMejhLVmRTVnlqWm04b3VNRDNScjhvZURCeVd2OUFSZ0RrOFpmSmplUHJQRDByNzNnZFJWSllBTzA1d2lDUjJQVGFRcWt1VnFzM1JmU21zYm9HbG9obF9PUlBBenNVRlFoR3RRTDVteU1MV040RFVpRkNDRTJ4WDBIUXhVZEMxa1N1Q0NaTnNLR1RjZVpvMEpycDYwOHdWT19wTFBNeTRfSHZhR0h2MGJRVWNERVVQV2lmcm16ekhUMzhOVUhKMzZ2NV9hd1M0STB0REx4M2xKQXpZTHVkU3l0d01TZHQ5NnVFU1JHZTBtQVM0WDkxbnVXX1ZiMGNGd2RYSnVKNnF4SThVQjVmeXI2QkRSYXVBT3pjQk9ZdzhMcnMwZzJiQ2pJWWFGWUgzbmR3dlIyUWlLT052VkpBQkw0cEg3dk1US1ZaZEtqTEZnd2VBczNmRnlnYjUzQ1RRRkdjRlBVREZuT2ZjdWJjSXhiQTJ3R2J2alFsWkVPaWNpWEk0VGViRUZlSmUweVVXR0VfMm9kdnFIV3g0V011SjdtYklpQ3JJYjB4b1hHN1o4SGlMTU1zYnBmZk5aN0pmaERBbUo1ZFNXUzFlMXpKbTFxQU8yWTR5cXhTTTBGOS1Od3RDWXJXa2xLaUlKa0R3cWV5d0ZxZHFIQjlSRGZwc2JvU0VNaURURFBVcXNrMHFYcVExcVdBd0FzQS1POW1sNTVzRkVqVFk2WVNxc1RRZDVya0pzS21uNkZtMklZQXlYTDdaU1JObU1fNDFoeU1NR0Q4Ynp5RG5WRmZsOWtPTW9QbnJCNVNHQjY5eUZSME9STzc2WnVxLTFOUlNqWXFYYUcybTVtREJMSDVnSnNpdFJQSElDcGUzLUtueG5LOWFCbTJzRjk5SDYzNEdpeV9TY2pKaXhxQXFQRkNyLTgxZHlyMnVxT3hhZGxUSmFWLVBPUkRtdFVidXdNd3pMOWpoVXNiWnRmX1NzRjU3eFpRdmdXYXVvekpvajRkYmo3SDNqN3F0SG9KQTc0QUF5WGozOG9DVFJzc2wxOHpON2t6X2NnTF9keHMwN1RTdGE4LVVWSVhURFI3LXVsVzd4bXdKdWZFYU9ON2J4RXEwdHZCeHo3R25LdU1wamtIVjVzYVlCUk9NUG05TkpvcWo3dUdxQmxYNEUzdTY2eTFQMTFnUXBkYXprdTY2Qno2Y1FndmQyLW1wcU16Z2pvQkY1dFZualgwclA1aEhYMHZ2d1dlenJxNFIyOEJqSDZTQldnelpNM2dWYW1zWGRNWTIwT2IzLWJMdTRmNDhGMDhTYnNFOHAzWGtYamhCdWd3RzBKTThWT3BDRzdBNlNvTlR2VWhSaWc1c3plOVM1YXlMTEJxQ0FBZmpxSXIwRzdnSW45b0hFQ0pmM1FnOXhmdi1HbVIwSmZpbU5WdElMNWJRUjZiRTJCanRjMXpHSk5NTHZxaUxhZnRnWkFwZTNwVm5FTER6NHZueVZNUExsWkF4cHhSNzRGTWFic0FXNEV4U19iaEVxRUVsTmxVVzJGbGFFcEI2ZkJrdUh6d0NtZ1ViWTNHQlljYU9oeTE2MUJJUnlVR0pWXzU1ZXI5Q0FVSkNfRWR1SUJxODFQdlZqYkpLemU4ZWVTUHpQbnpfTmdTLUZmQldjRWd6LU1udGp5ME1CN3dnUmdZcWVEZmZSdXRINUtaMHJzZXR3b2hDUTJkcy1mc1piN3ZIQ3B6WUY2eFVKQ0t3ZVItT3dTanc5Z3dVcmV5Zzk2RGhkZFJfcXNXdmc3UzdGOTlwVTd2YWo3RDUtY0cxVlp6OG1TQ0UzMWp5LTBjQkxQMFJILWI5ZEs3a2o3RkRDYjR5SHRzTWNYUWZDWFFrQWtzYXdZZlRwOGRpZEFpTzJoUzlzN0d6dWQ1RThXbUFvZUt6NjhzQXZDVHVxV0NqbE1jRmpCMmFnOFhzUURPVUZZejIwWnZFYVhpclVtRzRpRlpDTThHMjNxSWJ3VDd5VFdvblhseW8zUFRGLTRYOEVlWWw1NVIzSFhDbndfOFVxTV9teDFaR2lpcVl5aklKc2ZOVTgtMkhHd3hCaWktdU9ZSHBmdVlDT1oya3JoTkFITTZmZ3BYUlI2YmJjeU92TVk5c2o4Y004R2JWTEtITjFaaDNPM0p5LVNGMllyZ3ZnREJkWVcwWFpiZl9qLW01RU56WlEyWks3RHFhV1pEWVRFMVpsLU1ybUtWeGU5elV6OXBISUM0Z1JlLXZkbzB5SjdQMTdSVkdfX2hVbWNyX2VBSTZnQ1BPaVZHU2VVdEJ3eWFBQjlUWFNxNjdLOTcwSk1JdExjN2UzZ1RMSWVSQkFidUI0NWgxMldPaWRWTmpvbC05T0tFblFCbFRrWFFxMV91Uy0ycHJPcDRrdEFWeThxYkJvbFdNdi1tT09wRE52T01pcWtOZEJkcml4bUVrakRDZWZfLW1WUkl0VDhvNVdrWlctam50blVfZWVrNWpKOHdGVXRYdEMtTkEtZ2NERnFGbm5yd3NDLUttQUUyMkRDSWkycUo4T09nam1UazFsVUNjWHZwS1Q4MURnVWVoNE5NSFM3ZDk1dnVyY0l3bWFjVjBjM2hUc2h1ZzNJS0Q2NGNacTJwZU5tOVNWcEtpc2cwbFVrNjV1WVUyRzM4VGpNbnZmclJ3OUZBblhUU0VOUzZpMG8tVzZlVHphUjl4SktaaWhBSjhsaFNET2MzYnJTRjlzMjNiM2lKU1Fxdzhwa0V1cXJTeWZ1WTB2SVN4U0NneFVnSF9kV21ZWVFxVEhoSXZ4VkpmUk9wbTBiaHVMSjlDbVFyMExORUVfZEY5dkpDRFVsTnBSN3k5QzA5VC05Y3l4ajBHaGtTd05xUENwRnppVDdQNVdwRVd5SVRSTUlZX21PSENkUFMxQ2FnQWVRcEpfQldaTlI2dGlTOWJPWUwyRlRjMUNVS3BKSWM3amx0bGJFWmQ1c01VaGRHa1RudVJWQmRvT2NlZTNnVmVJZkJhLWo5bFlyUUZaUWppT3Vfbkt1NzFVZXJTQVBnMHpsV3hVSkcxdEpGSVh4WVZfcG9WTHk1eXlvWlRnY3ViUGxLR1dtYnlzS09MemVTNTMxM3F6X3VJbDY2VHp1SUxuOTVacFpQaXduaXFoTzJpbktTY3NDX01CVkNYdGhTdVlXeW8xSkI2alZlX1h3VjctS1dUMlhjYk5ITnl5M2RWTkJwOWdidWl1RWlmNmExUDhDTlVyRmNzQjRGQlBOaklld1I5MDZNWkM4TUR6bUtfWm1tb3M0c0M4Ql9IcWctMXhaWFZZQnBLay10YUpmNWNBZ2F3dmZxaVJ1a1hYYkNDWHpKUFJvZjNJQUQyN3dZTUJLWEpYdzVGcll4dU9hMHEwRlJVMTVUWG1JN3RSbVFJWWE0eDFTZGVhZ2hMYVBGcFRwNjRaSVZBa0pJbllHbnN6aml4Uk5mXzdreDdJc0xNallZa3RFekZZa282bXZEX3d6NXFzUmIwcGV6cENLcVQ5TU0zcnB2TkE2NVZsdFgwMGt0cjFxOTdXajVHejNCU2pBN2pfVWNhdmp1R2dqV3Mycm5jNWx4bU41dUhPMnF2T1lFLWtNV0Q2S1NaWFp0bkQ2d29LRS1QZnR2bUFqUEFiQ2RCT1RucmRESm5NVW9jdGw2TlJlZG8xVkVLalJkclBXaEhPWXk1Ylk2SjVFZHdiY2I4TWlFcFd2azFSRWJBRFVkdjI4aUluM0pMdmlJODE3MkdhRW1BdXV1NEpHcnlXVVM5ejdRUmRYb3R6SnF6MDVVcHFxRFFHQW42bUJCTURYUmhLUzNhcWswQkhHNGhGQ0ZMaXhva0pBOFZmMkdoMTVqa2xUZ2pOc1VwajN6cE5iaWZ4LTc2WmRpSmxpcGxPUl91MDlSVHN2TUs5Q3lrNW83QzEtX1Y5NlJqNUJVUkoxT0NLamhoNkNCV1RvZ3UyckNFSUVlY1FlT0lnWmdFYy1yclpHc1BPUXhtTFdKdVp5SjRLcEtqUFJPMWttTjVMRlVneGkydVN4d3YySnAwTXRGODVkXzFjMzNXMUpYOFp1aHNrVGNFeExaUDVLekJWTzdlX2syclVuQzRid054eDVHUlhKRTI2OUlhcGFFd3Nad1RrSmRBOVc0YnJxTXN5SnNmYW4yTXlOUmxoSHpzdUhpeUZib3ZpWEFwQmVsMVQyYTZReHNqTHE2QmFHUWxhUXFSZV90Rk5PVUl6UzNpcDdCdUtGN3hqYjdNVUdtbU45VVg1Q2pHb1NzMkRnRElucVlXejVXUGRkZG1KMlZqc3dUSVM2emdHS0dOLW1uR0NHU3c3MDhfWldEbFlDVkxmdnpDc2ZFYTB3X0Vtc25NRUtsZHQ0OHhXT2FwQ0VUaVI3bjJsMFVNRGtPQjA4blB6QWF4dWtyaUg5bDltMzlwUGhOVE5CUHE4NHhYOE5MTy1hVnh3cDVvTEZaRm1uZFN5UzZWTERMTjdEd2hXNGtLQS0wcnlVQ1gwenAyRk1DalM4SC11cHZHY28yTVJMd3QwYnFzb3gtd0lYUlU0Mi1vYTRlTGM0cElBRFJ0M3dBc3U4dWp0OFFBTFhZN2tDNFJNYW5zYmp5N2RVRkprbVk3LXdkQXJqSmUzQy1KQW9QVTM3RWltam43Qk9SVy1peFZyVTNBd2taQl9TMkVBWHo2azViTVNNYnJFS25vODQtNElMbGIzcFpfcmh3TDlVc2hFcnE3TmJMWFVZOVRwOVhqRGtrVzRlTjB6OFBtQ1h3R25QQnVGZGxMZ2dvVW0wNWVuQkxOLW43eUR3NGFQZThqNHc5RGNVOHhMRU13aE5CbzF5TmN3bE5SR05NY25SRmF3cGNCNWtMS2FYd1BWUVpibzJiWDBGSk0yeXVpcGJKX2JBSzB4aFExNzBmZkZRY015R1RHWFhtdWNYMnVEckNWTmhnTkJvWDhmN1NicmVJSndJaER1em1nYldJUEpKMFgxUGtRWjBBUkFJZXkyTnJBaVFxZWp2c0d4dmhadDJ2Q0kwRFF6b1UyOXhxVlJfUFFybkNvYzE2bl9ESDdjQ1J0WFotZUZYdkV3WEpPbkNBUVFkSi1qY1JKY00wTXRxR0t6MXVYN3V5eUVJMjlJbWR0amFTdEZVcmF0N1piQnlwd1UzempDTlFxVnNUSEtkc3MyT3EtU2NJdHhaaWpmbXBScUs5STRqZFhHd2drTlQ1cVRCQ2puZ2dDYU1FTW8yTVZwMjhEUjNpNFV4dHIyZTIyd1Q4a1NMZVY5T0NtSU50amp0LVVaVTRnaDNaLS02YzNsX0Jxd09IMzFxemhHTmlBb3FkcVAyMnBVUVJmcFNwWUpBaktHcVRIMk1Ta1d1eGx6SjB2Z2Fmam5JbHJOSnVJVy1QeUpwcUpwQzZTeWlCQzAwRnlvYWxzWFliRFBNSWJvbE1xT0N2V2VkVkRSYkVZRVAyN1YtWG1CNGdSNGwzZm5zM2lxY3JrSkRSUDVVend0Ny1lMTR2b3VQckhtdzEzQ2t3UGJqZ2xsR2Q4Nmx5OW9aS0p3Qy1jS3FGWnpnem9vVDg2cUhicUtheHNTR0t2WXlabUxhSnF1emg4ZHNsamotQ2dvZjdBY2tadExOelVrVzlpRFRaWG5qMlB6czNtYmVCWEwyNndPLXktTWJlaEpqUVp4MzVZck95TWFyZ1RqeE9wbTNSak5hTWxzWjMtcU01NHFYbHh3QXJVWEVDbVNXRkN4Q1l5QjNrd29NRkp6TEJxT193ekNTSWF3dG5jWUF5Q2xOSkdaSi1hNklnUVdTY040SlhoMVJRYVZ4X3o4RU1mbWhFWkFCTF9YWndYT0FrNS1GcEVPZEZlbmJ0OW00MTc3Vm5IckFIUzB4REotTG4zcWNWemdwNHh0V3dvNm9aR3gxX1RSS0NXR1ptY0tveEROalQ3NFhVZlQ0QzdmYmNUV211NzZOZmQ5NHZHT1JqdnA5eVhlZkY5M1c4QVM5LXp6X2ZGQmlsTGk3ajNOUkRHcmp4UXZYUE04bkkxdldUZnZYWXl4RXBLTkw4NWxRZno3MVVibzVDUnA1SElsVFNfQUpnbks2RnU3N0dDaHJBLThGWHBFUTd3TWpCUVNyYkozRFU4MmVodGJzSUlSMmgxbk9RVnhId2hWejM4RG9NYzIwR0Rqbk5GRDZZWG9GNkpIWFdXY05OcmpLYXg1RDJCWDZCYktOSDBpU0JTWXBsTjhsU19HSFgwN1BCTTlFOEdQRVJHMG1uTmJ6clhGMkFmM3ZfZ1VZenZIQjBHZnhTYjAwZDFBU01pZ1dnRnhEaUM3cHlGeWE4NlJ2U1ZMVGNuaFJ5TGJiYy1iT1Zscjc5Y0tFNE1rcGdXYm4zcVdaZ2Q0MlFvbFgxMUZlelJnZW1Ja2FLRVd4bHpTSmRPS1RiblBnd1hCeUM3ZmFoa3lFTmk1dXhBTU51aHo3dlRTMWUyWktyVzI3OXlBWTdnd0lqQk44bUFVSnVqWUgwMHJIbFhoSDlaaUltWHp5Z3ZNdHM4cVNxUThwSG9QTVVFREpLRWxDNVZCY0RSaUpUTmhlZU9TdXBBZGNrbFBQV0tDYUUwbVlDM3VUY0x0V2syMS1jX0otOVZ2dTNFNzNKWXJUbE4wR1NMV1ZhcVY3bjZ3QkJoTEtwSEg0bmNkRkk3Y1pjV19UYmQ4OGhyUmJYZ21SbmpqVHJEd21RbDdOTFNUN0Z4R2dxR2lDUTNOQjNoa0NoUUpENVp3dV9QLWRmRnVFaUtDWFc3NlZoaTM4ekk2cjRUVkJWdU53WTdHQUphdDNRM3lEUE5Pb1AycDFraTlXVjRoLVZsWTBLUThEaEFLeXdKVl9rLXJNZWNGaEhwQ1VzN2hXRGdjajdsbmlPdlVOZTZDSjNXUWJkRy1leGpadjlSRXoxTjZpVGtYby00OGc0THhyc1Z6ay01b3JKTTQ3V2RzSzJaMi15cFMwcWRmUG5hc09CX1gzTVVMZU5CcGtHNUoyT0dMNjRvN18zSlV6Mk54OFlwaG11aFNvZmdEOXpOWjlkc3FCdUdrVkdIQkR0NVpZUG9VUVhDV1hLYVV6Q0FFRFc1S2tlWGdPSzVVWnA2ZVcyekZndXc5RlBmekpjVjAtd0h2dHRhWVdqRHN4RmpvNkN5MDc3TjJXRzVEZkNLa3FIM1VFNDBCejJtNjlpTkxhTUVMMm0zUHBkVHNROFVfdFdyNElCUUNXYXhLdUI2R1NsMWw3ak0xMEJ6akpmTFJadXJXR2MwQkxlSUVuc05ka0tMNmNOWWZ4cGpkQzFKNXppTTBQZ3dsUGMyOFJXeDAxeXlkXzVhTWQyR2NjVk4xVzRjeWlfRHRINUotSUFzeVhvUjM4V0xUeGpqR2U3UnJWRlJSMHFxaVRwVW1BQ0IzRU5KNUZWSXVXcmItNGMwZ0ZXWXlId19mSjEyUllSSFFOMkdzZEpibFN2cXAyc2ZQM3FWSVBWdjFXRzhKUmozbHFYRDFaNDA0SFNMeW5jM0tlbV9hVF9WVUo2MVdTR1lCQTVXMm5UcGhSMkJXV25WMkg3RzdLaWJacm94MmliVExReEdtamtLaGtxX2hNZ0NLS2ZaaXlnRWtEN3pZb1YzV1RRWmhaZmZib3cyMlVHTzdMWVVIUWlYZ3hHWEdINElxaXY5aHRqNklSS29PeG1CRl9aRENqS1kwOXQ1a2pFN29FWjNVeTNIckhyNjhMVVhzT2tkZ1lCcU5UQnZ0c3RRbDdZOG55a0dpNUtjbDlKZ2JUTUl5cDJuQk1ZYzdCMlo3cm80YllkZWFVclFfeUQ1MjNOcV9BMEx4OExWdkF4MUkxSUMyaTFoa3hRbjJWa2VIQ2NHR0F3Qy05V2oxeE9GSmZrRUlJS0Y3dGpNdUhHRE9KMW1PdjB4OUxvbG5nVGw4M3Q4T01zR2VFNVY5a3FHTTJPdFpwcWtqeG4tQngwUFpwd1hJV2FHM2s4a0kxa1ptNWg4MHg3dlhxeWVETGJjRGhYdzQ0eEIwWktYRDItWEk1WmdMNExFX0JLekR3OVJaQTNYRjJ0eTJCX3JqOG9Uby04V01ZbGt6dlJaZVpGWXV2Y2tyNVlGZGFQR2I3bjR2Qkh0ZDZySlRzV2R6SmllRFBSS05IaG1vQUVUQmxMdEMyWk1ZNkxpbkVoUFNWbk11X24wcGtaMXVXcmhWZzgtU3JrNEhnWmNnZUdwdVNnVWRSNXVOaUNIWkZKa1B4V0tYTk1pNGRIUnE1ZERPS3laR19Jczh0LUlPRDRlbXFGVjJKMHVwWHhWcmFfSHR1UWN2b19oY2prMWc0ZzFlWVQ1czdLMzBjM3RfR3g0ajlmWmJ0aXhxQkxsZHE1ZHhVcmFTR193Q0NRYV9BTHF4bm5ySVVNWmZlbGJ3WFpITWVta3pabmlQOE5zLVRRa3VFY2VINzRkblR1Znh4U1dGNFZRSzZBWnI5WnA4VjBUeFNSZ0JjRDVGT3lWUzhaOVV2bXkwRnFBWVNOTHdLYi12aTkwbW9MV2pESlVqblJXMDRLallYMm1TSlZxakNnVlJOZ3AwOXRWczRwYUszOUNnZHhnUDVrS1ZfZGlTN2xWVVl0bEkxeEZrOEN5cVJqaHYzbkl2WmZIbzRucHV3eFMxY2QyQTVqLUY1WlpvazVYcE53cHBIOXpnMFRqMG5IcFFqT3FmMkdiVktuUGlWMHJ3cEpvbWV4SGEyMmtpTjdyYzJVazczWlhkRmxQdGNwNmp5S0E0a3JoS19KNzZKZkNCeVBhVGlTV1U1WEM5RjRPN3hUeXBCay1YS0w1SWVBWDl3NEtFUGZLV29zbGs3N3h0MXowV0UzbkVsbVR5WFFNLXVKVlJnNWExQlBKTHl5R2RDVFZMalZaN2dZbl9QMlF6dzIwTUtWNEZaekR4QU40MWFQSnUyZEdMYmU2czI0QUhkUmhDT1RTNWF4SDVTejg4NGp5UWMwRDJqZjBDUVk0Nkp3YkpENzZFQUFpMGc4cGwwR2luc0FEVUU0RS1tc0tkMlVtSGxucGp1TngwLVpvdEVZckdQRlZzT3Z1R1hnN3M3NFFBNGFwTGJ6VHhVOWZpVGFmdmU0Q05tWE9uSlEtOGdIR1VudEZleW5VZUQ1MUd0dlduQllmZkxSak9wM0taNTlWcEFvWnFCaVZIeVVIeU9vTWFmOVNtU2hMNTQyUHNwZjV3a2lVSFBvWWtpbmt6VnlBRXd4LVkyV1ljSmVadG1tdk5jc1hPaS1OSWEzVzVHZmhQY3h0RjJLV1Z0blhKamhpWUJuaVJMU0RGU3kyd0ZWQTduM3dEbl8tUWZ0MlczQ2YtdlB5MW1jY0lvZUJqVWZ4MUIzaGFxME9rYjRwTENmQ0NBNVVTSVRKT3MzS2pHbHJNVEJrVTBoVlk1WE9NTy1QZXZ0YldRRVJ2MHBGNDdiWk4wUlA0bGNUNzNxN3g0X0pfRWhMNnRBNHl1clU1dHNYc19PNXBnWlBlXzNYczBNMndvU3V2VE54UHdtZzNtdjdvS0FiRXpGNlFFMzZCVHlFZ3M4YzBBVWR4NkRKLS1wX0FLemRzYVRVNkZUczNUWjJuZnFUbzBZamItYkJST1NQaUxZajNjcUc5cGFlQmJGS0p5TjhBajZYTmpBbTFqWC1INXIzaGRncTd4TVZ2RThxQVFOamZYRk9hNEcxWnMxaENPN2lPc0Y5T2MzbFZDbVVzTDczNDFzbGlYMXhIUmdfMFQzcmJyU3RVdzNfSnMzMTd0Tm9Sa2NlQnF5ejFPdjk0dzFBdkxWU3o3MlFKT2F6elJGUjRXWmpRcEVFV1lIRi1pT0ZHR1BDZnI3d3RYMVd0YURURWZVMXVSTnhPYUhpNmJCQlVtZXp0QmZyNGlfLUo2WVZFanYwazZSa2hNQWljSDBOVElONHF2SlQ2Z0JCVGhQU3d0SjFwNS1tTXc1TGdlcDdtbEFKaUxpUnliLUwzYjd1TmZ6a3AtcFo4aWlmeUpRNGdJb04xbWlFSTNNaElpT1dTeUxNaXhkY1kxTEVaN01Bb0dZbUZXTlNpeDg5QThhaWpNTmdkY291a3p4LUVUMV9OY24xMUtNdTBfQmFjZk03SDdNTmJPSjBKeXJ3ODhGbTRyVUFtTk5FTm1CTUp2cWh4MUV0NGhkS09DeHJwTFhyNHlfQ0w4X2o4eXBYQXhvQ0RfYWR2SDRpdDFwMGFJV1F0QlhDMDZDeTJpUlk2aEZybzBGREpXbEljajZ6RGtEMGg0am9Ob2xSaXplQkxWQmV3VnZmOUJRWFY1enp3TzBfNWQtYkZJODBjcE1jV1lxRmU3bHhtU3V2eUZ6UGh2b0ZLcmdHeS1La1VlWGRmT0lzbHFHNm1kcERwT0Q2X1BpdFl5ZmxLNjNpMkMtVXdVN1dTR3VUQlpiY2xfdEFTRkU1UE1CTEVVa1JqN2JqUWEydEgtZ0FaQ1ZPRmc1V0FSNTRHLXhFeEprOFFEVmtTSmpYY3p0WXdXVXFiMU5aV1JIcGNfWW0wdnA2RW1XdFlTVVJtTXV5NlY5enFoYnJlYkxWYVh0UDJJRGh0YnlxV1oxMVBOd1RDYllENzFRanN6MUwxU1pHakxaM2RXX0FnQTQwcGJNeGVyVnFHWG5oS2szTVNXa2RzS0s3cWFxM0VGMDcwUmlVYUQ0dHU4a25QWVdvb3NJWnp2aEhmVDRxcUs5NFduS19ONkRodlp1TmUzR192LWEtczJ5ZDlUcTNUalJsZDNCTF8tbnYyT2o0bWRvdWRhQW5yc1BSaTd4TEtOQl8ydkFqZ0RHRF9FODBCZFliX3VrS2FKTkFHRFZzMHJZX2ZTekZ5cUtKMFNWZjk5Q3JvWkdZaHMwaEMzOUs4OWVyZS1ZTFJFcG93UUNEQmMxZkJmUnJxUlBxMXBEWnJ1OHJjMUNyU0I5ZjJJak5Jb0o4cE80ZmJMTE1lbnd5ekhqal9sQ1kyTEtfbTFYaEd2RFIyVVZrNDFteTQ3ckVuU1J0b0dKWDJIOUNGd29ZVzN2RU5XR2tlSGcwUnQ5cFlOZTZQSGtUODdtMEp6TFlEWnBRcUZMM2hIdjgyOW5VRkVGNjBzZ1R5MTR4bHQxbE1OV1J4dHBwUUozdWl5N1h4Zm5pUXV0RlBpMng1aTVScFVfSFFNamtsUmxoX3lKdFhvTUtLNFJ5SUFpTi1XTnBhZ1lVTjhPUlZKUUpvUTRmT0Mtb0pBdnZmSzVHb0E3VGRiUXdSdnhNM1VnTThydTVMYmdReUFZTDc3MVVFby0zSUxLMFJnM3hJcW1hUTJETlQ5dmVrendkaXRBMGJBX2kwdjZBbkw0ZHpicWE1Qkt3Q0p2SHBkNmZRdDhlVlhzWGtWWTVMSkdsYjJxNzNqNUJiZGszZlZqZjBZSUI2eTlkbE5NTHFZWF9RN2ZTb0xZTmxEMjdERmFJYk1PcmlZVWhEVXRZbUl2dXlVMWpYaUVzLU5fVElKT3cxODRqUmY4UFZnSGZuX1UyWkstN2d3ZndJWkF3emd3amt1MWRJSlVGQnZhdWg3ZWwtSFpvWmV2ZDhRYk1ORjVzRjlubjE4bWlGNkJCMmZiOWw0dThRVDhQQUUwYWpUZFNNcUZSbVNadnByRUJncTVjNkpYMnJqNFVxOHpYcDF2OTRQVHM2U0Mwdl9SY1I1MVlFMGgxdzJrVXVUZXVEN3lKNHloVzlCUDZ1a1pPNXVwWWdKSUQ2em5FLWFsRUk2dzZJdC12LTBxMnhhV0YtbFpHamZLOVdpRTZNdzdjRFdHZzk4blJDTmJyc1ItTjE0ZmcuaTY2ejBVOTg3QmVFNHZNU0RsdHJLQSINCn0.F97n9ow8AlifFZTfh4QoC6P0rfMSBwVblnkl2pBlzZ-jvYS0mYOwJYwyB7TKG_JlWuPxJYdyDY5xPKEXhOxrQPY-448PVrSLAiuR3f5R2PFqVl4WXio87gfbC8z7PAd0y0vNJcTD8PRFbf-SsZZESA6S5rnrrpAN1EsuDMkEVimFaSQo9TTc2PYXPH1qe5m18LMF2bteqIiwVEW7-4waAZF0VMVAVlaYYOGx8AzdFuGgTPFe67leOo2Zam3YvBsGX6gH3EzaY69hQS5lS4km09WcNnH8RDMVeC2VsWiPaVTyZ9z9limS-P-0YkikQP5VbjiOPRCIhHOu6S6k4xQHoA" +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json new file mode 100644 index 000000000..8fef32927 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json @@ -0,0 +1,6 @@ +{ + "v": 10, + "respID": "2LVPaGlWAwzxURkrcTQX", + "inResponseTo": "_63ff9ef67370024c4d2d8b9bfd380578", + "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAicmVzdWx0Ijogew0KICAgICJFSUQtSURFTlRJVFktTElOSyI6ICJQSE5oYld3NlFYTnpaWEowYVc5dUlFRnpjMlZ5ZEdsdmJrbEVQU0p6ZW5JdVltMXBMbWQyTG1GMExVRnpjMlZ5ZEdsdmJrbEVNVFV5T0RnNE1ESTJORE0wTURJNU5EVWlJRWx6YzNWbFNXNXpkR0Z1ZEQwaU1qQXhPQzB3TmkweE0xUXhNRG8xTnpvME5Dc3dNVG93TUNJZ1NYTnpkV1Z5UFNKb2RIUndPaTh2Y0c5eWRHRnNMbUp0YVM1bmRpNWhkQzl5WldZdmMzcHlMMmx6YzNWbGNpSWdUV0ZxYjNKV1pYSnphVzl1UFNJeElpQk5hVzV2Y2xabGNuTnBiMjQ5SWpBaUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qRXVNRHBoYzNObGNuUnBiMjRpSUhodGJHNXpPbkJ5UFNKb2RIUndPaTh2Y21WbVpYSmxibU5sTG1VdFoyOTJaWEp1YldWdWRDNW5kaTVoZEM5dVlXMWxjM0JoWTJVdmNHVnljMjl1WkdGMFlTOHlNREF5TURJeU9DTWlJSGh0Ykc1ek9tUnphV2M5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU1pSUhodGJHNXpPbVZqWkhOaFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU01pSUhodGJHNXpPbk5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0krQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblErQ2drSlBITmhiV3c2VTNWaWFtVmpkRDRLQ1FrSlBITmhiV3c2VTNWaWFtVmpkRU52Ym1acGNtMWhkR2x2Ymo0S0NRa0pDVHh6WVcxc09rTnZibVpwY20xaGRHbHZiazFsZEdodlpENTFjbTQ2YjJGemFYTTZibUZ0WlhNNmRHTTZVMEZOVERveExqQTZZMjA2YzJWdVpHVnlMWFp2ZFdOb1pYTThMM05oYld3NlEyOXVabWx5YldGMGFXOXVUV1YwYUc5a1Bnb0pDUWtKUEhOaGJXdzZVM1ZpYW1WamRFTnZibVpwY20xaGRHbHZia1JoZEdFK0Nna0pDUWtKUEhCeU9sQmxjbk52YmlCemFUcDBlWEJsUFNKd2NqcFFhSGx6YVdOaGJGQmxjbk52YmxSNWNHVWlQanh3Y2pwSlpHVnVkR2xtYVdOaGRHbHZiajQ4Y0hJNlZtRnNkV1UrZEhGRFVVVkROeXRCY1VkRlpXVk1Nemt3VmpWS1p6MDlQQzl3Y2pwV1lXeDFaVDQ4Y0hJNlZIbHdaVDUxY200NmNIVmliR2xqYVdRNlozWXVZWFE2WW1GelpXbGtQQzl3Y2pwVWVYQmxQand2Y0hJNlNXUmxiblJwWm1sallYUnBiMjQrUEhCeU9rNWhiV1UrUEhCeU9rZHBkbVZ1VG1GdFpUNU5ZWGc4TDNCeU9rZHBkbVZ1VG1GdFpUNDhjSEk2Um1GdGFXeDVUbUZ0WlNCd2NtbHRZWEo1UFNKMWJtUmxabWx1WldRaVBrMTFjM1JsY20xaGJtNDhMM0J5T2taaGJXbHNlVTVoYldVK1BDOXdjanBPWVcxbFBqeHdjanBFWVhSbFQyWkNhWEowYUQ0eE9UUXdMVEF4TFRBeFBDOXdjanBFWVhSbFQyWkNhWEowYUQ0OEwzQnlPbEJsY25OdmJqNEtDUWtKQ1R3dmMyRnRiRHBUZFdKcVpXTjBRMjl1Wm1seWJXRjBhVzl1UkdGMFlUNEtDUWtKUEM5ellXMXNPbE4xWW1wbFkzUkRiMjVtYVhKdFlYUnBiMjQrQ2drSlBDOXpZVzFzT2xOMVltcGxZM1ErQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1VnUVhSMGNtbGlkWFJsVG1GdFpUMGlRMmwwYVhwbGJsQjFZbXhwWTB0bGVTSWdRWFIwY21saWRYUmxUbUZ0WlhOd1lXTmxQU0oxY200NmNIVmliR2xqYVdRNlozWXVZWFE2Ym1GdFpYTndZV05sY3pwcFpHVnVkR2wwZVd4cGJtczZNUzR5SWo0OGMyRnRiRHBCZEhSeWFXSjFkR1ZXWVd4MVpUNDhaSE5wWnpwU1UwRkxaWGxXWVd4MVpUNDhaSE5wWnpwTmIyUjFiSFZ6UG5sMlIwMVFSRFZaYWtobVpXOHhkbHBoU0VGNFEwWkNNeXRCUW0xaVlWQnpjRE5HTVhGRGRHY3ZaWFpsVVZSSWNsQnlSVXhPVDJaT1VuWTBhV0V3WlhjNFRsQnlaVFpRUjJKRFZHTU5DbnBrT1ZGdVZqSmlSRE5yVFhCa1VqUlRjMlpRVFVnd2VGQkdXRFV4T0dsUlZEQTFUWHBhT1dRM01WVnpiRGxzZHpack1HcHdTMjFGVlVWMlpWcGpRVVZKTVhGa00ySjNTWEJVTURnTkNtRjZabG8xTDFCa1JUWlpSVmcyVlhwUE5FSk1VbHB3ZUdOTlJtTXdhRGxaYW5vclZ6QktjRVYxVTFKUE0xZFFjRVpvY2xZeVZVOUtVU3R4ZUhrdk5EWklZek5JVERkTlFsRlNWMm9OQ2twVU9XUndlV0l2T0dSbFpWQkRialJGTldoTFRWSlRjblZGUjJwaGFFOVlMMHcwTTNWSFVVOU5VRVZ4V1hCTFNIZzRhazlTTDBsUE16WnJTSFZWWm5GT1RuVlhiRWhDYlVzMldFME5DbmN3TUZsclYyTkRVRUkwYW1KUk5URTBSVk16UjFJMlJIQkpNbGRVVVRCaFRGbHRWR1YzUFQwOEwyUnphV2M2VFc5a2RXeDFjejQ4WkhOcFp6cEZlSEJ2Ym1WdWRENUJVVUZDUEM5a2MybG5Pa1Y0Y0c5dVpXNTBQand2WkhOcFp6cFNVMEZMWlhsV1lXeDFaVDQ4TDNOaGJXdzZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzT2tGMGRISnBZblYwWlQ0OEwzTmhiV3c2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwUGdvSlBHUnphV2M2VTJsbmJtRjBkWEpsUGdvSkNUeGtjMmxuT2xOcFoyNWxaRWx1Wm04K0Nna0pDVHhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekV3TDNodGJDMWxlR010WXpFMGJpTWlJQzgrQ2drSkNUeGtjMmxuT2xOcFoyNWhkSFZ5WlUxbGRHaHZaQ0JCYkdkdmNtbDBhRzA5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU55YzJFdGMyaGhNU0lnTHo0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGVlNTVDBpSWo0S0NRa0pDVHhrYzJsbk9sUnlZVzV6Wm05eWJYTStDZ2tKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrOFpITnBaenBZVUdGMGFENXViM1FvWVc1alpYTjBiM0l0YjNJdGMyVnNaam82Y0hJNlNXUmxiblJwWm1sallYUnBiMjRwUEM5a2MybG5PbGhRWVhSb1Bnb0pDUWtKQ1R3dlpITnBaenBVY21GdWMyWnZjbTArQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdElFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkyVnVkbVZzYjNCbFpDMXphV2R1WVhSMWNtVWlJQzgrQ2drSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1R4a2MybG5Pa1JwWjJWemRFMWxkR2h2WkNCQmJHZHZjbWwwYUcwOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREF2TURrdmVHMXNaSE5wWnlOemFHRXhJaUF2UGdvSkNRa0pQR1J6YVdjNlJHbG5aWE4wVm1Gc2RXVSthVXN6TW10cmJVNWtVelZIV2xSemJHOHhTbVJDWVdsRFRsVnJQVHd2WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDRLQ1FrSlBDOWtjMmxuT2xKbFptVnlaVzVqWlQ0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGUjVjR1U5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU5OWVc1cFptVnpkQ0lnVlZKSlBTSWpiV0Z1YVdabGMzUWlQZ29KQ1FrSlBHUnphV2M2UkdsblpYTjBUV1YwYUc5a0lFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkzTm9ZVEVpSUM4K0Nna0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDQ0TWtadVlVeGxja2x6YVVOM1RFRlhVVEZYUVVjcmJVUlVWVTA5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRazhMMlJ6YVdjNlVtVm1aWEpsYm1ObFBnb0pDVHd2WkhOcFp6cFRhV2R1WldSSmJtWnZQZ29KQ1R4a2MybG5PbE5wWjI1aGRIVnlaVlpoYkhWbFBnb2dJQ0FnY1UxMU1uTXJkV2xwVlhVMk0zRmpOWEZhYmxWWFpVeEZSREpuVm5GRFkwTmtRMGN4ZHpFMVoxSkdTV3Q0UzNOWVZGRlRRVE5LVjBoRFJYaHhjams1ZDBjMFYwMXRjRTF0U21oaFR3MEtkRGc0TjJOUlRtOUdURFJaYTBzMVRXcEhOR28wUjI1Q1ZHZFRhRVpXY0c0MWRXaFBkblpITUZsd1lVSlhNMlYyYVdSYVRYWkllV0psV1VSSVZHeHBia2sxVWtaU1pVaEdXRU5zVGcwS1dGQmhUMWxWTHpVek5GRnhaMWhLU1hrMFpXdHVkRFJ2UXk5TE0xRnVaVWhoU1VKbmVrSjFkMlpIUjIxbGEwVnlPVGROUkV0NllXWjBhMDVwTVVSS1dFNDRkMkZJVmtWTVdubHRPUTBLUjJGM1JraExjRUpGY2s5aGVqQXZVRVpxZUZGUVpsQkRaVW93UzJoNGRqbFFWVmh5YUZkUlMySkhZWEp1VlU1MUx5dFRNVEZqUzA5eGMzQmpiR2htUzFac2QxUlNhQzlXVkdsaFZBMEtSbUU0THpoYVMwSTVNM2cyV21SSVQwMHlZblY1VERaMVRqQTFjblpMWW05d1ozcG5ObEU5UFFvZ0lEd3ZaSE5wWnpwVGFXZHVZWFIxY21WV1lXeDFaVDQ4WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2xnMU1EbEVZWFJoUGp4a2MybG5PbGcxTURsRFpYSjBhV1pwWTJGMFpUNU5TVWxHZFhwRFEwSkxUMmRCZDBsQ1FXZEpSRWRUYTJWTlFUQkhRMU54UjFOSllqTkVVVVZDUWxGVlFVMUpSMlpOVVhOM1ExRlpSRlpSVVVkRmQwcENEUXBXUkVaSlRVVlpSMEV4VlVWRFozY3ZVVk14VldOdVZucGtRMEpJV2xoTmRVbEhXWFZKUms1d1dUSm9iR050YUd4aFdGSjZZek5zZW1SSFZuUmFVMEp3RFFwaVUwSnNZa2RXY21SSVNYVkpSVkpvWkVkV2RXUnRWbmxoTWxadlkybENTR0pYU2tsTlUwbDNTVUZaUkZaUlVVeEVRbXhvVEZoT2NGb3lOSFJaTWpsNURRcGpSemw1V1ZoU2JFeFhlSEJhTW1nd1RGUkJlVTFUU1hkSlFWbEVWbEZSUkVSQ2JHaE1XRTV3V2pJMGRGa3lPWGxqUnpsNVdWaFNiRXhYZUhCYU1tZ3dEUXBNVkVGNVRVSTBXRVJVUlRGTlJHTjVUMFJGTVU1RWEzZE9WbTlZUkZSSmQwMUVZM2xQUkVWNlRrUnJkMDVXYjNkbllsbDRRM3BCU2tKblRsWkNRVmxVRFFwQmEwWlZUVkkwZDBoQldVUldVVkZMUkVKV1JWbFlVbXhpYms1cVlVaFdNR1Z0ZEhaaVZ6RndZek5PY0dJeU5IaEpha0ZuUW1kT1ZrSkJjMDFIVms0d0RRcFpWekYwWlcxR2IySklTbXhhTW14NlpFZFdlVmx0Vm05aU1sWjVXa2RWZUV4cVFYTkNaMDVXUWtGTlRVcFdUbkJhTWpWb1pFaFdlV015Vm5sa2JXeHFEUXBhVTBKRldWaFNiR0p1VG1waFNGWXdaVzEwZG1KWE1YQmpNMDV3WWpJMGVFWlVRVlJDWjA1V1FrRlZWRVJFVFhsT1ZHdDVUMFJOZVUxNmF6VlBSRVZqRFFwTlFtOUhRMU54UjFOSllqTkVVVVZLUVZGM1RscElUbkpSUjFKNllYazFibVJwTldoa1JFTkRRVk5KZDBSUldVcExiMXBKYUhaalRrRlJSVUpDVVVGRURRcG5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVNHJaRUpUUlVKSGFqSnFWVmhKU3pGTmNETnNWbmhqTDFwaEszQktUV2w1UzNKWU0wY3hXbmhuV0M5cGEzZzNEUXBFT1hOamMxQlpUWFEwTnpOTWJFRlhiRGxqYlVOaVNHSktTeXRRVmpKWVRrNWtWVkpNVFZWRFNWZ3JOSFpWVG5NeVRVaGxSRlJSZEZnNFFsaHFTa1p3RFFwM1NsbFRiMkZTU2xFek9VWldVeTh4Y2pWelYyTnlZVGxJYUdSdE4zYzFSM1I0THpKMWEzbEVXREJyWkd0NFlYZHJhRkEwUlZGRmVta3ZVMGtyUm5WbkRRcHVLMWR4WjFFeGJrRmtiR0o0WWk5a1kwSjNOWGN4YURsaU0yeHRkWGRWWmpSNk0yOXZVVmRWUkRKRVowRXZhMHRrTVV0bGFrNVNORE50VEZWemJYWlREUXA2WlhaUWVGUTVlbk0zT0hCUFVqRlBZV05DTjBsemVsUldTbEJZWlU5RllXRk9Xa2h1YmtJdlZXVlBNMmM0VEVWV0x6TlBhMWhqVldkalRXdGlTVWxwRFFwaFFraHNiR3czTVZCeE1FTlBhamxyY1dwWWIyVTNUM0pTYWt4Wk5Xa3pTM2RQY0dFMlZFMURRWGRGUVVGaFQwTkJaVlYzWjJkSWFFMUNSVWRCTVZWa0RRcEVaMUZMUWtGb1RVTkJObVZIZGxNeGRXcEJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkNURUYzUkdkWlNFdHBaMEZEWjBWSVFWRlJSRUZSU0M5TlFrMUhEUXBCTVZWa1NYZFJUVTFCY1VGRFJXdGpWMFJ3VURaQk1FUk5RV3RIUVRGVlpFVjNVVU5OUVVGM1JrRlpTRXRwWjBGRFowVkNRVkZSU2tSQlpFTlZNRWwwRFFwU1JrNU1UVWc0UjBORGMwZEJVVlZHUW5kRlFrSklUWGRqVkVKSFFtZG5ja0puUlVaQ1VXTjNRVzlaTm1GSVVqQmpSRzkyVEROa00yUjVOV2hNV0ZKNURRcGtXRTR3VEcxR01Fd3lUbXhqYmxKNlRESkZkR015Ykc1aWFURnFZak5LZDJJelNtaGtSMVYwWWtkc2JtRklVWFJOUkVwb1RHMU9lV1JFUVc1Q1oyZHlEUXBDWjBWR1FsRmpkMEZaV1dKaFNGSXdZMFJ2ZGt3eU9XcGpNMEYxV1ZNeE1HTnVWbnBrUXpWb1pFTTVkbGt6VG5kTlJsRkhRVEZWWkVsQlVrNU5SWE4zRFFwVFVWbEhTMmxuUVVWUlJWTk5SRGgzVUZGWlNVdDNXVUpDVVZWSVFXZEZWMDFYYURCa1NFRTJUSGs1TTJRelkzVlpVekV3WTI1V2VtUkROV2hrUXpsckRRcGlNazU2VERKT2Qwd3lSWFJqTW14dVlta3hRbUpZVW5wak1teHVZbTFHTUdSWVNYZG5XalJIUVRGVlpFaDNVMEpzYWtOQ2EzcERRbXRMUTBKcVlVTkNEUXBwYjJGQ2FESjRhMWxZUVRaTWVUbHpXa2RHZDB4dFJYUmtTRW94WXpOUmRWbFlVWFppTTFVNVdWTXhlbUZYWkhWTVYwNTJZMjVDZG1OdFJqQmFVekZ6RFFwaFYyUnZaRU13ZDAxcGVIWlFWVVYwVmtoS01XTXpVWE5aZWpGQ1ZrUTVhbHBZU2pCaFYxcHdXVEpHTUZwWVNteGtiVGxxV1ZoU2NHSXlOWE5oV0U0d0RRcFFNa3BvWXpKVkwySXlTbkZhVjA0d1dUSjRhR016VFRsYVYyeHJVVEpXZVdSSGJHMWhWMDVvWkVkc2RtSnJSakZrUjJoMlkyMXNNR1ZVUVU1Q1oydHhEUXBvYTJsSE9YY3dRa0ZSVlVaQlFVOURRVkZGUVVoUk0xcERUWFJCWW1GNlpVMUliVmRCTW5wb1dXeEljVWhuUzFadlkxWllSVVJuYlU1dFYweEhjVVpsRFFvNFJVRkVSa2x6T0hWSGNtdDBRbTFYUTFWSldHSlljemRVU0dObWVITXlTalEzZGtoMVkyOXdjMlJyWVdKT2JGaEZhbnB1WkZKbWJtTXJNVlpKYm1KdkRRcDZUWEpaWkRkcVpVUk9WRXN2ZEVscWFVOUZXV1J5ZVVsd1pXdFdPVU5tWVhjM2VYVTJiV1ZtVFhwbGRURmhRWGRtTjBKdVN5OW9kV2wzU2xkdVpXNXdEUXBDTjJsRUwxQjJXaXR0ZW5WRE4xSk9aa3BtUmlzclUzUnBRbFI0YVROV1dYaE9SMDFxVFRGalZUaEhkemxXVjJNd1VqTkZkV3BQWVZoWFowTkRPR2sxRFFwR1IyaFdkazlaYUU1WVpuTjRTbGhpVG5obGQwVkRhbkJCVEhaRWJFWk1UQ3RwUXpRNVJ5dEJSRk52VW5Zd1UyczVNVTlRZFN0alNXMURhak55Y3pOUkRRcDBZWE5KTDNBNVRGbGhZMGMyWXk5blNUTjBSVEJwYUhGbk9WSmljMHRJV0ZGc00xQlBka1ZTU2tFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBnb0pDVHhrYzJsbk9rOWlhbVZqZEQ0S0NRa0pQR1J6YVdjNlRXRnVhV1psYzNRZ1NXUTlJbTFoYm1sbVpYTjBJajRLQ1FrSkNUeGtjMmxuT2xKbFptVnlaVzVqWlNCVlVrazlJaUkrQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrSlBHUnphV2M2V0ZCaGRHZytibTkwS0dGdVkyVnpkRzl5TFc5eUxYTmxiR1k2T21SemFXYzZVMmxuYm1GMGRYSmxLVHd2WkhOcFp6cFlVR0YwYUQ0S0NRa0pDUWtKUEM5a2MybG5PbFJ5WVc1elptOXliVDRLQ1FrSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrOFpITnBaenBFYVdkbGMzUk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF3THpBNUwzaHRiR1J6YVdjamMyaGhNU0lnTHo0S0NRa0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDV0TWpWR056UXZOMWRMVlV4QmIwVXlWemRDYzBneVdVWlFUelE5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRa0pQQzlrYzJsbk9sSmxabVZ5Wlc1alpUNEtDUWtKUEM5a2MybG5PazFoYm1sbVpYTjBQZ29KQ1R3dlpITnBaenBQWW1wbFkzUStDZ2s4TDJSemFXYzZVMmxuYm1GMGRYSmxQZ284TDNOaGJXdzZRWE56WlhKMGFXOXVQZz09IiwNCiAgICAiRUlELUNJVElaRU4tUUFBLUxFVkVMIjogImh0dHA6Ly9laWRhcy5ldXJvcGEuZXUvTG9BL3N1YnN0YW50aWFsIiwNCiAgICAiRUlELUNDUy1VUkwiOiAiaHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvIiwNCiAgICAiRUlELUFVVEgtQkxPQ0siOiAiUEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpSUhOMFlXNWtZV3h2Ym1VOUltNXZJajgrUEhOaGJXd3lPa0Z6YzJWeWRHbHZiaUI0Yld4dWN6cHpZVzFzTWowaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRnpjMlZ5ZEdsdmJpSWdTVVE5SWw4Mk0yWm1PV1ZtTmpjek56QXdNalJqTkdReVpEaGlPV0ptWkRNNE1EVTNPQ0lnU1hOemRXVkpibk4wWVc1MFBTSXlNREU0TFRBMkxURXpWREUzT2pRMk9qQTVLekF5T2pBd0lpQldaWEp6YVc5dVBTSXlMakFpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0krUEhOaGJXd3lPa2x6YzNWbGNpQkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcHVZVzFsYVdRdFptOXliV0YwT21WdWRHbDBlU0krYUhSMGNITTZMeTkzZDNjdVlTMTBjblZ6ZEM1aGRDOTBiMlJ2UEM5ellXMXNNanBKYzNOMVpYSStQR1J6YVdjNlUybG5ibUYwZFhKbElIaHRiRzV6T21SemFXYzlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURBdk1Ea3ZlRzFzWkhOcFp5TWlJRWxrUFNKemFXZHVZWFIxY21VdE1TMHhJajQ4WkhOcFp6cFRhV2R1WldSSmJtWnZQanhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk5VVVpOHlNREF4TDFKRlF5MTRiV3d0WXpFMGJpMHlNREF4TURNeE5TSWdMejQ4WkhOcFp6cFRhV2R1WVhSMWNtVk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU055YzJFdGMyaGhNalUySWlBdlBqeGtjMmxuT2xKbFptVnlaVzVqWlNCSlpEMGljbVZtWlhKbGJtTmxMVEV0TVNJZ1ZWSkpQU0lpUGp4a2MybG5PbFJ5WVc1elptOXliWE0rUEdSemFXYzZWSEpoYm5ObWIzSnRJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2VkZJdk1UazVPUzlTUlVNdGVITnNkQzB4T1RrNU1URXhOaUkrUEhoemJEcHpkSGxzWlhOb1pXVjBJSGh0Ykc1ek9uaHpiRDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TVRrNU9TOVlVMHd2VkhKaGJuTm1iM0p0SWlCbGVHTnNkV1JsTFhKbGMzVnNkQzF3Y21WbWFYaGxjejBpYzJGdGJESWlJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02YzJGdGJESTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUGp4NGMydzZiM1YwY0hWMElHMWxkR2h2WkQwaWVHMXNJaUI0Yld3NmMzQmhZMlU5SW1SbFptRjFiSFFpSUM4K1BIaHpiRHAwWlcxd2JHRjBaU0J0WVhSamFEMGlMeUlnZUcxc2JuTTlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5MekU1T1RrdmVHaDBiV3dpUGp4b2RHMXNJSGh0Ykc1elBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDNob2RHMXNJajQ4YUdWaFpENDhkR2wwYkdVK1UybG5ibUYwZFhJZ1pHVnlJRUZ1YldWc1pHVmtZWFJsYmp3dmRHbDBiR1UrUEhOMGVXeGxJRzFsWkdsaFBTSnpZM0psWlc0aUlIUjVjR1U5SW5SbGVIUXZZM056SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FKQ1FrSkNTNXViM0p0WVd4emRIbHNaU0I3SUdadmJuUXRjMmw2WlRvZ2JXVmthWFZ0T3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRa0pMbWwwWVd4cFkzTjBlV3hsSUhzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lHWnZiblF0YzNSNWJHVTZJR2wwWVd4cFl6c2dmUW9KQ1FrSkNRa0pDUzUwYVhSc1pYTjBlV3hsSUhzZ2RHVjRkQzFrWldOdmNtRjBhVzl1T25WdVpHVnliR2x1WlRzZ1ptOXVkQzEzWldsbmFIUTZZbTlzWkRzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lIMGdDZ2tKQ1FrSkNRa0pMbWcwYzNSNWJHVWdleUJtYjI1MExYTnBlbVU2SUd4aGNtZGxPeUI5SUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtDUWtKQ1FrSkNRa3VhR2xrWkdWdUlIdGthWE53YkdGNU9pQnViMjVsT3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRazhMM04wZVd4bFBqd3ZhR1ZoWkQ0OFltOWtlVDQ4YURRZ1kyeGhjM005SW1nMGMzUjViR1VpUGtGdWJXVnNaR1ZrWVhSbGJqbzhMMmcwUGp4d0lHTnNZWE56UFNKMGFYUnNaWE4wZVd4bElqNUVZWFJsYmlCNmRYSWdVR1Z5YzI5dVBDOXdQangwWVdKc1pTQmpiR0Z6Y3owaWNHRnlZVzFsZEdWeWN5SStQSGh6YkRwcFppQjBaWE4wUFNKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUXZjMkZ0YkRJNlFYUjBjbWxpZFhSbFcwQk9ZVzFsUFNkMWNtNDZiMmxrT2pJdU5TNDBMalF5SjEwdmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVXBJajQ4ZEhJK1BIUmtJR05zWVhOelBTSnBkR0ZzYVdOemRIbHNaU0krVm05eWJtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakl1TlM0MExqUXlKMTB2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVaUlDOCtQQzkwWkQ0OEwzUnlQand2ZUhOc09tbG1Qang0YzJ3NmFXWWdkR1Z6ZEQwaWMzUnlhVzVuS0M5ellXMXNNanBCYzNObGNuUnBiMjR2YzJGdGJESTZRWFIwY21saWRYUmxVM1JoZEdWdFpXNTBMM05oYld3eU9rRjBkSEpwWW5WMFpWdEFUbUZ0WlQwbmRYSnVPbTlwWkRveExqSXVOREF1TUM0eE1DNHlMakV1TVM0eU5qRXVNakFuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTa2lQangwY2o0OGRHUWdZMnhoYzNNOUltbDBZV3hwWTNOMGVXeGxJajVPWVdOb2JtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhlSE5zT21sbUlIUmxjM1E5SW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMM05oYld3eU9rRjBkSEpwWW5WMFpWTjBZWFJsYldWdWRDOXpZVzFzTWpwQmRIUnlhV0oxZEdWYlFFNWhiV1U5SjNWeWJqcHZhV1E2TVM0eUxqUXdMakF1TVRBdU1pNHhMakV1TlRVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU2tpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SFpXSjFjblJ6WkdGMGRXMDZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNDFOU2RkTDNOaGJXd3lPa0YwZEhKcFluVjBaVlpoYkhWbElpQXZQand2ZEdRK1BDOTBjajQ4TDNoemJEcHBaajQ4ZUhOc09tbG1JSFJsYzNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNHlOakV1T1RBblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGxadmJHeHRZV05vZERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25SbGVIUStTV05vSUcxbGJHUmxJRzFwWTJnZ2FXNGdWbVZ5ZEhKbGRIVnVaeUJoYmk0Z1NXMGdic09rWTJoemRHVnVJRk5qYUhKcGRIUWdkMmx5WkNCdGFYSWdaV2x1WlNCTWFYTjBaU0JrWlhJZ1pzTzhjaUJ0YVdOb0lIWmxjbWJEdkdkaVlYSmxiaUJXWlhKMGNtVjBkVzVuYzNabGNtakRwR3gwYm1semMyVWdZVzVuWlhwbGFXZDBMQ0JoZFhNZ1pHVnVaVzRnYVdOb0lHVnBibVZ6SUdGMWMzZkRwR2hzWlc0Z2QyVnlaR1V1UEM5NGMydzZkR1Y0ZEQ0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BDOTBZV0pzWlQ0OGNDQmpiR0Z6Y3owaWRHbDBiR1Z6ZEhsc1pTSStSR0YwWlc0Z2VuVnlJRUZ1ZDJWdVpIVnVaend2Y0Q0OGRHRmliR1VnWTJ4aGMzTTlJbkJoY21GdFpYUmxjbk1pUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SlpHVnVkR2xtYVd0aGRHOXlPaUE4TDNSa1BqeDBaQ0JqYkdGemN6MGlibTl5YldGc2MzUjViR1VpUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKMmgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblF2YzJGdGJESTZRWFIwY21saWRYUmxXMEJPWVcxbFBTZG9kSFJ3T2k4dlpXbGtMbWQyTG1GMEwyVkpSQzloZEhSeWFXSjFkR1Z6TDFObGNuWnBZMlZRY205MmFXUmxja1p5YVdWdVpHeDVUbUZ0WlNkZEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxLU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGs1aGJXVTZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5hSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpHY21sbGJtUnNlVTVoYldVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0lnTHo0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BIaHpiRHBwWmlCMFpYTjBQU0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2RvZEhSd09pOHZaV2xrTG1kMkxtRjBMMlZKUkM5aGRIUnlhV0oxZEdWekwxTmxjblpwWTJWUWNtOTJhV1JsY2tOdmRXNTBjbmxEYjJSbEoxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VwSWo0OGRISStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1UzUmhZWFE2SUR3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJaTl6WVcxc01qcEJjM05sY25ScGIyNHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFUzUmhkR1Z0Wlc1MEwzTmhiV3d5T2tGMGRISnBZblYwWlZ0QVRtRnRaVDBuYUhSMGNEb3ZMMlZwWkM1bmRpNWhkQzlsU1VRdllYUjBjbWxpZFhSbGN5OVRaWEoyYVdObFVISnZkbWxrWlhKRGIzVnVkSEo1UTI5a1pTZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhMM1JoWW14bFBqeHdJR05zWVhOelBTSjBhWFJzWlhOMGVXeGxJajVVWldOb2JtbHpZMmhsSUZCaGNtRnRaWFJsY2p3dmNENDhkR0ZpYkdVZ1kyeGhjM005SW5CaGNtRnRaWFJsY25NaVBqeDBjajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUVZWFIxYlRvOEwzUmtQangwWkNCamJHRnpjejBpYm05eWJXRnNjM1I1YkdVaVBqeDRjMnc2ZG1Gc2RXVXRiMllnYzJWc1pXTjBQU0p6ZFdKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTlBU1hOemRXVkpibk4wWVc1MExEa3NNaWtpSUM4K1BIaHpiRHAwWlhoMFBpNDhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMRFlzTWlraUlDOCtQSGh6YkRwMFpYaDBQaTQ4TDNoemJEcDBaWGgwUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSnpkV0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOUFTWE56ZFdWSmJuTjBZVzUwTERFc05Da2lJQzgrUEM5MFpENDhMM1J5UGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1VmFISjZaV2wwT2p3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJbk4xWW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMMEJKYzNOMVpVbHVjM1JoYm5Rc01USXNNaWtpSUM4K1BIaHpiRHAwWlhoMFBqbzhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMREUxTERJcElpQXZQang0YzJ3NmRHVjRkRDQ2UEM5NGMydzZkR1Y0ZEQ0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGljM1ZpYzNSeWFXNW5LQzl6WVcxc01qcEJjM05sY25ScGIyNHZRRWx6YzNWbFNXNXpkR0Z1ZEN3eE9Dd3lLU0lnTHo0OEwzUmtQand2ZEhJK1BIUnlQangwWkNCamJHRnpjejBpYVhSaGJHbGpjM1I1YkdVaVBsUnlZVzV6WVd0MGFXOXVjMVJ2YTJWdU9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDBCSlJDSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKM1Z5YmpwdmFXUTZNUzR5TGpRd0xqQXVNVEF1TWk0eExqRXVNall4TGprd0oxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo0S0NRa0pDUWtKQ1FrSkNRbFdiMnhzYldGamFIUmxiaTFTWldabGNtVnVlam9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0NU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhkSElnWTJ4aGMzTTlJbWhwWkdSbGJpSStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1JHRjBZVlZTVERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25aaGJIVmxMVzltSUhObGJHVmpkRDBpTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcERiMjVrYVhScGIyNXpMM05oYld3eU9rRjFaR2xsYm1ObFVtVnpkSEpwWTNScGIyNHZjMkZ0YkRJNlFYVmthV1Z1WTJVaUlDOCtQQzkwWkQ0OEwzUnlQang0YzJ3NmFXWWdkR1Z6ZEQwaUwzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBEYjI1a2FYUnBiMjV6TDBCT2IzUlBiazl5UVdaMFpYSWlQangwY2lCamJHRnpjejBpYUdsa1pHVnVJajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUJkWFJvUW14dlkydFdZV3hwWkZSdk9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDNOaGJXd3lPa052Ym1ScGRHbHZibk12UUU1dmRFOXVUM0pCWm5SbGNpSWdMejQ4TDNSa1Bqd3ZkSEkrUEM5NGMydzZhV1krUEM5MFlXSnNaVDQ4TDJKdlpIaytQQzlvZEcxc1Bqd3ZlSE5zT25SbGJYQnNZWFJsUGp3dmVITnNPbk4wZVd4bGMyaGxaWFErUEM5a2MybG5PbFJ5WVc1elptOXliVDQ4WkhOcFp6cFVjbUZ1YzJadmNtMGdRV3huYjNKcGRHaHRQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEx6RXdMM2h0YkMxbGVHTXRZekUwYmlNaUlDOCtQQzlrYzJsbk9sUnlZVzV6Wm05eWJYTStQR1J6YVdjNlJHbG5aWE4wVFdWMGFHOWtJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOHdOQzk0Yld4bGJtTWpjMmhoTWpVMklpQXZQanhrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQbXBoTUhSSlVEQkJVVEU0ZGk4NFpsVmpOR1kxYVhsSGNIWXhXVGhFYWpGUGJDODVNa2RTU0V0Q2EyYzlQQzlrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQand2WkhOcFp6cFNaV1psY21WdVkyVStQR1J6YVdjNlVtVm1aWEpsYm1ObElFbGtQU0psZEhOcExXUmhkR0V0Y21WbVpYSmxibU5sTFRFdE1TSWdWSGx3WlQwaWFIUjBjRG92TDNWeWFTNWxkSE5wTG05eVp5OHdNVGt3TXlOVGFXZHVaV1JRY205d1pYSjBhV1Z6SWlCVlVrazlJaU5sZEhOcExYTnBaMjVsWkhCeWIzQmxjblJwWlhNdE1TMHhJajQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrTVZGVWFXNTBPR1Y1UXpsNFVFbExXR0ZxYzJ0cmVUWmlMM2MzY20xV1JEUldZMjQwUjFkMVJrMVZjejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5a2MybG5PbEpsWm1WeVpXNWpaVDQ4TDJSemFXYzZVMmxuYm1Wa1NXNW1iejQ4WkhOcFp6cFRhV2R1WVhSMWNtVldZV3gxWlNCSlpEMGljMmxuYm1GMGRYSmxkbUZzZFdVdE1TMHhJajVLT0ROMFdUUnhUMWhGWVhWNWMxVXhMM1pUZWtzMk1EbDBNRWRKUm5sQlJUZFVkR05LYmpsRmNXZGFXa3RHTmxNMWVVRllURTlzZEhsc1JVdFBZV015TW1zMUsxaHlaRlZ0ZFV0NGFtNHdMekZQWTNwSFJqRTNlR1pYYXpORWFtbHdUMDlqZFVOM2VYQlZTV3BWTW5KVEt6RldkMnhxVUU4NGNIY3hTSGR3VEZaa1JtbFJjVzkzZVU5NFRGTkJlV05VUlV4Ukx6bHhRVTFaTm05UFpscFBiMEZhVTNaVFpXOVJVazVhVFN0YUwyTjZOalZDZUhwdFZrUklkMjgwYmxkemJTOXdVWEpSYmtkblVGQTFORmRNVWpSc1YyOXZWV2xqU1ZkdVEyMW5ZbVV6WVdkUVoybFBNVTlITVV4SWNuTkVNbXBrY0VKeGJITkJjWGR2Y0U1Qk5ta3dXbkE1Y3pFNVNEWk1VbWxsTjBKNE9EUnpSbmxLWlhNMU5qWTFaRkp4WlhoWFpub3ZOVGhaU0ZndmMzWkdOWEpDZUhjMVVHcEtZbGhYYmxKNlptcHpORXM0YzBSeVdsQmFhSEZSU0hwQ1Zub3pTV2M5UFR3dlpITnBaenBUYVdkdVlYUjFjbVZXWVd4MVpUNDhaSE5wWnpwTFpYbEpibVp2UGp4a2MybG5PbGcxTURsRVlYUmhQanhrYzJsbk9sZzFNRGxEWlhKMGFXWnBZMkYwWlQ1TlNVbEdNV3BEUTBKTU5tZEJkMGxDUVdkSlJWRnpNVEpxVkVGT1FtZHJjV2hyYVVjNWR6QkNRVkZ6UmtGRVEwSnZWRVZNVFVGclIwRXhWVVZDWjNkRFVWWlJlRk5FUWtkQ1owNVdRa0Z2VFZBd1JYUldTRW94WXpOUloxSXlWbnBNYVVKdFRHbENWR0ZYVG05YVdFcHZXbGRzTUdNelRqVmpNMUpzWWxkVloyRlhNR2RhVjNoc1lUTlNlVXhwUWtWWldGSnNZbTVhYkdOdGRHeGhTRWxuVWpJeGFWTkVSV3BOUTBWSFFURlZSVU4zZDJGWlV6RjZZVmRrZFV4V1FubGFWekZ3WkZjd2RGWkhWbnBrUXpGVVlWZGpkRTFFU1hoSmVrRm9RbWRPVmtKQlRVMUhiVVYwWXpKc2JtSnBNVkZqYlZaMFlWaFdkRXhXVW14ak0xRjBWVEpzYmt4VVFYbE5RalJZUkZSRk5FMUVXWGhOZWtFMFRsUmpNVTlHYjFoRVZFbDZUVVJaZUUxNlFUUk9WR014VDBadmQxbEVSVXhOUVd0SFFURlZSVUpuZDBOUlZsRjRSbnBCVmtKblRsWkNRVTFOUkdzeGFHVkRRazVrV0U0d1dsaEtkRmxYTlhWTlVrMTNSVkZaUkZaUlVVVkVRWEJPWkZoT01GcFlTblJaVnpWMVRWRjNkME5uV1VSV1VWRnhSRUZPVGxsWVozaEdWRUZVUW1kT1ZrSkJWVTFFUkZWNFRVUmpNVTFFV1RCUFJFMTRUVlJEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUWEo0YWtSM0sxZEplRE16Y1U1aU1sZG9kMDFSYUZGa0wyZEJXbTB5YWpkTFpIaGtZV2R5V1ZBemNqTnJSWGcyZWpaNFEzcFVibnBWWWl0SmJYUkljMUJFVkRZemRXcDRiWGRyTTAwelpsVktNV1J0ZHprMVJFdFlWV1ZGY2toNmVrSTVUVlI0Vml0a1prbHJSVGxQVkUweVpsaGxPVlpNU21aYVkwOXdUa2syVTNCb1JrSk1NMjFZUVVKRFRtRnVaREk0UTB0Vk9WQkhjek15WldaNk0xSlBiVUpHSzJ4TmVuVkJVekJYWVdOWVJFSllUa2xtVjBrNEwyeDBRMkZTVEd0clZIUXhhalpTV1dFeFpHeEVhVlZRY1hOamRpdFBhRE5PZUhrcmVrRlZSVlp2ZVZVdldHRmpiUzh2U0ZodWFuZHdLMEpQV1ZOcVJWVnhOMmhDYnpKdlZHd3ZlU3RPTjJoclJHcEVlRXR0UzFOb09HWkplbXRtZVVSMEszQkNOMnhJTm1wVVlteHdVbmRhYVhWc2VrMU9Ua2RLUm01QmFuZGxTVEl3VDJSbFFrVjBlR3RsWnpaVFRteHJNRTVIYVRKS2F6TnpRMEYzUlVGQllVOURRV3hSZDJkblNsRk5TVWRFUW1kbmNrSm5SVVpDVVdOQ1FWRlNNMDFJVlhkU1VWbEpTM2RaUWtKUlZVaE5RVXRIVDFkb01HUklRVFpNZVRrelpETmpkVmxUTVRCamJsWjZaRU0xYUdSRE9XcGFXRW93WTNrNWFFeFlUbkJhTWpSMFkwaEtiR0pYYkRGaVV6RjBZakpLY0dKSFZYUk5SRTVvVEcxT2VXUkVRWE5DWjJkeVFtZEZSa0pSWTNkQldWbG5ZVWhTTUdORWIzWk1NamxxWXpOQmRHUkhWbnBrUXpWb1RGaFNlV1JZVGpCTWJVWXdUREk1YW1NelFYZEZkMWxFVmxJd2FrSkJkM2REYjBGSlVtZGhabXByUjA5R1lqQjNZMmRaU1V0M1dVSkNVVlZJUVZGTlJWcHFRbXROUVc5SFEwTnpSMEZSVlVaQ2QzTkRUVUZuUjBKblVVRnFhMWxDUVZSQlNVSm5XVVZCU1RWSFFWRlJkMFYzV1VkQ1FVTlBVbWRGUjAxQmEwZENkMUZCYW10WlFrSm5SWGRNVVZsSFFrRkRUMUpuUlVaTlEwMTNTVkpaWW1GSVVqQmpTRTAyVEhrNU0yUXpZM1ZaVXpFd1kyNVdlbVJETldoa1F6bDNXa2hOZGtWM1NrWlVha0ZTUW1kT1ZraFJORVZEWjFGSlVqWjRPRVZqYzNGUGVITjNSR2RaUkZaU01GQkJVVWd2UWtGUlJFRm5Za0ZOUVd0SFFURlZaRVYzVVVOTlFVRjNXVUZaUkZaU01HZENSbXQzVm5wQlNVSm5XVVZCU1hOM1FWRkZkMU4zV1VkTGFXZEJSVkZGVlUxRlJYZFFkMWxKUzNkWlFrSlJWVWhCWjBWWFRUSm9NR1JJUVRaTWVUa3paRE5qZFZsVE1UQmpibFo2WkVNMWFHUkRPV3RpTWs1NlRESk9kMHd5UlhSak1teHVZbWt4ZDJOdFZuUmhXRlowVEZjeGRsbHRiSE5hVkVOQ2NtZFpSRlpTTUdaQ1NVZHRUVWxIYWsxSlIyZHZTVWRrYjBsSFlXaHZSMWhpUjFKb1kwUnZka3d5ZUd0WldFRjBaRWRXZW1SRE5XaE1XRko1WkZoT01FeHRSakJNTWpreFVGZEZkR015Ykc1aWFURlJZMjFXZEdGWVZuUk1WbEpzWXpOUmRGVXliRzVNVkVGNVNVTm9WRk5GUlhSTmFsVXlTMU40ZGxCVlJYUldTRW94WXpOUmMxbDZNVUpXUkRscVdsaEtNR0ZYV25CWk1rWXdXbGhLYkdSdE9XcFpXRkp3WWpJMWMyRllUakJRTWtwb1l6SlZMMkl5U25GYVYwNHdXVEo0YUdNelRUbGFWMnhyVVRKV2VXUkhiRzFoVjA1b1pFZHNkbUpyUmpGa1IyaDJZMjFzTUdWVVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGTk1GQkVMekl6U20xUE16Wk5Uazk1SzNwYVFpOVVUSE5oUmpjNE1HMXRUMHRxY0dzeFdITllRWHBWVGt0YU5sTnlkQ3R0TUhVcksybFhiemxNT0VoR0wyeHllRk5FT0VkWVNtTkVURmxYUm1aNE56QnlORW81ZDFVNFN6ZHdSRWt4YmpsRmNXSkJjekJTSzNaWlZtNU1OVlZXVUM5MVZWRmxkekpYYkhBMU9GQkdjR2RCV0N0VUwxTkZNR05sWlV0NVRUaFlSVzVZVTNwbFRpOUZVM1JzUml0S1EyRkJPSFZ0Y1dwdFJFVnVZV1V6Y1hWeFUxVnNLMHhsYTFCVk9HazRSME56YmpVNWRYaDBibFZ1ZUVsTlMzY3paR2N2TjBRM1dUaE1ObFoxTkU1WE5FeGpiemRtYVRsRGNtRklRelJTVEV4MFpIaFliSFpQZGxGcFJWbHZSU3Q1TVRkbk1Ia3ZRemhPTkVSelkyaGFhWHBaZDNBd2NFOVNUMkpqWmt0V1RuQndWWFZMZFhOTmFIUnRVMnBzTUZaeEx5OWhkamhVVlhGU2NEVkdlalpYWTNwMFVFZEhVM2N3Um1WbGRsVkxSRzlETDBFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2s5aWFtVmpkQ0JKWkQwaVpYUnphUzF6YVdkdVpXUXRNUzB4SWo0OFpYUnphVHBSZFdGc2FXWjVhVzVuVUhKdmNHVnlkR2xsY3lCNGJXeHVjenBsZEhOcFBTSm9kSFJ3T2k4dmRYSnBMbVYwYzJrdWIzSm5MekF4T1RBekwzWXhMak11TWlNaUlGUmhjbWRsZEQwaUkzTnBaMjVoZEhWeVpTMHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGQnliM0JsY25ScFpYTWdTV1E5SW1WMGMya3RjMmxuYm1Wa2NISnZjR1Z5ZEdsbGN5MHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGTnBaMjVoZEhWeVpWQnliM0JsY25ScFpYTStQR1YwYzJrNlUybG5ibWx1WjFScGJXVStNakF4T0Mwd05pMHhNMVF4TlRvME5qb3dPVm84TDJWMGMyazZVMmxuYm1sdVoxUnBiV1UrUEdWMGMyazZVMmxuYm1sdVowTmxjblJwWm1sallYUmxQanhsZEhOcE9rTmxjblErUEdWMGMyazZRMlZ5ZEVScFoyVnpkRDQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrYW1WQmJFcHdTVEZIWkV0WlVXMVNOM1pRY25KVWNrZFdPVWRNT1M5MVdXeExNM0JyU1ROUWVtNHpiejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5bGRITnBPa05sY25SRWFXZGxjM1ErUEdWMGMyazZTWE56ZFdWeVUyVnlhV0ZzUGp4a2MybG5PbGcxTURsSmMzTjFaWEpPWVcxbFBrTk9QV0V0YzJsbmJpMVFjbVZ0YVhWdExWUmxjM1F0VTJsbkxUQXlMRTlWUFdFdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TEU4OVFTMVVjblZ6ZENCSFpYTXVJR1l1SUZOcFkyaGxjbWhsYVhSemMzbHpkR1Z0WlNCcGJTQmxiR1ZyZEhJdUlFUmhkR1Z1ZG1WeWEyVm9jaUJIYldKSUxFTTlRVlE4TDJSemFXYzZXRFV3T1VsemMzVmxjazVoYldVK1BHUnphV2M2V0RVd09WTmxjbWxoYkU1MWJXSmxjajR4TVRJd056WXhORGcxUEM5a2MybG5PbGcxTURsVFpYSnBZV3hPZFcxaVpYSStQQzlsZEhOcE9rbHpjM1ZsY2xObGNtbGhiRDQ4TDJWMGMyazZRMlZ5ZEQ0OEwyVjBjMms2VTJsbmJtbHVaME5sY25ScFptbGpZWFJsUGp4bGRITnBPbE5wWjI1aGRIVnlaVkJ2YkdsamVVbGtaVzUwYVdacFpYSStQR1YwYzJrNlUybG5ibUYwZFhKbFVHOXNhV041U1cxd2JHbGxaQ0F2UGp3dlpYUnphVHBUYVdkdVlYUjFjbVZRYjJ4cFkzbEpaR1Z1ZEdsbWFXVnlQand2WlhSemFUcFRhV2R1WldSVGFXZHVZWFIxY21WUWNtOXdaWEowYVdWelBqeGxkSE5wT2xOcFoyNWxaRVJoZEdGUFltcGxZM1JRY205d1pYSjBhV1Z6UGp4bGRITnBPa1JoZEdGUFltcGxZM1JHYjNKdFlYUWdUMkpxWldOMFVtVm1aWEpsYm1ObFBTSWpjbVZtWlhKbGJtTmxMVEV0TVNJK1BHVjBjMms2VFdsdFpWUjVjR1UrWVhCd2JHbGpZWFJwYjI0dmVHaDBiV3dyZUcxc1BDOWxkSE5wT2sxcGJXVlVlWEJsUGp3dlpYUnphVHBFWVhSaFQySnFaV04wUm05eWJXRjBQand2WlhSemFUcFRhV2R1WldSRVlYUmhUMkpxWldOMFVISnZjR1Z5ZEdsbGN6NDhMMlYwYzJrNlUybG5ibVZrVUhKdmNHVnlkR2xsY3o0OEwyVjBjMms2VVhWaGJHbG1lV2x1WjFCeWIzQmxjblJwWlhNK1BDOWtjMmxuT2s5aWFtVmpkRDQ4TDJSemFXYzZVMmxuYm1GMGRYSmxQanh6WVcxc01qcERiMjVrYVhScGIyNXpJRTV2ZEVKbFptOXlaVDBpTWpBeE9DMHdOaTB4TTFReE56bzBOam93T1Nzd01qb3dNQ0lnVG05MFQyNVBja0ZtZEdWeVBTSXlNREU0TFRBMkxURXpWREU0T2pBeE9qQTVLekF5T2pBd0lqNDhjMkZ0YkRJNlFYVmthV1Z1WTJWU1pYTjBjbWxqZEdsdmJqNDhjMkZ0YkRJNlFYVmthV1Z1WTJVK2FIUjBjSE02THk5bGFXUXVaM1l1WVhRdmJXOWhMV2xrTFdGMWRHZ3ZjMnd5TUM5a1lYUmhWWEpzUDNCbGJtUnBibWRwWkQwME9UYzFOelUxTXpjNE16azBNRFF4TkRnMlBDOXpZVzFzTWpwQmRXUnBaVzVqWlQ0OEwzTmhiV3d5T2tGMVpHbGxibU5sVW1WemRISnBZM1JwYjI0K1BDOXpZVzFzTWpwRGIyNWthWFJwYjI1elBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbEJXVUMxV1JWSlRTVTlPSWlCT1lXMWxQU0oxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eE1DSWdUbUZ0WlVadmNtMWhkRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T21GMGRISnVZVzFsTFdadmNtMWhkRHAxY21raVBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0I0Yld4dWN6cDRjMms5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01ERXZXRTFNVTJOb1pXMWhMV2x1YzNSaGJtTmxJaUI0YzJrNmRIbHdaVDBpZUhNNmMzUnlhVzVuSWo0eUxqRThMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsUGp3dmMyRnRiREk2UVhSMGNtbGlkWFJsUGp4ellXMXNNanBCZEhSeWFXSjFkR1VnUm5KcFpXNWtiSGxPWVcxbFBTSlFVa2xPUTBsUVFVd3RUa0ZOUlNJZ1RtRnRaVDBpZFhKdU9tOXBaRG94TGpJdU5EQXVNQzR4TUM0eUxqRXVNUzR5TmpFdU1qQWlJRTVoYldWR2IzSnRZWFE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaGRIUnlibUZ0WlMxbWIzSnRZWFE2ZFhKcElqNDhjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VnZUcxc2JuTTZlSE5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0lnZUhOcE9uUjVjR1U5SW5oek9uTjBjbWx1WnlJK1RYVnpkR1Z5YldGdWJqd3ZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1UrUEM5ellXMXNNanBCZEhSeWFXSjFkR1UrUEhOaGJXd3lPa0YwZEhKcFluVjBaU0JHY21sbGJtUnNlVTVoYldVOUlrZEpWa1ZPTFU1QlRVVWlJRTVoYldVOUluVnlianB2YVdRNk1pNDFMalF1TkRJaUlFNWhiV1ZHYjNKdFlYUTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoZEhSeWJtRnRaUzFtYjNKdFlYUTZkWEpwSWo0OGMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVWdlRzFzYm5NNmVITnBQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEwxaE5URk5qYUdWdFlTMXBibk4wWVc1alpTSWdlSE5wT25SNWNHVTlJbmh6T25OMGNtbHVaeUkrVFdGNFBDOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaVDQ4TDNOaGJXd3lPa0YwZEhKcFluVjBaVDQ4YzJGdGJESTZRWFIwY21saWRYUmxJRVp5YVdWdVpHeDVUbUZ0WlQwaVFrbFNWRWhFUVZSRklpQk9ZVzFsUFNKMWNtNDZiMmxrT2pFdU1pNDBNQzR3TGpFd0xqSXVNUzR4TGpVMUlpQk9ZVzFsUm05eWJXRjBQU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WVhSMGNtNWhiV1V0Wm05eWJXRjBPblZ5YVNJK1BITmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxJSGh0Ykc1ek9uaHphVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOVlUVXhUWTJobGJXRXRhVzV6ZEdGdVkyVWlJSGh6YVRwMGVYQmxQU0o0Y3pwemRISnBibWNpUGpFNU5EQXRNREV0TURFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Vlc1cGNYVmxTV1FpSUU1aGJXVTlJbWgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FpSUU1aGJXVkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcGhkSFJ5Ym1GdFpTMW1iM0p0WVhRNmRYSnBJajQ4YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVZ2VHMXNibk02ZUhOcFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4TDFoTlRGTmphR1Z0WVMxcGJuTjBZVzVqWlNJZ2VITnBPblI1Y0dVOUluaHpPbk4wY21sdVp5SSthSFIwY0hNNkx5OWlhVzVrYVc1bkxtOWxjM1JsY25KbGFXTm9MbWQyTG1GMEwyRjFkR2d2YzNBdlRXVjBZV1JoZEdFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Um5KcFpXNWtiSGxPWVcxbElpQk9ZVzFsUFNKb2RIUndPaTh2Wldsa0xtZDJMbUYwTDJWSlJDOWhkSFJ5YVdKMWRHVnpMMU5sY25acFkyVlFjbTkyYVdSbGNrWnlhV1Z1Wkd4NVRtRnRaU0lnVG1GdFpVWnZjbTFoZEQwaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRjBkSEp1WVcxbExXWnZjbTFoZERwMWNta2lQanh6WVcxc01qcEJkSFJ5YVdKMWRHVldZV3gxWlNCNGJXeHVjenA0YzJrOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREV2V0UxTVUyTm9aVzFoTFdsdWMzUmhibU5sSWlCNGMyazZkSGx3WlQwaWVITTZjM1J5YVc1bklqNUNhVzVrYVc1bklGTmxjblpwWTJVZ1pzTzhjaUJ2WlM1bmRpNWhkRHd2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzTWpwQmRIUnlhV0oxZEdVK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbE5sY25acFkyVlFjbTkyYVdSbGNpMURiM1Z1ZEhKNVEyOWtaU0lnVG1GdFpUMGlhSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpEYjNWdWRISjVRMjlrWlNJZ1RtRnRaVVp2Y20xaGREMGlkWEp1T205aGMybHpPbTVoYldWek9uUmpPbE5CVFV3Nk1pNHdPbUYwZEhKdVlXMWxMV1p2Y20xaGREcDFjbWtpUGp4ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTQjRiV3h1Y3pwNGMyazlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURFdldFMU1VMk5vWlcxaExXbHVjM1JoYm1ObElpQjRjMms2ZEhsd1pUMGllSE02YzNSeWFXNW5JajVCVkR3dmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUStQQzl6WVcxc01qcEJjM05sY25ScGIyNCsiDQogIH0NCn0.WgPyI2KiVzp2DzbC6AfbDlQbXEYk-hL78-bfzj_b_IXwyHmuENwHA8MslDHOe1bYd3mlSTnoAUE20igmXM6gnFOe4pQes2i5d8YAnYRspbwhj86sn5_vMyGfHtBsApP3MqjcSHL24vo6DHqKYqN85FMGq6GnPub9HGbeIgMAvECuH0ZCqY5MDWj4FI2OA5Jrn2fyBY1CebF5NdTSUeBJMjG_q-cpTnWmkcELKXTNJg9ihkHR8FkBjt8xh2YWh9Opk_0RrUIZI5U9YC4Xc-Hgj7C7YplA4Pr0_SUHdqH_86xF7GcMMuC5Bs8EU22lejxhxwz0BzPPg2Ws0LJ8RGAm0A" +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json new file mode 100644 index 000000000..0513709e2 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json @@ -0,0 +1,8 @@ +{"result": + { + "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6cHI9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9wZXJzb25kYXRhLzIwMDIwMjI4IyIgeG1sbnM6c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiBBc3NlcnRpb25JRD0ic3pyLmJtaS5ndi5hdC1Bc3NlcnRpb25JRDE0Njc2MTY4NDU1MTg2OTkiIElzc3VlSW5zdGFudD0iMjAxNi0wNy0wNFQwOToyMDo0NSswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiPgoJPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCTxzYW1sOlN1YmplY3Q+CgkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJCQk8c2FtbDpDb25maXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KCQkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhPgoJCQkJCTxwcjpQZXJzb24gc2k6dHlwZT0icHI6UGh5c2ljYWxQZXJzb25UeXBlIj48cHI6SWRlbnRpZmljYXRpb24+PHByOlZhbHVlPkFUL0NaL3hXRTB2RldhcnpwelNMNExZbHBzdDliNnZnMD08L3ByOlZhbHVlPjxwcjpUeXBlPnVybjpwdWJsaWNpZDpndi5hdDplaWRhc2lkK0FUK0NaPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTgwLTAyLTI5PC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZWNkc2E6RUNEU0FLZXlWYWx1ZT48ZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6TmFtZWRDdXJ2ZSBVUk49InVybjpvaWQ6MS4yLjg0MC4xMDA0NS4zLjEuNyIvPjwvZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6UHVibGljS2V5PjxlY2RzYTpYIFZhbHVlPSI0OTYyOTAyMjY5NzQ3NDYwMjQ5NzcwNzQ3MzIzODI0NjkxNDYxMDIxNzUzNTY4OTc5ODUyNzMxMzYyMDE1NzEwOTYxNDM1NTI0Mjk4OCIgc2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8+PGVjZHNhOlkgVmFsdWU9Ijc3MTExNTYwNzEzNzU1OTE0NDUwNzM2MDQxNzUxNjE1MTEyNDAyMzEwNjQ5ODMyMTQ3NzMxNjA5MjIxNzEwNDY1MDY1NTAxMzU2NDkyIiBzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48L2VjZHNhOlB1YmxpY0tleT48L2VjZHNhOkVDRFNBS2V5VmFsdWU+PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI+PHNhbWw6QXR0cmlidXRlVmFsdWU+PGRzaWc6UlNBS2V5VmFsdWU+PGRzaWc6TW9kdWx1cz4xQkZPaXRpUVVjMWxBSERHa3NuZVhXWkdLR2FGQmN1MDNIRWlJRnNqSGpOdC9JZlJaNEl6cUhvdFVLSXR4bkNkTnRzRmMxTWtNSmcrCmcwQVhIc3VVNk1OZ2NiY1hQYVBmbUhwKzgrQkpoK2FtREYzRm5BTjRjZUc4b0ZBR1ZFWnRlT2dmZFdrMXI1UlEyU0srMFB1WFB1THAKVGVlN0l6WHRrc1JlWmtWRWFkVUN4bi9oaVJYWmEwZEFCZ2tGZTNrU1hiRHI1dEtYT0YwRkN0TEtoWkJJOXorTmJYK2FUU0tPbUFPcQo0anl5bW9vNUVQM0wraVBlY3JVd0hpakQwQm04OWgxSmp4UDUyMWZrWWUzU2krMEo0MG9rcm1DQ1FIQnIrSXpCMXVYOThwS2h2czdYCjZyUGpPSjZsQndQN1hqSzdEMTI4UC9jZzRlSDZ2NThjQ2ZiTGNRPT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCjxkc2lnOlNpZ25hdHVyZSBJZD0ic2lnbmF0dXJlLTEtMSIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzaWc6U2lnbmVkSW5mbz48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9InJlZmVyZW5jZS0xLTEiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHNpZzpEaWdlc3RWYWx1ZT5FK0JYSDBDMkY2RVlIamRKck9VS3IrRHNLVDg9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWU+SHZqNDBtOXJpZHAySE96ODFNVEFxemYwcStzWkM1WWVLcEpQNDNlSzVHMUhOSDEvRE5HVS9yLzZJVlBpYlU5WQpZR1lKb1hwem54UkZpYkVRNmRGQ0hBYU5QeUFEbWRHSHlKU1dyeUk1eXBBYXA0WThNSm5hVUdTV1k0OUlaYmh0ClBqZktXQjJqVU56ajFUMnU2ZWJJaWZBVGhBSzhacUlFK2U1dWFSK3FyckxpY3hJaFhjU1pveVNjYkt4TXVUMVEKcDZ6TnNOQk9IdWpiVkFmS0ZVRThXbUdJbnl2dW9EZ2VyVXJBMFhzdFdXZzJNOWdoeXRjREp3WnBUWXdYdm1tbwpHVjQ3dWUwSVRydE0rUXFXVmJ0K2RITzgzNjlKRm5HUTloLzZoLzRqOWl5TnV4Zkc3dS9FeUhRaVN1eTArRlA4CjFsa0xzZzFZWCsycE4wSEVseVhWcXc9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlFcXpDQ0JCU2dBd0lCQWdJSEFOdXg4MW9OZXpBTkJna3Foa2lHOXcwQkFRVUZBREJBTVNJd0lBWURWUVFECkV4bEpRVWxMSUZSbGMzUWdTVzUwWlhKdFpXUnBZWFJsSUVOQk1RMHdDd1lEVlFRS0V3UkpRVWxMTVFzd0NRWUQKVlFRR0V3SkJWREFlRncweE16QTVNamN3TlRNek16ZGFGdzB5TXpBNU1qY3dOVE16TXpkYU1JSGtNUXN3Q1FZRApWUVFHRXdKQlZERU5NQXNHQTFVRUJ4TUVSM0poZWpFbU1DUUdBMVVFQ2hNZFIzSmhlaUJWYm1sMlpYSnphWFI1CklHOW1JRlJsWTJodWIyeHZaM2t4U0RCR0JnTlZCQXNUUDBsdWMzUnBkSFYwWlNCbWIzSWdRWEJ3YkdsbFpDQkoKYm1admNtMWhkR2x2YmlCUWNtOWpaWE56YVc1bklHRnVaQ0JEYjIxdGRXNXBZMkYwYVc5dWN6RVVNQklHQTFVRQpCQk1MVFU5QkxWTlRJRlJsYzNReEdEQVdCZ05WQkNvVEQwVkhTVm9nVkdWemRIQnZjblJoYkRFa01DSUdBMVVFCkF4TWJSVWRKV2lCVVpYTjBjRzl5ZEdGc0lFMVBRUzFUVXlCVVpYTjBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUYKQUFPQ0FROEFNSUlCQ2dLQ0FRRUF1RGpPeWYrbVkrb1FMMkZRenp1YWlDOEMyM3ZWS2JxL24yWmk3QnFTaWJaSAptdHFNSmZtajRwVCtoV1NOSHZWdldzYXhGY3g0S2VOcWRDTXp3bncxcjRQM1NmKzJvNXVGa3U1S0hFTUxNb2tSCnlZUUc5VnFZL0trQjk0eWU3UHY2elQ4Z3ZLcXhHRmc5NlVhbUVDZXA0c3dQYVNackE4QU9FUjVXQXR5R0R6S0kKVHorYTV6ZkZhVFhEb2JhN2Y5OFBDV1I5NnlLaUZqVk9oenAzOFdWejRWSmd6K2I4WlNZN1hzdjVLbjdEWGpPTApTVFg0TWV2RkxraTNyRlB1cDMrNHZHVG9hTUJXM1BFajY3SFhCZHFSODU1TGU2K0U2clZ4T1Jxc1hxbFZ3aHNJCjZudVMwQ08yTFdZbUJOUjFJQjBtWHRlZVlIL0hmeHZ1WmMrN3lEamRQUUlEQVFBQm80SUJoRENDQVlBd0RnWUQKVlIwUEFRSC9CQVFEQWdiQU1Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRFZSME9CQllFRkVtY0g2Vlk0QkcxRUFHQgpUTG9OUjl2SC9nNnlNRkFHQTFVZEh3UkpNRWN3UmFCRG9FR0dQMmgwZEhBNkx5OWpZUzVwWVdsckxuUjFaM0poCmVpNWhkQzlqWVhCemJ5OWpjbXh6TDBsQlNVdFVaWE4wWDBsdWRHVnliV1ZrYVdGMFpVTkJMbU55YkRDQnFnWUkKS3dZQkJRVUhBUUVFZ1owd2dab3dTZ1lJS3dZQkJRVUhNQUdHUG1oMGRIQTZMeTlqWVM1cFlXbHJMblIxWjNKaAplaTVoZEM5allYQnpieTlQUTFOUVAyTmhQVWxCU1V0VVpYTjBYMGx1ZEdWeWJXVmthV0YwWlVOQk1Fd0dDQ3NHCkFRVUZCekFDaGtCb2RIUndPaTh2WTJFdWFXRnBheTUwZFdkeVlYb3VZWFF2WTJGd2MyOHZZMlZ5ZEhNdlNVRkoKUzFSbGMzUmZTVzUwWlhKdFpXUnBZWFJsUTBFdVkyVnlNQ0VHQTFVZEVRUWFNQmlCRm5Sb2IyMWhjeTVzWlc1NgpRR1ZuYVhvdVozWXVZWFF3SHdZRFZSMGpCQmd3Rm9BVWFLSmVFZHJlTDRCclJFUy9qZnBsTm9Fa3AyOHdEUVlKCktvWklodmNOQVFFRkJRQURnWUVBbEZHalV4WExzN1NBVDhOdFhTcnYyV3JqbGtsYVJuSFRGSExRd3lWbzhKV2IKZ3ZSa0hIRFV2Mm84b2ZYVVkyUjJXSjM4ZHhlRG9jY2diWHJKYi9RaGk4SVk3WWhDd3YvVHVJWkRpc3lBcW84VwpPUktTaXAvNkhXbEdDU1IvVmdvZXQxR3RDbUYwRm9VeEZVSUdTQXVRMnl5dDRmSXp0NUdKclUxWDV1ampJMXc9PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PC9kc2lnOlNpZ25hdHVyZT48L3NhbWw6QXNzZXJ0aW9uPg==", + "EID-CITIZEN-QAA-LEVEL": "http://eidas.europa.eu/LoA/substantial", + "EID-CCS-URL": "https://localhost.org/demovda", + "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0iXzU3MDEwYjdmY2M5M2NjNGNmM2YyYjc2NDM4OTEzN2MyIiBJc3N1ZUluc3RhbnQ9IjIwMTYtMDYtMDZUMTA6NDA6MDAuMDAwIiBWZXJzaW9uPSIyLjAiPg0KCTxzYW1sMjpJc3N1ZXIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiPmh0dHBzOi8vZGVtby12ZGEuYXQvdmRhLXNlcnZpY2U8L3NhbWwyOklzc3Vlcj48ZHNpZzpTaWduYXR1cmUgSWQ9IlNpZ25hdHVyZS03NmUyZDZmYi0xIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHNpZzpTaWduZWRJbmZvIElkPSJTaWduZWRJbmZvLTc2ZTJkNmZiLTEiPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNlY2RzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0xIiBVUkk9IiI+PGRzaWc6VHJhbnNmb3JtcyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCgkJCQk8ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk5L1JFQy14c2x0LTE5OTkxMTE2Ij48eHNsOnN0eWxlc2hlZXQgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIGV4Y2x1ZGUtcmVzdWx0LXByZWZpeGVzPSJzYW1sMiIgdmVyc2lvbj0iMS4wIiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHhzbDpvdXRwdXQgbWV0aG9kPSJ4bWwiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4c2w6dGVtcGxhdGUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIG1hdGNoPSIvIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3RpdGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+DQogICAgICAgICAgICAgIAkJCQkJLm5vcm1hbHN0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IH0gDQogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQ0KCQkJCQkJCQkudGl0bGVzdHlsZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KCQkJCQkJCQkuaDRzdHlsZSB7IGZvbnQtc2l6ZTogbGFyZ2U7IH0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IA0KICAgICAgICAgICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxlIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xsbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0PkljaCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hyaXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFyZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVuIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNUb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+DQoJCQkJCQkJCQkJCVZvbGxtYWNodGVuLVJlZmVyZW56OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5BdXRoQmxvY2tWYWxpZFRvOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvQE5vdE9uT3JBZnRlciIvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjwvYm9keT48L2h0bWw+PC94c2w6dGVtcGxhdGU+PC94c2w6c3R5bGVzaGVldD48L2RzaWc6VHJhbnNmb3JtPg0KCQkJCTxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1I1dpdGhDb21tZW50cyIvPg0KCQkJPC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+QWFqRkVkQWx5NW45MWkyVVZvcVNuL0JKcjREVlpZeFBYM2RIcE9aUC9vdz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0yIiBUeXBlPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iI1NpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+Nldac3lKNkYySUJLS3BsWDNacHJzQ0FJOVN0OXVmS0UyNWFlUDI1cDRkQT08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZSBJZD0iU2lnbmF0dXJlVmFsdWUtNzZlMmQ2ZmItMSI+NzY1NndpVGRGWVZCTDlyOGdXemprWVhJWXNhTk9EWDBVUHVQVXRyTlpSYnhZY3BJdDNhVUpVaUZuR0FBVzhiRw0KSytGdnZXYkYweDMzMm9zeFFYRDZtUT09PC9kc2lnOlNpZ25hdHVyZVZhbHVlPjxkc2lnOktleUluZm8+PGRzaWc6WDUwOURhdGE+PGRzaWc6WDUwOUNlcnRpZmljYXRlPk1JSUZDVENDQS9HZ0F3SUJBZ0lFWDcxL21qQU5CZ2txaGtpRzl3MEJBUVVGQURDQm9URUxNQWtHQTFVRUJoTUMNClFWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWcNCmFXMGdaV3hsYTNSeUxpQkVZWFJsYm5abGNtdGxhSElnUjIxaVNERWpNQ0VHQTFVRUN3d2FZUzF6YVdkdUxWQnkNClpXMXBkVzB0VkdWemRDMVRhV2N0TURJeEl6QWhCZ05WQkFNTUdtRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXQNClUybG5MVEF5TUI0WERURTJNRGN3TkRBM01qRXdPRm9YRFRJd01ETXpNVEExTWpFd09Gb3dnYmN4Q3pBSkJnTlYNCkJBWU1Ba0ZVTVRzd09RWURWUVFERERKWVdGaE5ZWEpwWVMxVWFHVnlaWE5wWVNCTGRXNXBaM1Z1WkdFZ1dGaFkNClNHRmljMkoxY21jdFRHOTBhSEpwYm1kbGJqRWZNQjBHQTFVRUJBd1dXRmhZU0dGaWMySjFjbWN0VEc5MGFISnANCmJtZGxiakVrTUNJR0ExVUVLZ3diV0ZoWVRXRnlhV0V0VkdobGNtVnphV0VnUzNWdWFXZDFibVJoTVJVd0V3WUQNClZRUUZEQXc0TWpnM05EZ3hNamM0TVRJeERUQUxCZ05WQkF3TUJFMWhaeTR3V1RBVEJnY3Foa2pPUFFJQkJnZ3ENCmhrak9QUU1CQndOQ0FBUnR1UWdLYTdpR013RHdVM0E3a1J2VzM0NXA2dVU1bUFRQURRWlpHVUZmN0twN21NRGkNCnZUWVNLcFREMjI2MTcrRXVrRGJ2dHVxdVpGd2ZscEtOZkhITW80SUIrakNDQWZZd2dZVUdDQ3NHQVFVRkJ3RUINCkJIa3dkekJIQmdnckJnRUZCUWN3QW9ZN2FIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMk5sY25SekwyRXQNCmMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5WVM1amNuUXdMQVlJS3dZQkJRVUhNQUdHSUdoMGRIQTYNCkx5OXZZM053TFhSbGMzUXVZUzEwY25WemRDNWhkQzl2WTNOd01BNEdBMVVkRHdFQi93UUVBd0lHd0RBbkJnZ3INCkJnRUZCUWNCQXdFQi93UVlNQll3Q0FZR0JBQ09SZ0VCTUFvR0NDc0dBUVVGQndzQk1JR2tCZ05WSFI4RWdad3cNCmdaa3dnWmFnZ1pPZ2daQ0dnWTFzWkdGd09pOHZiR1JoY0MxMFpYTjBMbUV0ZEhKMWMzUXVZWFF2YjNVOVlTMXoNCmFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNRElzYnoxQkxWUnlkWE4wTEdNOVFWUS9ZMlZ5ZEdsbWFXTmgNCmRHVnlaWFp2WTJGMGFXOXViR2x6ZEQ5aVlYTmxQMjlpYW1WamRHTnNZWE56UFdWcFpFTmxjblJwWm1sallYUnANCmIyNUJkWFJvYjNKcGRIa3dDUVlEVlIwVEJBSXdBREJaQmdOVkhTQUVVakJRTUFnR0JnUUFpekFCQVRCRUJnWXENCktBQVJBUXN3T2pBNEJnZ3JCZ0VGQlFjQ0FSWXNhSFIwY0RvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDJSdlkzTXYNClkzQXZZUzF6YVdkdUxWQnlaVzFwZFcwd0V3WURWUjBqQkF3d0NvQUlSZ2FmamtHT0ZiMHdFUVlEVlIwT0JBb0UNCkNFTVFVRXBMcjZNa01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQ2x5Mm1IbVhZNTUybHRNdm4xUTkzb3dweDMNCkwxMGJ4UVRIV3dZN2c4YnlVdlhBdDc3bW9USkU5aHNlZW90ZVkzQ1Y2c3VOL1h6VFZIeVlBRFZKMHkyR3lCWDANCjFvaGhNcjE0TDVuQ0YzNC81WUJ3bkdSYzhxWDhtMGxaZEhaajVmZkJqQTNreWRLWHQvTFhRSEpYYlBtU0VuYnMNCkc1NWMvRjNTc3A4OC93Q1M2ZC9WZ3d0S1RxMnN1RnNHR0RJbGhic1RKN0p6TnpLNm9pdEUzVXZLd05nbzdKWUMNCkZJM1R4bXhpUy84dm5qRnc4V3o1M016bjBaTjAwUERqYi9Nb24vT2hUMUN1Y3dBMmh2eW1KeWhwcG9JN2tQbm8NCmRxZGV3Y0toZzNPcGJHUkVGL3Z5N2pNRjRUSXhBMGJ3VkNvdUFsdmZqSnZoM2MvSElnQS84WlpTTVdrbTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPjxkc2lnOk9iamVjdCBJZD0iT2JqZWN0LTc2ZTJkNmZiLTEiPjx4YWRlczpRdWFsaWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiB4bWxuczpuczM9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuNC4xIyIgVGFyZ2V0PSIjU2lnbmF0dXJlLTc2ZTJkNmZiLTEiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNsPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3NlY3VyaXR5bGF5ZXIvMS4yIyI+PHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDZUMTE6NTg6MDRaPC94YWRlczpTaWduaW5nVGltZT48eGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpDZXJ0Pjx4YWRlczpDZXJ0RGlnZXN0Pjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPkZaTHZCVERTdEVMM0k1VEJZVmJaRjk2alcvMVRCcXhqdDJZYnNJUTN4OGM9PC9kc2lnOkRpZ2VzdFZhbHVlPjwveGFkZXM6Q2VydERpZ2VzdD48eGFkZXM6SXNzdWVyU2VyaWFsPjxkc2lnOlg1MDlJc3N1ZXJOYW1lPkNOPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE9VPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj4xNjA2MjU0NDkwPC9kc2lnOlg1MDlTZXJpYWxOdW1iZXI+PC94YWRlczpJc3N1ZXJTZXJpYWw+PC94YWRlczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L3hhZGVzOlNpZ25hdHVyZVBvbGljeUlkZW50aWZpZXI+PC94YWRlczpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjx4YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48eGFkZXM6RGF0YU9iamVjdEZvcm1hdCBPYmplY3RSZWZlcmVuY2U9IiNSZWZlcmVuY2UtNzZlMmQ2ZmItMSI+PHhhZGVzOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwveGFkZXM6TWltZVR5cGU+PC94YWRlczpEYXRhT2JqZWN0Rm9ybWF0PjwveGFkZXM6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC94YWRlczpTaWduZWRQcm9wZXJ0aWVzPjwveGFkZXM6UXVhbGlmeWluZ1Byb3BlcnRpZXM+PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPg0KCTxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOC0wNi0wNlQxMDo0MDowMC4wMDBaIiBOb3RPbk9yQWZ0ZXI9IjIwMTgtMDYtMDZUMTU6MDA6MDAuMDAwWiI+DQoJCTxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL3Bvc3Q8L3NhbWwyOkF1ZGllbmNlPg0KCQk8L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQoJPC9zYW1sMjpDb25kaXRpb25zPg0KCTxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQVlAtVkVSU0lPTiIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlBSSU5DSVBBTC1OQU1FIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkdJVkVOLU5BTUUiIE5hbWU9InVybjpvaWQ6Mi41LjQuNDIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkJJUlRIREFURSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjE5ODAtMDItMjk8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1VbmlxdWVJZCIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL21ldGFkYXRhPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkRlbW9sb2dpbiBTZXJ2aWNlIHByb3ZpZGVkIGJ5IEVHSVo8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFUPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJNQU5EQVRFLVJFRkVSRU5DRS1WQUxVRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5fYXNkZmFkZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQo8L3NhbWwyOkFzc2VydGlvbj4=" + } +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json new file mode 100644 index 000000000..8acd1986d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json @@ -0,0 +1,6 @@ +{ + "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6bnMzPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMiIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIEFzc2VydGlvbklEPSJsb2NhbGhvc3QtMjAxOC0wNS0yOFQxNjo0NDo0MSswMjowMCIgSXNzdWVJbnN0YW50PSIyMDE4LTA1LTI4VDE0OjQ0OjQxLjM2N1oiIElzc3Vlcj0iaHR0cDovL3Rlcm1pbmFsLmlhaWsudHVncmF6LmF0IiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI-PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOlN1YmplY3Q-PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48c2FtbDpDb25maXJtYXRpb25NZXRob2Q-dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT48cHI6UGVyc29uIHhzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU-QnMwbWNSWWVBTW5XeG5pVVlsM256QT09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24-PHByOk5hbWU-PHByOkdpdmVuTmFtZT5FaWQ8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlRlc3Q8L3ByOkZhbWlseU5hbWU-PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4yMDAwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE-PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24-PC9zYW1sOlN1YmplY3Q-PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI-PHNhbWw6QXR0cmlidXRlVmFsdWU-PGVjZHNhOkVDRFNBS2V5VmFsdWU-PGVjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOk5hbWVkQ3VydmUgVVJOPSJ1cm46b2lkOjEuMi44NDAuMTAwNDUuMy4xLjciLz48L2VjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOlB1YmxpY0tleT48ZWNkc2E6WCBWYWx1ZT0iMTkzNjQwODQ0ODkzNjU1NDM4MDYwNTQ2NjYxOTczNDAzODMzNzUxODUzNjU4MDgzMzA2MDY5NzQ2OTk5ODg2Mjc2ODc1Mjk0NTAyMTQiIHhzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48ZWNkc2E6WSBWYWx1ZT0iMTA4Njg0MDg1NDc2NTkxMDE3NTA1NjkyODQzMTE0NzMwNDU5MzUxODYzMTI5NDE4Mjg3NTUzMzg2OTM2MjE0NDQwODQxNjY4ODcyMTU2IiB4c2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8-PC9lY2RzYTpQdWJsaWNLZXk-PC9lY2RzYTpFQ0RTQUtleVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ-PGRzaWc6U2lnbmF0dXJlPjxkc2lnOlNpZ25lZEluZm8-PGRzaWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM-PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPjxkc2lnOlhQYXRoPm5vdChhbmNlc3Rvci1vci1zZWxmOjpwcjpJZGVudGlmaWNhdGlvbik8L2RzaWc6WFBhdGg-PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPm5JUlRucWZraUpETDhEc3A5ZHRuWUU4YnZxbTRrbUFRVVhOUDRyMzU5Qnc9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPnk5bXNyVmIxR2FOczNmZ3lkcVp2WnorYnp5cVFHeGRQRDhzazNyL1BnYTA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PC9kc2lnOlNpZ25lZEluZm8-PGRzaWc6U2lnbmF0dXJlVmFsdWU-WHNhNjlWaUFlTjcvTlBQeWlycXAzYWxwY1RsS2ZVMlJaUTBWS1FpTU1mSzExTnRHaFNlRE9aR1BvR1lnQjdaTApLbkw4UWxmVzRUK2I3eHNCcDM5WE5iSS9jVi9zY0c5ZUIweWhYa0x6MjVsdE1jUUJNcUdEcDJHcmNpOEpYQmRaCkFIQWVBS2IrNUZzVHR4MllyMUZIUGhyWnEwN3RFK2NhSXlNb2VOdi95bVBrSWFhT0lUcTZHWTdndFZReFJGNWwKMi9uUmFKWExwc1JIdnVpNmIrWHBxUlFuZFJvaVEvSW41N3lSY0JLVk5lbFBhcUJmekRSMmtjVEt1RCtxWFAvawpaMU1nRUErY1dXcVI0Y085UEdxQms4NUR1MTBBVXMvTjNCbzRqWDZrcTYvMWVKdWlnSDVhTmlTNnVTcnFHZktLCklxUWxYc2N6a0oxLzIxUDgzQmFYZUE9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlIYWpDQ0JWS2dBd0lCQWdJR1JVbkY4RDVTTUEwR0NTcUdTSWIzRFFFQkN3VUFNSGN4Q3pBSkJnTlZCQVlUCkFrRlVNUTB3Q3dZRFZRUUhFd1JIY21GNk1TWXdKQVlEVlFRS0V4MUhjbUY2SUZWdWFYWmxjbk5wZEhrZ2IyWWcKVkdWamFHNXZiRzluZVRFTk1Bc0dBMVVFQ3hNRVNVRkpTekVpTUNBR0ExVUVBeE1aU1VGSlN5QlVaWE4wSUVsdQpkR1Z5YldWa2FXRjBaU0JEUVRBZUZ3MHhOakE0TWpVeE16QTRNemhhRncweE9UQTRNalV4TXpBNE16aGFNSUg4Ck1Rc3dDUVlEVlFRR0V3SkJWREVOTUFzR0ExVUVCeE1FUjNKaGVqRW1NQ1FHQTFVRUNoTWRSM0poZWlCVmJtbDIKWlhKemFYUjVJRzltSUZSbFkyaHViMnh2WjNreFNEQkdCZ05WQkFzVFAwbHVjM1JwZEhWMFpTQm1iM0lnUVhCdwpiR2xsWkNCSmJtWnZjbTFoZEdsdmJpQlFjbTlqWlhOemFXNW5JR0Z1WkNCRGIyMXRkVzVwWTJGMGFXOXVjekVhCk1CZ0dBMVVFQkJNUlUybG5ibUYwZFhKbElGTmxjblpwWTJVeEhqQWNCZ05WQkNvVEZWTmxjblpsY2tKTFZTQkUKWlhabGJHOXdiV1Z1ZERFd01DNEdBMVVFQXhNblUyVnlkbVZ5UWt0VklFUmxkbVZzYjNCdFpXNTBJRk5wWjI1aApkSFZ5WlNCVFpYSjJhV05sTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4ZC8zCjlpbDYxZ2hJSDc4MXdSR2c1bSsxMk1SeEZCL2VLTFRuOEFqM1lwVG1JOSs0Q1RHOEVTbXUyMGkvZCttUmMvQmcKNXR6dklUaSs5NjRnSXNvdnluQ2RVOVFFd1dGOVNLVFE3dmpUTWZrVFdEbGwrS2ZTV2pPNzFsN0RtOUYvZFJWVwp4S2N4MWo2b1N4Ym5ZWmlvM1VCc1NGK3ZmRXo3Y0p6MkR6QWdBdE05cy8yd1NpWXlXd2ZRTVFjZ0VnQTR1V3RXCi83dnJlOEZEZ3h4dEEzWE9WN0lnS29FZkZBMmM3YTZnVkdVak45ME9XeG40WmRER3BqRFk5bUFuRUpTMnJRb1oKRW5rSTQ3cmZ4MzVGckVQdDdSZGM1bVRTd0R2YkpxTGx4a0NVclBpK0NWL2VzTXhyeVg0K21pdmFnaHhWeTNHVApTcFR4ZjJJQWdYMnVYMlZiVXdJREFRQUJvNElDZERDQ0FuQXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1Bd0dBMVVkCkV3RUIvd1FDTUFBd2dnRVhCZ2dyQmdFRkJRY0JBUVNDQVFrd2dnRUZNSGNHQ0NzR0FRVUZCekFDaG10c1pHRncKT2k4dmJHUmhjQzVwWVdsckxuUjFaM0poZWk1aGRDOWpiajFwWVdsckxYUmxjM1F0YVc1MFpYSnRaV1JwWVhSbApMV05oTEc5MVBYQnJhU3hrWXoxcFlXbHJMR1JqUFhSMVozSmhlaXhrWXoxaGREOWpRVU5sY25ScFptbGpZWFJsCk8ySnBibUZ5ZVRCSUJnZ3JCZ0VGQlFjd0FvWThhSFIwY0RvdkwyTmhMbWxoYVdzdWRIVm5jbUY2TG1GMEwyTmwKY25SekwybGhhV3N0ZEdWemRDMXBiblJsY20xbFpHbGhkR1V0WTJFdVkyVnlNRUFHQ0NzR0FRVUZCekFCaGpSbwpkSFJ3T2k4dmIyTnpjQzVwWVdsckxuUjFaM0poZWk1aGRDOXBZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsCkxXTmhNQjhHQTFVZEl3UVlNQmFBRkVKdXI2L3FRU3AvbEZjRmhZTGdrVVloeVZkQ01Ca0dBMVVkSUFRU01CQXcKRGdZTUt3WUJCQUdWRWdFQ0J3RUJNSUhLQmdOVkhSOEVnY0l3Z2I4d2dieWdnYm1nZ2JhR2QyeGtZWEE2THk5cwpaR0Z3TG1saGFXc3VkSFZuY21GNkxtRjBMMk51UFdsaGFXc3RkR1Z6ZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkVzCmIzVTljR3RwTEdSalBXbGhhV3NzWkdNOWRIVm5jbUY2TEdSalBXRjBQMk5sY25ScFptbGpZWFJsVW1WMmIyTmgKZEdsdmJreHBjM1E3WW1sdVlYSjVoanRvZEhSd09pOHZZMkV1YVdGcGF5NTBkV2R5WVhvdVlYUXZZM0pzY3k5cApZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsTFdOaExtTnliREFOQmdjcUtBQUtBUWNCQkFJRkFEQWRCZ05WCkhRNEVGZ1FVQ0djbU5FZ3JGTHdyZWRNcFJwYS8zNGpFcVk4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJQWcKL0Z0K3ZNMERVS0tpcGNGMnhTWkN3ZXFFcjZiRjlJOEZydXhLeUhnNFdjV2lVdkZzOTZXa3dqL0dBOFlNSmtqRQpTS2FkMW5QK2hGamlyYVlVNmRTZnBPbkFVSnlMVjBxNURNOFkwY2w4R0RxYXpFMmtOR056am1IOUh2R1k5Q1dwCnZ3RjhodEJuQlg4TjRFdncydDg2ZUQ0VjUwN2syRXY4Sk9QV0tpZlp3TzBPQ25Qa2tCZnEzMEg1R1ZtOUpBOFcKam9FWFlRenpYMlRCWXJ4cWtXTm9zQXNOOVN0Y092djlzZlRUdFcrb3pLNS9WUHZBcDlTVU9qQzVFd3c3QnVLcQp5QnhEclRTUThobGZXMmo4Y010Q21nMDBMSVNuc3BpcThQZHZJV2t0RE8wc3JpeWgzWXVJSVV4ODZPRTlyQmNHCjIwcXI5czJvWFl6VnhxK1Q2aElFekRDMXYvc1BicGVZRmRVNkRXN2J6LzNPYlBjS2prR0Q3SjA2WkRaRmJnWHIKYXVjcjAxWkZqZGdCY2RIMFV6bXNJYUFNRytIWTVSVTk5QVo1YlA1UkgrRGJTVFpMbGNtOFp6bmU1L2Iwck4rYQoyUTFjdHB0UW5hUGxaWVFNY1RTcVhjYk03VW16bjRMZ25PZWRqZkFjcDhQazByK2Jab2pyekZHdW9pOWZxa3FlCnFUdXArUGtHaitJOEQrcE9HL3NTTWFQeC9nUFo0bGxPOXYxN1ZHSEtIK095R0lzZWZ3ZCtqWGhNVEpNZHQ1a08KNmZMeVRGRjFNUDRMZDY0cFJ1Ym9hZ1pxZTNkbXk5SEN5N0FWbnE5ZElsL0JsaExqaExTVFlXdnd0ZHVoMzNXVgpxZWd3QmxkcjZQOXZ1SlRzT3JyZTdiUnZrQStWbnVaaGxOVzlBQzEvPC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE-PC9kc2lnOktleUluZm8-PGRzaWc6T2JqZWN0Pjxkc2lnOk1hbmlmZXN0IElkPSJtYW5pZmVzdCI-PGRzaWc6UmVmZXJlbmNlIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkvUkVDLXhwYXRoLTE5OTkxMTE2Ij48ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6ZHNpZzpTaWduYXR1cmUpPC9kc2lnOlhQYXRoPjwvZHNpZzpUcmFuc2Zvcm0-PC9kc2lnOlRyYW5zZm9ybXM-PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8-PGRzaWc6RGlnZXN0VmFsdWU-QWZHRytDVVAvZUY3bFpCaTgzMkVZYk9lS1MwYzNpYTljQ1p5OEUvYS9QZz08L2RzaWc6RGlnZXN0VmFsdWU-PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6TWFuaWZlc3Q-PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPjwvc2FtbDpBc3NlcnRpb24-", + "EID-CITIZEN-QAA-LEVEL": "eid-citizen-qaa-level", + "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDI6QXNz\r\nZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXNzZXJ0aW9uIiBJRD0iXzQwOTcyZmQ3NzdjNTlkYTFlYmVlZDJiOGQ2MzNhMzAw\r\nIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBWZXJzaW9uPSIy\r\nLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+\r\nCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6\r\nMi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL3NlcnZlcmJrdWRlbW8u\r\naWFpay50dWdyYXouYXQvZWlkPC9zYW1sMjpJc3N1ZXI+Cgk8ZHM6U2lnbmF0dXJl\r\nIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBJ\r\nZD0iU2lnbmF0dXJlLWx1cmx5d2ZjLTEiPjxkczpTaWduZWRJbmZvIElkPSJTaWdu\r\nZWRJbmZvLWx1cmx5d2ZjLTEiPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFs\r\nZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4j\r\nIi8+PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMu\r\nb3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkczpSZWZl\r\ncmVuY2UgSWQ9IlJlZmVyZW5jZS1sdXJseXdmYy0xIiBVUkk9IiI+PGRzOlRyYW5z\r\nZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3Jn\r\nL1RSLzE5OTkvUkVDLXhzbHQtMTk5OTExMTYiPjx4c2w6c3R5bGVzaGVldCB4bWxu\r\nczp4c2w9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvWFNML1RyYW5zZm9ybSIgZXhj\r\nbHVkZS1yZXN1bHQtcHJlZml4ZXM9InNhbWwyIiB2ZXJzaW9uPSIxLjAiIHhtbG5z\r\nOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48\r\neHNsOm91dHB1dCBtZXRob2Q9InhtbCIgeG1sbnM6eG1sPSJodHRwOi8vd3d3Lncz\r\nLm9yZy9YTUwvMTk5OC9uYW1lc3BhY2UiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4\r\nc2w6dGVtcGxhdGUgbWF0Y2g9Ii8iIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8x\r\nOTk5L3hodG1sIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94\r\naHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3Rp\r\ndGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+CiAgICAg\r\nICAgICAgICAgCQkJCQkubm9ybWFsc3R5bGUgeyBmb250LXNpemU6IG1lZGl1bTsg\r\nfSAKICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTog\r\nbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0KCQkJCQkJCQkudGl0bGVzdHls\r\nZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7\r\nIGZvbnQtc2l6ZTogbWVkaXVtOyB9IAoJCQkJCQkJCS5oNHN0eWxlIHsgZm9udC1z\r\naXplOiBsYXJnZTsgfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSAKICAgICAgICAg\r\nICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxl\r\nIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4g\r\nenVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYg\r\ndGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3Rh\r\ndGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40Midd\r\nL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5\r\nbGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2\r\nYWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRl\r\nU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40\r\nMiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4\r\nc2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIu\r\nNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0\r\ncj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwy\r\nOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVz\r\ndD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVt\r\nZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4y\r\nLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0i\r\naXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1h\r\nbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9z\r\nYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1\r\ncm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFs\r\ndWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNz\r\nZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVb\r\nQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xs\r\nbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0Pklj\r\naCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hy\r\naXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFy\r\nZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVu\r\nIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3Ry\r\nPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1\r\nciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRk\r\nIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQ\r\ncm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwv\r\ndHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpB\r\ndHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8v\r\nZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5\r\nTmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhz\r\nbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5n\r\ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUn\r\nXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNs\r\nOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0\r\nZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3Yu\r\nYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9z\r\nYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxl\r\nIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVl\r\nLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJ\r\nRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBj\r\nbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxl\r\nIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+\r\nRGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFu\r\ndCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2Vs\r\nZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYs\r\nMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9\r\nInN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIv\r\nPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8\r\nL3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0\r\nPSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIp\r\nIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJz\r\ndWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+\r\nPHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJz\r\ndHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90\r\nZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNU\r\nb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1v\r\nZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6\r\naWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1l\r\nbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIu\r\nMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNz\r\nPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6\r\nIDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxl\r\nY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3Nh\r\nbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4y\r\nNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDpp\r\nZj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0\r\nYVVSTDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL3NhbWwy\r\nOkF1ZGllbmNlUmVzdHJpY3Rpb24vc2FtbDI6QXVkaWVuY2UiLz48L3RkPjwvdHI+\r\nPHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMv\r\nQE5vdE9uT3JBZnRlciI+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPkF1dGhCbG9ja1ZhbGlkVG86IDwvdGQ+PHRkIGNsYXNzPSJub3Jt\r\nYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24v\r\nc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIi8+PC90ZD48L3RyPjwveHNs\r\nOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpz\r\ndHlsZXNoZWV0PjwvZHM6VHJhbnNmb3JtPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGht\r\nPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2Rz\r\nOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93\r\nd3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1\r\nZT5IbEk0T0lNbG1sVlpJQWtBdkQ1bGdGNWRGeXdxWVhES0wzVEVSaXRZeHlVPTwv\r\nZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PGRzOlJlZmVyZW5jZSBJZD0i\r\nUmVmZXJlbmNlLWx1cmx5d2ZjLTIiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcv\r\nMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjU2lnbmVkUHJvcGVydGllcy1s\r\ndXJseXdmYy0xIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRo\r\nbT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9k\r\nczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v\r\nd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFs\r\ndWU+a3lFdzl5bUlLbm9KSlF3bW85bitmdjF1VGpCUXdaNGpsZk5oSll5akpKTT08\r\nL2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48\r\nZHM6U2lnbmF0dXJlVmFsdWUgSWQ9IlNpZ25hdHVyZVZhbHVlLWx1cmx5d2ZjLTEi\r\nPlQrOTN3ejU3dUVsQUFFb1dZTVNYcVA3YnVIU0drZW9YVlQvTnN5Q1hrM056Zmpn\r\nbC9ERlgreFJqOGJqUDNkUEgKenVtejVUV1N3R25NRUU4bUNJTUxRQT09PC9kczpT\r\naWduYXR1cmVWYWx1ZT48ZHM6S2V5SW5mbyBJZD0iS2V5SW5mbyI+PGRzOlg1MDlE\r\nYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJR2Z6Q0NCR2VnQXdJQkFnSUhBSlpZ\r\nMGlZWFVqQU5CZ2txaGtpRzl3MEJBUXNGQURCM01Rc3dDUVlEVlFRRwpFd0pCVkRF\r\nTk1Bc0dBMVVFQnhNRVIzSmhlakVtTUNRR0ExVUVDaE1kUjNKaGVpQlZibWwyWlhK\r\nemFYUjVJRzltCklGUmxZMmh1YjJ4dloza3hEVEFMQmdOVkJBc1RCRWxCU1VzeElq\r\nQWdCZ05WQkFNVEdVbEJTVXNnVkdWemRDQkoKYm5SbGNtMWxaR2xoZEdVZ1EwRXdI\r\naGNOTVRnd05USTRNVFEwTlRJeFdoY05NakV3TlRJNE1UUTBOVEl4V2pBdwpNUXd3\r\nQ2dZRFZRUXFFd05GYVdReERUQUxCZ05WQkFRVEJGUmxjM1F4RVRBUEJnTlZCQU1U\r\nQ0VWcFpDQlVaWE4wCk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdB\r\nRUtzK3U5T2RqRm1SR0YxQ2JzYStYU3V2elBvSUcKcFB0Y0pzKzR0aE1iQ3Vid1NR\r\nTXZVT3NzckN6ckMxSmk5WVZ4ZXFIczNEVTJSREVvc29TVVJPSkgzS09DQXlBdwpn\r\nZ01jTUE0R0ExVWREd0VCL3dRRUF3SUhnREFNQmdOVkhSTUJBZjhFQWpBQU1JSUJO\r\nZ1lJS3dZQkJRVUhBUUVFCmdnRW9NSUlCSkRDQmdnWUlLd1lCQlFVSE1BS0dkbXhr\r\nWVhBNkx5OWpZWEJ6YnkxMFpYTjBMbWxoYVdzdWRIVm4KY21GNkxtRjBPakV6T0Rr\r\ndlkyNDlhV0ZwYXkxMFpYTjBMV2x1ZEdWeWJXVmthV0YwWlMxallTeHZkVDF3YTJr\r\ncwpaR005YVdGcGF5eGtZejEwZFdkeVlYb3NaR005WVhRL1kwRkRaWEowYVdacFky\r\nRjBaVHRpYVc1aGNua3dVQVlJCkt3WUJCUVVITUFLR1JHaDBkSEE2THk5allYQnpi\r\neTEwWlhOMExtbGhhV3N1ZEhWbmNtRjZMbUYwTDJObGNuUnoKTDJsaGFXc3RkR1Z6\r\nZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkV1WTJWeU1Fc0dDQ3NHQVFVRkJ6QUJoajlv\r\nZEhSdwpPaTh2WTJGd2MyOHRkR1Z6ZEM1cFlXbHJMblIxWjNKaGVpNWhkQzl2WTNO\r\nd0wybGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXdId1lEVlIwakJC\r\nZ3dGb0FVZWRnUEFvSGx5d3Z1dC94RXY5Tm4raENHVVJJd2dhQUcKQTFVZElBU0Jt\r\nRENCbFRDQmtnWU1Ld1lCQkFHVkVnRUNCd0VCTUlHQk1IOEdDQ3NHQVFVRkJ3SUNN\r\nSE1NY1ZSbwphWE1nWTJWeWRHbG1hV05oZEdVZ2QyRnpJR2x6YzNWbFpDQmllU0Jo\r\nSUNvcVkyOXdlU29xSUc5bUlHRnVJRWxCClNVc2dWR1Z6ZENCSmJuUmxjbTFsWkds\r\naGRHVWdRMEVnWVc1a0lHMWhlU0JpWlNCMWMyVmtJR1p2Y2lCMFpYTjAKSUhCMWNu\r\nQnZjMlZ6SUc5dWJIa3VNSUhlQmdOVkhSOEVnZFl3Z2RNd2dkQ2dnYzJnZ2NxR2dZ\r\nSnNaR0Z3T2k4dgpZMkZ3YzI4dGRHVnpkQzVwWVdsckxuUjFaM0poZWk1aGREb3hN\r\nemc1TDJOdVBXbGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXNiM1U5\r\nY0d0cExHUmpQV2xoYVdzc1pHTTlkSFZuY21GNkxHUmpQV0YwUDJObGNuUnAKWm1s\r\nallYUmxVbVYyYjJOaGRHbHZia3hwYzNRN1ltbHVZWEo1aGtOb2RIUndPaTh2WTJG\r\nd2MyOHRkR1Z6ZEM1cApZV2xyTG5SMVozSmhlaTVoZEM5amNteHpMMmxoYVdzdGRH\r\nVnpkQzFwYm5SbGNtMWxaR2xoZEdVdFkyRXVZM0pzCk1CMEdBMVVkRGdRV0JCU093\r\nS0VmZDVIa2traXppWkJiNVlqNEhXeTFEREFOQmdrcWhraUc5dzBCQVFzRkFBT0MK\r\nQWdFQUFqakRNU1d4YlVIdmtsUEtTNHhUSkpWN0JsNUd5KysvTFozOU1iOFpDZ2pJ\r\nc0dJUDl3M2hoejBrZmk0egpJejZodmYvWXg5emxLWi93UklVOFI0aXlncVFTWTVa\r\nbTI4V0tWbTNWYmhmczRld040RkpUUDh3OExnVVNISjAyClYrSklIdFV0NWk5VTJh\r\nL0kwMWJteklJZkJZTDBJVzhzMUszVk1BekFEeUhER1cvVTZoOWNrN2RheXc4T1dp\r\nOHQKTlQ0dG5LWDRtRWhINnoya1VQbnY3ZnFGbFNSckQwdXFrZUtaYWQzQTFhMTU1\r\nUzBEZ2oxY1ptTmpSNHNSaFFoaApnYmEvRUd1SE55RVhjaFZhc0lJVG9oT1J1SlY5\r\nQkFxNENja2JTTG8vcUNTZit1aVFVSm0zMzZMd2F2akdaa2VkCk8vYXV2UlRFVGN0\r\nUGlwamRPTlN4Ri9qYmpBUTNmbVlSL1Zxdm9DbTZLM1pnV1R6eGswUzRtZmFycndv\r\nb0R2bEUKcmtTbnJsTGYrRDZFeVF0OUxDdy9pNUx2SC8rRStaUTRBS3dUSG1Kb2s0\r\neGRTZ3l3eU5yeHNjaVpydlVHZ3dlOQpuK0NWM0l6RXltWWZMMjhxeWtLV3BxYlBU\r\nbFNIcWEzU2xJbWRsOHl3Skk0aEFXN216WkRwNE9qaGliUnlkSnNSCjd1aUZuZmhJ\r\nS01URGljblpHZ1BaWnFJdVM0cUd3WUJzelU3N1IrWG13bVpxWkJrTlA4OGVZVzFx\r\nbnhDRkdFdEkKT2lpRVR3TzR6eFhGRjIxQ2VCMDZQRXdSQ1ZnZWJCZzB6Qm5YK2hJ\r\nc1Qvbkpxd0hLOEkwWWgyNEJDdWRFU1VDMgpnRTl4cnVqcmszZTdyK2xPcWJZYnpl\r\nV1JKblhJTGcrU25mbHpDOWtTM0x4UmZKST08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48\r\nL2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48ZHM6T2JqZWN0Pjx4YWRlczpRdWFs\r\naWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9y\r\nZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNTaWduYXR1cmUtbHVybHl3ZmMtMSI+\r\nPHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtbHVy\r\nbHl3ZmMtMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVz\r\nOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDdUMTY6NTc6MzcrMDI6MDA8L3hhZGVzOlNp\r\nZ25pbmdUaW1lPjx4YWRlczpTaWduaW5nQ2VydGlmaWNhdGVWMj48eGFkZXM6Q2Vy\r\ndD48eGFkZXM6Q2VydERpZ2VzdD48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0i\r\naHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzOkRp\r\nZ2VzdFZhbHVlPmRXV01DZ29LL09Uc1Bkemk1S0orSFV0RUE5YWhxVitsQkVEK3BD\r\na1d0OFU9PC9kczpEaWdlc3RWYWx1ZT48L3hhZGVzOkNlcnREaWdlc3Q+PC94YWRl\r\nczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlVjI+PHhhZGVzOlNpZ25h\r\ndHVyZVBvbGljeUlkZW50aWZpZXI+PHhhZGVzOlNpZ25hdHVyZVBvbGljeUltcGxp\r\nZWQvPjwveGFkZXM6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L3hhZGVzOlNp\r\nZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25lZERhdGFPYmplY3RQ\r\ncm9wZXJ0aWVzPjx4YWRlczpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5j\r\nZT0iI1JlZmVyZW5jZS1sdXJseXdmYy0xIj48eGFkZXM6TWltZVR5cGU+YXBwbGlj\r\nYXRpb24veGh0bWwreG1sPC94YWRlczpNaW1lVHlwZT48L3hhZGVzOkRhdGFPYmpl\r\nY3RGb3JtYXQ+PC94YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48L3hh\r\nZGVzOlNpZ25lZFByb3BlcnRpZXM+PC94YWRlczpRdWFsaWZ5aW5nUHJvcGVydGll\r\ncz48L2RzOk9iamVjdD48L2RzOlNpZ25hdHVyZT48c2FtbDI6Q29uZGl0aW9ucyBO\r\nb3RCZWZvcmU9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBOb3RPbk9yQWZ0ZXI9IjIw\r\nMTgtMDYtMDdUMTU6MDI6MzdaIj4KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlv\r\nbj4KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHA6Ly9sYWJkYS5pYWlrLnR1Z3Jhei5h\r\ndDo4MDgwL21vYS1pZC1hdXRoL3NsMjAvZGF0YVVybD9wZW5kaW5naWQ9Nzg0NTg4\r\nMDkxNDYxODg5MjM2MTwvc2FtbDI6QXVkaWVuY2U+CgkJPC9zYW1sMjpBdWRpZW5j\r\nZVJlc3RyaWN0aW9uPgoJPC9zYW1sMjpDb25kaXRpb25zPgoJPHNhbWwyOkF0dHJp\r\nYnV0ZVN0YXRlbWVudD4KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0i\r\nUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYx\r\nLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0\r\ncm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxu\r\nczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNl\r\nIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5k\r\nbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4x\r\nMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpT\r\nQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0\r\nZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hl\r\nbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlRlc3Q8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIu\r\nNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXR0cm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4\r\nbWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3Rh\r\nbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5FaWQ8L3NhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJp\r\nZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAu\r\nMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu\r\nMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5z\r\ndGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjIwMDAtMDEtMDE8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5h\r\nbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3Zp\r\nZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1M\r\nOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEt\r\naW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vbGFiZGEuaWFp\r\nay50dWdyYXouYXQ6NTU1My9kZW1vbG9naW4vTG9naW5TZXJ2bGV0RXhhbXBsZS5h\r\nY3Rpb248L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRl\r\nPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlk\r\nZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRy\r\naWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0i\r\ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmki\r\nPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3\r\nLnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0\r\ncmluZyI+RGVtbyBBcHBsaWNhdGlvbjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+CgkJ\r\nPC9zYW1sMjpBdHRyaWJ1dGU+CgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5h\r\nbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2Vp\r\nZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29k\r\nZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJu\r\nYW1lLWZvcm1hdDp1cmkiPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6\r\neHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIg\r\neHNpOnR5cGU9InhzOnN0cmluZyI+QVQ8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJ\r\nCTwvc2FtbDI6QXR0cmlidXRlPgoJCQoJCQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQ+Cjwvc2FtbDI6QXNzZXJ0aW9uPg==", + "EID-CCS-URL": "eid-ccs-url" +}
\ No newline at end of file diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java index 2a2b7bf80..b9d08a20f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -49,7 +49,7 @@ public class SSOTransferAuthModuleImpl implements AuthModule{ this.priority = priority; } - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 4ce77d861..044366eb6 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,21 +28,21 @@ import java.util.List; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * - */ -public class SSOTransferAuthenticationData implements IAuthData { + */ +public class SSOTransferAuthenticationData implements IMOAAuthData { private IAuthenticationSession authSession = null; boolean isIDPPrivateService = true; @@ -55,21 +55,38 @@ public class SSOTransferAuthenticationData implements IAuthData { } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssueInstant() + * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() */ @Override - public Date getIssueInstant() { + public boolean isBaseIDTransferRestrication() { + return this.isIDPPrivateService; + } + + + @Override + public Date getAuthenticationIssueInstant() { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssuer() - */ + @Override - public String getIssuer() { + public String getAuthenticationIssueInstantString() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getAuthenticationIssuer() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getCiticenCountryCode() { // TODO Auto-generated method stub return null; } @@ -328,15 +345,6 @@ public class SSOTransferAuthenticationData implements IAuthData { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getCcc() - */ - @Override - public String getCcc() { - // TODO Auto-generated method stub - return null; - } - - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#getEIDASQAALevel() */ @Override @@ -354,13 +362,17 @@ public class SSOTransferAuthenticationData implements IAuthData { return this.authSession.getGenericDataFromSession(key, clazz); } + @Override + public String getInterfederatedIDP() { + // TODO Auto-generated method stub + return null; + } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() - */ @Override - public boolean isBaseIDTransferRestrication() { - return this.isIDPPrivateService; + public boolean isInterfederatedSSOSession() { + // TODO Auto-generated method stub + return false; } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c2132c1f9..c9bccb708 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -35,11 +35,16 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** - * @author tlenz + * @author tlenz * */ public class SSOTransferOnlineApplication implements IOAAuthParameters { + /** + * + */ + private static final long serialVersionUID = 1L; + public SSOTransferOnlineApplication() { } @@ -391,35 +396,88 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction() + * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() */ @Override - public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction() - */ @Override - public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getUniqueIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier() - */ @Override - public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + public String getConfigurationValue(String arg0, String arg1) { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() - */ @Override - public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + public Boolean isConfigurationValue(String arg0) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isConfigurationValue(String arg0, boolean arg1) { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> foreignbPKSectorsRequested() { // TODO Auto-generated method stub return null; } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index af64e745e..dc2baab7d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -72,11 +72,18 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -84,20 +91,16 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import net.glxn.qrgen.QRCode; import net.glxn.qrgen.image.ImageType; @@ -138,7 +141,7 @@ public class SSOTransferServlet{ * @throws IOException */ @RequestMapping(value = { "/TestTransferSSOSession" - }, + }, method = {RequestMethod.GET}) public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { @@ -200,7 +203,7 @@ public class SSOTransferServlet{ InputStream idlstream = idlURL.openStream(); moaSession.setIdentityLink(new IdentityLinkAssertionParser(idlstream).parseIdentityLink()); internalTransferPersonalInformation(req, resp, container, moaSession, true); - + } else { Logger.info("Servlet " + getClass().getName() + " receive a token:" + token + ", which references an empty data object."); @@ -267,6 +270,14 @@ public class SSOTransferServlet{ Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } catch (ConfigurationException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } } else { @@ -367,6 +378,11 @@ public class SSOTransferServlet{ } catch (NoSuchPaddingException e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } @@ -405,10 +421,10 @@ public class SSOTransferServlet{ if (ssomanager.isValidSSOSession(ssoid, null)) { //create first step of SSO Transfer GUI - IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid); - if(authSession != null) { + String ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoid); + if(ssoSessionId != null) { internalCreateQRCodeForTransfer(resp, authURL, - authSession.getSessionID(), + ssoSessionId, SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); return; @@ -436,7 +452,7 @@ public class SSOTransferServlet{ } private void internalTransferPersonalInformation(HttpServletRequest req, HttpServletResponse resp, - SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException { + SSOTransferContainer container, IAuthenticationSession moaSession, boolean developmentMode) throws IOException, InvalidKeyException, NoSuchAlgorithmException, InvalidKeySpecException, OperatorCreationException, CredentialsNotAvailableException, PKCSException, CertificateException, SessionDataStorageException, IllegalBlockSizeException, BadPaddingException, NoSuchPaddingException, EAAFStorageException { Logger.debug(""); JsonObject receivedData = getJSONObjectFromPostMessage(req, developmentMode); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index e92925dfb..bf215373d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -32,9 +32,9 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; -import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index be27de9a1..921e3844b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -33,9 +33,12 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -43,9 +46,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -61,7 +61,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) @@ -86,13 +86,13 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { String nonce = Random.nextLongRandom(); GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, - pendingReq.getRequestID(), nonce, dhKeyIDP.getF()); + pendingReq.getPendingRequestId(), nonce, dhKeyIDP.getF()); //store DH params and nonce to pending-request SSOTransferContainer container = new SSOTransferContainer(); container.setDhParams(dhKeyIDP); - pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container); - pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce); + pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_DH, container); + pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_NONCE, nonce); //store pending-request requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 1a216f0df..90b74ebd7 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -43,20 +43,20 @@ import com.google.common.net.MediaType; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -72,7 +72,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired SSOContainerUtils ssoTransferUtils; @Autowired IGUIFormBuilder guiBuilder; - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -99,8 +99,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } - String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); - SSOTransferContainer container = pendingReq.getGenericData( + String nonce = pendingReq.getRawData(SSOTransferConstants.PENDINGREQ_NONCE, String.class); + SSOTransferContainer container = pendingReq.getRawData( SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class); if (container == null) { throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", @@ -186,8 +186,9 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); //transfer SSO Assertion into MOA-Session - ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, pendingReq.getMOASession(), attributeExtractor); - + AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -244,15 +245,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } else { //session is valid --> load MOASession object - try { - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); - } catch (MOAIDException | MOADatabaseException e1) { - Logger.error("Database Error! MOASession is not stored!"); - throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); - - } - DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); if (moaSessionCreated.plusMinutes(1).isBeforeNow()) { Logger.warn("No SSO session-container received. Stop authentication process after time-out."); @@ -274,7 +268,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } GUIUtils.buildSSOTransferGUI(guiBuilder, response, - authURL, pendingReq.getRequestID(), nonce, container.getDhParams().getF()); + authURL, pendingReq.getPendingRequestId(), nonce, container.getDhParams().getF()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index 9cfe12791..1a4a9b80b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -71,7 +71,7 @@ public class GUIUtils { try { String containerURL = authURL + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + requestID; + + "?" + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + requestID; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 568ffb330..cf7723c70 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,6 +97,20 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.idp.exception.SAMLRequestNotSignedException; +import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.PVP2AssertionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionAttributeExtractorExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; @@ -105,28 +119,17 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineA import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.assertion.PVP2AssertionBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.NoCredentialsException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.SAMLRequestNotSignedException; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -140,6 +143,9 @@ import iaik.x509.X509Certificate; @Service("SSOContainerUtils") public class SSOContainerUtils { + @Autowired(required=true) private IPVP2BasicConfiguration pvpConfiguration; + @Autowired(required=true) private PVP2AssertionBuilder assertionBuilder; + private static final String PVP_HOLDEROFKEY_NAME = PVPConstants.URN_OID_PREFIX + "1.2.40.0.10.2.1.1.261.xx.xx"; @@ -207,7 +213,7 @@ public class SSOContainerUtils { Logger.error("SignerCertificate is not parseable.", e); } - + String idlStr = attributeExtractor.getSingleAttributeValue(PVPConstants.EID_IDENTITY_LINK_NAME); try { if (MiscUtil.isNotEmpty(idlStr)) { @@ -271,7 +277,7 @@ public class SSOContainerUtils { } - public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException { + public Response validateReceivedSSOContainer(String signedEncryptedContainer) throws IOException, XMLParserException, UnmarshallingException, MOAIDException, SAMLRequestNotSignedException, NoCredentialsException, CredentialsNotAvailableException, AssertionValidationExeption { final BasicParserPool ppMgr = new BasicParserPool(); final HashMap<String, Boolean> features = new HashMap<String, Boolean>(); features.put(XMLConstants.FEATURE_SECURE_PROCESSING, Boolean.TRUE); @@ -295,7 +301,7 @@ public class SSOContainerUtils { } catch (ValidationException e) { Logger.error("Failed to validate Signature", e); throw new SAMLRequestNotSignedException(e); - } + } Credential credential = credentials.getIDPAssertionSigningCredential(); if (credential == null) { @@ -339,7 +345,7 @@ public class SSOContainerUtils { public String generateSignedAndEncryptedSSOContainer(String authURL, IAuthenticationSession authSession, Date date, byte[] hashedSecret) { try { - String entityID = PVPConfiguration.getInstance().getIDPSSOMetadataService(authURL); + String entityID = pvpConfiguration.getIDPEntityId(authURL); AuthnContextClassRef authnContextClassRef = SAML2Utils .createSAMLObject(AuthnContextClassRef.class); authnContextClassRef.setAuthnContextClassRef(authSession.getQAALevel()); @@ -366,9 +372,9 @@ public class SSOContainerUtils { String sessionIndex = SAML2Utils.getSecureIdentifier(); - IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); + IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); - Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( + Assertion assertion = assertionBuilder.buildGenericAssertion( entityID, entityID, new DateTime(date.getTime()), @@ -404,7 +410,7 @@ public class SSOContainerUtils { return container.toString(); - } catch (ConfigurationException | EncryptionException | CredentialsNotAvailableException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException e) { + } catch (EncryptionException | SecurityException | ParserConfigurationException | MarshallingException | SignatureException | TransformerFactoryConfigurationError | TransformerException | IOException | InvalidKeyException | IllegalBlockSizeException | BadPaddingException | NoSuchAlgorithmException | NoSuchPaddingException | EAAFException e) { Logger.warn("SSO container generation FAILED.", e); } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java index 8ca087e1d..a2441bc1f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/test/java/at/gv/egiz/tests/Tests.java @@ -39,7 +39,7 @@ import org.bouncycastle.jce.spec.ECNamedCurveParameterSpec; import org.bouncycastle.math.ec.ECPoint; import org.bouncycastle.util.BigIntegers; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egovernment.moa.util.Base64Utils; import iaik.security.random.SeedGenerator; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java index 49275c6eb..4068d2d99 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java @@ -22,9 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * @author tlenz @@ -39,7 +39,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule { public int getPriority() { // TODO Auto-generated method stub return 0; - } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java index c3d5e8032..a1b8631dc 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java @@ -22,7 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config; +import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.List; import org.opensaml.saml2.core.Attribute; @@ -32,12 +34,15 @@ import org.opensaml.saml2.metadata.Organization; import org.opensaml.saml2.metadata.RequestedAttribute; import org.opensaml.xml.security.credential.Credential; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Trible; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,11 +56,14 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo private String authURL; private FederatedAuthCredentialProvider credentialProvider; + private IPVP2BasicConfiguration pvpConfiguration; - public FederatedAuthMetadataConfiguration(String authURL, FederatedAuthCredentialProvider credentialProvider) { + public FederatedAuthMetadataConfiguration(String authURL, + FederatedAuthCredentialProvider credentialProvider, + IPVP2BasicConfiguration pvpConfiguration) { this.authURL = authURL; this.credentialProvider = credentialProvider; - + this.pvpConfiguration = pvpConfiguration; } @@ -118,9 +126,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo @Override public List<ContactPerson> getContactPersonInformation() { try { - return PVPConfiguration.getInstance().getIDPContacts(); + return pvpConfiguration.getIDPContacts(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Contect Person", e); return null; @@ -134,9 +142,9 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo @Override public Organization getOrgansiationInformation() { try { - return PVPConfiguration.getInstance().getIDPOrganisation(); + return pvpConfiguration.getIDPOrganisation(); - } catch (ConfigurationException e) { + } catch (EAAFException e) { Logger.warn("Can not load Metadata entry: Organisation", e); return null; @@ -263,7 +271,39 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo */ @Override public List<RequestedAttribute> getSPRequiredAttributes() { - return null; + /*TODO: + * Work for bug in AttributeQuery Client that includes a wrong EntityID for SP + */ + final List<Trible<String, String, Boolean>> REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList<Trible<String, String, Boolean>>() { + private static final long serialVersionUID = 1L; + { + //add PVP Version attribute + add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, true)); + + //request entity information + add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_CCS_URL_NAME, PVPConstants.EID_CCS_URL_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_IDENTITY_LINK_NAME, PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_SOURCE_PIN_NAME, PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, PVPConstants.EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_AUTH_BLOCK_NAME, PVPConstants.EID_AUTH_BLOCK_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_SIGNER_CERTIFICATE_NAME, PVPConstants.EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_FULL_MANDATE_NAME, PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME, false)); + + + + } + }); + + List<RequestedAttribute> requestedAttributes = new ArrayList<RequestedAttribute>(); + for (Trible<String, String, Boolean> el : REQUIRED_PVP_ATTRIBUTES) + requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); + + return requestedAttributes; } /* (non-Javadoc) diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java index 000590923..50da5187b 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java @@ -22,14 +22,17 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config; +import java.util.List; + import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration; import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.metadata.EntityDescriptor; import org.opensaml.xml.security.credential.Credential; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation; /** * @author tlenz @@ -207,5 +210,21 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque return null; } + @Override + public List<EAAFRequestedAttribute> getRequestedAttributes() { + return null; + + } + + @Override + public String getProviderName() { + return null; + } + + @Override + public String getScopeRequesterId() { + return null; + } + } diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java index e86d31708..6a733adb8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java @@ -34,14 +34,15 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; /** @@ -54,6 +55,7 @@ public class FederatedAuthMetadataController extends AbstractController { @Autowired PVPMetadataBuilder metadatabuilder; @Autowired AuthConfiguration authConfig; @Autowired FederatedAuthCredentialProvider credentialProvider; + @Autowired IPVP2BasicConfiguration pvpConfiguration; public FederatedAuthMetadataController() { super(); @@ -76,7 +78,7 @@ public class FederatedAuthMetadataController extends AbstractController { } else { //initialize metadata builder configuration IPVPMetadataBuilderConfiguration metadataConfig = - new FederatedAuthMetadataConfiguration(authURL, credentialProvider); + new FederatedAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration); //build metadata String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java index 431ed5ef1..5edd36248 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java @@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index f5896bc25..d0d97e9e8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -35,21 +35,21 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -59,10 +59,11 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Component("CreateFederatedAuthnRequestTask") public class CreateAuthnRequestTask extends AbstractAuthServletTask { - + @Autowired PVPAuthnRequestBuilder authnReqBuilder; @Autowired FederatedAuthCredentialProvider credential; @Autowired(required=true) MOAMetadataProvider metadataProvider; + @Autowired(required=true) ILoALevelMapper loaMapper; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) @@ -72,7 +73,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ // get IDP entityID - String idpEntityID = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + String idpEntityID = pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isEmpty(idpEntityID)) { Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!"); @@ -81,7 +82,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } //load IDP configuration from MOA-ID Configuration - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID); + IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class); //validate IDP if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation."); @@ -117,7 +118,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { //build and transmit AuthnRequest authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response); - } catch (MOAIDException | MetadataProviderException e) { + } catch (MetadataProviderException e) { throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest for SSO inderfederation FAILED.", e); } catch (MessageEncodingException | NoSuchAlgorithmException | SecurityException e) { @@ -156,7 +157,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } private String evaluateRequiredQAALevel() { - IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters sp = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if STORK protocol module is in ClassPath Object storkRequst = null; @@ -182,7 +183,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { pendingReq.getClass().isInstance(storkRequst)) { try { - secClass = PVPtoSTORKMapper.getInstance().mapToSecClass( + secClass = loaMapper.mapToSecClass( PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass)); } catch (Exception e) { diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index 8f5a231ee..6b6d1a196 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -23,7 +23,9 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks; import java.io.IOException; +import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.List; import java.util.Set; @@ -40,41 +42,40 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; -import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; -import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -87,7 +88,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Autowired private SAMLVerificationEngineSP samlVerificationEngine; - @Autowired private FederatedAuthCredentialProvider credentialProvider; + @Autowired private FederatedAuthCredentialProvider credentialProvider; @Autowired private SSOManager ssoManager; @Autowired private AttributQueryBuilder attributQueryBuilder; @Autowired private AuthenticationDataBuilder authDataBuilder; @@ -105,17 +106,17 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { try { - IDecoder decoder = null; - MOAURICompare comperator = null; + IDecoder decoder = null; + EAAFURICompare comperator = null; //select Response Binding if (request.getMethod().equalsIgnoreCase("POST")) { decoder = new PostBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_POST); Logger.trace("Receive PVP Response from federated IDP, by using POST-Binding."); } else if (request.getMethod().equalsIgnoreCase("GET")) { decoder = new RedirectBinding(); - comperator = new MOAURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT); + comperator = new EAAFURICompare(pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_REDIRECT); Logger.trace("Receive PVP Response from federated IDP, by using Redirect-Binding."); } else { @@ -131,7 +132,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { comperator); if (MiscUtil.isEmpty(msg.getEntityID())) { - throw new InvalidProtocolRequestException("sp.pvp2.04", new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); + throw new InvalidProtocolRequestException("sp.pvp2.04", + new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); } @@ -145,11 +147,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE); //validate assertion - MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); + PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg); //load IDP and SP configuration - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); - IOAAuthParameters spConfig = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if response Entity is valid if (!idpConfig.isInderfederationIDP()) { @@ -159,10 +161,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { msg.getEntityID()}); } - - //load MOASession from database - defaultTaskInitialization(request, executionContext); - + //initialize Attribute extractor AssertionAttributeExtractor extractor = new AssertionAttributeExtractor((Response) processedMsg.getResponse()); @@ -170,12 +169,12 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //check if SP is also a federated IDP if (spConfig.isInderfederationIDP()) { //SP is a federated IDP --> answer only with nameID and wait for attribute-Query - pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true); - pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID()); - pendingReq.setGenericDataToSession( - PVPTargetConfiguration.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); + pendingReq.setRawDataToTransaction( + MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true); + pendingReq.setRawDataToTransaction( + MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID()); + pendingReq.setRawDataToTransaction( + MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel()); authenticatedSessionStorage. addFederatedSessionInformation(pendingReq, @@ -185,7 +184,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //SP is real Service-Provider --> check attributes in response // and start Attribute-Query if required - getAuthDataFromInterfederation(extractor, pendingReq.getOnlineApplicationConfiguration(), + getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), idpConfig); //store federatedIDP to MOASession @@ -197,8 +196,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //store valid assertion into pending-request - pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); - pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); + pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); + pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); //store pending-request requestStoreage.storePendingRequest(pendingReq); @@ -223,13 +222,21 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); if (msg != null) { - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); - - //remove federated IDP from SSO session if exists - ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + IOAAuthParameters idpConfig = null; + try { + idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + //remove federated IDP from SSO session if exists + ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + + //select next step + handleAuthnResponseValidationProblem(executionContext, idpConfig, e); + + } catch (EAAFConfigurationException e1) { + Logger.error("Can not handle error during an internal problem. ", e1); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); + + } - //select next step - handleAuthnResponseValidationProblem(executionContext, idpConfig, e); } else throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); @@ -244,29 +251,46 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig, IOAAuthParameters idpConfig) throws BuildException, ConfigurationException{ + /*TODO: + * only workaround for oe.gv.at project + */ + final List<String> minimalIDLAttributeNamesList = Arrays.asList( + PVPConstants.EID_IDENTITY_LINK_NAME, + PVPConstants.EID_SOURCE_PIN_NAME, + PVPConstants.EID_SOURCE_PIN_TYPE_NAME); + try { Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... "); - Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider); + + //TODO!!!!! + //Collection<String> requestedAttr = pendingReq.getRequestedAttributes(metadataProvider); + Collection<String> requestedAttr = Collections.emptyList(); //check if SAML2 Assertion contains a minimal set of attributes - if (!extractor.containsAllRequiredAttributes()) { + + //TODO: switch back to correct attribute query + if (!extractor.containsAllRequiredAttributes() + && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList) ) { Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ..."); //build attributQuery request List<Attribute> attributs = attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator()); - //request IDP to get additional attributes - extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), idpConfig); +// //request IDP to get additional attributes +// extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), +// idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA); } else { Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. "); } + //TODO: switch back to correct attribute query //check if all attributes are include - if (!extractor.containsAllRequiredAttributes( - pendingReq.getRequestedAttributes(metadataProvider))) { + //if (!extractor.containsAllRequiredAttributes(requestedAttr)) { + if (!extractor.containsAllRequiredAttributes() + && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) { Logger.warn("PVP Response from federated IDP contains not all requested attributes."); throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); @@ -274,30 +298,37 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //copy attributes into MOASession Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames(); + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); for (String el : includedAttrNames) { - moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + String value = extractor.getSingleAttributeValue(el); + + //TODO: check in future version + //update PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME to prefixed version + if (el.equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) { + Logger.trace("Find PVP-attribute " + el + ". Start mapping if neccessary ... "); + if (!value.startsWith(PVPConstants.STORK_QAA_PREFIX)) { + value = PVPConstants.STORK_QAA_PREFIX + value; + Logger.debug("Prefix '" + el + "' with: "+ PVPConstants.STORK_QAA_PREFIX); + } + } + + session.setGenericDataToSession(el, value); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } //set validTo from this federated IDP response - moasession.setGenericDataToSession( + session.setGenericDataToSession( AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, extractor.getAssertionNotOnOrAfter()); - } catch (AttributQueryException e) { - throw new BuildException("builder.06", null, e); - - } catch (SessionDataStorageException e) { - throw new BuildException("builder.06", null, e); - } catch (AssertionValidationExeption e) { throw new BuildException("builder.06", null, e); - } catch (AssertionAttributeExtractorExeption e) { + } catch (MOAIDException e) { throw new BuildException("builder.06", null, e); - } catch (MOAIDException e) { + } catch (EAAFStorageException e) { throw new BuildException("builder.06", null, e); } @@ -338,7 +369,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { * @throws AssertionValidationExeption * @throws AuthnResponseValidationException */ - private MOAResponse preProcessAuthResponse(MOAResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { + private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException { Logger.debug("Start PVP21 assertion processing... "); Response samlResp = (Response) msg.getResponse(); diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java index aac253083..38568cdd8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java @@ -25,10 +25,11 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.utils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; -import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** * @author tlenz @@ -43,9 +44,9 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), authConfig.getRootConfigFileDir()); } @@ -54,7 +55,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + return authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); } @@ -63,7 +64,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getMetadataKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); } @@ -72,7 +73,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getMetadataKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); } @@ -81,7 +82,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getSignatureKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); } @@ -90,7 +91,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getSignatureKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); } @@ -99,7 +100,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); } @@ -108,7 +109,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 0463bf8d9..8b232cf29 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -6,7 +6,6 @@ <version>${moa-id-version}</version> </parent> - <groupId>MOA.id.server.modules</groupId> <artifactId>moa-id-module-saml1</artifactId> <packaging>jar</packaging> diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index f6c8cb6e3..7ab222fa0 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -32,7 +32,6 @@ import java.util.List; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -41,7 +40,7 @@ import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the authentication data <code><saml:Assertion></code> - * to be provided by the MOA ID Auth component. + * to be provided by the MOA ID Auth component. * * @author Paul Ivancsics * @version $Id$ @@ -277,8 +276,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -302,8 +301,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, @@ -400,8 +399,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -426,8 +425,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 99d5d9063..21dbb573a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -28,15 +28,15 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; +import at.gv.egiz.eaaf.core.impl.data.SLOInformationImpl; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -49,9 +49,9 @@ public class GetArtifactAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException { - String oaURL = (String) req.getOAURL(); + String oaURL = (String) req.getSPEntityId(); - String sourceID = null; + String sourceID = null; if (req instanceof SAML1RequestImpl) { SAML1RequestImpl saml1req = (SAML1RequestImpl) req; sourceID = saml1req.getSourceID(); @@ -68,7 +68,7 @@ public class GetArtifactAction implements IAction { } try { - IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = req.getServiceProviderConfiguration(IOAAuthParameters.class); //TODO: add eIDAS to SAML1 protocol if it is really necessary @@ -85,14 +85,14 @@ public class GetArtifactAction implements IAction { String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID); - String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class); + String oaTargetArea = req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class); if (authData.isSsoSession()) { String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT; url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8")); if (MiscUtil.isNotEmpty(oaTargetArea)) url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); + URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = httpResp.encodeRedirectURL(url); @@ -104,7 +104,7 @@ public class GetArtifactAction implements IAction { String redirectURL = oaURL; if (MiscUtil.isNotEmpty(oaTargetArea)) { redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET, - URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); + URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8")); } @@ -121,7 +121,7 @@ public class GetArtifactAction implements IAction { new SLOInformationImpl(req.getAuthURL(), oaParam.getPublicURLPrefix(), authData.getAssertionID(), null, null, req.requestedModule()); return sloInformation; - + } catch (Exception ex) { Logger.error("SAML1 Assertion build error", ex); throw new AuthenticationException("SAML1 Assertion build error.", new Object[]{}, ex); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 13df30862..dcb7cb7ee 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -72,20 +72,19 @@ import org.xml.sax.SAXException; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.gui.velocity.VelocityProvider; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; +import at.gv.egiz.eaaf.core.impl.utils.XPathUtils; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; -import at.gv.egovernment.moa.util.XPathUtils; /** * Web service for picking up authentication data created in the MOA-ID Auth component. @@ -98,7 +97,7 @@ import at.gv.egovernment.moa.util.XPathUtils; * since SAML1 is deprecated MOA-ID >= 2.0.0 * * @author tlenz - */ + */ @Controller public class GetAuthenticationDataService extends AbstractController implements Constants { @@ -257,7 +256,7 @@ public class GetAuthenticationDataService extends AbstractController implements // no SAML artifact given in request statusCode = "samlp:Requester"; statusMessageCode = "1202"; - + } else if (samlArtifactList.getLength() > 1) { // too many SAML artifacts given in request statusCode = "samlp:Requester"; @@ -280,9 +279,7 @@ public class GetAuthenticationDataService extends AbstractController implements try { Throwable error = saml1AuthServer.getErrorResponse(samlArtifact); statusCode = "samlp:Responder"; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (error instanceof MOAIDException) { statusMessageCode = ((MOAIDException)error).getMessageId(); statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); @@ -291,8 +288,9 @@ public class GetAuthenticationDataService extends AbstractController implements statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); } - subStatusCode = errorUtils.getResponseErrorCode(error); - + subStatusCode = statusMessager.getResponseErrorCode(error); + + } catch (Exception e) { //no authentication data for given SAML artifact statusCode = "samlp:Requester"; @@ -340,7 +338,7 @@ public class GetAuthenticationDataService extends AbstractController implements is = Thread.currentThread() .getContextClassLoader() .getResourceAsStream(templateURL); - + VelocityEngine engine = VelocityProvider.getClassPathVelocityEngine(); BufferedReader reader = new BufferedReader(new InputStreamReader(is )); StringWriter writer = new StringWriter(); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java index 2a7cce89e..51d722dc4 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java @@ -49,9 +49,10 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.text.ParseException; import java.util.List; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; +import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -62,7 +63,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils; * @version $Id$ */ -public class SAML1AuthenticationData extends AuthenticationData { +public class SAML1AuthenticationData extends MOAAuthenticationData { /** * */ @@ -88,7 +89,8 @@ public class SAML1AuthenticationData extends AuthenticationData { private List<ExtendedSAMLAttribute> extendedSAMLAttributesOA; - public SAML1AuthenticationData() { + public SAML1AuthenticationData(LoALevelMapper loaMapper) { + super(loaMapper); this.setMajorVersion(1); this.setMinorVersion(0); this.setAssertionID(Random.nextRandom()); @@ -137,7 +139,7 @@ public void setAssertionID(String assertionID) { public void setIssueInstant(String date) { try { - setIssueInstant(DateTimeUtils.parseDateTime(date)); + setAuthenticationIssueInstant(DateTimeUtils.parseDateTime(date)); } catch (ParseException e) { Logger.error("Parse IssueInstant element FAILED.", e); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index bf4a55e46..c8f01f67d 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.util.ArrayList; import java.util.List; import java.util.regex.Matcher; import java.util.regex.Pattern; @@ -43,11 +44,21 @@ import org.xml.sax.SAXException; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DOMUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; -import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; @@ -57,21 +68,14 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; import at.gv.util.xsd.persondata.IdentificationType; @@ -86,7 +90,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { @Autowired private ITransactionStorage authenticationDataStore; - /** + /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ @@ -103,8 +107,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } Throwable error = null; try { - error = authenticationDataStore - .get(samlArtifact, Throwable.class); + error = authenticationDataStore.get(samlArtifact, Throwable.class); if (error == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); @@ -114,7 +117,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authenticationDataStore.remove(samlArtifact); - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -189,7 +192,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -201,10 +204,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) - throws BuildException, MOADatabaseException { + throws EAAFException { String samlArtifact = new SAMLArtifactBuilder().build( - protocolRequest.getOAURL(), protocolRequest.getRequestID(), + protocolRequest.getSPEntityId(), protocolRequest.getPendingRequestId(), null); authenticationDataStore.put(samlArtifact, error, authDataTimeOut); @@ -319,12 +322,26 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - String samlAssertion; - //add mandate info's - if (authData.isUseMandate()) { - List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); + List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA(); + + //add additional SAML1 attribute that containts the CountryCode in case of foreigners + if (authData.isForeigner()) { + if (oaAttributes == null) + oaAttributes = new ArrayList<ExtendedSAMLAttribute>(); + + Logger.trace("Entity is marked as foreigner. Adding CountryCode: " + + authData.getCiticenCountryCode() + " as attribute into SAML1 assertion ... "); + oaAttributes.add(new ExtendedSAMLAttributeImpl( + PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, authData.getCiticenCountryCode(), + Constants.MOA_NS_URI, + ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK)); + } + + String samlAssertion = null; + //add mandate info's + if (authData.isUseMandate()) { //only provide full mandate if it is included. if (saml1parameter.isProvideFullMandatorData() && authData.getMISMandate() != null) { @@ -420,7 +437,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authData.getBkuURL(), signerCertificateBase64, oaParam.hasBaseIdTransferRestriction(), - authData.getExtendedSAMLAttributesOA(), + oaAttributes, useCondition, conditionLength); } @@ -428,7 +445,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { //authData.setSamlAssertion(samlAssertion); String samlArtifact = new SAMLArtifactBuilder().build( - authData.getIssuer(), Random.nextRandom(), + authData.getAuthenticationIssuer(), Random.nextRandom(), sourceID); storeAuthenticationData(samlArtifact, samlAssertion); @@ -443,10 +460,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData + private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, - ValidateException { + ValidateException, EAAFBuilderException { if (authData == null) throw new AuthenticationException("auth.10", new Object[] { @@ -491,7 +508,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { && Constants.URN_PREFIX_BASEID .equals(identificationType)) { // now we calculate the wbPK and do so if we got it from the - // BKU + // BKU //load IdentityLinkDomainType from OAParam Pair<String, String> targedId = new BPKBuilder().generateAreaSpecificPersonIdentifier( @@ -548,7 +565,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } else { ; - } + } return DOMUtils.serializeNode(prPerson); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 19fadb318..30d740a2a 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -35,18 +35,20 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -59,10 +61,10 @@ import at.gv.egovernment.moa.util.URLEncoder; * @deprecated * @author tlenz * - */ + */ @Controller -public class SAML1Protocol extends AbstractAuthProtocolModulController { +public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { @Autowired private SAML1AuthenticationServer saml1AuthServer; @@ -92,21 +94,22 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { return NAME; } - public String getPath() { + @Override + public String getAuthProtocolIdentifier() { return PATH; + } - @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) - public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { - Logger.info("SAML1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); - - } + public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { +// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { +// Logger.info("SAML1 is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); +// +// } SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -127,15 +130,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { public void preProcess(HttpServletRequest request, - HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { + HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException, InvalidProtocolRequestException, EAAFConfigurationException, EAAFStorageException { try { - String oaURL = (String) request.getParameter(PARAM_OA); + String oaURL = (String) request.getParameter(MOAIDAuthConstants.PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); - String target = (String) request.getParameter(PARAM_TARGET); + String target = (String) request.getParameter(MOAIDAuthConstants.PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); - String sourceID = request.getParameter(PARAM_SOURCEID); + String sourceID = request.getParameter(MOAIDAuthConstants.PARAM_SOURCEID); sourceID = StringEscapeUtils.escapeHtml(sourceID); //the target parameter is used to define the OA in SAML1 standard @@ -146,25 +149,25 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { if (MiscUtil.isEmpty(oaURL)) { Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); } if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); - pendingRequest.setOAURL(oaURL); + pendingRequest.setSPEntityId(oaURL); Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_SOURCEID, "auth.12"); //load Target only from OA config - IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = authConfig.getServiceProviderConfiguration(oaURL, IOAAuthParameters.class); if (oaParam == null) throw new InvalidProtocolRequestException("auth.00", @@ -190,7 +193,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST); if (MiscUtil.isNotEmpty(target)) { - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target); + pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, target); pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target); } else { @@ -198,7 +201,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { pendingRequest.setTarget(targetArea); if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID)) - pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, + pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length())); @@ -225,15 +228,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController { HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors()) + if (!protocolRequest.getServiceProviderConfiguration(IOAAuthParameters.class).getSAML1Parameter().isProvideAllErrors()) return false; else { String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest); String url = protocolRequest.getAuthURL() + "/RedirectServlet"; - url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); - url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getSPEntityId(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); response.setContentType("text/html"); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 1d3525626..4d3e60dd7 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -22,18 +22,11 @@ */ package at.gv.egovernment.moa.id.protocols.saml1; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; /** * @author tlenz @@ -45,7 +38,7 @@ public class SAML1RequestImpl extends RequestImpl { private static final long serialVersionUID = -4961979968425683115L; - private String sourceID = null; + private String sourceID = null; private String target = null; /** @@ -78,29 +71,29 @@ public class SAML1RequestImpl extends RequestImpl { this.target = target; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { - - List<String> reqAttr = new ArrayList<String>(); - reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); - - SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); - if (saml1 != null) { - if (saml1.isProvideAUTHBlock()) - reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); - - if (saml1.isProvideCertificate()) - reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); - - if (saml1.isProvideFullMandatorData()) - reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); - } - - return reqAttr; - - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection<String> getRequestedAttributes(MetadataProvider metadataProvider) { +// +// List<String> reqAttr = new ArrayList<String>(); +// reqAttr.addAll(SAML1Protocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION); +// +// SAML1ConfigurationParameters saml1 = this.getOnlineApplicationConfiguration().getSAML1Parameter(); +// if (saml1 != null) { +// if (saml1.isProvideAUTHBlock()) +// reqAttr.add(PVPConstants.EID_AUTH_BLOCK_NAME); +// +// if (saml1.isProvideCertificate()) +// reqAttr.add(PVPConstants.EID_SIGNER_CERTIFICATE_NAME); +// +// if (saml1.isProvideFullMandatorData()) +// reqAttr.add(PVPConstants.MANDATE_FULL_MANDATE_NAME); +// } +// +// return reqAttr; +// +// } } diff --git a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java index 961c8d0b5..4591e456f 100644 --- a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java +++ b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java @@ -46,9 +46,9 @@ package test.at.gv.egovernment.moa.id.auth.parser; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; -import at.gv.egovernment.moa.id.util.Random; import test.at.gv.egovernment.moa.id.UnitTestCase; /* @@ -63,7 +63,7 @@ public class SAMLArtifactParserTest extends UnitTestCase { public SAMLArtifactParserTest(String name) { super(name); } - + public void testParseTypeCode() throws Exception { String sessionID = Random.nextRandom(); String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null); diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java index b21c5e93f..3676ca7d7 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.monitoring; import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -94,8 +94,8 @@ public class DatabaseTestModule implements TestModuleInterface{ private String testMOAAdvancedLoggingDatabase() { try { - statLogUtils.testConnection(); - + statLogUtils.internalTesting(); + Logger.trace("Finish Test: AdvancedLoggingDataBase"); return null; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index a56be1f46..1aae0f8d0 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -28,15 +28,15 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.config.auth.data.DynamicOAAuthParameters; @@ -46,17 +46,25 @@ import at.gv.egovernment.moa.util.MiscUtil; public class IdentityLinkTestModule implements TestModuleInterface { private static IIdentityLink identityLink = null; + private AuthConfiguration authConfig; - public void initializeTest(long delayParam, String url) throws Exception{ + @Override + public void initializeTest(long delayParam, String url) throws Exception { + Logger.error("NOT implemented yet!!!"); - if (MiscUtil.isNotEmpty(url)) { + } + + public void initializeTest(long delayParam, String url, AuthConfiguration authConfig) throws Exception{ + + if (MiscUtil.isNotEmpty(url)) { URL keystoreURL = new URL(url); InputStream idlstream = keystoreURL.openStream(); identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); + this.authConfig = authConfig; } - } + } public List<String> performTests() throws Exception{ Logger.trace("Start MOA-ID IdentityLink Test"); @@ -68,7 +76,7 @@ public class IdentityLinkTestModule implements TestModuleInterface { Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, config .getMoaSpIdentityLinkTrustProfileID(false)); - + // invokes the call Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() .verifyXMLSignature(domVerifyXMLSignatureRequest); @@ -85,7 +93,8 @@ public class IdentityLinkTestModule implements TestModuleInterface { verifyXMLSignatureResponse, config.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - oaParam); + oaParam, + authConfig); } catch (ValidateException e) { //check if default Monitoring IDL is used then error is ignored diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java index 9f0083fb8..55b360ce2 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -29,12 +29,12 @@ import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.FileUtils; public class TestManager{ @@ -101,7 +101,7 @@ public class TestManager{ IdentityLinkTestModule test2 = new IdentityLinkTestModule(); String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir()); try { - test2.initializeTest(0, idlurl); + test2.initializeTest(0, idlurl, authConfig); tests.put(test2.getName(), test2);; } catch (Exception e) { diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 000851a5f..06c9a341a 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -1,5 +1,5 @@ -<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" - xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> +<?xml version="1.0" encoding="UTF-8"?> +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <parent> @@ -27,13 +27,17 @@ <module>moa-id-modules-saml1</module> <module>moa-id-module-openID</module> - <module>moa-id-module-eIDAS</module> + <module>moa-id-module-eIDAS</module> + <!-- <module>moa-id-module-eIDAS-v2</module> --> <module>moa-id-modules-federated_authentication</module> <module>moa-id-module-elga_mandate_service</module> <module>moa-id-module-ssoTransfer</module> <module>moa-id-module-bkaMobilaAuthSAML2Test</module> - </modules> + + <module>moa-id-module-sl20_authentication</module> + <module>moa-id-module-AT_eIDAS_connector</module> + </modules> <dependencies> <dependency> @@ -61,4 +65,4 @@ </dependency> </dependencies> -</project> +</project>
\ No newline at end of file |