aboutsummaryrefslogtreecommitdiff
path: root/id
diff options
context:
space:
mode:
Diffstat (limited to 'id')
-rw-r--r--id/ConfigWebTool/pom.xml6
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java3
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java23
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticationManager.java15
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/IActiveUserStorage.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/MemoryActiveUserStorageImpl.java19
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java18
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java5
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java33
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java370
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java8
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java1
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java8
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java4
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java133
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java18
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java20
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java2
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java79
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java7
-rw-r--r--id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java15
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_de.properties23
-rw-r--r--id/ConfigWebTool/src/main/resources/applicationResources_en.properties26
-rw-r--r--id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml4
-rw-r--r--id/ConfigWebTool/src/main/webapp/js/common.js3
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp8
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp4
-rw-r--r--id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/bPKDecryption.jsp75
-rw-r--r--id/assembly-auth.xml8
-rw-r--r--id/history.txt49
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java26
-rw-r--r--id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java4
-rw-r--r--id/readme_2.1.0.txt188
-rw-r--r--id/readme_2.1.1.txt256
-rw-r--r--id/server/auth/pom.xml2
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml4
-rw-r--r--id/server/auth/src/main/webapp/WEB-INF/web.xml13
-rw-r--r--id/server/auth/src/main/webapp/index.html2
-rw-r--r--id/server/auth/src/main/webapp/template_localBKU.html2
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties2
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE.xml (renamed from id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml)0
-rw-r--r--id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_EN.xml (renamed from id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml)0
-rw-r--r--id/server/data/deploy/conf/moa-id-oa/keys/Metadata_Signing.cer (renamed from id/server/doc/conf/moa-id-configuration/keys/metadata.crt)0
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 (renamed from id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201)bin1385 -> 1385 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/032F2123890A879585CE96674CA4C37B55986729/E1201A308CC10323C27D9084B048996E44B8F710bin0 -> 806 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/04462EF01783744F9F4CDE3705FD86D488697C9F/D44EED7580C7792242D73E267A89C7DB25E4BD08bin0 -> 1314 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/083E1A0528C48475951A6610360D813E2713DCC7/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7bin0 -> 864 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0889EBEC55D9E34E782E6D3C250840EB932EEA2F/9CD9ADF04626E7E8C9A1C8DACE3B0B8A2979C726bin0 -> 1383 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 (renamed from id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9)bin991 -> 991 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/0F843FB1E0C626540BE638B79A2987E2611CE630bin0 -> 1018 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/69F21C82DC9A7A940ACEC414593E59C9E61E522Fbin0 -> 990 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35bin0 -> 1087 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/341F53B3B17518213B1856BFAB3CEFBE948AFC0Dbin0 -> 1070 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/3A24040C01D5C9A4980575BFF99A25E534A056CBbin0 -> 1070 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/0FE419AB943E7E5C6A7190CC6BBE8E3F914C658A/FB356CEF4406D1F135E3FC59026B338D3F518F9Abin0 -> 886 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 (renamed from id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330)bin995 -> 995 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D/E7340D1FB627D8917A9C0D23F21515C441BF1214bin0 -> 1292 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/125E4AC6B38C1E0BF34BF7D927CBB947E35141E8/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7Dbin0 -> 820 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/15A052B0DC4E0333656264E2FEEBE45B1BE449BF/386C1663C6390BC288DC171522439210AF361958bin0 -> 1000 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/1607988A938D3D339F40AFB567384BC5B7540935/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2bin0 -> 1151 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/1A283D1183DB82A548427B4F19E99E7A8EA728D7/49969819654C230ECDF779ABB9629A211FCC43D6bin0 -> 1353 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/1BF3C1D2767F5C333AD5531531FEE3A712935B73/D0AF386E182F00983637F97C0A5F4708F9F641A7bin0 -> 1157 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/20DD04B052D2D364E5FF851A3FD314F0FD91253E/6814C7316CEA7191C9CB3BE58199B4A957210D9Cbin0 -> 704 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/5F06F65C714047E3B282AEC427C35AB703E49D8Ebin0 -> 1169 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/D45360060761812D33DE294EAC1573F6DE12A208bin0 -> 1169 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/22973CFC20EA68162A0B2E837D45FB8266ACDBCF/C529469053D9F95810A8F7F2DB9A6596A7655732bin0 -> 913 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 (renamed from id/server/doc/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2)bin979 -> 979 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941bin0 -> 991 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5bin0 -> 919 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0bin0 -> 1018 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/DFAE695342AC81A521025904406884399822B233bin0 -> 987 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/2962CDAADFA0BF8EE53B80870C53E551A43EA72A/12B06E039F1A36D8238AFC508009E1ADF88BF66Fbin0 -> 1253 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/2C976220B378E08DF5E68CBC54C05CE41224FD29/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38bin0 -> 704 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/2F5DA022AAFF668F34C35A80049D690F3CFE3040/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8Dbin0 -> 914 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03 (renamed from id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03)bin1205 -> 1205 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317 (renamed from id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317)bin1262 -> 1262 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27 (renamed from id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27)bin1171 -> 1171 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/337F895A0435AA7E2629C5282B5A0DBBE19EE1C7/75F792DE2CF544007F470F1B924961C2BD2EF517bin0 -> 802 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/349CA7B279F4EF3C085B1E8D08AA5DE3EC586188/08BBE8E906397158FA4BF4058BBBDB5EA11BAE82bin0 -> 979 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1Ebin0 -> 1170 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3A095C38EB5D5824FE61BE43F9CDF6515DC94805/65698A39E03FF00FD552D4AD99FB290C2B9D4BEAbin0 -> 1018 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/04CF0318BA0B54DD76E1DE143445210BDD32E299bin0 -> 865 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8Fbin0 -> 861 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AEbin0 -> 865 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733bin0 -> 864 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6bin0 -> 860 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3B76D7A5CE7EC6022D7990CFEA534C908717DF54/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9Ebin0 -> 1298 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3C025917C3C938FEB856E5440D28E4A568C311DC/A2F138CD16AD04BC3F145E3780BFA169BFDA263Bbin0 -> 1505 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3C627C9D89A5BFB5E4E385982DF33B7E7F6E8D2D/C5AC86EC5B771BEBDF8B6E040F109A1186E229B9bin0 -> 1234 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/3C7CE93947421CB66603DC7DBAB0F04C4788382F/23E594945195F2414803B4D564D2A3A3F5D88B8Cbin0 -> 791 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6Abin0 -> 1256 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/4224231A54F64581FBA2AB6ED82ADE467F144BDC/65EF37033859C2F709A64086D3A5BD1B8F1A85A4bin0 -> 1045 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3bin0 -> 1279 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/B630DB0DB940BCE72B2E09868B4CA0A92BBC1D15bin0 -> 1273 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/45E2F3F807C6EAB9EDC1B3250F7558CA12A063DE/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26bin0 -> 914 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E (renamed from id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E)bin1747 -> 1747 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/487F4DEE9E63DADEB4CAAB07E0E166ACC9F584B6/9891BBEA9FDA665EEEC31C403A00A5CA5628D0FAbin0 -> 1391 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/4C7CAA9FE9C08078541DA31B76FF0951E73480FF/C23FC1895966021249B35412C0C8C56D107732DEbin0 -> 1563 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/52B42552A440A54C21A39D46D7F176AF28BEB5AA/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4bin0 -> 1130 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5bin0 -> 1264 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/550E9627E9094A2D1BB6385821334D02122BCF26/B7BCA7BC3C41FD0DC835175486FAB3FB4626EC0Fbin0 -> 1188 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/620127A8E5886A4805403977C3EF7D5EAF881526bin0 -> 870 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830bin0 -> 1141 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/5650A465FD3B5EF83639E11F324A2A0EA98AF935/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 (renamed from id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystore)bin1078 -> 984 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/58090A698038FEDAD56B4B976F23C29950D1D5A5/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25Bbin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/59484253C7D4C5BEAB7D2BABFAC13DDD1CA53FCC/341EA32E448659125A67DD04177FD17468FCFCB1bin0 -> 1366 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20bin0 -> 1313 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03Dbin0 -> 1352 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/60EF765436B4F314F2285BE2D89A511073AC0D58/334710B9169BCD20687A6302EEB16AEB97F288CDbin0 -> 825 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/6144BFC0CBE85C63DEFB6F208D80385B89F68046/D031945D982820B92FADBC7F71F6D1D9DFFDA2C9bin0 -> 1213 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C (renamed from id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C)bin1272 -> 1272 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A (renamed from id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A)bin901 -> 901 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B (renamed from id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B)bin901 -> 901 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/6F86F897C45679B45F03C67D44B6447EFF43B758/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0bin0 -> 1546 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/728C819D737EE42627F96F839C33BB6E68E85F68/00845B74CA13FE0A9056E6C0B5126FECF73B0D8Cbin0 -> 740 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/474BC41135FB88BF58B5A8D976A1D5583378D85Ebin0 -> 1133 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01bin0 -> 1171 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/76011AE57123CC4E476C094C48C461DC37A0DEDD/FDC348410699803DE7D8276813BC2232EA99A878bin0 -> 835 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/7A9DC855647136050A8D75D6571AC64739F36C6C/BF648929E7DAABD8D97B3202F48D6C4A19C78F6Cbin0 -> 990 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 (renamed from id/server/doc/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22)bin1147 -> 1147 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/88D9F0C0EBB72C58516EC96AEED397FA86B40E39/6DCD5118D1542E6C205C580775C5420B7509506Bbin0 -> 1076 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/3B8484BF1370941BF03F206B5C4958DA4E1559BBbin0 -> 1065 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/6DD653FB8FE2614249924274043E834664EBE980bin0 -> 1065 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/C0EF3E7A54B4C501295F77974B1995E36B25C92Bbin0 -> 1066 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/D29172D3F501A2D7A47F702633044F519A3A5F0Bbin0 -> 1066 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/8FDB1CB752D82C88C89F9E9DA7AD2F54C6FA6F3B/842B3870A64001CDD90978D0E554DAF94D9ABDFEbin0 -> 947 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6 (renamed from id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6)bin975 -> 975 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E (renamed from id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E)bin975 -> 975 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/91C4DD783D6D38F0325FE74930BF61F656364EA9/53A6B611F8CEE0315BCCE5D59898931ED390E400bin0 -> 761 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22bin0 -> 1185 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169bin0 -> 1191 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/45B43346251FDF9E95DCB7F36928785D46D63913bin0 -> 1136 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/E33619C88426E4FE956041E6751ADDEC9C10F0BCbin0 -> 1136 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/975729FFAF7EB667BCF68E9B886EA876E44F46D0/35202B14F69409EAA51CD8AB547AC0CD5E993F3Fbin0 -> 1053 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BAbin0 -> 1165 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/79B21E2743A879AFF5403ECEA09EAC2084EF4799bin0 -> 1014 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6bin0 -> 1030 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8Bbin0 -> 932 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/A562C4B99E2847251CB4A1F05DA1FF43E7296F0Bbin0 -> 999 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8Cbin0 -> 997 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9F0E0FBB25F66FF88C8E033EFF358923C84A2926bin0 -> 930 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/C87D1855227D995C332C4C9072A2E2053F2CC623bin0 -> 1028 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/42AD1897A4643D2AA634D980F16349E6694F3B1Bbin0 -> 1237 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/FE7891B6ED7B178F528A28B21478299F865889BDbin0 -> 1333 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A15B5DBE14A19CF859F48E2DA2A29A4C3DB4D680/3AC12E21FFF9ACAB2BCFF52BBD885FB7AAC9A02Bbin0 -> 1201 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/8784ED81F5A22779EB0B081945FD151992557FBEbin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/88583DB03975127CB488CA7DDE303A1646CEA97Bbin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8bin0 -> 1058 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/20CAECDCA766243AAD6FA1327618FC81BA65DC0Fbin0 -> 1057 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/96D5D179016A5A6546973BA63733617EE1F1540Dbin0 -> 1058 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/CF236CF66379EA506F967D21F0E25E87529D9687bin0 -> 1058 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76bin0 -> 1057 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A7437C35301BDB5349F320B62231615028F397F8/266FCA0265A576548425BDAE15448665EE8BB889bin0 -> 1076 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A (renamed from id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A)bin1111 -> 1111 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A (renamed from id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A)bin1110 -> 1110 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 (renamed from id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515)bin1111 -> 1111 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 (renamed from id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92)bin1110 -> 1110 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/AAB27F0E98B28AF253454415F6490CB5F43A4B49/A9D28607928FA8615E2615CC9D71B535C5D0D419bin0 -> 734 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374 (renamed from id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374)bin1167 -> 1167 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 (renamed from id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914)bin1028 -> 1028 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B1A1ACC805C656EF257C5115509B977964591D7E/8944AF64790FA467C02424CB22523A068C3B72DBbin0 -> 1073 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B293710691F553804016FCEC3428ABA1CB11ADF7/36B41A8B411985ED1032DBD85A154207164A9B85bin0 -> 1069 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B310CEED301C503EDB15720F94D5D7E76BF423DA/AA94FD422AEB8F5B6E8508314CE0DC68BCD53305bin0 -> 1339 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B3EB7B59ECFF1E25E16C64BB24993D1B20DCFC28/07A6DEED70213CCF598F278789680DA4C04A0331bin0 -> 1266 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B749506C821467F7D6F4E8943D07DDED771A7B47/A5A00B223EF24AED92D03F652CFE367CA9D1B200bin0 -> 958 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/B9041947DCD9B7E2B82D72D6A0FF1FBC4B213DC0/BD78039E45BA4E4B13ADECC58124520ACE83B6A7bin0 -> 1614 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BAA9ADD095E87E0B490B6DD933AA2F450C6B9492/7A430B6E3592BEEDFAA0DD5DD6262C27EB8D26D2bin0 -> 920 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BE47A5DA41A35F740D98305DA8FF4096B71492BE/D1474E7D99512D05B98DD37B3FE86496A03D088Dbin0 -> 922 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/9766A5ED03482991DA91BB763ECDCD9417394100bin0 -> 1169 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/BB97947C31BBF3364A2909F9876DBD3B87B5B62Abin0 -> 1169 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/60B7181FD8BCA00B84961BF31DB08C50376CCF44bin0 -> 1068 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/74801529B4E8E5764FFC4D8E6577E1F84E8101CEbin0 -> 1067 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/7B7B60B748C82B34EE71A3CEA729C477083F0BDAbin0 -> 1068 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/EBB80BE34C78814AE659BBA3A2394E4D9857123Dbin0 -> 1068 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BED4C70D83B5042F4254459064FDEACD43DD1EDF/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04bin0 -> 700 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA (renamed from id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA)bin975 -> 975 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8 (renamed from id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8)bin975 -> 975 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C15FFFE6EFAD484909C9EFC6CD5C20435E326685/DDBAE68B1FF60FFBB2854C78727B76C95EC83BBEbin0 -> 823 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BAbin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/B38C775A18C1195D01658D75FBDA3258B6DF018Bbin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C2A7CAE9E68EB7945828D193CB22CDD246BC7F95/6955D95F6B0799F7D96F4FC28E6E6C64758C1240bin0 -> 1224 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C52E4A04A22D98C70E19F1969AD71C838E4371B3/F96FE4F59166EFA9000B21A16EF22CF14468890Cbin0 -> 944 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92Ebin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/A79681CBDD69EC741214136F128923A574E26F03bin0 -> 1159 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C7E1D3604D2A960201D70F29B8A80EDA11475EEB/C18ECC8FD712ACAFBEAEDC1FA13F5AB19930E3EDbin0 -> 406 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/C976280EC7FECF169577E31D8CA0BB00967904B1/7666A8BD2C2513DE489C06D08D566F177ECE84AAbin0 -> 1260 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CABD2EA6CA438084840DCCAE875F341E2D3A2C43/02A0E6456442E35198532ACFFB6FEE3B606D9FA3bin0 -> 1366 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29 (renamed from id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29)bin2278 -> 2278 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3Abin0 -> 1264 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/8AB0A3519AFA7F3C04074522678BAA1CB3DC734Fbin0 -> 930 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/DF47B3040E7632614464BD2EC4ECD1B8030F53E3bin0 -> 933 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/E117479B4A41D7F3223FCAE50560B0D57B22217Dbin0 -> 997 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/D4D40BD33958CD9169A7AB6304AA2BBAD22DC595/07976A2A16EC182670161B46886B05E1FEAC16B1bin0 -> 1209 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/D708C897515970D33EF7CD0C2474449D3AB6AA83/52ED0FAFBD38A868C678174D7EB03D266ADB221Cbin0 -> 994 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DD29E76659D18371B78E61E7DF4D4B8FEDCAF8E7/8BA5C0847597612C7E16970EAE55EF58D32E9CF3bin0 -> 1202 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/18585FC53A283488E4BA84867980E9B1F2B28ADAbin0 -> 1313 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/27337257493B86B9BFF78D569F938D692A430EAEbin0 -> 1218 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/4832F0A28C3724A92F6CB3314F747D0E74FC7344bin0 -> 1217 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/6352302A5072DBFB769D4FF4C70C86432C4C1683bin0 -> 1218 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/EE886B907E31667D622677F665F25C54AF9A7F65bin0 -> 1218 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6 (renamed from id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6)bin1185 -> 1185 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/E6A4C843059A6043B4DC967F9EF892B695990777/B4B77C83465979E3679E3A33F972F48EE3730A18bin0 -> 924 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/EA7E6D37E678C1BCA5060F97DAF09F559DFD04B7/3AAD23B00CA10E54E6368DF7952E3F4B5108B65Cbin0 -> 606 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/EEE6351C5C6EBD8644AB88E7648D44FA07C72A80/14E59C02A6877B0EBD2C4203886BA25959C1D267bin0 -> 1020 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F1B84756A1EAB09C171B2783DD163B42A9BD0BBB/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703bin0 -> 1067 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F3DA7C495789E656FA27E611CCAFA05F232ADEA0/F3AE9FEA4DECEE5330770A2520BD86909929E7BEbin0 -> 758 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/16D8270DE51B034E77B7CDAF1DEE623916243DDCbin0 -> 1068 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239bin0 -> 1068 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/40B51EEF4E709FBD47935DDD83A1F640D0CC378Abin0 -> 1067 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537bin0 -> 1068 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F48B57F89BACD8687EBB12223A5B8E5EF3774583/CAF84A42305615AC2C582F6412BDA3E36DAC3D25bin0 -> 786 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F613568C1D7A1300B32609998288211959DBDFB0/D7EDAF7381F7FC93B4C28FA372190D7A59CFA696bin0 -> 660 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/certs/certstore/F7D331850EC13D22284909E0FC3493A65FFA7F30/EC988340526163D5B7AC80481B2AC76828EDDC6Cbin0 -> 1157 bytes
-rw-r--r--id/server/data/deploy/conf/moa-id/moa-id.properties1
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer26
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer21
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer (renamed from id/server/doc/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt)18
-rw-r--r--id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.20140723-20240723.SerNo14b4fd.cer26
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer26
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer21
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer26
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer21
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer23
-rw-r--r--id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer23
-rw-r--r--id/server/data/deploy/tomcat/unix/tomcat-start.sh2
-rw-r--r--id/server/data/deploy/tomcat/win32/startTomcat.bat4
-rw-r--r--id/server/doc/conf/Catalina/localhost/proxy.xml25
-rw-r--r--id/server/doc/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6bin1549 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28bin880 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98bin1156 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5Ebin982 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt21
-rw-r--r--id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html846
-rw-r--r--id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html617
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/application[password].p12bin7885 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/assertion.crt24
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/encryption.crt24
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/moa_idp.crt24
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/moa_idp[password].p12bin7885 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id-configuration/keys/request.crt24
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/activation_template.html39
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/admin_template.html40
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html37
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/rejected_template.html37
-rw-r--r--id/server/doc/conf/moa-id-configuration/mail/verification_template.html43
-rw-r--r--id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties84
-rw-r--r--id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml7
-rw-r--r--id/server/doc/conf/moa-id-oa/keys/application[password].p12bin7885 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id-oa/keys/assertion.crt24
-rw-r--r--id/server/doc/conf/moa-id-oa/keys/encryption.crt24
-rw-r--r--id/server/doc/conf/moa-id-oa/keys/metadata.crt24
-rw-r--r--id/server/doc/conf/moa-id-oa/keys/moa_idp.crt24
-rw-r--r--id/server/doc/conf/moa-id-oa/oa.properties27
-rw-r--r--id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml67
-rw-r--r--id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp53
-rw-r--r--id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp13
-rw-r--r--id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp53
-rw-r--r--id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp13
-rw-r--r--id/server/doc/conf/moa-id/MOAIdentities.xsd59
-rw-r--r--id/server/doc/conf/moa-id/SLTemplates/template_handyBKU.html38
-rw-r--r--id/server/doc/conf/moa-id/SLTemplates/template_localBKU.html30
-rw-r--r--id/server/doc/conf/moa-id/SLTemplates/template_onlineBKU.html37
-rw-r--r--id/server/doc/conf/moa-id/SampleIdentities.xml34
-rw-r--r--id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cerbin979 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cerbin1147 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cerbin1356 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt33
-rw-r--r--id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html846
-rw-r--r--id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html617
-rw-r--r--id/server/doc/conf/moa-id/htmlTemplates/slo_template.html451
-rw-r--r--id/server/doc/conf/moa-id/keys/assertion.crt24
-rw-r--r--id/server/doc/conf/moa-id/keys/encryption.crt24
-rw-r--r--id/server/doc/conf/moa-id/keys/metadata.crt24
-rw-r--r--id/server/doc/conf/moa-id/keys/moa_idp[password].p12bin5346 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id/keys/storkDemoKeys.jksbin9023 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id/log4j.properties27
-rw-r--r--id/server/doc/conf/moa-id/moa-id.properties126
-rw-r--r--id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt18
-rw-r--r--id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml87
-rw-r--r--id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml9
-rw-r--r--id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml10
-rw-r--r--id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml10
-rw-r--r--id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml9
-rw-r--r--id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml9
-rw-r--r--id/server/doc/conf/moa-id/stork/SamlEngine.xml70
-rw-r--r--id/server/doc/conf/moa-id/stork/SignModule_incoming.xml12
-rw-r--r--id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml12
-rw-r--r--id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml12
-rw-r--r--id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml95
-rw-r--r--id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml94
-rw-r--r--id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml94
-rw-r--r--id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml94
-rw-r--r--id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jksbin3013 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jksbin4592 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml7
-rw-r--r--id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration (2).xml83
-rw-r--r--id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml83
-rw-r--r--id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2bin979 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22bin1147 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin1485 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin979 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cerbin1147 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crtbin1185 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml159
-rw-r--r--id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml7
-rw-r--r--id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml159
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.derbin1076 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12bin4893 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystorebin1202 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.derbin1076 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12bin4893 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystorebin1202 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.derbin1115 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystorebin4481 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer16
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer21
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer32
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer31
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer43
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer21
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer33
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer31
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cerbin901 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cerbin901 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cerbin1110 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cerbin1110 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cerbin1111 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cerbin1111 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cerbin975 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cerbin975 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cerbin975 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cerbin975 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin1485 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin979 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.derbin1747 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cerbin1262 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cerbin1028 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cerbin991 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cerbin995 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cerbin901 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cerbin901 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cerbin1110 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cerbin1110 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cerbin1111 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cerbin1111 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cerbin975 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cerbin975 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cerbin975 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cerbin975 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cerbin1485 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin979 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.derbin1747 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cerbin2278 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin979 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cerbin1272 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cerbin1205 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cerbin1385 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cerbin1167 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cerbin1171 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cerbin2278 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cerbin979 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cerbin1205 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cerbin1385 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cerbin1167 -> 0 bytes
-rw-r--r--id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cerbin1171 -> 0 bytes
-rw-r--r--id/server/doc/handbook/additional/additional.html58
-rw-r--r--id/server/doc/handbook/config/config.html48
-rw-r--r--id/server/doc/handbook/index.html2
-rw-r--r--id/server/doc/handbook/interfederation/interfederation.html8
-rw-r--r--id/server/idserverlib/pom.xml12
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java3616
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java523
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java94
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java57
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java46
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java33
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java29
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java812
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java140
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java36
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java127
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java10
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java21
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedbPK.java (renamed from id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java)23
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java3
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java18
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java1
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java47
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java19
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java20
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java24
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java30
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java17
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java9
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EncryptedBPKAttributeBuilder.java70
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java7
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java93
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java8
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java98
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java11
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java54
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java6
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java61
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java2
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java4
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java157
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java71
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java132
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java14
-rw-r--r--id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties2
-rw-r--r--id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html2
-rw-r--r--id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java2
-rw-r--r--id/server/moa-id-commons/pom.xml10
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java11
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java2
-rw-r--r--id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java2
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/bindings.xjb20
-rw-r--r--id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd29
-rw-r--r--id/server/stork2-commons/pom.xml3
-rw-r--r--id/server/stork2-saml-engine/pom.xml8
455 files changed, 6310 insertions, 8458 deletions
diff --git a/id/ConfigWebTool/pom.xml b/id/ConfigWebTool/pom.xml
index 9b3ef3862..e30cad73b 100644
--- a/id/ConfigWebTool/pom.xml
+++ b/id/ConfigWebTool/pom.xml
@@ -83,7 +83,7 @@
<dependency>
<groupId>at.gv.util</groupId>
<artifactId>egovutils</artifactId>
- <version>1.0.4</version>
+ <version>1.0.7</version>
<exclusions>
<exclusion>
<groupId>com.sun</groupId>
@@ -118,12 +118,12 @@
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-core</artifactId>
- <version>2.3.16.1</version>
+ <version>2.3.16.3</version>
</dependency>
<dependency>
<groupId>org.apache.struts</groupId>
<artifactId>struts2-json-plugin</artifactId>
- <version>2.3.16.1</version>
+ <version>2.3.16.3</version>
</dependency>
<dependency>
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
index 567978cae..f549db9f3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
@@ -60,6 +60,7 @@ public class Constants {
public static final String SESSION_BKUSELECTIONTEMPLATE = "bkuSelectionTemplate";
public static final String SESSION_SENDASSERTIONTEMPLATE = "sendAssertionTemplate";
public static final String SESSION_SLTRANSFORMATION = "slTransformation";
+ public static final String SESSION_BPKENCRYPTIONDECRYPTION = "bPKEncDec";
public static final String SESSION_SLOERROR = "sloerrormessage";
public static final String SESSION_SLOSUCCESS = "slosuccessmessage";
@@ -115,4 +116,6 @@ public class Constants {
BUSINESSSERVICENAMES = Collections.unmodifiableMap(tmp);
}
+
+ public static final long ONE_MINUTE_IN_MILLIS=60000;//millisecs
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
index 036acf1f6..3bfe409c0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
@@ -42,6 +42,7 @@ public class AuthenticatedUser {
private String institute;
private String userName;
private Date lastLogin;
+ private Date sessionExpired;
private boolean onlyBusinessService = false;
private String businessServiceType;
@@ -54,7 +55,7 @@ public class AuthenticatedUser {
}
- public static AuthenticatedUser generateDefaultUser() {
+ public static AuthenticatedUser generateDefaultUser(Date sessionExpired) {
AuthenticatedUser user = new AuthenticatedUser();
user.familyName = "TestUser";
@@ -67,12 +68,13 @@ public class AuthenticatedUser {
user.isMandateUser = false;
user.isPVP2Login = false;
user.lastLogin = new Date();
+ user.sessionExpired = sessionExpired;
return user;
}
public static AuthenticatedUser generateUserRequestUser(UserDatabaseFrom form,
- String nameID, String nameIDFormat) {
+ String nameID, String nameIDFormat, Date sessionExpired) {
AuthenticatedUser user = new AuthenticatedUser();
user.familyName = form.getFamilyName();
@@ -85,6 +87,7 @@ public class AuthenticatedUser {
user.isMandateUser = form.isIsmandateuser();
user.isPVP2Login = form.isPVPGenerated();
user.lastLogin = new Date();
+ user.sessionExpired = sessionExpired;
user.nameID = nameID;
user.nameIDFormat = nameIDFormat;
@@ -93,7 +96,7 @@ public class AuthenticatedUser {
}
public AuthenticatedUser(UserDatabase userdb, boolean isAuthenticated, boolean isMandateUser,
- boolean isPVP2Login, String nameID, String nameIDFormat) {
+ boolean isPVP2Login, String nameID, String nameIDFormat, Date sessionExpired) {
this.familyName = userdb.getFamilyname();
this.givenName = userdb.getGivenname();
@@ -105,6 +108,7 @@ public class AuthenticatedUser {
this.isMandateUser = isMandateUser;
this.isPVP2Login = isPVP2Login;
this.lastLogin = new Date();
+ this.sessionExpired = sessionExpired;
this.nameID = nameID;
this.nameIDFormat = nameIDFormat;
@@ -250,10 +254,13 @@ public class AuthenticatedUser {
public String getNameIDFormat() {
return nameIDFormat;
}
-
-
-
-
-
+
+ /**
+ * @return the sessionExpired
+ */
+ public Date getSessionExpired() {
+ return sessionExpired;
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticationManager.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticationManager.java
index 6d3afffc9..58142b398 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticationManager.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticationManager.java
@@ -22,6 +22,9 @@
*/
package at.gv.egovernment.moa.id.configuration.auth;
+import java.util.Date;
+import java.util.Iterator;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -81,4 +84,16 @@ public class AuthenticationManager {
activeUsers.removeUser(authUser.getNameID());
}
+
+ public void removeAllUsersAfterTimeOut() {
+ Iterator<AuthenticatedUser> expiredUsers = activeUsers.getUserWithSessionTimeOut(new Date());
+ while (expiredUsers.hasNext()) {
+ AuthenticatedUser user = expiredUsers.next();
+ activeUsers.removeUser(user.getNameID());
+ log.info("LogOut user with ID" + user.getNameID() + " after SessionTimeOut.");
+
+ }
+
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/IActiveUserStorage.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/IActiveUserStorage.java
index c52fee140..80730c6e0 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/IActiveUserStorage.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/IActiveUserStorage.java
@@ -22,6 +22,9 @@
*/
package at.gv.egovernment.moa.id.configuration.auth;
+import java.util.Date;
+import java.util.Iterator;
+
/**
* @author tlenz
*
@@ -31,5 +34,6 @@ public interface IActiveUserStorage {
public AuthenticatedUser getUser(String nameID);
public void setUser(String nameID, AuthenticatedUser authUser);
public void removeUser(String nameID);
+ public Iterator<AuthenticatedUser> getUserWithSessionTimeOut(Date date);
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/MemoryActiveUserStorageImpl.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/MemoryActiveUserStorageImpl.java
index 145da2c35..186a2b931 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/MemoryActiveUserStorageImpl.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/MemoryActiveUserStorageImpl.java
@@ -22,7 +22,12 @@
*/
package at.gv.egovernment.moa.id.configuration.auth;
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Date;
import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
import java.util.Map;
/**
@@ -68,4 +73,18 @@ public class MemoryActiveUserStorageImpl implements IActiveUserStorage {
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.auth.IActiveUserStorage#getUserWithSessionTimeOut(java.util.Date)
+ */
+ @Override
+ public Iterator<AuthenticatedUser> getUserWithSessionTimeOut(Date date) {
+ List<AuthenticatedUser> expiredUsers = new ArrayList<AuthenticatedUser>();
+ for (AuthenticatedUser user : store.values()) {
+ if (date.after(user.getSessionExpired()))
+ expiredUsers.add(user);
+
+ }
+ return expiredUsers.iterator();
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
index 38c858918..dfcde4624 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/pvp2/servlets/SLOBasicServlet.java
@@ -127,7 +127,6 @@ public class SLOBasicServlet extends HttpServlet {
HttpSession session = request.getSession(false);
if (session != null)
session.invalidate();
-
return createSLOResponse(sloReq, StatusCode.SUCCESS_URI, request);
} else {
@@ -198,11 +197,20 @@ public class SLOBasicServlet extends HttpServlet {
} else if (sloResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {
- log.info("Single LogOut process complete.");
- request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS,
- LanguageHelper.getErrorString("webpages.slo.success", request));
-
+ if (sloResp.getStatus().getStatusCode().getStatusCode() != null &&
+ !sloResp.getStatus().getStatusCode().getStatusCode().equals(StatusCode.PARTIAL_LOGOUT_URI)) {
+ log.info("Single LogOut process complete.");
+ request.getSession().setAttribute(Constants.SESSION_SLOSUCCESS,
+ LanguageHelper.getErrorString("webpages.slo.success", request));
+
+ } else {
+ log.warn("Single LogOut process is not completed.");
+ request.getSession().setAttribute(Constants.SESSION_SLOERROR,
+ LanguageHelper.getErrorString("webpages.slo.error", request));
+
+ }
+
} else {
log.warn("Single LogOut response sends an unsupported statustype " + sloResp.getStatus().getStatusCode().getValue());
request.getSession().setAttribute(Constants.SESSION_SLOERROR,
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
index bea6220ff..957479b29 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/config/ConfigurationProvider.java
@@ -457,6 +457,11 @@ public class ConfigurationProvider {
}
+ public String getConfigurationEncryptionKey() {
+ return props.getProperty("general.moaconfig.key");
+
+ }
+
private void initalPVP2Login() throws ConfigurationException {
try {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
index 9e5ba684c..5e177655d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/GeneralStorkConfig.java
@@ -25,12 +25,14 @@ package at.gv.egovernment.moa.id.configuration.data;
import java.util.ArrayList;
import java.util.List;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentGeneral;
import at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS;
import at.gv.egovernment.moa.id.commons.db.dao.config.ForeignIdentities;
import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
import at.gv.egovernment.moa.id.commons.db.dao.config.STORK;
import at.gv.egovernment.moa.id.commons.db.dao.config.StorkAttribute;
+
import org.apache.log4j.Logger;
public class GeneralStorkConfig {
@@ -78,7 +80,7 @@ public class GeneralStorkConfig {
}
if (cpepslist.isEmpty())
- cpepslist.add(new CPEPS());
+ cpepslist = null;
if(attributes.isEmpty())
attributes.add(new StorkAttribute());
@@ -88,7 +90,34 @@ public class GeneralStorkConfig {
}
public List<CPEPS> getCpepslist() {
- return cpepslist;
+ if (null == cpepslist)
+ return null;
+
+ MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
+
+ try {
+ List<CPEPS> cpepss = dbconfig.getAuthComponentGeneral().getForeignIdentities().getSTORK().getCPEPS();
+
+ if (cpepss != null) {
+ // make CountryCode "readonly"
+ for (CPEPS newone : cpepslist) {
+ for (CPEPS current : cpepss) {
+ if (null != newone)
+ if (current.getHjid().equals(newone.getHjid())) {
+ newone.setCountryCode(current.getCountryCode());
+ break;
+ }
+ }
+ }
+ }
+
+ return cpepslist;
+
+ } catch (NullPointerException e) {
+ return null;
+
+ }
+
}
public void setCpepslist(List<CPEPS> list) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
new file mode 100644
index 000000000..6782987e5
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OABPKEncryption.java
@@ -0,0 +1,370 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.data.oa;
+
+import java.io.File;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+
+import org.apache.commons.lang.SerializationUtils;
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
+import at.gv.egovernment.moa.id.commons.db.dao.config.BPKDecryption;
+import at.gv.egovernment.moa.id.commons.db.dao.config.EncBPKInformation;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.validation.ValidationHelper;
+import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.utils.ConfigurationEncryptionUtils;
+import at.gv.egovernment.moa.id.configuration.validation.oa.OAFileUploadValidation;
+import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+public class OABPKEncryption implements IOnlineApplicationData {
+
+ private static final Logger log = Logger.getLogger(OABPKEncryption.class);
+
+ private static final String MODULENAME = "bPKEncryptionDecryption";
+
+ private String keyStorePassword = null;
+ private String keyAlias = null;
+ private String keyPassword = null;
+
+ private Map<String, byte[]> keyStoreForm = new HashMap<String, byte[]>();
+
+ private List<File> keyStoreFileUpload = null;
+ private List<String> keyStoreFileUploadContentType = null;
+ private List<String> keyStoreFileUploadFileName = new ArrayList<String>();;
+ private boolean deletekeyStore = false;
+ private boolean validationError = false;
+
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#getName()
+ */
+ @Override
+ public String getName() {
+ // TODO Auto-generated method stub
+ return MODULENAME;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#parse(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> parse(OnlineApplication dbOA,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ AuthComponentOA oaAuth = dbOA.getAuthComponentOA();
+ if (oaAuth != null) {
+ EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation();
+ if (bPKEncDec != null) {
+ BPKDecryption bPKDec = bPKEncDec.getBPKDecryption();
+ if (bPKDec != null) {
+ keyAlias = bPKDec.getKeyAlias();
+ if (bPKDec.getKeyStoreFileName() != null)
+ keyStoreFileUploadFileName.add(bPKDec.getKeyStoreFileName());
+
+ }
+ }
+ }
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#store(at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public String store(OnlineApplication dbOA, AuthenticatedUser authUser,
+ HttpServletRequest request) {
+ AuthComponentOA oaAuth = dbOA.getAuthComponentOA();
+ if (oaAuth == null) {
+ oaAuth = new AuthComponentOA();
+ dbOA.setAuthComponentOA(oaAuth);
+
+ }
+ EncBPKInformation bPKEncDec = oaAuth.getEncBPKInformation();
+ if (bPKEncDec == null) {
+ bPKEncDec = new EncBPKInformation();
+ oaAuth.setEncBPKInformation(bPKEncDec);
+
+ }
+
+ BPKDecryption bPKDec = bPKEncDec.getBPKDecryption();
+ if (bPKDec == null) {
+ bPKDec = new BPKDecryption();
+ bPKEncDec.setBPKDecryption(bPKDec);
+ }
+
+ if (isDeletekeyStore()) {
+ bPKDec.setIv(null);
+ bPKDec.setKeyAlias(null);
+ bPKDec.setKeyInformation(null);
+ bPKDec.setKeyStoreFileName(null);
+
+ }
+
+ BPKDecryptionParameters keyInfo = new BPKDecryptionParameters();
+ if (keyStoreForm != null && keyStoreForm.size() > 0) {
+ keyInfo.setKeyAlias(keyAlias);
+ keyInfo.setKeyPassword(keyPassword);
+ keyInfo.setKeyStorePassword(keyStorePassword);
+
+ Iterator<String> interator = keyStoreForm.keySet().iterator();
+ bPKDec.setKeyStoreFileName(interator.next());
+ bPKDec.setKeyAlias(keyAlias);
+ keyInfo.setKeyStore(keyStoreForm.get(
+ bPKDec.getKeyStoreFileName()));
+
+ //encrypt key information
+ byte[] serKeyInfo = SerializationUtils.serialize(keyInfo);
+ try {
+ EncryptedData encryptkeyInfo = ConfigurationEncryptionUtils.getInstance().encrypt(serKeyInfo);
+ bPKDec.setIv(encryptkeyInfo.getIv());
+ bPKDec.setKeyInformation(encryptkeyInfo.getEncData());
+
+ } catch (BuildException e) {
+ log.error("Configuration encryption FAILED.", e);
+ return LanguageHelper.getErrorString("error.general.text", request);
+
+ }
+ }
+
+ request.getSession().setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, null);
+
+ return null;
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.configuration.data.oa.IOnlineApplicationData#validate(at.gv.egovernment.moa.id.configuration.data.oa.OAGeneralConfig, at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser, javax.servlet.http.HttpServletRequest)
+ */
+ @Override
+ public List<String> validate(OAGeneralConfig general,
+ AuthenticatedUser authUser, HttpServletRequest request) {
+ HttpSession session = request.getSession();
+ List<String> errors = new ArrayList<String>();
+
+ String check = null;
+
+ OAFileUploadValidation valiator_fileUpload = new OAFileUploadValidation();
+ //validate BKU-selection template
+ List<String> templateError = valiator_fileUpload.validate(getKeyStoreFileUploadFileName()
+ , getKeyStoreFileUpload(), "validation.bPKDec.keyStore", keyStoreForm, request);
+ if (templateError != null && templateError.size() == 0) {
+ if (keyStoreForm != null && keyStoreForm.size() > 0) {
+ session.setAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION, keyStoreForm);
+
+ } else
+ keyStoreForm = (Map<String, byte[]>) session.getAttribute(Constants.SESSION_BPKENCRYPTIONDECRYPTION);
+
+ } else {
+ errors.addAll(templateError);
+
+ }
+
+ if (keyStoreForm != null && keyStoreForm.size() > 0) {
+ check = getKeyStorePassword();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("bPK decryption keystore password is empty");
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.empty", request));
+
+ } else {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("bPK decryption keystore password contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStorePassword.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+
+ }
+ }
+
+ check = getKeyAlias();
+ if (MiscUtil.isEmpty(check)) {
+ log.info("bPK decryption key alias is empty");
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.empty", request));
+
+ } else {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("bPK decryption key alias contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyAlias.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+
+ }
+ }
+
+ check = getKeyPassword();
+ if (MiscUtil.isNotEmpty(check)) {
+ if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+ log.warn("bPK decryption key password contains potentail XSS characters: " + check);
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyPassword.valid",
+ new Object[] {ValidationHelper.getPotentialCSSCharacter(false)}, request ));
+
+ }
+ }
+
+ BPKDecryptionParameters keyInfo = new BPKDecryptionParameters();
+ keyInfo.setKeyAlias(keyAlias);
+ keyInfo.setKeyPassword(keyPassword);
+ keyInfo.setKeyStorePassword(keyStorePassword);
+ Iterator<String> interator = keyStoreForm.keySet().iterator();
+ String fileName = interator.next();
+ keyInfo.setKeyStore(keyStoreForm.get(fileName));
+ if (keyInfo.getPrivateKey() == null) {
+ log.info("Open keyStore FAILED.");
+ errors.add(LanguageHelper.getErrorString("validation.bPKDec.keyStore.file.valid", request));
+
+ }
+ }
+
+ if (errors.size() > 0) {
+ validationError = true;
+
+ }
+
+ return errors;
+
+ }
+
+ /**
+ * @return the keyStorePassword
+ */
+ public String getKeyStorePassword() {
+ return keyStorePassword;
+ }
+
+ /**
+ * @param keyStorePassword the keyStorePassword to set
+ */
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * @return the keyAlias
+ */
+ public String getKeyAlias() {
+ return keyAlias;
+ }
+
+ /**
+ * @param keyAlias the keyAlias to set
+ */
+ public void setKeyAlias(String keyAlias) {
+ this.keyAlias = keyAlias;
+ }
+
+ /**
+ * @return the keyPassword
+ */
+ public String getKeyPassword() {
+ return keyPassword;
+ }
+
+ /**
+ * @param keyPassword the keyPassword to set
+ */
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+ /**
+ * @return the keyStoreFileUpload
+ */
+ public List<File> getKeyStoreFileUpload() {
+ return keyStoreFileUpload;
+ }
+
+ /**
+ * @param keyStoreFileUpload the keyStoreFileUpload to set
+ */
+ public void setKeyStoreFileUpload(List<File> keyStoreFileUpload) {
+ this.keyStoreFileUpload = keyStoreFileUpload;
+ }
+
+ /**
+ * @return the keyStoreFileUploadContentType
+ */
+ public List<String> getKeyStoreFileUploadContentType() {
+ return keyStoreFileUploadContentType;
+ }
+
+ /**
+ * @param keyStoreFileUploadContentType the keyStoreFileUploadContentType to set
+ */
+ public void setKeyStoreFileUploadContentType(
+ List<String> keyStoreFileUploadContentType) {
+ this.keyStoreFileUploadContentType = keyStoreFileUploadContentType;
+ }
+
+ /**
+ * @return the keyStoreFileUploadFileName
+ */
+ public List<String> getKeyStoreFileUploadFileName() {
+ return keyStoreFileUploadFileName;
+ }
+
+ /**
+ * @param keyStoreFileUploadFileName the keyStoreFileUploadFileName to set
+ */
+ public void setKeyStoreFileUploadFileName(
+ List<String> keyStoreFileUploadFileName) {
+ this.keyStoreFileUploadFileName = keyStoreFileUploadFileName;
+ }
+
+ /**
+ * @return the deletekeyStore
+ */
+ public boolean isDeletekeyStore() {
+ return deletekeyStore;
+ }
+
+ /**
+ * @param deletekeyStore the deletekeyStore to set
+ */
+ public void setDeletekeyStore(boolean deletekeyStore) {
+ this.deletekeyStore = deletekeyStore;
+ }
+
+ /**
+ * @return the validationError
+ */
+ public boolean isValidationError() {
+ return validationError;
+ }
+
+
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
index 5db9029bd..9431cc1fd 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAMOAIDPInterfederationConfig.java
@@ -117,10 +117,10 @@ public class OAMOAIDPInterfederationConfig implements IOnlineApplicationData {
}
}
- if (inboundSSO && MiscUtil.isEmpty(queryURL)) {
- log.info("Inbound Single Sign-On requires AttributQueryURL configuration.");
- errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request));
- }
+// if (inboundSSO && MiscUtil.isEmpty(queryURL)) {
+// log.info("Inbound Single Sign-On requires AttributQueryURL configuration.");
+// errors.add(LanguageHelper.getErrorString("validation.interfederation.moaidp.queryurl.empty", request));
+// }
return errors;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
index 550844700..bb7bac4f8 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java
@@ -83,7 +83,6 @@ public class OATargetConfiguration implements IOnlineApplicationData {
@Override
public List<String> parse(OnlineApplication dbOA,
AuthenticatedUser authUser, HttpServletRequest request) {
-
String target_full = dbOA.getTarget();
if (MiscUtil.isNotEmpty(target_full)) {
if (TargetValidator.isValidTarget(target_full)) {
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index 1f631afea..d13696d51 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.configuration.filter;
import java.io.IOException;
import java.util.ArrayList;
+import java.util.Date;
import java.util.StringTokenizer;
import java.util.regex.Pattern;
@@ -153,8 +154,11 @@ public class AuthenticationFilter implements Filter{
log.warn("Authentication is deaktivated. Dummy authentication-information are used!");
if (authuser == null) {
-
- authuser = AuthenticatedUser.generateDefaultUser();
+ int sessionTimeOut = session.getMaxInactiveInterval();
+ Date sessionExpired = new Date(new Date().getTime() +
+ (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS));
+
+ authuser = AuthenticatedUser.generateDefaultUser(sessionExpired);
authManager.setActiveUser(authuser);
//authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
index cd6c699b9..dc97dd2c8 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/FormDataHelper.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.configuration.helper;
import java.util.ArrayList;
+import java.util.Date;
import java.util.List;
import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
@@ -88,7 +89,8 @@ public class FormDataHelper {
userlist.add(new AuthenticatedUser(dbuser,
dbuser.isIsActive(),
ismandate,
- false, null, null));
+ false, null, null, new Date())
+ );
}
return userlist;
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
index caed3e469..3c1c2f141 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/MailHelper.java
@@ -22,8 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.configuration.helper;
-import java.io.File;
-import java.io.FileInputStream;
import java.io.InputStream;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
index 0a308a354..32ffd2ba3 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditGeneralConfigAction.java
@@ -237,20 +237,8 @@ public class EditGeneralConfigAction extends BasicAction {
} catch (Exception ex) {
ex.printStackTrace();
}
-
- MOAIDConfiguration oldconfig = ConfigurationDBRead.getMOAIDConfiguration();
- AuthComponentGeneral oldauth = null;
- if (oldconfig != null) {
- oldauth = oldconfig.getAuthComponentGeneral();
- }
-
-// MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
-// if (dbconfig == null) {
-// dbconfig = new MOAIDConfiguration();
-// isnewconfig = true;
-// }
- MOAIDConfiguration dbconfig = new MOAIDConfiguration();
+ MOAIDConfiguration dbconfig = ConfigurationDBRead.getMOAIDConfiguration();
AuthComponentGeneral dbauth = dbconfig.getAuthComponentGeneral();
if (dbauth == null) {
@@ -320,14 +308,36 @@ public class EditGeneralConfigAction extends BasicAction {
legprot = new LegacyAllowed();
dbprotocols.setLegacyAllowed(legprot);
}
-
- List<String> el = new ArrayList<String>();
- if (moaconfig.isLegacy_pvp2())
- el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2);
- if (moaconfig.isLegacy_saml1())
- el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1);
- legprot.setProtocolName(el);
+ List<String> el = legprot.getProtocolName();
+ if (el == null) {
+ el = new ArrayList<String>();
+ legprot.setProtocolName(el);
+
+ }
+
+ //Workaround for DB cleaning is only needed for one or the releases (insert in 2.1.1)
+ if (el.size() > 2)
+ el.clear();
+
+ if (el.contains(Constants.MOA_CONFIG_PROTOCOL_PVP2)) {
+ if (!moaconfig.isLegacy_pvp2())
+ el.remove(Constants.MOA_CONFIG_PROTOCOL_PVP2);
+
+ } else {
+ if (moaconfig.isLegacy_pvp2())
+ el.add(Constants.MOA_CONFIG_PROTOCOL_PVP2);
+ }
+
+ if (el.contains(Constants.MOA_CONFIG_PROTOCOL_SAML1)) {
+ if (!moaconfig.isLegacy_saml1())
+ el.remove(Constants.MOA_CONFIG_PROTOCOL_SAML1);
+
+ } else {
+ if (moaconfig.isLegacy_saml1())
+ el.add(Constants.MOA_CONFIG_PROTOCOL_SAML1);
+ }
+
SAML1 saml1= dbprotocols.getSAML1();
if (saml1 == null) {
saml1 = new SAML1();
@@ -397,15 +407,17 @@ public class EditGeneralConfigAction extends BasicAction {
cont.setGivenName(StringHelper.getUTF8String(
moaconfig.getPvp2Contact().getGivenname()));
- //TODO: change to list if required
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getMail()))
+ if (cont.getMail() != null && cont.getMail().size() > 0)
+ cont.getMail().set(0, moaconfig.getPvp2Contact().getMail());
+ else
cont.setMail(Arrays.asList(moaconfig.getPvp2Contact().getMail()));
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getPhone()))
+
+ if (cont.getPhone() != null && cont.getPhone().size() > 0)
+ cont.getPhone().set(0, moaconfig.getPvp2Contact().getPhone());
+ else
cont.setPhone(Arrays.asList(moaconfig.getPvp2Contact().getPhone()));
-
- if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getSurname()))
- cont.setSurName(StringHelper.getUTF8String(
- moaconfig.getPvp2Contact().getSurname()));
+
+ cont.setSurName(StringHelper.getUTF8String(moaconfig.getPvp2Contact().getSurname()));
if (MiscUtil.isNotEmpty(moaconfig.getPvp2Contact().getType()))
cont.setType(moaconfig.getPvp2Contact().getType());
@@ -486,23 +498,6 @@ public class EditGeneralConfigAction extends BasicAction {
dbchainingmodes.setSystemDefaultMode(
ChainingModeType.fromValue(moaconfig.getDefaultchainigmode()));
- if (oldconfig != null) {
- ChainingModes oldchainigmodes = oldconfig.getChainingModes();
- if (oldchainigmodes != null) {
- List<TrustAnchor> oldtrustanchor = oldchainigmodes.getTrustAnchor();
- if (oldtrustanchor != null) {
- List<TrustAnchor> trustanchor = new ArrayList<TrustAnchor>();
- for (TrustAnchor oldel : oldtrustanchor) {
- TrustAnchor TAel = new TrustAnchor();
- TAel.setX509IssuerName(oldel.getX509IssuerName());
- TAel.setX509SerialNumber(oldel.getX509SerialNumber());
- TAel.setMode(oldel.getMode());
- trustanchor.add(TAel);
- }
- dbchainingmodes.setTrustAnchor(trustanchor);
- }
- }
- }
IdentityLinkSigners idlsigners = dbauth.getIdentityLinkSigners();
if (idlsigners == null) {
@@ -525,43 +520,39 @@ public class EditGeneralConfigAction extends BasicAction {
forcon.setURL(moaconfig.getSzrgwURL());
}
- //TODO: Set STORK Config!!!
- if (oldauth != null) {
- ForeignIdentities oldforeign = oldauth.getForeignIdentities();
- if (oldforeign != null) {
- STORK oldstork = oldforeign.getSTORK();
- if (oldstork == null)
- oldstork = new STORK();
+ ForeignIdentities foreign = dbauth.getForeignIdentities();
+ if (foreign != null) {
+ STORK stork = foreign.getSTORK();
+ if (stork == null)
+ stork = new STORK();
try {
log.error("QAAAA " + storkconfig.getDefaultQaa());
- oldstork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa());
+ stork.setQualityAuthenticationAssuranceLevel(storkconfig.getDefaultQaa());
if (storkconfig.getAttributes() != null)
- oldstork.setAttributes(storkconfig.getAttributes());
+ stork.setAttributes(storkconfig.getAttributes());
else
- oldstork.setAttributes((List<StorkAttribute>) (new ArrayList<StorkAttribute>()));
+ stork.setAttributes((List<StorkAttribute>) (new ArrayList<StorkAttribute>()));
if (storkconfig.getCpepslist() != null)
- oldstork.setCPEPS(storkconfig.getCpepslist());
-
+
+ stork.setCPEPS(storkconfig.getCpepslist());
else
- oldstork.setCPEPS((List<CPEPS>) (new ArrayList<CPEPS>()));
+ stork.setCPEPS((List<CPEPS>) (new ArrayList<CPEPS>()));
- dbforeign.setSTORK(oldstork);
} catch (Exception e) {
e.printStackTrace();
}
try{
- log.error("CPEPS LIST: " + storkconfig.getCpepslist().size() );
- log.error("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL());
+ log.info("CPEPS LIST: " + storkconfig.getCpepslist().size() );
+ log.trace("CPEPS 1:" + storkconfig.getCpepslist().get(0).getCountryCode() +storkconfig.getCpepslist().get(0).getURL());
} catch (Exception ex) {
- ex.printStackTrace();
+ log.info("CPEPS LIST is null");
}
}
- }
if (MiscUtil.isNotEmpty(moaconfig.getMandateURL())) {
OnlineMandates dbmandate = dbauth.getOnlineMandates();
@@ -604,7 +595,7 @@ public class EditGeneralConfigAction extends BasicAction {
}
moaauth.setTrustProfileID(moaconfig.getMoaspssAuthTrustProfile());
- moaauth.setVerifyTransformsInfoProfileID(moaconfig.getAuthTransformList());
+ moaauth.getVerifyTransformsInfoProfileID().set(0, moaconfig.getAuthTransformList().get(0));
SecurityLayer seclayertrans = dbauth.getSecurityLayer();
if (seclayertrans == null) {
@@ -621,19 +612,6 @@ public class EditGeneralConfigAction extends BasicAction {
elem.setTransformation(moatrans.get(key));
trans.add(elem);
}
- } else {
- if (oldauth != null) {
- SecurityLayer oldsectrans = oldauth.getSecurityLayer();
- if (oldsectrans != null) {
- List<TransformsInfoType> oldtranslist = oldsectrans.getTransformsInfo();
- for (TransformsInfoType oldel : oldtranslist) {
- TransformsInfoType elem = new TransformsInfoType();
- elem.setFilename(oldel.getFilename());
- elem.setTransformation(oldel.getTransformation());
- trans.add(elem);
- }
- }
- }
}
if (trans.size() > 0)
seclayertrans.setTransformsInfo(trans);
@@ -660,9 +638,6 @@ public class EditGeneralConfigAction extends BasicAction {
ConfigurationDBUtils.save(dbconfig);
- if (oldconfig != null)
- ConfigurationDBUtils.delete(oldconfig);
-
} catch (MOADatabaseException e) {
log.warn("MOAID Configuration can not be stored in Database", e);
return LanguageHelper.getErrorString("error.db.oa.store", request);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
index 9509f9712..3d96cc1e5 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/EditOAAction.java
@@ -57,6 +57,9 @@ public class EditOAAction extends BasicOAAction {
OAAuthenticationData authOA = new OAAuthenticationData();
formList.put(authOA.getName(), authOA);
+ OABPKEncryption bPKEncDec = new OABPKEncryption();
+ formList.put(bPKEncDec.getName(), bPKEncDec);
+
OASSOConfig ssoOA = new OASSOConfig();
formList.put(ssoOA.getName(), ssoOA);
@@ -472,4 +475,19 @@ public class EditOAAction extends BasicOAAction {
formList.put(formOA.getName(), formOA);
}
+ /**
+ * @return the bPK encryption/decryption form
+ */
+ public OABPKEncryption getBPKEncDecr() {
+ return (OABPKEncryption) formList.get(new OABPKEncryption().getName());
+ }
+
+ /**
+ * @param bPK encryption/decryption form
+ * the bPK encryption/decryption form to set
+ */
+ public void setBPKEncDecr(OABPKEncryption formOA) {
+ formList.put(formOA.getName(), formOA);
+ }
+
}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 4762f1518..f4a3d0c75 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -215,12 +215,17 @@ public class IndexAction extends BasicAction {
if (dbuser.isIsMandateUser() != null)
ismandateuser = dbuser.isIsMandateUser();
+ int sessionTimeOut = session.getMaxInactiveInterval();
+ Date sessionExpired = new Date(new Date().getTime() +
+ (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS));
+
AuthenticatedUser authuser = new AuthenticatedUser(dbuser,
true,
ismandateuser,
false,
dbuser.getHjid()+"dbID",
- "username/password");
+ "username/password",
+ sessionExpired);
//store user as authenticated user
AuthenticationManager authManager = AuthenticationManager.getInstance();
@@ -390,6 +395,10 @@ public class IndexAction extends BasicAction {
String bpkwbpk = nameID.getNameQualifier() + "+" + nameID.getValue();
+ int sessionTimeOut = session.getMaxInactiveInterval();
+ Date sessionExpired = new Date(new Date().getTime() +
+ (sessionTimeOut * Constants.ONE_MINUTE_IN_MILLIS));
+
//search user
UserDatabase dbuser = ConfigurationDBRead.getUserWithUserBPKWBPK(bpkwbpk);
if (dbuser == null) {
@@ -434,7 +443,8 @@ public class IndexAction extends BasicAction {
//create AuthUser data element
authUser = AuthenticatedUser.generateUserRequestUser(user,
nameID.getValue(),
- nameID.getFormat());
+ nameID.getFormat(),
+ sessionExpired);
//store user as authenticated user
AuthenticationManager authManager = AuthenticationManager.getInstance();
@@ -464,7 +474,8 @@ public class IndexAction extends BasicAction {
dbuser.isIsMandateUser(),
true,
nameID.getValue(),
- nameID.getFormat());
+ nameID.getFormat(),
+ sessionExpired);
//store user as authenticated user
AuthenticationManager authManager = AuthenticationManager.getInstance();
@@ -491,7 +502,8 @@ public class IndexAction extends BasicAction {
ismandateuser,
true,
nameID.getValue(),
- nameID.getFormat());
+ nameID.getFormat(),
+ sessionExpired);
//store user as authenticated user
AuthenticationManager authManager = AuthenticationManager.getInstance();
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
index 5799c88b2..8e0f0b7f8 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
@@ -449,7 +449,7 @@ public class UserManagementAction extends BasicAction {
}
- String message = new String();
+ String message = LanguageHelper.getErrorString("error.mail.send", request);
if (authUser != null) {
UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID());
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java
new file mode 100644
index 000000000..08cd7c59d
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/ConfigurationEncryptionUtils.java
@@ -0,0 +1,79 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.configuration.utils;
+
+import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
+import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
+import at.gv.egovernment.moa.id.util.AbstractEncrytionUtil;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class ConfigurationEncryptionUtils extends AbstractEncrytionUtil {
+
+ private static ConfigurationEncryptionUtils instance = null;
+ private static String key = null;
+
+ public static ConfigurationEncryptionUtils getInstance() {
+ if (instance == null) {
+ try {
+ key = ConfigurationProvider.getInstance().getConfigurationEncryptionKey();
+ instance = new ConfigurationEncryptionUtils();
+
+ } catch (Exception e) {
+ Logger.warn("MOAConfiguration encryption initialization FAILED.", e);
+
+ }
+ }
+ return instance;
+ }
+
+ /**
+ * @throws DatabaseEncryptionException
+ */
+ public ConfigurationEncryptionUtils() throws DatabaseEncryptionException {
+ super();
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt()
+ */
+ @Override
+ protected String getSalt() {
+ return "Configuration-Salt";
+
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey()
+ */
+ @Override
+ protected String getKey() {
+ return key;
+
+ }
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
index 9ec8db858..a75f8307d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/utils/UserRequestCleaner.java
@@ -31,6 +31,7 @@ import org.apache.log4j.Logger;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticationManager;
import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
import at.gv.egovernment.moa.id.configuration.helper.DateTimeHelper;
@@ -40,13 +41,14 @@ public class UserRequestCleaner implements Runnable {
private static final Logger log = Logger.getLogger(UserRequestCleaner.class);
- private static final long SESSION_CLEANUP_INTERVAL = 60 * 60; // 60 min
+ private static final long SESSION_CLEANUP_INTERVAL = 5 * 60; // 5 min
public void run() {
while (true) {
try {
ConfigurationProvider config = ConfigurationProvider.getInstance();
+ //clean up user request storage
List<UserDatabase> userrequests = ConfigurationDBRead.getAllOpenUsersRequests();
if (userrequests != null) {
Calendar cal = Calendar.getInstance();
@@ -63,6 +65,9 @@ public class UserRequestCleaner implements Runnable {
}
}
+
+ //clean up active user storage
+ AuthenticationManager.getInstance().removeAllUsersAfterTimeOut();
Thread.sleep(SESSION_CLEANUP_INTERVAL * 1000);
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
index 8bc916e5a..f7d61653d 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/moaconfig/StorkConfigValidator.java
@@ -28,6 +28,10 @@ public class StorkConfigValidator {
if (form.getCpepslist() != null) {
for(CPEPS current : form.getCpepslist()) {
+ // if an existing record got deleted
+ if(null == current)
+ continue;
+
// check country code
String check = current.getCountryCode();
if (MiscUtil.isNotEmpty(check)) {
@@ -46,7 +50,7 @@ public class StorkConfigValidator {
errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.empty",
new Object[] {check}, request ));
}
-
+
// check url
check = current.getURL();
if (MiscUtil.isNotEmpty(check)) {
@@ -60,6 +64,15 @@ public class StorkConfigValidator {
new Object[] {check}, request ));
}
}
+
+ // ensure uniqueness of country code
+ for (CPEPS one : form.getCpepslist())
+ for (CPEPS another : form.getCpepslist())
+ if (null != one && null != another)
+ if (!one.equals(another) && one.getCountryCode().equals(another.getCountryCode())) {
+ errors.add(LanguageHelper.getErrorString("validation.stork.cpeps.duplicate", request));
+ break;
+ }
}
// check qaa
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
index e4e7a0b63..39bfcd36b 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties
@@ -8,8 +8,8 @@ config.04=OpenSAML (PVP2 Login) can not be initialized
config.05=Configuration file not defined
error.title=Fehler:
-error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator.
-error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler auftetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator.
+error.login.internal=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator.
+error.general.text=W\u00E4hrend der Verarbeitung ist ein interner Fehler aufgetreten. Bitte Versuchen Sie es nocheinmal oder kontaktieren Sie den Administrator.
errors.listOAs.noOA=Es wurden keine Online-Applikationen in der Datenbank gefunden.
errors.listIDPs.noIDP=Es wurden kein IdentityProvider f\u00FCr Interfederation in der Datenbank gefunden.
errors.edit.oa.oaid=Es wurde keine g\u00FCtige Online-Applikations-ID \u00FCbergeben.
@@ -200,6 +200,15 @@ webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template
webpages.oaconfig.general.bku.sendassertion.filename=Dateiname
webpages.oaconfig.general.bku.sendassertion.upload=Neues Template hochladen
+webpages.oaconfig.bPKEncDec.header=Fremd-bPK Konfiguration
+webpages.oaconfig.bPKEncDec.keystore.header=KeyStore Konfiguration
+webpages.oaconfig.bPKEncDec.filename=Dateiname
+webpages.oaconfig.bPKEncDec.delete=L\u00F6schen
+webpages.oaconfig.bPKEncDec.upload=KeyStore hochladen
+webpages.oaconfig.bPKEncDec.keyStorePassword=KeyStore Password
+webpages.oaconfig.bPKEncDec.keyAlias=Schl\u00FCsselname
+webpages.oaconfig.bPKEncDec.keyPassword=Schl\u00FCsselpassword
+
webpages.oaconfig.general.identification=Eindeutiger Identifikatior (PublicURLPrefix)
webpages.oaconfig.general.mandate.header=Vollmachten
webpages.oaconfig.general.mandate.profiles=Profile
@@ -449,10 +458,20 @@ validation.general.sendassertion.file.valid=Das Send-Assertion Templates konnte
validation.general.sendassertion.file.selected=Es kann nur EIN Send-Assertion Template angegeben werden.
validation.general.testcredentials.oid.valid=Die Testdaten OID {0} ist ung\u00FCltig.
+validation.bPKDec.keyStorePassword.empty=Das Password f\u00FCr den KeyStore ist leer.
+validation.bPKDec.keyStorePassword.valid=Das Password f\u00FCr den KeyStore enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.bPKDec.keyAlias.empty=Der Schl\u00FCsselname ist leer.
+validation.bPKDec.keyAlias.valid=Der Schl\u00FCsselname enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.bPKDec.keyPassword.empty=Das Password f\u00FCr den privaten Schl\u00FCssel ist leer.
+validation.bPKDec.keyPassword.valid=Das Password f\u00FCr den privaten Schl\u00FCssel enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.bPKDec.keyStore.filename.valid=Der Dateiname des KeyStores enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0}
+validation.bPKDec.keyStore.file.valid=Der KeyStore konnte nicht geladen oder ge\u00F6ffnet werden. Eventuell sind das Passwort oder der Schl\u00FCsselname nicht korrekt.
+validation.bPKDec.keyStore.file.selected=Es kann nur EIN KeyStore angegeben werden.
validation.stork.cpeps.cc=CPEPS L\u00E4ndercode folgt nicht ISO 3166-2
validation.stork.cpeps.empty=CPEPS Konfiguration ist unvollst\u00E4ndig
validation.stork.cpeps.url=CPEPS URL ist ung\u00FCltig
+validation.stork.cpeps.duplicate=L\u00E4ndercodes sind nicht eindeutig
validation.stork.requestedattributes=STORK Attribute sind fehlerhaft. Bsp.: attr1, attr2
validation.stork.qaa.outofrange=G\u00FCltige QAA Werte sind 1, 2, 3, und 4
validation.stork.attributes.empty=Es muss mindestens ein Attribut definiert sein
diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
index dcf36103b..07c8d708d 100644
--- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
+++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties
@@ -196,12 +196,21 @@ webpages.oaconfig.general.testing.oids=Use special test credential OIDs
webpages.oaconfig.general.bku.delete=Remove
webpages.oaconfig.general.bku.bkuselection.header=CCE-Selection Template
-webpages.oaconfig.general.bku.bkuselection.filename=File name
+webpages.oaconfig.general.bku.bkuselection.filename=Filename
webpages.oaconfig.general.bku.bkuselection.upload=Upload new template
webpages.oaconfig.general.bku.sendassertion.header=Send-Assertion Template
-webpages.oaconfig.general.bku.sendassertion.filename=File name
+webpages.oaconfig.general.bku.sendassertion.filename=Filename
webpages.oaconfig.general.bku.sendassertion.upload=Upload new template
+webpages.oaconfig.bPKEncDec.header=Foreign-bPK Configuration
+webpages.oaconfig.bPKEncDec.keystore.header=Keystore configuration
+webpages.oaconfig.bPKEncDec.filename=Filename
+webpages.oaconfig.bPKEncDec.delete=Remove
+webpages.oaconfig.bPKEncDec.upload=Upload new keystore
+webpages.oaconfig.bPKEncDec.keyStorePassword=Keystore password
+webpages.oaconfig.bPKEncDec.keyAlias=Key alias
+webpages.oaconfig.bPKEncDec.keyPassword=Key password
+
webpages.oaconfig.general.identification=Unique identifier (PublicURLPrefix)
webpages.oaconfig.general.mandate.header=Mandates
webpages.oaconfig.general.mandate.profiles=Profile
@@ -335,7 +344,7 @@ webpages.openadminrequests.users.header=User accounts
webpages.openadminrequests.oas.header=Online-Applications
-validation.newuser.mailaddress=Validation of eMail address could not be completed.
+validation.newuser.mailaddress=Validation of eMail address completed.
validation.edituser.familyname.empty=The surname is blank.
validation.edituser.familyname.valid=The surname contains forbidden characters. The following characters are not allowed\: {0}
@@ -447,9 +456,20 @@ validation.general.sendassertion.file.valid=Send-Assertion Templates could not b
validation.general.sendassertion.file.selected=Only one Send-Assertion Template can be provided.
validation.general.testcredentials.oid.valid=The OID {0} for test credentials is not a valid.
+validation.bPKDec.keyStorePassword.empty=KeyStore password is blank.
+validation.bPKDec.keyStorePassword.valid=The keyStore password contains forbidden characters. The following characters are not allowed\: {0}
+validation.bPKDec.keyAlias.empty=Key alias is blank.
+validation.bPKDec.keyAlias.valid=The key alias contains forbidden characters. The following characters are not allowed\: {0}
+validation.bPKDec.keyPassword.empty=Key password is blank.
+validation.bPKDec.keyPassword.valid=The key password contains forbidden characters. The following characters are not allowed\: {0}
+validation.bPKDec.keyStore.filename.valid=The keyStore filename contains forbidden characters. The following characters are not allowed\: {0}
+validation.bPKDec.keyStore.file.valid=KeyStore can not loaded. Maybe keyStore password or key alias are wrong.
+validation.bPKDec.keyStore.file.selected=Only one keyStore can be provided.
+
validation.stork.cpeps.cc=CPEPS country code is not based on 3166-2
validation.stork.cpeps.empty=CPEPS configuration is incomplete
validation.stork.cpeps.url=CPEPS URL is invalid
+validation.stork.cpeps.duplicate=Country codes are not unique
validation.stork.requestedattributes=STORK attributes are incorrect. Example: attr1, attr2
validation.stork.qaa.outofrange=Valid QAA values are 1, 2, 3, and 4
validation.stork.attributes.empty=Only one attribute can be provided
diff --git a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml
index a6fe50269..d247faa1e 100644
--- a/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml
+++ b/id/ConfigWebTool/src/main/webapp/WEB-INF/web.xml
@@ -120,6 +120,10 @@
<url-pattern>/*</url-pattern>
</filter-mapping>
+ <session-config>
+ <session-timeout>45</session-timeout>
+ </session-config>
+
<welcome-file-list>
<welcome-file>/index.action</welcome-file>
diff --git a/id/ConfigWebTool/src/main/webapp/js/common.js b/id/ConfigWebTool/src/main/webapp/js/common.js
index 32e79bb66..f7ef2c415 100644
--- a/id/ConfigWebTool/src/main/webapp/js/common.js
+++ b/id/ConfigWebTool/src/main/webapp/js/common.js
@@ -230,6 +230,9 @@ function newPeps() {
var lastindex = 1;
}
var nextindex = lastindex + 1;
+
+ clone.innerHTML = clone.innerHTML.replace(/[A-Z]{2}</, '<');
+ clone.innerHTML = clone.innerHTML.replace(/<input.*type="hidden".*>/, '<div id="wwgrp_loadGeneralConfig_storkconfig_cpepslist_0__countryCode" class="wwgrp"> <div id="wwctrl_loadGeneralConfig_storkconfig_cpepslist_0__countryCode" class="wwctrl"> <input id="loadGeneralConfig_storkconfig_cpepslist_0__countryCode" class="textfield_short" type="text" value="IT" name="storkconfig.cpepslist[0].countryCode"> </div> </div>');
clone.innerHTML = clone.innerHTML.replace(/name="storkconfig.cpepslist\[\d/g, 'name="storkconfig.cpepslist[' + nextindex);
clone.innerHTML = clone.innerHTML.replace(/(.*" value=").*?(".*)/g, '$1$2');
target.parentNode.appendChild(clone);
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
index 6f266f865..bf5625419 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editMOAConfig.jsp
@@ -249,13 +249,15 @@
labelposition="left" />
<h4><%=LanguageHelper.getGUIString("webpages.moaconfig.stork.pepslist", request) %></h4>
<table id="stork_pepslist">
- <tr><th>Country Shortcode</th><th>PEPS URL</th>
+ <tr><th>Country Shortcode</th><th>PEPS URL</th><th>Supports XMLSignatures</th>
<s:iterator value="storkconfig.cpepslist" status="stat">
- <tr><td><s:textfield name="storkconfig.cpepslist[%{#stat.index}].countryCode" value="%{countryCode}" cssClass="textfield_short"/></td>
+ <tr><td><s:hidden name="storkconfig.cpepslist[%{#stat.index}].hjid" property="%{hjid}"/>
+ <s:property value="%{countryCode}" /></td>
<td><s:textfield name="storkconfig.cpepslist[%{#stat.index}].URL" value="%{URL}" cssClass="textfield_long"/></td>
+ <td><s:checkbox name="storkconfig.cpepslist[%{#stat.index}].supportsXMLSignature" value="%{supportsXMLSignature}" /></td>
<td><input type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.removepeps", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr>
</s:iterator>
- <s:if test="%{storkconfig.cpepslist == null}">
+ <s:if test="%{storkconfig.cpepslist == null || storkconfig.cpepslist.isEmpty}">
<tr><td><s:textfield name="storkconfig.cpepslist[0].countryCode" value="CC" cssClass="textfield_short"/></td>
<td><s:textfield name="storkconfig.cpepslist[0].URL" value="http://" cssClass="textfield_long"/></td>
<td><input type="button" value="<%=LanguageHelper.getGUIString("webpages.moaconfig.stork.removepeps", request) %>" onclick='this.parentNode.parentNode.parentNode.removeChild(this.parentNode.parentNode);'/></td></tr>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
index a3541c9a7..c56ad4847 100644
--- a/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
+++ b/id/ConfigWebTool/src/main/webapp/jsp/editOAGeneral.jsp
@@ -39,6 +39,8 @@
<s:include value="snippets/OA/targetConfiguration.jsp"></s:include>
<s:include value="snippets/OA/authentication.jsp"></s:include>
+
+ <s:include value="snippets/OA/bPKDecryption.jsp"></s:include>
<s:include value="snippets/OA/sso.jsp"></s:include>
@@ -82,7 +84,7 @@
</div>
<s:include value="snippets/OA/formCustomization.jsp"></s:include>
-
+
<s:hidden name="formID"
value="%{formID}"></s:hidden>
diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/bPKDecryption.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/bPKDecryption.jsp
new file mode 100644
index 000000000..9f506e7da
--- /dev/null
+++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/bPKDecryption.jsp
@@ -0,0 +1,75 @@
+<%@page import="at.gv.egovernment.moa.id.configuration.helper.LanguageHelper"%>
+<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
+<%@ taglib prefix="s" uri="/struts-tags" %>
+
+<html>
+ <div class="oa_config_block">
+ <h3><%=LanguageHelper.getGUIString("webpages.oaconfig.bPKEncDec.header", request) %></h3>
+
+<!-- <div class="oa_protocol_area"> -->
+ <%-- <h4><%=LanguageHelper.getGUIString("webpages.oaconfig.bPKEncDec.keystore.header", request) %></h4> --%>
+ <s:iterator value="%{BPKEncDecr.keyStoreFileUploadFileName}" var="fileNameBKU">
+ <div class="floatClass">
+ <s:label key="webpages.oaconfig.bPKEncDec.filename"
+ value="%{fileNameBKU}"/>
+ <s:label key="webpages.oaconfig.bPKEncDec.keyAlias"
+ value="%{BPKEncDecr.keyAlias}"/>
+ <s:checkbox key="webpages.oaconfig.bPKEncDec.delete"
+ labelposition="left"
+ cssClass="checkbox"
+ name="BPKEncDecr.deletekeyStore"></s:checkbox>
+ </div>
+ <s:if test="BPKEncDecr.validationError">
+ <div id="pvp2_certificate_upload">
+ <s:file name="BPKEncDecr.keyStoreFileUpload" key="webpages.oaconfig.bPKEncDec.upload" cssClass="textfield_long"></s:file>
+ <s:password name="BPKEncDecr.keyStorePassword"
+ labelposition="left"
+ key="webpages.oaconfig.bPKEncDec.keyStorePassword"
+ cssClass="textfield_long"
+ showPassword="false">
+ </s:password>
+
+ <s:textfield name="BPKEncDecr.keyAlias"
+ value="%{BPKEncDecr.keyAlias}"
+ labelposition="left"
+ key="webpages.oaconfig.bPKEncDec.keyAlias"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:password name="BPKEncDecr.keyPassword"
+ labelposition="left"
+ key="webpages.oaconfig.bPKEncDec.keyPassword"
+ cssClass="textfield_long"
+ showPassword="false">
+ </s:password>
+ </div>
+ </s:if>
+ </s:iterator>
+ <s:if test="BPKEncDecr.keyStoreFileUploadFileName.size() == 0">
+ <div id="pvp2_certificate_upload">
+ <s:file name="BPKEncDecr.keyStoreFileUpload" key="webpages.oaconfig.bPKEncDec.upload" cssClass="textfield_long"></s:file>
+
+ <s:password name="BPKEncDecr.keyStorePassword"
+ labelposition="left"
+ key="webpages.oaconfig.bPKEncDec.keyStorePassword"
+ cssClass="textfield_long">
+ </s:password>
+
+ <s:textfield name="BPKEncDecr.keyAlias"
+ value="%{BPKEncDecr.keyAlias}"
+ labelposition="left"
+ key="webpages.oaconfig.bPKEncDec.keyAlias"
+ cssClass="textfield_long">
+ </s:textfield>
+
+ <s:password name="BPKEncDecr.keyPassword"
+ labelposition="left"
+ key="webpages.oaconfig.bPKEncDec.keyPassword"
+ cssClass="textfield_long">
+ </s:password>
+ </div>
+ </s:if>
+<!-- </div> -->
+
+ </div>
+</html> \ No newline at end of file
diff --git a/id/assembly-auth.xml b/id/assembly-auth.xml
index 370fbc32b..3e50bb300 100644
--- a/id/assembly-auth.xml
+++ b/id/assembly-auth.xml
@@ -15,6 +15,7 @@
<outputDirectory>/</outputDirectory>
<excludes>
<exclude>**/conf/Catalina/**</exclude>
+ <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude>
</excludes>
</fileSet>
<fileSet>
@@ -39,6 +40,13 @@
</excludes>
</fileSet>
<fileSet>
+ <directory>${basedir}/id/server/data/deploy/conf</directory>
+ <outputDirectory>/doc/conf</outputDirectory>
+ <excludes>
+ <exclude>${basedir}/id/server/data/deploy/conf/moa-id-proxy/**</exclude>
+ </excludes>
+ </fileSet>
+ <fileSet>
<directory>${basedir}/id</directory>
<outputDirectory>/</outputDirectory>
<includes>
diff --git a/id/history.txt b/id/history.txt
index 8321e2085..8f0eaa8d8 100644
--- a/id/history.txt
+++ b/id/history.txt
@@ -1,7 +1,38 @@
Dieses Dokument zeigt die Veränderungen und Erweiterungen
von MOA-ID auf.
-History MOA-ID:
+Version MOA-ID Release 2.1.1: Änderungen seit Version MOA-ID 2.1.0
+- Neuerungen:
+ - Verarbeitung von verschlüsselten bPKs auf Seiten von MOA-ID-Auth
+
+- Änderungen
+ - Anpassung VIDP Code für STORK
+ - Anpassung des Codes für IDP Interfederation
+ - Neue A-Trust Zertifikate
+ - Kleinere Bug-Fixes
+ - Libraries aktualisiert:
+ > org.apache.struts:struts2-core 2.3.16.3
+ > org.apache.struts:struts2-json-plugin 2.3.16.3
+ > joda-time:joda-time 2.4
+ > org.slf4j:jcl-over-slf4j 1.7.7
+ > org.slf4j:jul-to-slf4j 1.7.7
+ > org.slf4j:slf4j-api 1.7.7
+ > org.slf4j:slf4j-log4j12 1.7.7
+ > mysql:mysql-connector-java 5.1.32
+ > org.hibernate:hibernate-core 4.3.6.Final
+ > org.hibernate:hibernate-entitymanager 4.3.6.Final
+ > org.hibernate:hibernate-c3p0 4.3.6.Final
+ > com.google.http-client:google-http-client-jackson2 1.19.0
+ > com.google.oauth-client:google-oauth-client-jetty 1.19.0
+ > org.apache.commons:commons-lang3 3.3.2
+ > commons-codec:commons-codec 1.9
+ > commons-logging:commons-logging 1.2
+ > xerces:xercesImpl 2.11.0
+ > postgresql:postgresql 9.3-1102-jdbc41
+ > junit:junit 3.8.2
+
+
+-------------------------------------------------------------------------------
Version MOA-ID Release 2.1.0: Änderungen seit Version MOA-ID 2.0.1
- Änderungen
- Anpassung VIDP Code für STORK
@@ -14,6 +45,8 @@ Version MOA-ID Release 2.1.0: Änderungen seit Version MOA-ID 2.0.1
- MOA-ID Truststore wird auch für Bezug PVP 2.1 metadaten über https verwendet.
- Definition neuer Fehlercodes
+
+-------------------------------------------------------------------------------
Version MOA-ID Release 2.0.1: Änderungen seit Version MOA-ID 2.0.0
- Änderungen:
- Anpassungen VIDP Code für STORK
@@ -25,6 +58,7 @@ Version MOA-ID Release 2.0.1: Änderungen seit Version MOA-ID 2.0.0
- MOA-ID-Konfigurationstool mit Sprachauswahl
+-------------------------------------------------------------------------------
Version MOA-ID Release 2.0.0: Änderungen seit Version MOA-ID 2.0-RC1
- Änderungen:
- Speicherung von applikationsspezifischen Vollmachtsprofilen angepasst
@@ -38,8 +72,7 @@ Version MOA-ID Release 2.0.0: Änderungen seit Version MOA-ID 2.0-RC1
- Verwendung als STORK2 VIDP
-=====
-
+-------------------------------------------------------------------------------
Version MOA-ID Pre-Release 2.0-RC1: Änderungen seit Version MOA-ID 1.5.1
- Neuerungen:
- Unterstützung der Authentifizierungsprotokolle PVP 2.1 und OpenID Connect
@@ -59,8 +92,8 @@ Version MOA-ID Pre-Release 2.0-RC1: Änderungen seit Version MOA-ID 1.5.1
- Fixed Bug http://mail-archives.apache.org/mod_mbox/www-announce/201402.mbox/%3C52F373FC.9030907@apache.org%3E
-=====
+-------------------------------------------------------------------------------
Version MOA-ID 1.5.1: Änderungen seit Version MOA-ID 1.5.0:
- Fixed Bug #556 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=556&group_id=6&atid=105)
- Fixed Bug #557 (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=557&group_id=6&atid=105)
@@ -570,7 +603,7 @@ Version MOA-ID 1.2.0d3: Änderungen seit Version MOA-ID 1.1.1:
Verbesserungen/Erweiterungen:
- Umstellung von vPK auf bPK; von ZMR auf Stammzahl.
https://forge.cio.gv.at/bugzilla/show_bug.cgi?id=70
+
- Anpassbare JSP Errorpage und Messagepage für Proxy und Auth
Damit die Formatierungen der Benutzermeldungen an die Kundenwünsche
und das CI der Kunden angepasst werden können, wird JSP
@@ -586,7 +619,7 @@ Verbesserungen/Erweiterungen:
Durch die Angabe des Attributs ‚keyBoxIdentifier’ im Element
OnlineApplication eine Auswahl des Schlüsselpaars erfolgen.
https://forge.cio.gv.at/bugzilla/show_bug.cgi?id=105
+
- Anpassbare JSP Errorpage für MOA-ID Proxy und MOA-ID Auth
https://forge.cio.gv.at/bugzilla/show_bug.cgi?id=70
@@ -595,8 +628,8 @@ Verbesserungen/Erweiterungen:
- Ergänzung der mitgelieferten Konfiguration
(certstore, trustprofiles auch für Testbürgerkarten)
- https://forge.cio.gv.at/bugzilla/show_bug.cgi?id=120 
+ https://forge.cio.gv.at/bugzilla/show_bug.cgi?id=120
+
Fixes:
- Daten die aus MOA-ID-PROXY an eine OA mittels der
Authentisierungsvariante ParamAuth weitergegeben werden,
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
index 11cc020ff..b87865989 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/servlet/pvp2/SingleLogOut.java
@@ -43,6 +43,7 @@ import org.opensaml.common.binding.BasicSAMLMessageContext;
import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPPostEncoder;
+import org.opensaml.saml2.binding.encoding.HTTPRedirectDeflateEncoder;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
import org.opensaml.saml2.core.AuthnRequest;
@@ -163,7 +164,7 @@ public class SingleLogOut extends HttpServlet {
idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleLogoutServices()) {
//Get the service address for the binding you wish to use
- if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) {
+ if (sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI)) {
redirectEndpoint = sss;
}
}
@@ -182,28 +183,15 @@ public class SingleLogOut extends HttpServlet {
signer.setSigningCredential(authcredential);
sloReq.setSignature(signer);
- //generate Http-POST Binding message
- VelocityEngine engine = new VelocityEngine();
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.OUTPUT_ENCODING, "UTF-8");
- engine.setProperty(RuntimeConstants.ENCODING_DEFAULT, "UTF-8");
- engine.setProperty(RuntimeConstants.RESOURCE_LOADER, "classpath");
- engine.setProperty("classpath.resource.loader.class",
- "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
- engine.setProperty(RuntimeConstants.RUNTIME_LOG_LOGSYSTEM_CLASS,
- "org.apache.velocity.runtime.log.SimpleLog4JLogSystem");
- engine.init();
-
- HTTPPostEncoder encoder = new HTTPPostEncoder(engine,
- "templates/pvp_postbinding_template.html");
+ HTTPRedirectDeflateEncoder encoder = new HTTPRedirectDeflateEncoder();
HttpServletResponseAdapter responseAdapter = new HttpServletResponseAdapter(
- response, true);
+ response
+ , true);
BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject> context = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
SingleSignOnService service = new SingleSignOnServiceBuilder()
.buildObject();
- service.setBinding("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST");
- service.setLocation(redirectEndpoint.getLocation());;
-
+ service.setBinding(SAMLConstants.SAML2_REDIRECT_BINDING_URI);
+ service.setLocation(redirectEndpoint.getLocation());
context.setOutboundSAMLMessageSigningCredential(authcredential);
context.setPeerEntityEndpoint(service);
context.setOutboundSAMLMessage(sloReq);
diff --git a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
index 18c91cfdc..eecb691c0 100644
--- a/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
+++ b/id/oa/src/main/java/at/gv/egovernment/moa/id/demoOA/utils/AttributeListBuilder.java
@@ -70,7 +70,9 @@ public class AttributeListBuilder implements PVPConstants{
requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BIRTHDATE_NAME, MANDATE_NAT_PER_BIRTHDATE_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_BPK_NAME, MANDATE_NAT_PER_BPK_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_FAMILY_NAME_NAME, MANDATE_NAT_PER_FAMILY_NAME_FRIENDLY_NAME, false));
- requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_GIVEN_NAME_NAME, MANDATE_NAT_PER_GIVEN_NAME_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_SOURCE_PIN_NAME, MANDATE_NAT_PER_SOURCE_PIN_FRIENDLY_NAME, false));
+ requestedAttributes.add(buildReqAttribute(MANDATE_NAT_PER_SOURCE_PIN_TYPE_NAME, MANDATE_NAT_PER_SOURCE_PIN_TYPE_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(MANDATE_REFERENCE_VALUE_NAME, MANDATE_REFERENCE_VALUE_FRIENDLY_NAME, false));
requestedAttributes.add(buildReqAttribute(MANDATE_PROF_REP_OID_NAME, MANDATE_PROF_REP_OID_FRIENDLY_NAME, false));
diff --git a/id/readme_2.1.0.txt b/id/readme_2.1.0.txt
new file mode 100644
index 000000000..9b5c7d05d
--- /dev/null
+++ b/id/readme_2.1.0.txt
@@ -0,0 +1,188 @@
+===============================================================================
+MOA ID Version Release 2.1.0 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 2.0.1 wurden folgende Neuerungen eingeführt, die jetzt
+erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im
+gleichen Verzeichnis):
+
+- Neuerungen:
+ - IDP Interfederation für Single Sign-On
+ - MOA-ID Truststore wird auch für Bezug PVP 2.1 metadaten über https verwendet.
+ - Definition neuer Fehlercodes
+ - Single LogOut Unterstützung für PVP 2.1 (SAML2) als Feature mit Betastatus
+
+- Änderungen
+ - Anpassung VIDP Code für STORK
+ - MOA-ID-Konfigurationstool mit überarbeiteter Online-Applikationskonfiguration
+ - Anpassung der protokollspezifischen Fehlerrückgabe
+ - Anpassungen für die Verwendung von Oracle Datenbanksystemen
+ - Kleinere Bug-Fixes
+
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 2.0.1
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) general.ssl.certstore=certs/certstore
+ b.) general.ssl.truststore=certs/truststore
+
+8. Kopieren des folgenden zusätzlichen Ordners MOA_ID_AUTH_INST/conf/moa-id-configuration/certs
+ nach CATALINA_HOME\conf\moa-id-configuration\
+
+9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar.
+ a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
+ protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+
+10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/
+ nach CATALINA_HOME\conf\moa-id\
+ a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\
+ b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
+ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
+
+11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen
+ zwei Varianten zur Verfügung.
+ a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth
+ CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile
+ moasession.hibernate.hbm2ddl.auto=update
+ zu
+ moasession.hibernate.hbm2ddl.auto=create
+ Danach werden die Tabellen beim nächsten Startvorgang neu generiert.
+
+ b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson
+ Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert.
+
+12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 2.0-RC1
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+ Für MOA ID Proxy:
+ Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+8. Update der Default html-Templates für die Bürgerkartenauswahl.
+
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
+
+9. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties
+
+ a.) configuration.validation.certificate.QC.ignore=false
+ b.) protocols.pvp2.assertion.encryption.active=false
+
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.3 Durchführung eines Updates von Version <= 1.5.1
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/readme_2.1.1.txt b/id/readme_2.1.1.txt
new file mode 100644
index 000000000..4d9c2960f
--- /dev/null
+++ b/id/readme_2.1.1.txt
@@ -0,0 +1,256 @@
+===============================================================================
+MOA ID Version Release 2.1.1 - Wichtige Informationen zur Installation
+===============================================================================
+
+-------------------------------------------------------------------------------
+A. Neuerungen/Änderungen
+-------------------------------------------------------------------------------
+
+Mit MOA ID Version 2.1.1 wurden folgende Neuerungen eingeführt, die jetzt
+erstmals in der Veröffentlichung enthalten sind (siehe auch history.txt im
+gleichen Verzeichnis):
+
+- Neuerungen:
+ - Verarbeitung von verschlüsselten bPKs auf Seiten von MOA-ID-Auth
+
+- Änderungen
+ - Anpassung VIDP Code für STORK
+ - Anpassung des Codes für IDP Interfederation
+ - Kleinere Bug-Fixes
+ - Update von Libraries
+-------------------------------------------------------------------------------
+B. Durchführung eines Updates
+-------------------------------------------------------------------------------
+
+Es wird generell eine Neuinstallation lt. Handbuch empfohlen! Dennoch ist auch
+eine Aktualisierung bestehender Installationen möglich. Je nachdem von welcher
+MOA-ID Version ausgegangen wird ergibt sich eine Kombination der nachfolgend angebebenen Updateschritte.
+
+...............................................................................
+B.1 Durchführung eines Updates von Version 2.1.0 auf Version 2.1.1
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Hinzufügen der zusätzlichen Konfigurationsparameter in der
+ MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) general.moaconfig.key=..... (Passwort zum Ver- und
+ Entschlüsseln von Konfigurationsparametern in der Datenbank)
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth
+ Konfigurationsdatei CATALINA_HOME\conf\moa-id\moa-id.properties
+ a.) configuration.moaconfig.key=..... (Passwort zum Ver- und
+ Entschlüsseln von Konfigurationsparametern in der Datenbank)
+
+8. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+9. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+10. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.2 Durchführung eines Updates von Version 2.0.1 auf Version 2.1.0
+...............................................................................
+ 1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.1.0.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+7. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Configuration Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id-configuration\moa-id-configtool.properties
+ a.) general.ssl.certstore=certs/certstore
+ b.) general.ssl.truststore=certs/truststore
+
+8. Kopieren des folgenden zusätzlichen Ordners MOA_ID_AUTH_INST/conf/moa-id-configuration/certs
+ nach CATALINA_HOME\conf\moa-id-configuration\
+
+9. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties und Anpassung an das zu verwendeten Schlüsselpaar.
+ a.) protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
+ protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
+
+10. Kopieren der folgenden zusätzlichen Ordner aus MOA_ID_AUTH_INST/conf/moa-id/
+ nach CATALINA_HOME\conf\moa-id\
+ a.) MOA_ID_AUTH_INST/conf/moa-id/SLTemplates -> CATALINA_HOME\conf\moa-id\
+ b.) MOA_ID_AUTH_INST/conf/moa-id/htmlTemplates/slo_template.html ->
+ CATALINA_HOME/conf/moa-id/htmlTemplates/slo_template.html
+
+11. Neuinitialisieren des Datenbank Schema für die MOA-Session. Hierfür stehen
+ zwei Varianten zur Verfügung.
+ a.) Ändern Sie in der Konfigurationsdatei für das Modul MOA-ID-Auth
+ CATALINA_HOME\conf\moa-id\moa-id.properties die Zeile
+ moasession.hibernate.hbm2ddl.auto=update
+ zu
+ moasession.hibernate.hbm2ddl.auto=create
+ Danach werden die Tabellen beim nächsten Startvorgang neu generiert.
+
+ b.) Löschen Sie alle Tabellen aus dem Datenbank Schema für die MOA-Sessixson
+ Informationen per Hand. Alle Tabellen werden beim nächsten Start autmatisch neu generiert.
+
+12 . Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.3 Durchführung eines Updates von Version 2.0-RC1 auf Version 2.0.1
+...............................................................................
+
+1. Stoppen Sie den Tomcat, in dem Ihre bisherige Installation betrieben wird.
+ Fertigen Sie eine Sicherungskopie Ihrer kompletten Tomcat-Installation an.
+
+2. Entpacken Sie die Distribution von MOA-ID-Auth (moa-id-auth-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_AUTH_INST
+ bezeichnet.
+ Für MOA ID Proxy:
+ Entpacken Sie die Distribution von MOA-ID-Proxy (moa-id-proxy-2.0.1.zip) in
+ ein temporäres Verzeichnis, in weiterer Folge als MOA_ID_PROXY_INST
+ bezeichnet.
+
+3. Wechseln Sie in jenes Verzeichnis, das die Webapplikation von MOA ID Auth
+ beinhaltet (für gewöhnlich ist dieses Verzeichnis CATALINA_HOME_ID/webapps,
+ wobei CATALINA_HOME_ID für das Basisverzeichnis der Tomcat-Installation
+ für MOA ID steht). Löschen Sie darin sowohl die Datei moa-id-auth.war als
+ auch das komplette Verzeichnis moa-id-auth.
+
+4. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-auth.war nach
+ CATALINA_HOME_ID/webapps.
+
+5. Kopieren Sie die Datei MOA_ID_AUTH_INST/moa-id-configuration.war nach
+ CATALINA_HOME_ID/webapps.
+
+6. Update des Cert-Stores.
+ Kopieren Sie den Inhalt des Verzeichnisses
+ MOA_ID_INST_AUTH\conf\moa-spss\certstore in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss\certstore. Wenn Sie gefragt werden, ob Sie
+ vorhandene Dateien oder Unterverzeichnisse überschreiben sollen, dann
+ bejahen sie das.
+
+7. Update der Trust-Profile. Wenn Sie Ihre alten Trust-Profile durch die Neuen ersetzen
+ wollen, dann gehen Sie vor, wie in Punkt a). Wenn Sie Ihre eigenen Trust-Profile
+ beibehalten wollen, dann gehen Sie vor, wie in Punkt b).
+
+ a. Gehen Sie wie folgt vor, um die Trust-Profile auszutauschen:
+
+ 1) Löschen Sie das Verzeichnis CATALINA_HOME\conf\moa-spss\trustprofiles.
+ 2) Kopieren Sie das Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles in das Verzeichnis
+ CATALINA_HOME\conf\moa-spss.
+
+ b. Falls Sie Ihre alten Trust-Profile beibehalten wollen, gehen Sie wie
+ folgt vor, um die Profile auf den aktuellen Stand zu bringen:
+
+ 1) Ergänzen Sie ihre Trustprofile durch alle Zertifikate aus den
+ entsprechenden Profilen im Verzeichnis
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles, die nicht in Ihren
+ Profilen enthalten sind. Am einfachsten ist es, wenn Sie den Inhalt
+ der einzelnen Profile aus der Distribution
+ (MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles) in die entsprechenden
+ Profile Ihrer Installation (CATALINA_HOME\conf\moa-spss\trustProfiles)
+ kopieren und dabei die vorhandenen gleichnamigen Zertifikate
+ überschreiben), also z.B: Kopieren des Inhalts von
+ MOA_ID_INST_AUTH\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten nach
+ CATALINA_HOME\conf\moa-spss\trustProfiles\
+ MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten usw.
+
+8. Update der Default html-Templates für die Bürgerkartenauswahl.
+
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\htmlTemplates.
+ b.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id-configuration\htmlTemplates
+ in das Verzeichnis CATALINA_HOME\conf\moa-id-configuration\htmlTemplates.
+
+9. Update der STORK Konfiguration
+ a.) Kopieren Sie die Dateien aus dem Verzeichnis MOA_ID_INST_AUTH\conf\moa-id\stork
+ in das Verzeichnis CATALINA_HOME\conf\moa-id\stork.
+ b.) Passen Sie die STORK Konfiguration laut Handbuch -> Konfiguration ->
+ 2.4 Konfiguration des SamlEngines an.
+
+10. Hinzufügen der zusätzlichen Konfigurationsparameter in der MOA-ID-Auth Konfigurationsdatei
+ CATALINA_HOME\conf\moa-id\moa-id.properties
+
+ a.) configuration.validation.certificate.QC.ignore=false
+ b.) protocols.pvp2.assertion.encryption.active=false
+
+11. Starten Sie den Tomcat neu, achten Sie auf eventuelle Fehlermeldungen im
+ Logging von MOA ID beim Einlesen der Konfiguration.
+
+
+...............................................................................
+B.4 Durchführung eines Updates von Version <= 1.5.1
+...............................................................................
+
+Bitte führen Sie eine Neuinstallation von MOA ID laut Handbuch durch und passen
+Sie die mitgelieferte Musterkonfiguration entsprechend Ihren Bedürfnissen unter
+Zuhilfenahme Ihrer bisherigen Konfiguration an.
+
diff --git a/id/server/auth/pom.xml b/id/server/auth/pom.xml
index 20c45b096..b43a0e736 100644
--- a/id/server/auth/pom.xml
+++ b/id/server/auth/pom.xml
@@ -98,7 +98,7 @@
<dependency>
<groupId>org.tuckey</groupId>
<artifactId>urlrewritefilter</artifactId>
- <version>4.0.3</version>
+ <version>4.0.4</version>
</dependency>
<dependency>
<groupId>MOA.spss.server</groupId>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
index 23737452a..54debca81 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/urlrewrite.xml
@@ -86,8 +86,8 @@
<to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
- <from>^/stork2/SendPEPSAuthnRequest$</from>
- <to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest&amp;%{query-string}</to>
+ <from>^/stork2/SendPEPSAuthnRequestWithoutSignedDoc$</from>
+ <to type="forward">/dispatcher?mod=id_stork2&amp;action=AuthenticationRequest1&amp;%{query-string}</to>
</rule>
<rule match-type="regex">
<from>^/stork2/RetrieveMandate$</from>
diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 4efda0c79..42085b01e 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -107,6 +107,14 @@
<servlet-class>
at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
</servlet>
+ <servlet>
+ <servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
+ <display-name>PEPSConnectorWithLocalSigningServlet</display-name>
+ <description>Servlet receiving STORK SAML Response Messages from
+ different C-PEPS</description>
+ <servlet-class>
+ at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
+ </servlet>
<!-- Dispatcher servlets
<servlet>
@@ -219,7 +227,10 @@
<servlet-name>PEPSConnectorServlet</servlet-name>
<url-pattern>/PEPSConnector</url-pattern>
</servlet-mapping>
-
+<servlet-mapping>
+ <servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
+ <url-pattern>/PEPSConnectorWithLocalSigning</url-pattern>
+ </servlet-mapping>
<!-- Filters -->
<!-- <filter> <filter-name>DispatcherDecoratorFilter</filter-name> <filter-class>at.gv.egovernment.moa.id.sso.DispatcherDecoratorFilter</filter-class>
</filter> -->
diff --git a/id/server/auth/src/main/webapp/index.html b/id/server/auth/src/main/webapp/index.html
index 4d4529730..968f211bc 100644
--- a/id/server/auth/src/main/webapp/index.html
+++ b/id/server/auth/src/main/webapp/index.html
@@ -14,7 +14,7 @@
</tr>
</table>
<hr/>
- <p class="title">MOA-ID 2.1.0</p>
+ <p class="title">MOA-ID 2.1.1</p>
<hr/>
<h1>Inhalt</h1>
<ol>
diff --git a/id/server/auth/src/main/webapp/template_localBKU.html b/id/server/auth/src/main/webapp/template_localBKU.html
index f197d2c5c..88fad25ae 100644
--- a/id/server/auth/src/main/webapp/template_localBKU.html
+++ b/id/server/auth/src/main/webapp/template_localBKU.html
@@ -11,7 +11,7 @@
</script>
</head>
<body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
+ <form target=<REDIRECTTARGET> name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
<input class="button" type="submit" value="Starte Anmeldung" name="Senden">
<input type="hidden" name="XMLRequest" value="<XMLRequest>">
diff --git a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
index db158ed23..7c71fadcb 100644
--- a/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
+++ b/id/server/data/deploy/conf/moa-id-configuration/moa-id-configtool.properties
@@ -13,6 +13,8 @@ general.defaultlanguage=de
general.ssl.certstore=certs/certstore
general.ssl.truststore=certs/truststore
+general.moaconfig.key=ConfigurationEncryptionKey
+
##Mail
general.mail.host=smtp.localhost...
#general.mail.host.port=
diff --git a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml b/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE.xml
index 1165d8b32..1165d8b32 100644
--- a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE.xml
+++ b/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE.xml
diff --git a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml b/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_EN.xml
index e220b8f82..e220b8f82 100644
--- a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_EN.xml
+++ b/id/server/data/deploy/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_EN.xml
diff --git a/id/server/doc/conf/moa-id-configuration/keys/metadata.crt b/id/server/data/deploy/conf/moa-id-oa/keys/Metadata_Signing.cer
index bd9640b37..bd9640b37 100644
--- a/id/server/doc/conf/moa-id-configuration/keys/metadata.crt
+++ b/id/server/data/deploy/conf/moa-id-oa/keys/Metadata_Signing.cer
diff --git a/id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/data/deploy/conf/moa-id/certs/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
index 592c96230..592c96230 100644
--- a/id/server/doc/conf/moa-spss/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/01540E2704537AA810D671E1C4106FD8821EB52A/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/032F2123890A879585CE96674CA4C37B55986729/E1201A308CC10323C27D9084B048996E44B8F710 b/id/server/data/deploy/conf/moa-id/certs/certstore/032F2123890A879585CE96674CA4C37B55986729/E1201A308CC10323C27D9084B048996E44B8F710
new file mode 100644
index 000000000..a7948e488
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/032F2123890A879585CE96674CA4C37B55986729/E1201A308CC10323C27D9084B048996E44B8F710
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/04462EF01783744F9F4CDE3705FD86D488697C9F/D44EED7580C7792242D73E267A89C7DB25E4BD08 b/id/server/data/deploy/conf/moa-id/certs/certstore/04462EF01783744F9F4CDE3705FD86D488697C9F/D44EED7580C7792242D73E267A89C7DB25E4BD08
new file mode 100644
index 000000000..73434134e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/04462EF01783744F9F4CDE3705FD86D488697C9F/D44EED7580C7792242D73E267A89C7DB25E4BD08
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/083E1A0528C48475951A6610360D813E2713DCC7/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/id/server/data/deploy/conf/moa-id/certs/certstore/083E1A0528C48475951A6610360D813E2713DCC7/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7
new file mode 100644
index 000000000..8c434777e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/083E1A0528C48475951A6610360D813E2713DCC7/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0889EBEC55D9E34E782E6D3C250840EB932EEA2F/9CD9ADF04626E7E8C9A1C8DACE3B0B8A2979C726 b/id/server/data/deploy/conf/moa-id/certs/certstore/0889EBEC55D9E34E782E6D3C250840EB932EEA2F/9CD9ADF04626E7E8C9A1C8DACE3B0B8A2979C726
new file mode 100644
index 000000000..3af27c013
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/0889EBEC55D9E34E782E6D3C250840EB932EEA2F/9CD9ADF04626E7E8C9A1C8DACE3B0B8A2979C726
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/data/deploy/conf/moa-id/certs/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
index cac44093a..cac44093a 100644
--- a/id/server/doc/conf/moa-spss/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/0A5C2C9276B649D088A86BD9FD97E2B95658481D/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/0F843FB1E0C626540BE638B79A2987E2611CE630 b/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/0F843FB1E0C626540BE638B79A2987E2611CE630
new file mode 100644
index 000000000..29d93550e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/0F843FB1E0C626540BE638B79A2987E2611CE630
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/69F21C82DC9A7A940ACEC414593E59C9E61E522F b/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/69F21C82DC9A7A940ACEC414593E59C9E61E522F
new file mode 100644
index 000000000..2a88295a7
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/69F21C82DC9A7A940ACEC414593E59C9E61E522F
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 b/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35
new file mode 100644
index 000000000..84a1690d2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/0AF04E7099C9829BD1F8437362BA0036E0705C4D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/341F53B3B17518213B1856BFAB3CEFBE948AFC0D b/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/341F53B3B17518213B1856BFAB3CEFBE948AFC0D
new file mode 100644
index 000000000..3250c6adc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/341F53B3B17518213B1856BFAB3CEFBE948AFC0D
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/3A24040C01D5C9A4980575BFF99A25E534A056CB b/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/3A24040C01D5C9A4980575BFF99A25E534A056CB
new file mode 100644
index 000000000..3848a2b82
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/0BF5B0C4B029051D91A83EE9CCD0266A52D867A6/3A24040C01D5C9A4980575BFF99A25E534A056CB
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/0FE419AB943E7E5C6A7190CC6BBE8E3F914C658A/FB356CEF4406D1F135E3FC59026B338D3F518F9A b/id/server/data/deploy/conf/moa-id/certs/certstore/0FE419AB943E7E5C6A7190CC6BBE8E3F914C658A/FB356CEF4406D1F135E3FC59026B338D3F518F9A
new file mode 100644
index 000000000..04c6ea363
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/0FE419AB943E7E5C6A7190CC6BBE8E3F914C658A/FB356CEF4406D1F135E3FC59026B338D3F518F9A
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/id/server/data/deploy/conf/moa-id/certs/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
index 32893db7f..32893db7f 100644
--- a/id/server/doc/conf/moa-spss/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/10D143E18C03A4A29F783D26F2F67E3B64C35CB0/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D/E7340D1FB627D8917A9C0D23F21515C441BF1214 b/id/server/data/deploy/conf/moa-id/certs/certstore/10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D/E7340D1FB627D8917A9C0D23F21515C441BF1214
new file mode 100644
index 000000000..fd23a38d6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/10F17BDACD8DEAA1E8F23FBEAE7B3EC3D9773D1D/E7340D1FB627D8917A9C0D23F21515C441BF1214
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/125E4AC6B38C1E0BF34BF7D927CBB947E35141E8/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/id/server/data/deploy/conf/moa-id/certs/certstore/125E4AC6B38C1E0BF34BF7D927CBB947E35141E8/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D
new file mode 100644
index 000000000..1a3106742
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/125E4AC6B38C1E0BF34BF7D927CBB947E35141E8/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/15A052B0DC4E0333656264E2FEEBE45B1BE449BF/386C1663C6390BC288DC171522439210AF361958 b/id/server/data/deploy/conf/moa-id/certs/certstore/15A052B0DC4E0333656264E2FEEBE45B1BE449BF/386C1663C6390BC288DC171522439210AF361958
new file mode 100644
index 000000000..a5e651f86
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/15A052B0DC4E0333656264E2FEEBE45B1BE449BF/386C1663C6390BC288DC171522439210AF361958
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/1607988A938D3D339F40AFB567384BC5B7540935/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/id/server/data/deploy/conf/moa-id/certs/certstore/1607988A938D3D339F40AFB567384BC5B7540935/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2
new file mode 100644
index 000000000..28cb48bb0
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/1607988A938D3D339F40AFB567384BC5B7540935/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/1A283D1183DB82A548427B4F19E99E7A8EA728D7/49969819654C230ECDF779ABB9629A211FCC43D6 b/id/server/data/deploy/conf/moa-id/certs/certstore/1A283D1183DB82A548427B4F19E99E7A8EA728D7/49969819654C230ECDF779ABB9629A211FCC43D6
new file mode 100644
index 000000000..bdfcb7ab1
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/1A283D1183DB82A548427B4F19E99E7A8EA728D7/49969819654C230ECDF779ABB9629A211FCC43D6
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/1BF3C1D2767F5C333AD5531531FEE3A712935B73/D0AF386E182F00983637F97C0A5F4708F9F641A7 b/id/server/data/deploy/conf/moa-id/certs/certstore/1BF3C1D2767F5C333AD5531531FEE3A712935B73/D0AF386E182F00983637F97C0A5F4708F9F641A7
new file mode 100644
index 000000000..eaac3518b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/1BF3C1D2767F5C333AD5531531FEE3A712935B73/D0AF386E182F00983637F97C0A5F4708F9F641A7
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/20DD04B052D2D364E5FF851A3FD314F0FD91253E/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/id/server/data/deploy/conf/moa-id/certs/certstore/20DD04B052D2D364E5FF851A3FD314F0FD91253E/6814C7316CEA7191C9CB3BE58199B4A957210D9C
new file mode 100644
index 000000000..4dd2c49bf
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/20DD04B052D2D364E5FF851A3FD314F0FD91253E/6814C7316CEA7191C9CB3BE58199B4A957210D9C
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/5F06F65C714047E3B282AEC427C35AB703E49D8E b/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/5F06F65C714047E3B282AEC427C35AB703E49D8E
new file mode 100644
index 000000000..39e377edf
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/5F06F65C714047E3B282AEC427C35AB703E49D8E
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/D45360060761812D33DE294EAC1573F6DE12A208 b/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/D45360060761812D33DE294EAC1573F6DE12A208
new file mode 100644
index 000000000..0a1fcff85
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/20EF2EC4E04DF4D51A8F10DFE4249C0024C7A28C/D45360060761812D33DE294EAC1573F6DE12A208
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/22973CFC20EA68162A0B2E837D45FB8266ACDBCF/C529469053D9F95810A8F7F2DB9A6596A7655732 b/id/server/data/deploy/conf/moa-id/certs/certstore/22973CFC20EA68162A0B2E837D45FB8266ACDBCF/C529469053D9F95810A8F7F2DB9A6596A7655732
new file mode 100644
index 000000000..13abede5c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/22973CFC20EA68162A0B2E837D45FB8266ACDBCF/C529469053D9F95810A8F7F2DB9A6596A7655732
Binary files differ
diff --git a/id/server/doc/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/data/deploy/conf/moa-id/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
index 33e776369..33e776369 100644
--- a/id/server/doc/conf/moa-id-configuration/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941
new file mode 100644
index 000000000..d2e7db667
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5
new file mode 100644
index 000000000..f2f1c6562
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0
new file mode 100644
index 000000000..476a3efb2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/DFAE695342AC81A521025904406884399822B233 b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/DFAE695342AC81A521025904406884399822B233
new file mode 100644
index 000000000..5c88b668a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/23A16796B3D718035F1E0DB209A42938767631DA/DFAE695342AC81A521025904406884399822B233
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/2962CDAADFA0BF8EE53B80870C53E551A43EA72A/12B06E039F1A36D8238AFC508009E1ADF88BF66F b/id/server/data/deploy/conf/moa-id/certs/certstore/2962CDAADFA0BF8EE53B80870C53E551A43EA72A/12B06E039F1A36D8238AFC508009E1ADF88BF66F
new file mode 100644
index 000000000..4d1852203
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/2962CDAADFA0BF8EE53B80870C53E551A43EA72A/12B06E039F1A36D8238AFC508009E1ADF88BF66F
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/2C976220B378E08DF5E68CBC54C05CE41224FD29/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/id/server/data/deploy/conf/moa-id/certs/certstore/2C976220B378E08DF5E68CBC54C05CE41224FD29/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38
new file mode 100644
index 000000000..69a8e4872
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/2C976220B378E08DF5E68CBC54C05CE41224FD29/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/2F5DA022AAFF668F34C35A80049D690F3CFE3040/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/id/server/data/deploy/conf/moa-id/certs/certstore/2F5DA022AAFF668F34C35A80049D690F3CFE3040/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D
new file mode 100644
index 000000000..807fa786c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/2F5DA022AAFF668F34C35A80049D690F3CFE3040/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/data/deploy/conf/moa-id/certs/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03
index 376d0753f..376d0753f 100644
--- a/id/server/doc/conf/moa-spss/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/31B5BA02D476873C5220CDCFA0C095C4A31DEFDF/88D6151358A5E3C81D7AE1A536121DC03011BC03
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/data/deploy/conf/moa-id/certs/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317
index 73553b996..73553b996 100644
--- a/id/server/doc/conf/moa-spss/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/328AA897B7E6270202B2FC0889FF88D66BB41122/35A40EF932B1F23980E2C672FC939E91EEBD0317
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/data/deploy/conf/moa-id/certs/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27
index 5171276f4..5171276f4 100644
--- a/id/server/doc/conf/moa-spss/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3314CE3E42175EACC28D57C35F192430BBADAC1A/B1D0BC027906A3B7E7518C93ACB26D978233ED27
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/337F895A0435AA7E2629C5282B5A0DBBE19EE1C7/75F792DE2CF544007F470F1B924961C2BD2EF517 b/id/server/data/deploy/conf/moa-id/certs/certstore/337F895A0435AA7E2629C5282B5A0DBBE19EE1C7/75F792DE2CF544007F470F1B924961C2BD2EF517
new file mode 100644
index 000000000..f8a8957ac
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/337F895A0435AA7E2629C5282B5A0DBBE19EE1C7/75F792DE2CF544007F470F1B924961C2BD2EF517
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/349CA7B279F4EF3C085B1E8D08AA5DE3EC586188/08BBE8E906397158FA4BF4058BBBDB5EA11BAE82 b/id/server/data/deploy/conf/moa-id/certs/certstore/349CA7B279F4EF3C085B1E8D08AA5DE3EC586188/08BBE8E906397158FA4BF4058BBBDB5EA11BAE82
new file mode 100644
index 000000000..167c36411
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/349CA7B279F4EF3C085B1E8D08AA5DE3EC586188/08BBE8E906397158FA4BF4058BBBDB5EA11BAE82
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E b/id/server/data/deploy/conf/moa-id/certs/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E
new file mode 100644
index 000000000..ed5ba194c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3868959083AA986194E58E73798BCD724D785A0E/66AB66128A44574873E54E6584E450C4EB3B9A1E
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3A095C38EB5D5824FE61BE43F9CDF6515DC94805/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA b/id/server/data/deploy/conf/moa-id/certs/certstore/3A095C38EB5D5824FE61BE43F9CDF6515DC94805/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA
new file mode 100644
index 000000000..836ba3767
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3A095C38EB5D5824FE61BE43F9CDF6515DC94805/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/04CF0318BA0B54DD76E1DE143445210BDD32E299 b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/04CF0318BA0B54DD76E1DE143445210BDD32E299
new file mode 100644
index 000000000..8d33015f9
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/04CF0318BA0B54DD76E1DE143445210BDD32E299
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
new file mode 100644
index 000000000..69de75609
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE
new file mode 100644
index 000000000..efa28178e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
new file mode 100644
index 000000000..289fc2198
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/9E0512DD61DA5949D1D8631C3F19D75F496C3733
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
new file mode 100644
index 000000000..b7d4b08a6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3B2F8C424AA88CA305C519FDEFCF29DDB7E96AE2/E6E6FC88719177C9B7421825757C5E47BCAC85F6
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3B76D7A5CE7EC6022D7990CFEA534C908717DF54/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/id/server/data/deploy/conf/moa-id/certs/certstore/3B76D7A5CE7EC6022D7990CFEA534C908717DF54/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E
new file mode 100644
index 000000000..b2beddaa5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3B76D7A5CE7EC6022D7990CFEA534C908717DF54/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3C025917C3C938FEB856E5440D28E4A568C311DC/A2F138CD16AD04BC3F145E3780BFA169BFDA263B b/id/server/data/deploy/conf/moa-id/certs/certstore/3C025917C3C938FEB856E5440D28E4A568C311DC/A2F138CD16AD04BC3F145E3780BFA169BFDA263B
new file mode 100644
index 000000000..414123ece
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3C025917C3C938FEB856E5440D28E4A568C311DC/A2F138CD16AD04BC3F145E3780BFA169BFDA263B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3C627C9D89A5BFB5E4E385982DF33B7E7F6E8D2D/C5AC86EC5B771BEBDF8B6E040F109A1186E229B9 b/id/server/data/deploy/conf/moa-id/certs/certstore/3C627C9D89A5BFB5E4E385982DF33B7E7F6E8D2D/C5AC86EC5B771BEBDF8B6E040F109A1186E229B9
new file mode 100644
index 000000000..54893c9d6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3C627C9D89A5BFB5E4E385982DF33B7E7F6E8D2D/C5AC86EC5B771BEBDF8B6E040F109A1186E229B9
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/3C7CE93947421CB66603DC7DBAB0F04C4788382F/23E594945195F2414803B4D564D2A3A3F5D88B8C b/id/server/data/deploy/conf/moa-id/certs/certstore/3C7CE93947421CB66603DC7DBAB0F04C4788382F/23E594945195F2414803B4D564D2A3A3F5D88B8C
new file mode 100644
index 000000000..8588ce58a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/3C7CE93947421CB66603DC7DBAB0F04C4788382F/23E594945195F2414803B4D564D2A3A3F5D88B8C
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/id/server/data/deploy/conf/moa-id/certs/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
new file mode 100644
index 000000000..141b05ef4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/405D86C9D39B1061885678ED90780A0F04A76327/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/4224231A54F64581FBA2AB6ED82ADE467F144BDC/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/id/server/data/deploy/conf/moa-id/certs/certstore/4224231A54F64581FBA2AB6ED82ADE467F144BDC/65EF37033859C2F709A64086D3A5BD1B8F1A85A4
new file mode 100644
index 000000000..6e17b9db5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/4224231A54F64581FBA2AB6ED82ADE467F144BDC/65EF37033859C2F709A64086D3A5BD1B8F1A85A4
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3 b/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3
new file mode 100644
index 000000000..33e1ee94b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/07298E24461954E4696D2ED9FFB7D52B57F325B3
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/B630DB0DB940BCE72B2E09868B4CA0A92BBC1D15 b/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/B630DB0DB940BCE72B2E09868B4CA0A92BBC1D15
new file mode 100644
index 000000000..694e6828b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/427765A998398EE1B138ABDBA20313DC4A3738A0/B630DB0DB940BCE72B2E09868B4CA0A92BBC1D15
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/45E2F3F807C6EAB9EDC1B3250F7558CA12A063DE/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/id/server/data/deploy/conf/moa-id/certs/certstore/45E2F3F807C6EAB9EDC1B3250F7558CA12A063DE/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26
new file mode 100644
index 000000000..55707d69f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/45E2F3F807C6EAB9EDC1B3250F7558CA12A063DE/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/data/deploy/conf/moa-id/certs/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
index 3be7b6a06..3be7b6a06 100644
--- a/id/server/doc/conf/moa-spss/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/47ED4C584F9DCD54A6C2925252C5603ADAC93F49/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/487F4DEE9E63DADEB4CAAB07E0E166ACC9F584B6/9891BBEA9FDA665EEEC31C403A00A5CA5628D0FA b/id/server/data/deploy/conf/moa-id/certs/certstore/487F4DEE9E63DADEB4CAAB07E0E166ACC9F584B6/9891BBEA9FDA665EEEC31C403A00A5CA5628D0FA
new file mode 100644
index 000000000..4e18de8d7
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/487F4DEE9E63DADEB4CAAB07E0E166ACC9F584B6/9891BBEA9FDA665EEEC31C403A00A5CA5628D0FA
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/4C7CAA9FE9C08078541DA31B76FF0951E73480FF/C23FC1895966021249B35412C0C8C56D107732DE b/id/server/data/deploy/conf/moa-id/certs/certstore/4C7CAA9FE9C08078541DA31B76FF0951E73480FF/C23FC1895966021249B35412C0C8C56D107732DE
new file mode 100644
index 000000000..c4d97cda3
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/4C7CAA9FE9C08078541DA31B76FF0951E73480FF/C23FC1895966021249B35412C0C8C56D107732DE
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/52B42552A440A54C21A39D46D7F176AF28BEB5AA/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/id/server/data/deploy/conf/moa-id/certs/certstore/52B42552A440A54C21A39D46D7F176AF28BEB5AA/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4
new file mode 100644
index 000000000..9b2ee0fc6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/52B42552A440A54C21A39D46D7F176AF28BEB5AA/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/id/server/data/deploy/conf/moa-id/certs/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5
new file mode 100644
index 000000000..b2a1e145f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/53CF955B19387A437659158BC050B7BC4B238132/F5F2456D79490C268569970E900C68FD1C7DC8E5
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/550E9627E9094A2D1BB6385821334D02122BCF26/B7BCA7BC3C41FD0DC835175486FAB3FB4626EC0F b/id/server/data/deploy/conf/moa-id/certs/certstore/550E9627E9094A2D1BB6385821334D02122BCF26/B7BCA7BC3C41FD0DC835175486FAB3FB4626EC0F
new file mode 100644
index 000000000..5dd9558d0
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/550E9627E9094A2D1BB6385821334D02122BCF26/B7BCA7BC3C41FD0DC835175486FAB3FB4626EC0F
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/620127A8E5886A4805403977C3EF7D5EAF881526 b/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/620127A8E5886A4805403977C3EF7D5EAF881526
new file mode 100644
index 000000000..da38ce028
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/620127A8E5886A4805403977C3EF7D5EAF881526
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830
new file mode 100644
index 000000000..7e9fd5b0b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/562428A359B1CC3A820ABCC9C8F625CBB6A6A510/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystore b/id/server/data/deploy/conf/moa-id/certs/certstore/5650A465FD3B5EF83639E11F324A2A0EA98AF935/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9
index bdc296cf4..640918641 100644
--- a/id/server/doc/conf/moa-spss/sslKeys/tomcat/trustedClients[pwd=clients].keystore
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/5650A465FD3B5EF83639E11F324A2A0EA98AF935/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/58090A698038FEDAD56B4B976F23C29950D1D5A5/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/id/server/data/deploy/conf/moa-id/certs/certstore/58090A698038FEDAD56B4B976F23C29950D1D5A5/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B
new file mode 100644
index 000000000..b15880c29
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/58090A698038FEDAD56B4B976F23C29950D1D5A5/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/59484253C7D4C5BEAB7D2BABFAC13DDD1CA53FCC/341EA32E448659125A67DD04177FD17468FCFCB1 b/id/server/data/deploy/conf/moa-id/certs/certstore/59484253C7D4C5BEAB7D2BABFAC13DDD1CA53FCC/341EA32E448659125A67DD04177FD17468FCFCB1
new file mode 100644
index 000000000..6da18c620
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/59484253C7D4C5BEAB7D2BABFAC13DDD1CA53FCC/341EA32E448659125A67DD04177FD17468FCFCB1
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20 b/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20
new file mode 100644
index 000000000..8b501d747
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/069519EC949AC6B91D4C33A3F3665441F0220D20
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D b/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D
new file mode 100644
index 000000000..b4b128903
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/5E043AA9A832C33C7065B7633F4C007E0394BA19/2F5EBA5055E9F7444852ADCEEB769E5DE157A03D
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/60EF765436B4F314F2285BE2D89A511073AC0D58/334710B9169BCD20687A6302EEB16AEB97F288CD b/id/server/data/deploy/conf/moa-id/certs/certstore/60EF765436B4F314F2285BE2D89A511073AC0D58/334710B9169BCD20687A6302EEB16AEB97F288CD
new file mode 100644
index 000000000..c19647ad8
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/60EF765436B4F314F2285BE2D89A511073AC0D58/334710B9169BCD20687A6302EEB16AEB97F288CD
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/6144BFC0CBE85C63DEFB6F208D80385B89F68046/D031945D982820B92FADBC7F71F6D1D9DFFDA2C9 b/id/server/data/deploy/conf/moa-id/certs/certstore/6144BFC0CBE85C63DEFB6F208D80385B89F68046/D031945D982820B92FADBC7F71F6D1D9DFFDA2C9
new file mode 100644
index 000000000..39f88d881
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/6144BFC0CBE85C63DEFB6F208D80385B89F68046/D031945D982820B92FADBC7F71F6D1D9DFFDA2C9
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C b/id/server/data/deploy/conf/moa-id/certs/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C
index 277b6083a..277b6083a 100644
--- a/id/server/doc/conf/moa-spss/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/68AF646E90A6FF370230F64ACD4E8A4F12C03916/CA80A13D41116E24CB1479E970CDC1C030C5907C
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A
index ad13d7b28..ad13d7b28 100644
--- a/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/7A2CFA69FCA284D4627012A7A55662594C803B2A
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
index d361d919f..d361d919f 100644
--- a/id/server/doc/conf/moa-spss/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/6F5F08A3A5D59CA877CB146F00BB0264369B2304/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/6F86F897C45679B45F03C67D44B6447EFF43B758/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/id/server/data/deploy/conf/moa-id/certs/certstore/6F86F897C45679B45F03C67D44B6447EFF43B758/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0
new file mode 100644
index 000000000..89cfe44fd
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/6F86F897C45679B45F03C67D44B6447EFF43B758/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/728C819D737EE42627F96F839C33BB6E68E85F68/00845B74CA13FE0A9056E6C0B5126FECF73B0D8C b/id/server/data/deploy/conf/moa-id/certs/certstore/728C819D737EE42627F96F839C33BB6E68E85F68/00845B74CA13FE0A9056E6C0B5126FECF73B0D8C
new file mode 100644
index 000000000..cc8b505ec
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/728C819D737EE42627F96F839C33BB6E68E85F68/00845B74CA13FE0A9056E6C0B5126FECF73B0D8C
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/474BC41135FB88BF58B5A8D976A1D5583378D85E b/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/474BC41135FB88BF58B5A8D976A1D5583378D85E
new file mode 100644
index 000000000..c9da41583
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/474BC41135FB88BF58B5A8D976A1D5583378D85E
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01
new file mode 100644
index 000000000..28fbdf42f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/738B34854780955AE8FAF12349F2C9C52105A52C/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/76011AE57123CC4E476C094C48C461DC37A0DEDD/FDC348410699803DE7D8276813BC2232EA99A878 b/id/server/data/deploy/conf/moa-id/certs/certstore/76011AE57123CC4E476C094C48C461DC37A0DEDD/FDC348410699803DE7D8276813BC2232EA99A878
new file mode 100644
index 000000000..424f849a1
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/76011AE57123CC4E476C094C48C461DC37A0DEDD/FDC348410699803DE7D8276813BC2232EA99A878
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/7A9DC855647136050A8D75D6571AC64739F36C6C/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/id/server/data/deploy/conf/moa-id/certs/certstore/7A9DC855647136050A8D75D6571AC64739F36C6C/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C
new file mode 100644
index 000000000..4989f3e73
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/7A9DC855647136050A8D75D6571AC64739F36C6C/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C
Binary files differ
diff --git a/id/server/doc/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/data/deploy/conf/moa-id/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
index a699436ca..a699436ca 100644
--- a/id/server/doc/conf/moa-id-configuration/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/88D9F0C0EBB72C58516EC96AEED397FA86B40E39/6DCD5118D1542E6C205C580775C5420B7509506B b/id/server/data/deploy/conf/moa-id/certs/certstore/88D9F0C0EBB72C58516EC96AEED397FA86B40E39/6DCD5118D1542E6C205C580775C5420B7509506B
new file mode 100644
index 000000000..06b40aa67
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/88D9F0C0EBB72C58516EC96AEED397FA86B40E39/6DCD5118D1542E6C205C580775C5420B7509506B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/3B8484BF1370941BF03F206B5C4958DA4E1559BB
new file mode 100644
index 000000000..6f97837a2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/3B8484BF1370941BF03F206B5C4958DA4E1559BB
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/6DD653FB8FE2614249924274043E834664EBE980 b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/6DD653FB8FE2614249924274043E834664EBE980
new file mode 100644
index 000000000..d7799119f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/6DD653FB8FE2614249924274043E834664EBE980
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/C0EF3E7A54B4C501295F77974B1995E36B25C92B
new file mode 100644
index 000000000..508f7f076
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/C0EF3E7A54B4C501295F77974B1995E36B25C92B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/D29172D3F501A2D7A47F702633044F519A3A5F0B b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/D29172D3F501A2D7A47F702633044F519A3A5F0B
new file mode 100644
index 000000000..c0feb0d0e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/8B23D64DBA1572885563DF070BE9C22A39A3BD26/D29172D3F501A2D7A47F702633044F519A3A5F0B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/8FDB1CB752D82C88C89F9E9DA7AD2F54C6FA6F3B/842B3870A64001CDD90978D0E554DAF94D9ABDFE b/id/server/data/deploy/conf/moa-id/certs/certstore/8FDB1CB752D82C88C89F9E9DA7AD2F54C6FA6F3B/842B3870A64001CDD90978D0E554DAF94D9ABDFE
new file mode 100644
index 000000000..a0e3fdda1
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/8FDB1CB752D82C88C89F9E9DA7AD2F54C6FA6F3B/842B3870A64001CDD90978D0E554DAF94D9ABDFE
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6
index 36a442b89..36a442b89 100644
--- a/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/679A4F81FC705DDEC419778DD2EBD875F4C242C6
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E b/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E
index 54f809962..54f809962 100644
--- a/id/server/doc/conf/moa-spss/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9014D44A2072A5D74E12C7FE47F37D68371E1C42/82096E6D9B1248321625323D52858642CB0B748E
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/91C4DD783D6D38F0325FE74930BF61F656364EA9/53A6B611F8CEE0315BCCE5D59898931ED390E400 b/id/server/data/deploy/conf/moa-id/certs/certstore/91C4DD783D6D38F0325FE74930BF61F656364EA9/53A6B611F8CEE0315BCCE5D59898931ED390E400
new file mode 100644
index 000000000..6c0216239
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/91C4DD783D6D38F0325FE74930BF61F656364EA9/53A6B611F8CEE0315BCCE5D59898931ED390E400
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22 b/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22
new file mode 100644
index 000000000..7c6adedf5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/A149EE01A250491C07D5A279D3B58A646288DA22
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169
new file mode 100644
index 000000000..70f5b7c91
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/92E5C38466AECA677325C25C3C3011C97D24CCF6/AD8ECBB67B9DC59406F92A296A38192297A4F169
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/45B43346251FDF9E95DCB7F36928785D46D63913 b/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/45B43346251FDF9E95DCB7F36928785D46D63913
new file mode 100644
index 000000000..f3cf5e676
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/45B43346251FDF9E95DCB7F36928785D46D63913
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/E33619C88426E4FE956041E6751ADDEC9C10F0BC
new file mode 100644
index 000000000..fc5bd433b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/96107213A757FFB88DECEE469373162636D7146C/E33619C88426E4FE956041E6751ADDEC9C10F0BC
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/975729FFAF7EB667BCF68E9B886EA876E44F46D0/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/id/server/data/deploy/conf/moa-id/certs/certstore/975729FFAF7EB667BCF68E9B886EA876E44F46D0/35202B14F69409EAA51CD8AB547AC0CD5E993F3F
new file mode 100644
index 000000000..3beb4529a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/975729FFAF7EB667BCF68E9B886EA876E44F46D0/35202B14F69409EAA51CD8AB547AC0CD5E993F3F
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
new file mode 100644
index 000000000..8ddc7d79b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/79B21E2743A879AFF5403ECEA09EAC2084EF4799
new file mode 100644
index 000000000..c9fd41f7f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9C5C7CD895AABBFF23E79907A97FB2D68423CA8E/79B21E2743A879AFF5403ECEA09EAC2084EF4799
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 b/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6
new file mode 100644
index 000000000..781d1e4f2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B b/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B
new file mode 100644
index 000000000..8286cabbc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B b/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B
new file mode 100644
index 000000000..a0148f63b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9D3E6FACCD6AF894CDD2B91D1B9E3C2E310EAB93/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C
new file mode 100644
index 000000000..61d346a8f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9F0E0FBB25F66FF88C8E033EFF358923C84A2926
new file mode 100644
index 000000000..9ae7ffa0c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/9F0E0FBB25F66FF88C8E033EFF358923C84A2926
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/C87D1855227D995C332C4C9072A2E2053F2CC623 b/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/C87D1855227D995C332C4C9072A2E2053F2CC623
new file mode 100644
index 000000000..a68ae2db7
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/9F5A9B8D0F919C96B9472442BFBBDD34232A627D/C87D1855227D995C332C4C9072A2E2053F2CC623
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/42AD1897A4643D2AA634D980F16349E6694F3B1B b/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/42AD1897A4643D2AA634D980F16349E6694F3B1B
new file mode 100644
index 000000000..f1d7b6a28
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/42AD1897A4643D2AA634D980F16349E6694F3B1B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/FE7891B6ED7B178F528A28B21478299F865889BD b/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/FE7891B6ED7B178F528A28B21478299F865889BD
new file mode 100644
index 000000000..c1b90c0f4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A07E912CAA2AB620034B05353E7D4B91807880ED/FE7891B6ED7B178F528A28B21478299F865889BD
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A15B5DBE14A19CF859F48E2DA2A29A4C3DB4D680/3AC12E21FFF9ACAB2BCFF52BBD885FB7AAC9A02B b/id/server/data/deploy/conf/moa-id/certs/certstore/A15B5DBE14A19CF859F48E2DA2A29A4C3DB4D680/3AC12E21FFF9ACAB2BCFF52BBD885FB7AAC9A02B
new file mode 100644
index 000000000..e27a87038
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A15B5DBE14A19CF859F48E2DA2A29A4C3DB4D680/3AC12E21FFF9ACAB2BCFF52BBD885FB7AAC9A02B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/8784ED81F5A22779EB0B081945FD151992557FBE b/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/8784ED81F5A22779EB0B081945FD151992557FBE
new file mode 100644
index 000000000..cc35ba691
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/8784ED81F5A22779EB0B081945FD151992557FBE
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/88583DB03975127CB488CA7DDE303A1646CEA97B b/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/88583DB03975127CB488CA7DDE303A1646CEA97B
new file mode 100644
index 000000000..783dd271a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A24C49B7F1B637E7F72C12CAB35910EC8EF1C6CF/88583DB03975127CB488CA7DDE303A1646CEA97B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8
new file mode 100644
index 000000000..41dc7c553
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/20CAECDCA766243AAD6FA1327618FC81BA65DC0F
new file mode 100644
index 000000000..b596d82e3
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/20CAECDCA766243AAD6FA1327618FC81BA65DC0F
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/96D5D179016A5A6546973BA63733617EE1F1540D b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/96D5D179016A5A6546973BA63733617EE1F1540D
new file mode 100644
index 000000000..4adc3b7ec
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/96D5D179016A5A6546973BA63733617EE1F1540D
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/CF236CF66379EA506F967D21F0E25E87529D9687 b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/CF236CF66379EA506F967D21F0E25E87529D9687
new file mode 100644
index 000000000..1e4f22777
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/CF236CF66379EA506F967D21F0E25E87529D9687
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76
new file mode 100644
index 000000000..fe561ad6a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A4B140FBD4D5EA2AC3A570299945D8FCBBAD2231/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/A7437C35301BDB5349F320B62231615028F397F8/266FCA0265A576548425BDAE15448665EE8BB889 b/id/server/data/deploy/conf/moa-id/certs/certstore/A7437C35301BDB5349F320B62231615028F397F8/266FCA0265A576548425BDAE15448665EE8BB889
new file mode 100644
index 000000000..3754de603
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A7437C35301BDB5349F320B62231615028F397F8/266FCA0265A576548425BDAE15448665EE8BB889
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
index 3c7775b6e..3c7775b6e 100644
--- a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/D4D1370FD1D9EAA46412008FF3E59E114BCF724A
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
index b6f39e354..b6f39e354 100644
--- a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
index f9fef65fc..f9fef65fc 100644
--- a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/E619D25B380B7B13FDA33E8A58CD82D8A88E0515
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
index f9f27442b..f9f27442b 100644
--- a/id/server/doc/conf/moa-spss/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/A95F0C3FA54CA93E3D5BA61AD23459300FA498D6/F825578F8F5484DFB40F81867C392D6CB0012B92
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/AAB27F0E98B28AF253454415F6490CB5F43A4B49/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/id/server/data/deploy/conf/moa-id/certs/certstore/AAB27F0E98B28AF253454415F6490CB5F43A4B49/A9D28607928FA8615E2615CC9D71B535C5D0D419
new file mode 100644
index 000000000..10a1f7141
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/AAB27F0E98B28AF253454415F6490CB5F43A4B49/A9D28607928FA8615E2615CC9D71B535C5D0D419
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/data/deploy/conf/moa-id/certs/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374
index 61a7ccb15..61a7ccb15 100644
--- a/id/server/doc/conf/moa-spss/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/AC1B67D7D5A300767C0944ACE8458DD49960F1BD/4D523730501ADB80A76B0B473A4D21C7D86F8374
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/data/deploy/conf/moa-id/certs/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914
index 911640d0e..911640d0e 100644
--- a/id/server/doc/conf/moa-spss/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/AF03510E8BCAE72BB7C4E9D1910B4E12057075A4/7AC3EFA52DE27A930EC8754DB5E061476948E914
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B1A1ACC805C656EF257C5115509B977964591D7E/8944AF64790FA467C02424CB22523A068C3B72DB b/id/server/data/deploy/conf/moa-id/certs/certstore/B1A1ACC805C656EF257C5115509B977964591D7E/8944AF64790FA467C02424CB22523A068C3B72DB
new file mode 100644
index 000000000..a95605e5a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/B1A1ACC805C656EF257C5115509B977964591D7E/8944AF64790FA467C02424CB22523A068C3B72DB
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B293710691F553804016FCEC3428ABA1CB11ADF7/36B41A8B411985ED1032DBD85A154207164A9B85 b/id/server/data/deploy/conf/moa-id/certs/certstore/B293710691F553804016FCEC3428ABA1CB11ADF7/36B41A8B411985ED1032DBD85A154207164A9B85
new file mode 100644
index 000000000..a365a465b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/B293710691F553804016FCEC3428ABA1CB11ADF7/36B41A8B411985ED1032DBD85A154207164A9B85
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B310CEED301C503EDB15720F94D5D7E76BF423DA/AA94FD422AEB8F5B6E8508314CE0DC68BCD53305 b/id/server/data/deploy/conf/moa-id/certs/certstore/B310CEED301C503EDB15720F94D5D7E76BF423DA/AA94FD422AEB8F5B6E8508314CE0DC68BCD53305
new file mode 100644
index 000000000..ea3512e3d
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/B310CEED301C503EDB15720F94D5D7E76BF423DA/AA94FD422AEB8F5B6E8508314CE0DC68BCD53305
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B3EB7B59ECFF1E25E16C64BB24993D1B20DCFC28/07A6DEED70213CCF598F278789680DA4C04A0331 b/id/server/data/deploy/conf/moa-id/certs/certstore/B3EB7B59ECFF1E25E16C64BB24993D1B20DCFC28/07A6DEED70213CCF598F278789680DA4C04A0331
new file mode 100644
index 000000000..46dd968f0
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/B3EB7B59ECFF1E25E16C64BB24993D1B20DCFC28/07A6DEED70213CCF598F278789680DA4C04A0331
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B749506C821467F7D6F4E8943D07DDED771A7B47/A5A00B223EF24AED92D03F652CFE367CA9D1B200 b/id/server/data/deploy/conf/moa-id/certs/certstore/B749506C821467F7D6F4E8943D07DDED771A7B47/A5A00B223EF24AED92D03F652CFE367CA9D1B200
new file mode 100644
index 000000000..05a8b86f9
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/B749506C821467F7D6F4E8943D07DDED771A7B47/A5A00B223EF24AED92D03F652CFE367CA9D1B200
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/B9041947DCD9B7E2B82D72D6A0FF1FBC4B213DC0/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/id/server/data/deploy/conf/moa-id/certs/certstore/B9041947DCD9B7E2B82D72D6A0FF1FBC4B213DC0/BD78039E45BA4E4B13ADECC58124520ACE83B6A7
new file mode 100644
index 000000000..815f53d95
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/B9041947DCD9B7E2B82D72D6A0FF1FBC4B213DC0/BD78039E45BA4E4B13ADECC58124520ACE83B6A7
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BAA9ADD095E87E0B490B6DD933AA2F450C6B9492/7A430B6E3592BEEDFAA0DD5DD6262C27EB8D26D2 b/id/server/data/deploy/conf/moa-id/certs/certstore/BAA9ADD095E87E0B490B6DD933AA2F450C6B9492/7A430B6E3592BEEDFAA0DD5DD6262C27EB8D26D2
new file mode 100644
index 000000000..63ba5cce5
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BAA9ADD095E87E0B490B6DD933AA2F450C6B9492/7A430B6E3592BEEDFAA0DD5DD6262C27EB8D26D2
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BE47A5DA41A35F740D98305DA8FF4096B71492BE/D1474E7D99512D05B98DD37B3FE86496A03D088D b/id/server/data/deploy/conf/moa-id/certs/certstore/BE47A5DA41A35F740D98305DA8FF4096B71492BE/D1474E7D99512D05B98DD37B3FE86496A03D088D
new file mode 100644
index 000000000..0bab77032
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BE47A5DA41A35F740D98305DA8FF4096B71492BE/D1474E7D99512D05B98DD37B3FE86496A03D088D
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/9766A5ED03482991DA91BB763ECDCD9417394100 b/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/9766A5ED03482991DA91BB763ECDCD9417394100
new file mode 100644
index 000000000..882753986
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/9766A5ED03482991DA91BB763ECDCD9417394100
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/BB97947C31BBF3364A2909F9876DBD3B87B5B62A
new file mode 100644
index 000000000..f28aa4b8e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BE77EF0A6C18C4B70D3B516426B559A2C1969460/BB97947C31BBF3364A2909F9876DBD3B87B5B62A
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/60B7181FD8BCA00B84961BF31DB08C50376CCF44
new file mode 100644
index 000000000..08d7b28e2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/60B7181FD8BCA00B84961BF31DB08C50376CCF44
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/74801529B4E8E5764FFC4D8E6577E1F84E8101CE
new file mode 100644
index 000000000..e47d2b8ba
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/74801529B4E8E5764FFC4D8E6577E1F84E8101CE
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/7B7B60B748C82B34EE71A3CEA729C477083F0BDA
new file mode 100644
index 000000000..5168e1af0
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/7B7B60B748C82B34EE71A3CEA729C477083F0BDA
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/EBB80BE34C78814AE659BBA3A2394E4D9857123D
new file mode 100644
index 000000000..c5bcc42e2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BEBA5B735BCC34BDB0D778DAA1E669AEF999FCAB/EBB80BE34C78814AE659BBA3A2394E4D9857123D
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/BED4C70D83B5042F4254459064FDEACD43DD1EDF/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/id/server/data/deploy/conf/moa-id/certs/certstore/BED4C70D83B5042F4254459064FDEACD43DD1EDF/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04
new file mode 100644
index 000000000..0a8de4bb9
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BED4C70D83B5042F4254459064FDEACD43DD1EDF/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
index ab9e0cd7d..ab9e0cd7d 100644
--- a/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8
index 01965769d..01965769d 100644
--- a/id/server/doc/conf/moa-spss/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/BF375B55D8D7CFC31FD8E3FBF7B1981A91A1A6CA/51C01567BCB22968EF5A297B7EA84E195594E0E8
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C15FFFE6EFAD484909C9EFC6CD5C20435E326685/DDBAE68B1FF60FFBB2854C78727B76C95EC83BBE b/id/server/data/deploy/conf/moa-id/certs/certstore/C15FFFE6EFAD484909C9EFC6CD5C20435E326685/DDBAE68B1FF60FFBB2854C78727B76C95EC83BBE
new file mode 100644
index 000000000..6428b8256
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/C15FFFE6EFAD484909C9EFC6CD5C20435E326685/DDBAE68B1FF60FFBB2854C78727B76C95EC83BBE
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA
new file mode 100644
index 000000000..bc5ed1e62
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/B38C775A18C1195D01658D75FBDA3258B6DF018B b/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/B38C775A18C1195D01658D75FBDA3258B6DF018B
new file mode 100644
index 000000000..cb519b7eb
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/C20C15B6163E675959D273D502F0D80718326C55/B38C775A18C1195D01658D75FBDA3258B6DF018B
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C2A7CAE9E68EB7945828D193CB22CDD246BC7F95/6955D95F6B0799F7D96F4FC28E6E6C64758C1240 b/id/server/data/deploy/conf/moa-id/certs/certstore/C2A7CAE9E68EB7945828D193CB22CDD246BC7F95/6955D95F6B0799F7D96F4FC28E6E6C64758C1240
new file mode 100644
index 000000000..f11bd6247
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/C2A7CAE9E68EB7945828D193CB22CDD246BC7F95/6955D95F6B0799F7D96F4FC28E6E6C64758C1240
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C52E4A04A22D98C70E19F1969AD71C838E4371B3/F96FE4F59166EFA9000B21A16EF22CF14468890C b/id/server/data/deploy/conf/moa-id/certs/certstore/C52E4A04A22D98C70E19F1969AD71C838E4371B3/F96FE4F59166EFA9000B21A16EF22CF14468890C
new file mode 100644
index 000000000..348257122
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/C52E4A04A22D98C70E19F1969AD71C838E4371B3/F96FE4F59166EFA9000B21A16EF22CF14468890C
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E
new file mode 100644
index 000000000..b9fe1280c
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/A79681CBDD69EC741214136F128923A574E26F03 b/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/A79681CBDD69EC741214136F128923A574E26F03
new file mode 100644
index 000000000..ea1585a6e
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/C6673943153C8BE9F977A89A00ED84B432074576/A79681CBDD69EC741214136F128923A574E26F03
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C7E1D3604D2A960201D70F29B8A80EDA11475EEB/C18ECC8FD712ACAFBEAEDC1FA13F5AB19930E3ED b/id/server/data/deploy/conf/moa-id/certs/certstore/C7E1D3604D2A960201D70F29B8A80EDA11475EEB/C18ECC8FD712ACAFBEAEDC1FA13F5AB19930E3ED
new file mode 100644
index 000000000..a3f8a7409
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/C7E1D3604D2A960201D70F29B8A80EDA11475EEB/C18ECC8FD712ACAFBEAEDC1FA13F5AB19930E3ED
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/C976280EC7FECF169577E31D8CA0BB00967904B1/7666A8BD2C2513DE489C06D08D566F177ECE84AA b/id/server/data/deploy/conf/moa-id/certs/certstore/C976280EC7FECF169577E31D8CA0BB00967904B1/7666A8BD2C2513DE489C06D08D566F177ECE84AA
new file mode 100644
index 000000000..3c1f2f8a2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/C976280EC7FECF169577E31D8CA0BB00967904B1/7666A8BD2C2513DE489C06D08D566F177ECE84AA
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CABD2EA6CA438084840DCCAE875F341E2D3A2C43/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/id/server/data/deploy/conf/moa-id/certs/certstore/CABD2EA6CA438084840DCCAE875F341E2D3A2C43/02A0E6456442E35198532ACFFB6FEE3B606D9FA3
new file mode 100644
index 000000000..5026d395f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/CABD2EA6CA438084840DCCAE875F341E2D3A2C43/02A0E6456442E35198532ACFFB6FEE3B606D9FA3
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29 b/id/server/data/deploy/conf/moa-id/certs/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29
index afe6fdf09..afe6fdf09 100644
--- a/id/server/doc/conf/moa-spss/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/CC93161E57C3898635E1D086008BD053F542457F/7D60E314AA6AEF548A614A9354C5068192051A29
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/id/server/data/deploy/conf/moa-id/certs/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A
new file mode 100644
index 000000000..f6df0f4fd
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/CD2D87A57D1568A515128BE9DA8B3CAE7AC007A4/C6658C25AFB8A9D738F2BC591775D167549FFD3A
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F
new file mode 100644
index 000000000..c34d0f380
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/DF47B3040E7632614464BD2EC4ECD1B8030F53E3
new file mode 100644
index 000000000..d894e92ca
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/DF47B3040E7632614464BD2EC4ECD1B8030F53E3
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/E117479B4A41D7F3223FCAE50560B0D57B22217D b/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/E117479B4A41D7F3223FCAE50560B0D57B22217D
new file mode 100644
index 000000000..380486f65
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/CE91CC7CF2DDDEE6623A1A91B3298DCAD2375F2B/E117479B4A41D7F3223FCAE50560B0D57B22217D
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/D4D40BD33958CD9169A7AB6304AA2BBAD22DC595/07976A2A16EC182670161B46886B05E1FEAC16B1 b/id/server/data/deploy/conf/moa-id/certs/certstore/D4D40BD33958CD9169A7AB6304AA2BBAD22DC595/07976A2A16EC182670161B46886B05E1FEAC16B1
new file mode 100644
index 000000000..22d64fb5f
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/D4D40BD33958CD9169A7AB6304AA2BBAD22DC595/07976A2A16EC182670161B46886B05E1FEAC16B1
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/D708C897515970D33EF7CD0C2474449D3AB6AA83/52ED0FAFBD38A868C678174D7EB03D266ADB221C b/id/server/data/deploy/conf/moa-id/certs/certstore/D708C897515970D33EF7CD0C2474449D3AB6AA83/52ED0FAFBD38A868C678174D7EB03D266ADB221C
new file mode 100644
index 000000000..42a64da07
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/D708C897515970D33EF7CD0C2474449D3AB6AA83/52ED0FAFBD38A868C678174D7EB03D266ADB221C
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DD29E76659D18371B78E61E7DF4D4B8FEDCAF8E7/8BA5C0847597612C7E16970EAE55EF58D32E9CF3 b/id/server/data/deploy/conf/moa-id/certs/certstore/DD29E76659D18371B78E61E7DF4D4B8FEDCAF8E7/8BA5C0847597612C7E16970EAE55EF58D32E9CF3
new file mode 100644
index 000000000..010c5d5b6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/DD29E76659D18371B78E61E7DF4D4B8FEDCAF8E7/8BA5C0847597612C7E16970EAE55EF58D32E9CF3
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/18585FC53A283488E4BA84867980E9B1F2B28ADA b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/18585FC53A283488E4BA84867980E9B1F2B28ADA
new file mode 100644
index 000000000..d53dce92b
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/18585FC53A283488E4BA84867980E9B1F2B28ADA
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/27337257493B86B9BFF78D569F938D692A430EAE b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/27337257493B86B9BFF78D569F938D692A430EAE
new file mode 100644
index 000000000..5375c57c3
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/27337257493B86B9BFF78D569F938D692A430EAE
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/4832F0A28C3724A92F6CB3314F747D0E74FC7344
new file mode 100644
index 000000000..7085c5ac9
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/4832F0A28C3724A92F6CB3314F747D0E74FC7344
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/6352302A5072DBFB769D4FF4C70C86432C4C1683
new file mode 100644
index 000000000..97dc187db
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/6352302A5072DBFB769D4FF4C70C86432C4C1683
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/EE886B907E31667D622677F665F25C54AF9A7F65 b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/EE886B907E31667D622677F665F25C54AF9A7F65
new file mode 100644
index 000000000..ad5d7dea1
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/DF5F53FDADAFC93F4789141B5A7627EB9F3BD29F/EE886B907E31667D622677F665F25C54AF9A7F65
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/data/deploy/conf/moa-id/certs/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6
index ebfbce9a0..ebfbce9a0 100644
--- a/id/server/doc/conf/moa-spss/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/E47BA33321A8A919414A123C91F5D253766AB078/698563ECEE29232C5304487D972310F86650C3A6
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/E6A4C843059A6043B4DC967F9EF892B695990777/B4B77C83465979E3679E3A33F972F48EE3730A18 b/id/server/data/deploy/conf/moa-id/certs/certstore/E6A4C843059A6043B4DC967F9EF892B695990777/B4B77C83465979E3679E3A33F972F48EE3730A18
new file mode 100644
index 000000000..6225c0ca7
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/E6A4C843059A6043B4DC967F9EF892B695990777/B4B77C83465979E3679E3A33F972F48EE3730A18
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/EA7E6D37E678C1BCA5060F97DAF09F559DFD04B7/3AAD23B00CA10E54E6368DF7952E3F4B5108B65C b/id/server/data/deploy/conf/moa-id/certs/certstore/EA7E6D37E678C1BCA5060F97DAF09F559DFD04B7/3AAD23B00CA10E54E6368DF7952E3F4B5108B65C
new file mode 100644
index 000000000..a3aa0000d
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/EA7E6D37E678C1BCA5060F97DAF09F559DFD04B7/3AAD23B00CA10E54E6368DF7952E3F4B5108B65C
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/EEE6351C5C6EBD8644AB88E7648D44FA07C72A80/14E59C02A6877B0EBD2C4203886BA25959C1D267 b/id/server/data/deploy/conf/moa-id/certs/certstore/EEE6351C5C6EBD8644AB88E7648D44FA07C72A80/14E59C02A6877B0EBD2C4203886BA25959C1D267
new file mode 100644
index 000000000..332aa817a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/EEE6351C5C6EBD8644AB88E7648D44FA07C72A80/14E59C02A6877B0EBD2C4203886BA25959C1D267
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F1B84756A1EAB09C171B2783DD163B42A9BD0BBB/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/id/server/data/deploy/conf/moa-id/certs/certstore/F1B84756A1EAB09C171B2783DD163B42A9BD0BBB/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703
new file mode 100644
index 000000000..069640ffc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/F1B84756A1EAB09C171B2783DD163B42A9BD0BBB/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F3DA7C495789E656FA27E611CCAFA05F232ADEA0/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/id/server/data/deploy/conf/moa-id/certs/certstore/F3DA7C495789E656FA27E611CCAFA05F232ADEA0/F3AE9FEA4DECEE5330770A2520BD86909929E7BE
new file mode 100644
index 000000000..c3fc91352
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/F3DA7C495789E656FA27E611CCAFA05F232ADEA0/F3AE9FEA4DECEE5330770A2520BD86909929E7BE
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/16D8270DE51B034E77B7CDAF1DEE623916243DDC
new file mode 100644
index 000000000..87d8b52d4
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/16D8270DE51B034E77B7CDAF1DEE623916243DDC
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239
new file mode 100644
index 000000000..91acd396a
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/40B51EEF4E709FBD47935DDD83A1F640D0CC378A
new file mode 100644
index 000000000..b5f5fa6ca
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/40B51EEF4E709FBD47935DDD83A1F640D0CC378A
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537
new file mode 100644
index 000000000..abeb964dd
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/F4834A83B4ED558A1E349821898B6DE4353516F1/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F48B57F89BACD8687EBB12223A5B8E5EF3774583/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/id/server/data/deploy/conf/moa-id/certs/certstore/F48B57F89BACD8687EBB12223A5B8E5EF3774583/CAF84A42305615AC2C582F6412BDA3E36DAC3D25
new file mode 100644
index 000000000..83aeb1fce
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/F48B57F89BACD8687EBB12223A5B8E5EF3774583/CAF84A42305615AC2C582F6412BDA3E36DAC3D25
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F613568C1D7A1300B32609998288211959DBDFB0/D7EDAF7381F7FC93B4C28FA372190D7A59CFA696 b/id/server/data/deploy/conf/moa-id/certs/certstore/F613568C1D7A1300B32609998288211959DBDFB0/D7EDAF7381F7FC93B4C28FA372190D7A59CFA696
new file mode 100644
index 000000000..5631441a9
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/F613568C1D7A1300B32609998288211959DBDFB0/D7EDAF7381F7FC93B4C28FA372190D7A59CFA696
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/certs/certstore/F7D331850EC13D22284909E0FC3493A65FFA7F30/EC988340526163D5B7AC80481B2AC76828EDDC6C b/id/server/data/deploy/conf/moa-id/certs/certstore/F7D331850EC13D22284909E0FC3493A65FFA7F30/EC988340526163D5B7AC80481B2AC76828EDDC6C
new file mode 100644
index 000000000..585047fa2
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-id/certs/certstore/F7D331850EC13D22284909E0FC3493A65FFA7F30/EC988340526163D5B7AC80481B2AC76828EDDC6C
Binary files differ
diff --git a/id/server/data/deploy/conf/moa-id/moa-id.properties b/id/server/data/deploy/conf/moa-id/moa-id.properties
index e8a75c348..4290b1985 100644
--- a/id/server/data/deploy/conf/moa-id/moa-id.properties
+++ b/id/server/data/deploy/conf/moa-id/moa-id.properties
@@ -17,6 +17,7 @@ protocols.pvp2.assertion.encryption.active=false
##General MOA-ID 2.0 operations
#MOA-ID 2.0 session information encryption key (PassPhrase)
configuration.moasession.key=SessionEncryptionKey
+configuration.moaconfig.key=ConfigurationEncryptionKey
#MOA-ID 2.0 Monitoring Servlet
configuration.monitoring.active=false
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..eb051dc4d
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUzCCAzugAwIBAgIDFE3dMA0GCSqGSIb3DQEBBQUAMIHPMQswCQYDVQQGEwJB
+VDGBizCBiAYDVQQKHoGAAEEALQBUAHIAdQBzAHQAIABHAGUAcwAuACAAZgD8AHIA
+IABTAGkAYwBoAGUAcgBoAGUAaQB0AHMAcwB5AHMAdABlAG0AZQAgAGkAbQAgAGUA
+bABlAGsAdAByAC4AIABEAGEAdABlAG4AdgBlAHIAawBlAGgAcgAgAEcAbQBiAEgx
+GDAWBgNVBAsTD0EtVHJ1c3QtUXVhbC0wMTEYMBYGA1UEAxMPQS1UcnVzdC1RdWFs
+LTAxMB4XDTE0MDcwMTExMjExNVoXDTI0MDcwMTA5MjExNVowgc8xCzAJBgNVBAYT
+AkFUMYGLMIGIBgNVBAoegYAAQQAtAFQAcgB1AHMAdAAgAEcAZQBzAC4AIABmAPwA
+cgAgAFMAaQBjAGgAZQByAGgAZQBpAHQAcwBzAHkAcwB0AGUAbQBlACAAaQBtACAA
+ZQBsAGUAawB0AHIALgAgAEQAYQB0AGUAbgB2AGUAcgBrAGUAaAByACAARwBtAGIA
+SDEYMBYGA1UECxMPQS1UcnVzdC1RdWFsLTAxMRgwFgYDVQQDEw9BLVRydXN0LVF1
+YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmhgdxIbxTGEOH
+fXGiewI3NFldAWKFWfLofO+5I1UbvA5avt7IgsGXz/tI/f5HGUbascI0i7xG0tqV
+lA5ctQgLRqxgxHtgTkMcqsAEYdsz3LZsCdXO1QrvEBGLTSABdxiL/gSWJ6z77CSw
+x7Xg02HwxPV82cjGkSF3ENGJntuIAAnRDWn/ORHjFatNRymoMbHaOEZXSGhf7Y5F
+rrHEqGyi9E6sv784De/T1aTvskn8cWeUmDzv//omiG/a/V9KQex/61XN8OthUQVn
+X+u/liL2NKx74I2C/GgHX5B0WkPNqsSOgmlvJ/cKuT0PveUgVFDAA0oYBgcE1KDM
+lBbN0kmPAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEs8jB2F
+6W+tMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAQIN9LZbMivO9
+kWLDlDI9cTEIPpRXmgNdaBQRUpZc2ML0vDW6OVI90r8GxFQTE/I7HjrvuqQDTEL1
+qd8tthiazsLYI5eDX1CtJEFFtg25Y9t3tK2HsShb8sCj798hoXsOMFR9qhp5Fjb8
+TX4CVuQ3sK1TKeNlDmpAx6SqkYYT0CCMccsxt2j89ED8Z+B/yW19OZQk3BFDigYL
+46YsLKAC96ItFpUOs8ZbAUfUlpVA6G+09EMcDxOcuD/ebLx6I/ynwYAtqYXaizsY
+KTE35A3M2ghfGFJ+DlQoh3Bn/RG01LKXXgaVTHHMvvpxBp55wz2SocD/PpFe+D6Q
+C016YgTrrQ==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..be29fb6ac
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyzCCArOgAwIBAgIDFE3kMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0xNDA3MDExMTIzMzNa
+Fw0yNDA3MDEwOTIzMzNaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDIxGDAWBgNVBAMMD0Et
+VHJ1c3QtUXVhbC0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJaR
+q9eOsFm4Ab20Hq2Z/aH86gyWa48uSUjY6eQkguHYuszr3gdcSMYZggFHQgnhfLmf
+ro/27l5rqKhWiDhWs+b+yZ1PNDhRPJy+86ycHMg9XJqErveULBSyZDdgjhSwOyrN
+ibUir/fkf+4sKzP5jjytTKJXD/uCxY4fAd9TjMEVpN3umpIS0ijpYhclYDHvzzGU
+833z5Dwhq5D8bc9jp8YSAHFJ1xzIoO1jmn3jjyjdYPnY5harJtHQL73nDQnfbtTs
+5ThT9GQLulrMgLU4WeyAWWWEMWpfVZFMJOUkmoOEer6A8e5fIAeqdxdsC+JVqpZ4
+CAKel/Arrlj1gFA//jsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
+CgQIQj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBh
+MfOINQm4XpzF6DmkOmb/ArSXHf5LObqFmIMooNr2TkyzrUTK/NE+mdrm15Rfdts7
+kZVq/ICfQSFeaPvWaAVq4plH/26OjvMTVv7DfgfPBUxDWqlCuDnDnPAVQ+yo/o5i
+BA5uUlMbp5znbDtlxwF/5gWqcn/hKxSUCP1uiOPIlKfeVvsRmBcJAdoixTM/Ic10
+pavJMGOI20onArvQZAUEbXQLA8cs8naxfF6Bo36U9nk6wn7q8VPXhViekByd17F6
+9A+ah0Iqw4SPf9BqNRIe1YxxjDhCmjWt3aoyE3ZFBuGjW+r2ipb/vGU1+2oyy2Fd
+2dMmiMQ7gGhWX9X6gWLd
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..e1100c7fc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyzCCArOgAwIBAgIDFE31MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDMxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMzAeFw0xNDA3MDExMTMwNTZa
+Fw0yNDA3MDEwOTMwNTZaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDMxGDAWBgNVBAMMD0Et
+VHJ1c3QtUXVhbC0wMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOe
+JIgc0s9AA0hqqqWgK72W9XwKn5+rUJDbQc5WgHkqwP2TU3qcW/NZYSSIY6PVGO6b
+hHSEnOyMPdrBhnpvNi4m6349yT6t565LdHcoKyQg/youwpVkEPZ+e8O32hF9nqvt
+L4wZohydjMwzcHUJB/5e+0CkJYwv/bVRZzqoK0yf1midYJukxWOw7nDNKD9KdOpZ
++XXFAAZuH7BjwSqqE138y9JlGzkxIlrCeSJdGfFLwr7OHIgBdPEmQXcyOcaMUGjP
+U4VDig+gj+6OC5KjAEC+wKJZXiyhRLj+HyLTDLrQ6O8p5HI3Sov4FuwiMgcqIyzz
+o9fNyqmnT3K/vBGOqBsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
+CgQIRgbfN/LCNxAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBy
+jA/CmId9oz8sy4rwEklti+8TLS/aLHkiMqUmKjuHyT/6mz4Qh4fLfAAEv8iGSZiW
++7+Gv7HTcuEEdyNNhUmMGJLSQA/3KBjlttHXLiG943wnvcZf3LtkFc+8Ia5N3bNS
+BM6q7/OFKHSS+iHcAJ8XS6SnLITYRyfo0thsXBaHpkTUkEP0uJY+yoE/EcBkvsGX
+drLIawu8YOrNZvs3S6Ag0ex5brIdqiNtlUGwRxpLwssfBho5K0NqpXAloHT9kHBd
+rGb2GrVdLIesuVivSP9zq09M8bcm3jDPCHv5bcudPZVX7rkr79VphgLfKlINA4Fw
+VxCuPLXx/4sCfANQtvuY
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer
new file mode 100644
index 000000000..e90f5f2a6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIDFE3DMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFU
+MRAwDgYDVQQKEwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkw
+FwYDVQQDExBBLVRydXN0LW5RdWFsLTAxMB4XDTE0MDcwMTExMDk1NFoXDTI0MDcw
+MTA5MDk1NFowVTELMAkGA1UEBhMCQVQxEDAOBgNVBAoTB0EtVHJ1c3QxGTAXBgNV
+BAsTEEEtVHJ1c3QtblF1YWwtMDExGTAXBgNVBAMTEEEtVHJ1c3QtblF1YWwtMDEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD/9RyAEZ6eHmhYzNJ328f0
+jmdSUFi6EqRqOxb3jHNPTIpK82CR6z5lmSnZQNUuCPD+htbNZffd2DKVB06NOyZ1
+2zcOMCgj4GtkZoqE0zPpPT3bpoE55nkZZe/qWEX/64wz/L/4EdkvKDSKG/UsP75M
+tmCVY5m2Eg73RVFRz4ccBIMpHel4lzEqSkdDtZOY5fnkrE333hx67nxq21vY8Eyf
+8O4fPQ5RtN8eohQCcPQ1z6ypU1R7N9jPRpnI+yzMOiwd3+QcKhHi1miCzo0pkOaB
+1CwmfsTyNl8qU0NJUL9Ta6cea7WThwTiWol2yD88cd2cy388xpbNkfrCPmZNGLoV
+AgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECE5ZzscCMocwMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAO3hBdwsNQOtYOAlC2PKT
+sdNexKqMefFGrGDYIEAflaudwpcqUgv7fLLhMNRMT+BcXtqXtfNHGsll2GwseuMq
+C02bPUmbfNV4P9djIz/s6qqvNQaQneFzhuXn+i0YQ10sFFVeIL3qrBMl1lwBeQ64
+/GyvrbGiHuuagEUc25CDrUqni+b+azaPUsRG6IXkIWG0H6WIMqtxIdHzAV/1raKh
+PKot1VhG2rivf1cBBGXU/0VSYBitXrLNwXwlX2ad0WiFHUF8RS9F3j2vVSYMfxer
+NPNaRLtCkHNSqCIDkMmmHJKbJbKJzMaZYmX2i2nc16HCpE/gbQc3etQCl3GvzO88
+xw==
+-----END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
index 23ddad0bd..2284687bb 100644
--- a/id/server/doc/conf/moa-id-configuration/certs/truststore/A-Trust-nQual-03.crt
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
@@ -1,9 +1,9 @@
-----BEGIN CERTIFICATE-----
-MIIDzzCCAregAwIBAgIDAWweMA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
-dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTA1MDgxNzIyMDAw
-MFoXDTE1MDgxNzIyMDAwMFowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy
+OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
@@ -14,10 +14,10 @@ znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
-AQEAVdRU0VlIXLOThaq/Yy/kgM40ozRiPvbY7meIMQQDbwvUB/tOdQ/TLtPAF8fG
-KOwGDREkDg6lXb+MshOWcdzUzg4NCmgybLlBMRmrsQd7TZjTXLDR8KdCoLXEjq/+
-8T/0709GAHbrAvv5ndJAlseIOrifEXnzgGWovR/TeIGgUUw3tKZdJXDRZslo+S4R
-FGjxVJgIrCaSD96JntT6s3kr0qN51OyLrIdTaEJMUVF0HhsnLuP1Hyl0Te2v9+GS
-mYHovjrHF1D2t8b8m7CKa9aIA5GPBnc6hQLdmNVDeD/GMBWsm2vLV7eJUYs66MmE
-DNuxUCAKGkq6ahq97BvIxYSazQ==
+AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1
+hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br
+cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm
+FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ
+tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s
+FJ6N46sU7LjJLqSKYEB8usoIiw==
-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.20140723-20240723.SerNo14b4fd.cer b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.20140723-20240723.SerNo14b4fd.cer
new file mode 100644
index 000000000..04627da98
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.20140723-20240723.SerNo14b4fd.cer
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEdzCCA1+gAwIBAgIDFLT9MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwNDIw
+NVoXDTI0MDcyMzA4NDIwNVowgYcxCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxFjAUBgNVBAsMDWEtc2lnbi1TU0wtMDMxFjAUBgNVBAMMDWEt
+c2lnbi1TU0wtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDMjPM6
+PqgdPBPV4Efudpytt2Y4GZJfjeRdZo5SCuULDvvL+23xxBWnR3scFvfE1ekHN/YK
+k+2/qhU2B2ntoSNJSyDchNM8YPc9Lx67zZyhQTZgbBzh3IZAVb/hwuRRRV68JCBj
+r3r6v7IbwjH5XcVISdB4szx0z93aAQyKW9QkV+tD5a1vWFETvdHsZeVmDzfqcdsG
+AznPJw+9HrImCsswCWYUgPcFRkPNjj2r2NoyckVN781aWmNTAqJPf/Ckj9l9pUIt
+Vjhy8XNJW4iVDBkkykBXcGSkIau0ypJrRjsD1jKqUTIRZ/y2HlyltmwWi8OuyBLd
+LaHDbjc0b6JmqoivAgMBAAGjgeMwgeAwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
+CgQIQD6h02K0A90wEwYDVR0jBAwwCoAIRGqVZ1V5EU8wDgYDVR0PAQH/BAQDAgEG
+MIGUBgNVHR8EgYwwgYkwgYaggYOggYCGfmxkYXA6Ly9sZGFwLmEtdHJ1c3QuYXQv
+b3U9QS1UcnVzdC1uUXVhbC0wMyxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJl
+dm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1
+dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAQEAbHQvTl94ommGFln3s6wmd/tr6r5R
+3FR3A7O/uiGEAqm/7B84KGkTmKHhChGMiCiMcBSGtMx1IaO+t7gimLtRL57wgeIf
+k6nsgcbBioh0nO12XDagdtj75Dr7buEFyQvFdfydi5cAwScLW+YYxtwDni9/debd
+ypFKeCRxdCX12n0oFQDPJf8YvE4CaDitBJCQrZdJBDpB6muF8mpNq8CIuyTPIBZX
+RPKJNfIraKq/Xi7tuLkvWVGVsSqJeTvP++05Tvv/44+XBpCp3sUrjsb0G0Mj90PG
+SnAapsrgzDzLO/LQ8vrB9H2oRM4iYfUxu/dKSOBVXa3WQzsLBL0/9zZ30g==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..eb051dc4d
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUzCCAzugAwIBAgIDFE3dMA0GCSqGSIb3DQEBBQUAMIHPMQswCQYDVQQGEwJB
+VDGBizCBiAYDVQQKHoGAAEEALQBUAHIAdQBzAHQAIABHAGUAcwAuACAAZgD8AHIA
+IABTAGkAYwBoAGUAcgBoAGUAaQB0AHMAcwB5AHMAdABlAG0AZQAgAGkAbQAgAGUA
+bABlAGsAdAByAC4AIABEAGEAdABlAG4AdgBlAHIAawBlAGgAcgAgAEcAbQBiAEgx
+GDAWBgNVBAsTD0EtVHJ1c3QtUXVhbC0wMTEYMBYGA1UEAxMPQS1UcnVzdC1RdWFs
+LTAxMB4XDTE0MDcwMTExMjExNVoXDTI0MDcwMTA5MjExNVowgc8xCzAJBgNVBAYT
+AkFUMYGLMIGIBgNVBAoegYAAQQAtAFQAcgB1AHMAdAAgAEcAZQBzAC4AIABmAPwA
+cgAgAFMAaQBjAGgAZQByAGgAZQBpAHQAcwBzAHkAcwB0AGUAbQBlACAAaQBtACAA
+ZQBsAGUAawB0AHIALgAgAEQAYQB0AGUAbgB2AGUAcgBrAGUAaAByACAARwBtAGIA
+SDEYMBYGA1UECxMPQS1UcnVzdC1RdWFsLTAxMRgwFgYDVQQDEw9BLVRydXN0LVF1
+YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmhgdxIbxTGEOH
+fXGiewI3NFldAWKFWfLofO+5I1UbvA5avt7IgsGXz/tI/f5HGUbascI0i7xG0tqV
+lA5ctQgLRqxgxHtgTkMcqsAEYdsz3LZsCdXO1QrvEBGLTSABdxiL/gSWJ6z77CSw
+x7Xg02HwxPV82cjGkSF3ENGJntuIAAnRDWn/ORHjFatNRymoMbHaOEZXSGhf7Y5F
+rrHEqGyi9E6sv784De/T1aTvskn8cWeUmDzv//omiG/a/V9KQex/61XN8OthUQVn
+X+u/liL2NKx74I2C/GgHX5B0WkPNqsSOgmlvJ/cKuT0PveUgVFDAA0oYBgcE1KDM
+lBbN0kmPAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEs8jB2F
+6W+tMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAQIN9LZbMivO9
+kWLDlDI9cTEIPpRXmgNdaBQRUpZc2ML0vDW6OVI90r8GxFQTE/I7HjrvuqQDTEL1
+qd8tthiazsLYI5eDX1CtJEFFtg25Y9t3tK2HsShb8sCj798hoXsOMFR9qhp5Fjb8
+TX4CVuQ3sK1TKeNlDmpAx6SqkYYT0CCMccsxt2j89ED8Z+B/yW19OZQk3BFDigYL
+46YsLKAC96ItFpUOs8ZbAUfUlpVA6G+09EMcDxOcuD/ebLx6I/ynwYAtqYXaizsY
+KTE35A3M2ghfGFJ+DlQoh3Bn/RG01LKXXgaVTHHMvvpxBp55wz2SocD/PpFe+D6Q
+C016YgTrrQ==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..be29fb6ac
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyzCCArOgAwIBAgIDFE3kMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0xNDA3MDExMTIzMzNa
+Fw0yNDA3MDEwOTIzMzNaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDIxGDAWBgNVBAMMD0Et
+VHJ1c3QtUXVhbC0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJaR
+q9eOsFm4Ab20Hq2Z/aH86gyWa48uSUjY6eQkguHYuszr3gdcSMYZggFHQgnhfLmf
+ro/27l5rqKhWiDhWs+b+yZ1PNDhRPJy+86ycHMg9XJqErveULBSyZDdgjhSwOyrN
+ibUir/fkf+4sKzP5jjytTKJXD/uCxY4fAd9TjMEVpN3umpIS0ijpYhclYDHvzzGU
+833z5Dwhq5D8bc9jp8YSAHFJ1xzIoO1jmn3jjyjdYPnY5harJtHQL73nDQnfbtTs
+5ThT9GQLulrMgLU4WeyAWWWEMWpfVZFMJOUkmoOEer6A8e5fIAeqdxdsC+JVqpZ4
+CAKel/Arrlj1gFA//jsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
+CgQIQj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBh
+MfOINQm4XpzF6DmkOmb/ArSXHf5LObqFmIMooNr2TkyzrUTK/NE+mdrm15Rfdts7
+kZVq/ICfQSFeaPvWaAVq4plH/26OjvMTVv7DfgfPBUxDWqlCuDnDnPAVQ+yo/o5i
+BA5uUlMbp5znbDtlxwF/5gWqcn/hKxSUCP1uiOPIlKfeVvsRmBcJAdoixTM/Ic10
+pavJMGOI20onArvQZAUEbXQLA8cs8naxfF6Bo36U9nk6wn7q8VPXhViekByd17F6
+9A+ah0Iqw4SPf9BqNRIe1YxxjDhCmjWt3aoyE3ZFBuGjW+r2ipb/vGU1+2oyy2Fd
+2dMmiMQ7gGhWX9X6gWLd
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..e1100c7fc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyzCCArOgAwIBAgIDFE31MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDMxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMzAeFw0xNDA3MDExMTMwNTZa
+Fw0yNDA3MDEwOTMwNTZaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDMxGDAWBgNVBAMMD0Et
+VHJ1c3QtUXVhbC0wMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOe
+JIgc0s9AA0hqqqWgK72W9XwKn5+rUJDbQc5WgHkqwP2TU3qcW/NZYSSIY6PVGO6b
+hHSEnOyMPdrBhnpvNi4m6349yT6t565LdHcoKyQg/youwpVkEPZ+e8O32hF9nqvt
+L4wZohydjMwzcHUJB/5e+0CkJYwv/bVRZzqoK0yf1midYJukxWOw7nDNKD9KdOpZ
++XXFAAZuH7BjwSqqE138y9JlGzkxIlrCeSJdGfFLwr7OHIgBdPEmQXcyOcaMUGjP
+U4VDig+gj+6OC5KjAEC+wKJZXiyhRLj+HyLTDLrQ6O8p5HI3Sov4FuwiMgcqIyzz
+o9fNyqmnT3K/vBGOqBsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
+CgQIRgbfN/LCNxAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBy
+jA/CmId9oz8sy4rwEklti+8TLS/aLHkiMqUmKjuHyT/6mz4Qh4fLfAAEv8iGSZiW
++7+Gv7HTcuEEdyNNhUmMGJLSQA/3KBjlttHXLiG943wnvcZf3LtkFc+8Ia5N3bNS
+BM6q7/OFKHSS+iHcAJ8XS6SnLITYRyfo0thsXBaHpkTUkEP0uJY+yoE/EcBkvsGX
+drLIawu8YOrNZvs3S6Ag0ex5brIdqiNtlUGwRxpLwssfBho5K0NqpXAloHT9kHBd
+rGb2GrVdLIesuVivSP9zq09M8bcm3jDPCHv5bcudPZVX7rkr79VphgLfKlINA4Fw
+VxCuPLXx/4sCfANQtvuY
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer
new file mode 100644
index 000000000..e90f5f2a6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIDFE3DMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFU
+MRAwDgYDVQQKEwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkw
+FwYDVQQDExBBLVRydXN0LW5RdWFsLTAxMB4XDTE0MDcwMTExMDk1NFoXDTI0MDcw
+MTA5MDk1NFowVTELMAkGA1UEBhMCQVQxEDAOBgNVBAoTB0EtVHJ1c3QxGTAXBgNV
+BAsTEEEtVHJ1c3QtblF1YWwtMDExGTAXBgNVBAMTEEEtVHJ1c3QtblF1YWwtMDEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD/9RyAEZ6eHmhYzNJ328f0
+jmdSUFi6EqRqOxb3jHNPTIpK82CR6z5lmSnZQNUuCPD+htbNZffd2DKVB06NOyZ1
+2zcOMCgj4GtkZoqE0zPpPT3bpoE55nkZZe/qWEX/64wz/L/4EdkvKDSKG/UsP75M
+tmCVY5m2Eg73RVFRz4ccBIMpHel4lzEqSkdDtZOY5fnkrE333hx67nxq21vY8Eyf
+8O4fPQ5RtN8eohQCcPQ1z6ypU1R7N9jPRpnI+yzMOiwd3+QcKhHi1miCzo0pkOaB
+1CwmfsTyNl8qU0NJUL9Ta6cea7WThwTiWol2yD88cd2cy388xpbNkfrCPmZNGLoV
+AgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECE5ZzscCMocwMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAO3hBdwsNQOtYOAlC2PKT
+sdNexKqMefFGrGDYIEAflaudwpcqUgv7fLLhMNRMT+BcXtqXtfNHGsll2GwseuMq
+C02bPUmbfNV4P9djIz/s6qqvNQaQneFzhuXn+i0YQ10sFFVeIL3qrBMl1lwBeQ64
+/GyvrbGiHuuagEUc25CDrUqni+b+azaPUsRG6IXkIWG0H6WIMqtxIdHzAV/1raKh
+PKot1VhG2rivf1cBBGXU/0VSYBitXrLNwXwlX2ad0WiFHUF8RS9F3j2vVSYMfxer
+NPNaRLtCkHNSqCIDkMmmHJKbJbKJzMaZYmX2i2nc16HCpE/gbQc3etQCl3GvzO88
+xw==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
new file mode 100644
index 000000000..2284687bb
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy
+OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
+EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj
+lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ
+znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
+2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1
+k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
+2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1
+hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br
+cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm
+FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ
+tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s
+FJ6N46sU7LjJLqSKYEB8usoIiw==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..eb051dc4d
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01-20140701-20240701.SerNo144ddd(SecureSignatureKeypair).cer
@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEUzCCAzugAwIBAgIDFE3dMA0GCSqGSIb3DQEBBQUAMIHPMQswCQYDVQQGEwJB
+VDGBizCBiAYDVQQKHoGAAEEALQBUAHIAdQBzAHQAIABHAGUAcwAuACAAZgD8AHIA
+IABTAGkAYwBoAGUAcgBoAGUAaQB0AHMAcwB5AHMAdABlAG0AZQAgAGkAbQAgAGUA
+bABlAGsAdAByAC4AIABEAGEAdABlAG4AdgBlAHIAawBlAGgAcgAgAEcAbQBiAEgx
+GDAWBgNVBAsTD0EtVHJ1c3QtUXVhbC0wMTEYMBYGA1UEAxMPQS1UcnVzdC1RdWFs
+LTAxMB4XDTE0MDcwMTExMjExNVoXDTI0MDcwMTA5MjExNVowgc8xCzAJBgNVBAYT
+AkFUMYGLMIGIBgNVBAoegYAAQQAtAFQAcgB1AHMAdAAgAEcAZQBzAC4AIABmAPwA
+cgAgAFMAaQBjAGgAZQByAGgAZQBpAHQAcwBzAHkAcwB0AGUAbQBlACAAaQBtACAA
+ZQBsAGUAawB0AHIALgAgAEQAYQB0AGUAbgB2AGUAcgBrAGUAaAByACAARwBtAGIA
+SDEYMBYGA1UECxMPQS1UcnVzdC1RdWFsLTAxMRgwFgYDVQQDEw9BLVRydXN0LVF1
+YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCmhgdxIbxTGEOH
+fXGiewI3NFldAWKFWfLofO+5I1UbvA5avt7IgsGXz/tI/f5HGUbascI0i7xG0tqV
+lA5ctQgLRqxgxHtgTkMcqsAEYdsz3LZsCdXO1QrvEBGLTSABdxiL/gSWJ6z77CSw
+x7Xg02HwxPV82cjGkSF3ENGJntuIAAnRDWn/ORHjFatNRymoMbHaOEZXSGhf7Y5F
+rrHEqGyi9E6sv784De/T1aTvskn8cWeUmDzv//omiG/a/V9KQex/61XN8OthUQVn
+X+u/liL2NKx74I2C/GgHX5B0WkPNqsSOgmlvJ/cKuT0PveUgVFDAA0oYBgcE1KDM
+lBbN0kmPAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEs8jB2F
+6W+tMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAQIN9LZbMivO9
+kWLDlDI9cTEIPpRXmgNdaBQRUpZc2ML0vDW6OVI90r8GxFQTE/I7HjrvuqQDTEL1
+qd8tthiazsLYI5eDX1CtJEFFtg25Y9t3tK2HsShb8sCj798hoXsOMFR9qhp5Fjb8
+TX4CVuQ3sK1TKeNlDmpAx6SqkYYT0CCMccsxt2j89ED8Z+B/yW19OZQk3BFDigYL
+46YsLKAC96ItFpUOs8ZbAUfUlpVA6G+09EMcDxOcuD/ebLx6I/ynwYAtqYXaizsY
+KTE35A3M2ghfGFJ+DlQoh3Bn/RG01LKXXgaVTHHMvvpxBp55wz2SocD/PpFe+D6Q
+C016YgTrrQ==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..be29fb6ac
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02-20140701-20240701.SerNo144de4(SecureSignatureKeypair).cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyzCCArOgAwIBAgIDFE3kMA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDIxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMjAeFw0xNDA3MDExMTIzMzNa
+Fw0yNDA3MDEwOTIzMzNaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDIxGDAWBgNVBAMMD0Et
+VHJ1c3QtUXVhbC0wMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJaR
+q9eOsFm4Ab20Hq2Z/aH86gyWa48uSUjY6eQkguHYuszr3gdcSMYZggFHQgnhfLmf
+ro/27l5rqKhWiDhWs+b+yZ1PNDhRPJy+86ycHMg9XJqErveULBSyZDdgjhSwOyrN
+ibUir/fkf+4sKzP5jjytTKJXD/uCxY4fAd9TjMEVpN3umpIS0ijpYhclYDHvzzGU
+833z5Dwhq5D8bc9jp8YSAHFJ1xzIoO1jmn3jjyjdYPnY5harJtHQL73nDQnfbtTs
+5ThT9GQLulrMgLU4WeyAWWWEMWpfVZFMJOUkmoOEer6A8e5fIAeqdxdsC+JVqpZ4
+CAKel/Arrlj1gFA//jsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
+CgQIQj0rJKbBRc4wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBh
+MfOINQm4XpzF6DmkOmb/ArSXHf5LObqFmIMooNr2TkyzrUTK/NE+mdrm15Rfdts7
+kZVq/ICfQSFeaPvWaAVq4plH/26OjvMTVv7DfgfPBUxDWqlCuDnDnPAVQ+yo/o5i
+BA5uUlMbp5znbDtlxwF/5gWqcn/hKxSUCP1uiOPIlKfeVvsRmBcJAdoixTM/Ic10
+pavJMGOI20onArvQZAUEbXQLA8cs8naxfF6Bo36U9nk6wn7q8VPXhViekByd17F6
+9A+ah0Iqw4SPf9BqNRIe1YxxjDhCmjWt3aoyE3ZFBuGjW+r2ipb/vGU1+2oyy2Fd
+2dMmiMQ7gGhWX9X6gWLd
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer
new file mode 100644
index 000000000..e1100c7fc
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03-20140701-20240701.SerNo144df5(SecureSignatureKeypair).cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDyzCCArOgAwIBAgIDFE31MA0GCSqGSIb3DQEBBQUAMIGLMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1
+YWwtMDMxGDAWBgNVBAMMD0EtVHJ1c3QtUXVhbC0wMzAeFw0xNDA3MDExMTMwNTZa
+Fw0yNDA3MDEwOTMwNTZaMIGLMQswCQYDVQQGEwJBVDFIMEYGA1UECgw/QS1UcnVz
+dCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVy
+a2VociBHbWJIMRgwFgYDVQQLDA9BLVRydXN0LVF1YWwtMDMxGDAWBgNVBAMMD0Et
+VHJ1c3QtUXVhbC0wMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALOe
+JIgc0s9AA0hqqqWgK72W9XwKn5+rUJDbQc5WgHkqwP2TU3qcW/NZYSSIY6PVGO6b
+hHSEnOyMPdrBhnpvNi4m6349yT6t565LdHcoKyQg/youwpVkEPZ+e8O32hF9nqvt
+L4wZohydjMwzcHUJB/5e+0CkJYwv/bVRZzqoK0yf1midYJukxWOw7nDNKD9KdOpZ
++XXFAAZuH7BjwSqqE138y9JlGzkxIlrCeSJdGfFLwr7OHIgBdPEmQXcyOcaMUGjP
+U4VDig+gj+6OC5KjAEC+wKJZXiyhRLj+HyLTDLrQ6O8p5HI3Sov4FuwiMgcqIyzz
+o9fNyqmnT3K/vBGOqBsCAwEAAaM2MDQwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4E
+CgQIRgbfN/LCNxAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBy
+jA/CmId9oz8sy4rwEklti+8TLS/aLHkiMqUmKjuHyT/6mz4Qh4fLfAAEv8iGSZiW
++7+Gv7HTcuEEdyNNhUmMGJLSQA/3KBjlttHXLiG943wnvcZf3LtkFc+8Ia5N3bNS
+BM6q7/OFKHSS+iHcAJ8XS6SnLITYRyfo0thsXBaHpkTUkEP0uJY+yoE/EcBkvsGX
+drLIawu8YOrNZvs3S6Ag0ex5brIdqiNtlUGwRxpLwssfBho5K0NqpXAloHT9kHBd
+rGb2GrVdLIesuVivSP9zq09M8bcm3jDPCHv5bcudPZVX7rkr79VphgLfKlINA4Fw
+VxCuPLXx/4sCfANQtvuY
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer
new file mode 100644
index 000000000..e90f5f2a6
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20140701-20240701.SerNo144dc3(CertifiedKeypair).cer
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDXTCCAkWgAwIBAgIDFE3DMA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNVBAYTAkFU
+MRAwDgYDVQQKEwdBLVRydXN0MRkwFwYDVQQLExBBLVRydXN0LW5RdWFsLTAxMRkw
+FwYDVQQDExBBLVRydXN0LW5RdWFsLTAxMB4XDTE0MDcwMTExMDk1NFoXDTI0MDcw
+MTA5MDk1NFowVTELMAkGA1UEBhMCQVQxEDAOBgNVBAoTB0EtVHJ1c3QxGTAXBgNV
+BAsTEEEtVHJ1c3QtblF1YWwtMDExGTAXBgNVBAMTEEEtVHJ1c3QtblF1YWwtMDEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD/9RyAEZ6eHmhYzNJ328f0
+jmdSUFi6EqRqOxb3jHNPTIpK82CR6z5lmSnZQNUuCPD+htbNZffd2DKVB06NOyZ1
+2zcOMCgj4GtkZoqE0zPpPT3bpoE55nkZZe/qWEX/64wz/L/4EdkvKDSKG/UsP75M
+tmCVY5m2Eg73RVFRz4ccBIMpHel4lzEqSkdDtZOY5fnkrE333hx67nxq21vY8Eyf
+8O4fPQ5RtN8eohQCcPQ1z6ypU1R7N9jPRpnI+yzMOiwd3+QcKhHi1miCzo0pkOaB
+1CwmfsTyNl8qU0NJUL9Ta6cea7WThwTiWol2yD88cd2cy388xpbNkfrCPmZNGLoV
+AgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECE5ZzscCMocwMA4G
+A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAO3hBdwsNQOtYOAlC2PKT
+sdNexKqMefFGrGDYIEAflaudwpcqUgv7fLLhMNRMT+BcXtqXtfNHGsll2GwseuMq
+C02bPUmbfNV4P9djIz/s6qqvNQaQneFzhuXn+i0YQ10sFFVeIL3qrBMl1lwBeQ64
+/GyvrbGiHuuagEUc25CDrUqni+b+azaPUsRG6IXkIWG0H6WIMqtxIdHzAV/1raKh
+PKot1VhG2rivf1cBBGXU/0VSYBitXrLNwXwlX2ad0WiFHUF8RS9F3j2vVSYMfxer
+NPNaRLtCkHNSqCIDkMmmHJKbJbKJzMaZYmX2i2nc16HCpE/gbQc3etQCl3GvzO88
+xw==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
new file mode 100644
index 000000000..2284687bb
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy
+OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
+EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj
+lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ
+znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
+2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1
+k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
+2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1
+hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br
+cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm
+FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ
+tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s
+FJ6N46sU7LjJLqSKYEB8usoIiw==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
new file mode 100644
index 000000000..2284687bb
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy
+OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
+EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj
+lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ
+znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
+2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1
+k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
+2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1
+hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br
+cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm
+FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ
+tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s
+FJ6N46sU7LjJLqSKYEB8usoIiw==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
new file mode 100644
index 000000000..2284687bb
--- /dev/null
+++ b/id/server/data/deploy/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB
+VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp
+bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R
+dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy
+OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy
+dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52
+ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM
+EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj
+lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ
+znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH
+2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1
+k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs
+2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD
+VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC
+AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1
+hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br
+cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm
+FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ
+tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s
+FJ6N46sU7LjJLqSKYEB8usoIiw==
+-----END CERTIFICATE-----
diff --git a/id/server/data/deploy/tomcat/unix/tomcat-start.sh b/id/server/data/deploy/tomcat/unix/tomcat-start.sh
index 10bade1bd..59cf2d0a9 100644
--- a/id/server/data/deploy/tomcat/unix/tomcat-start.sh
+++ b/id/server/data/deploy/tomcat/unix/tomcat-start.sh
@@ -18,7 +18,7 @@ PROXY_OPT=-Dmoa.id.proxy.configuration=$CATALINA_BASE/conf/moa-id-proxy/MOAIDCon
#TRUST_STORE_PASS_OPT=-Djavax.net.ssl.trustStorePassword=changeit
#TRUST_STORE_TYPE_OPT=-Djavax.net.ssl.trustStoreType=jks
-export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $SPSS_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT $CONFIGTOOL_OPT $DEMOOA_OPT $STORK_OPT $PROXY_OPT"
+export CATALINA_OPTS="$CONFIG_OPT $LOGGING_OPT $SPSS_OPT $TRUST_STORE_OPT $TRUST_STORE_PASS_OPT $TRUST_STORE_TYPE_OPT $CONFIGTOOL_OPT $DEMOOA_OPT $STORK_OPT $PROXY_OPT -Xms512m -Xmx1536m -XX:PermSize=256m"
echo CATALINA_HOME: $CATALINA_HOME
echo CATALINA_BASE: $CATALINA_BASE
diff --git a/id/server/data/deploy/tomcat/win32/startTomcat.bat b/id/server/data/deploy/tomcat/win32/startTomcat.bat
index 7730137c5..8d6d670bc 100644
--- a/id/server/data/deploy/tomcat/win32/startTomcat.bat
+++ b/id/server/data/deploy/tomcat/win32/startTomcat.bat
@@ -17,8 +17,8 @@ set CONFIGTOOL_OPT=-Dmoa.id.webconfig=%CATALINA_HOME%/conf/moa-id-configuration/
set DEMOOA_OPT=-Dmoa.id.demoOA=%CATALINA_HOME%/conf/moa-id-oa/oa.properties
set STORK_OPT=-Deu.stork.samlengine.config.location=%CATALINA_HOME%/conf/moa-id/stork/
set PROXY_OPT=-Dmoa.id.proxy.configuration=%CATALINA_HOME%/conf/moa-id-proxy/MOAIDConfiguration.xml
-
-set PARAMS_MOA=%CONFIG_OPT_SPSS% %CONFIG_OPT_ID% %LOGGING_OPT% %CONFIGTOOL_OPT% %DEMOOA_OPT% %STORK_OPT% %PROXY_OPT%
+
+set PARAMS_MOA=%CONFIG_OPT_SPSS% %CONFIG_OPT_ID% %LOGGING_OPT% %CONFIGTOOL_OPT% %DEMOOA_OPT% %STORK_OPT% %PROXY_OPT% -Xms512m -Xmx1536m -XX:PermSize=256m
rem set PARAM_TRUST_STORE=-Djavax.net.ssl.trustStore=truststore.jks
rem set PARAM_TRUST_STORE_PASS=-Djavax.net.ssl.trustStorePassword=changeit
diff --git a/id/server/doc/conf/Catalina/localhost/proxy.xml b/id/server/doc/conf/Catalina/localhost/proxy.xml
deleted file mode 100644
index eef60b953..000000000
--- a/id/server/doc/conf/Catalina/localhost/proxy.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-
- Context configuration file for the MOA-Proxy App
-
- aus einer Tomcat 4.x.xx server.xml Datei:
- <Context path="" docBase="../moa-id-proxy.war" debug="0"/>
-
--->
-<Context path="" docBase="${catalina.base}/webappsProxy/moa-id-proxy.war" privileged="true"
-
- antiResourceLocking="false" antiJARLocking="false">
-
-<!--
-<ResourceLink name="users" global="UserDatabase"
- type="org.apache.catalina.UserDatabase"/>
--->
-
- <!-- Uncomment this Valve to limit access to the Admin app to localhost
- for obvious security reasons. Allow may be a comma-separated list of
- hosts (or even regular expressions).
- <Valve className="org.apache.catalina.valves.RemoteAddrValve"
- allow="127.0.0.1"/>
- -->
-
-</Context>
diff --git a/id/server/doc/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6 b/id/server/doc/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6
deleted file mode 100644
index dfe7072c1..000000000
--- a/id/server/doc/conf/moa-id-configuration/certs/certstore/0ED5CDAFA436F005D3F8351F242765C0B56DE4A3/60916A7AFE1F0EA965ECC9375BE974971B5DC1E6
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/id/server/doc/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28
deleted file mode 100644
index 38c2de589..000000000
--- a/id/server/doc/conf/moa-id-configuration/certs/certstore/1BC54FCD10AC931CD35BDBDCD622330B06FF615E/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98 b/id/server/doc/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98
deleted file mode 100644
index e13546c72..000000000
--- a/id/server/doc/conf/moa-id-configuration/certs/certstore/844A1479AD61EA2C122DA87572364FDB6EFF5F81/0BB438D6E2D13BE3FD8CF0807BD560D3CB5C4A98
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5E b/id/server/doc/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5E
deleted file mode 100644
index c3363a922..000000000
--- a/id/server/doc/conf/moa-id-configuration/certs/certstore/C15B362B586F7D6FE99A08C386E6DEAC7C0B93BC/BECE82B2F908174E2379652769C6942AF1F0CC5E
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt b/id/server/doc/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt
deleted file mode 100644
index 765d61e8e..000000000
--- a/id/server/doc/conf/moa-id-configuration/certs/truststore/IAIKTestRootCA.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDbDCCAlSgAwIBAgIBATANBgkqhkiG9w0BAQUFADBHMRowGAYDVQQDExFJQUlL
-IFRlc3QgUm9vdCBDQTENMAsGA1UEChMESUFJSzENMAsGA1UEBxMER3JhejELMAkG
-A1UEBhMCQVQwHhcNMDgwMTE0MTc1MzA3WhcNMTgwMTE0MTc1MzA3WjBHMRowGAYD
-VQQDExFJQUlLIFRlc3QgUm9vdCBDQTENMAsGA1UEChMESUFJSzENMAsGA1UEBxME
-R3JhejELMAkGA1UEBhMCQVQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQC6KO6ltDC+smJsFFYz8cjB3BwFg97ZSi/xplSPYRAc/UJfWmXMUksIQ/74mMtr
-XvZCykYckiZTU19pFPf+GzHesp8PgQPScfEHVpLbXAeMrg5zZLInz0dhwBRkeZUb
-4wFcn4kaQODoGqi9gxpCqDQEc/lZp2rULgxwZWu9WYTmXps+wl7EPAUkCF3vI6jp
-8ZvEZ3uUtZycee5biRbzSs25/vtUyumrPKBGNiK1nSIoHmWpXWUZvRP44Wxmen6k
-AT9UV3SVUt1mPDb2ofsVbUtUoUE6QgiMNfhr66cXL6fZpS8/+h6T9oZncsEXz7ii
-4ZiezsSS/8ZwYelsjMoZOyhnAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBxjAPBgNV
-HRMBAf8EBTADAQH/MB0GA1UdDgQWBBSQlsST3+0l+oqAodh9XJCXAonZdDAfBgNV
-HSMEGDAWgBSQlsST3+0l+oqAodh9XJCXAonZdDANBgkqhkiG9w0BAQUFAAOCAQEA
-hjb8n4zLRS8KVANvTj5P0RfzFsXHsJFWoHv5lH5HETi5tkX/YD1AdDTLfV6GihmL
-Wn5hDT4owhw6moz8Q1H1X1N+3FZyzIrP96T1hoXbUTxcmc3Vt7wl+IsUA4fg5kfn
-WXn+93NFYQMd/iZOz/ByhEIiG022eRsSYkzm+Fl674k/eukPZCeCETlIMjpUGkEO
-ASws3KB98GyLG8SJ+7nssdol6rlL8agnz8iqTxGrqgYjkzb8uTKPMrxZ8tCUskSP
-uJHuDXdUJXACgOdZqTU6hdV+S/m2BeIj7+q8B7XWaivnsla5q/RWA1EoyAfWW54x
-iBGgBJ14RnNU0QKr0o9m8A==
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html b/id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
deleted file mode 100644
index ef070b8eb..000000000
--- a/id/server/doc/conf/moa-id-configuration/htmlTemplates/loginFormFull.html
+++ /dev/null
@@ -1,846 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-
- <!-- MOA-ID 2.x BKUSelection Layout CSS -->
- <style type="text/css">
- @media screen and (min-width: 650px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- background-color : #fff;
- text-align: center;
- background-color: #6B7B8B;
- }
-
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input{
- font-size: 0.7em;
- /*border-radius: 5px;*/
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.85em;
- /*border-radius: 7px;*/
- margin-bottom: 25px;
- min-width: 80px;
- }
-
- #mandateLogin {
- font-size: 0.85em;
- }
-
- #bku_header h2 {
- font-size: 0.8em;
- }
-
-
- #page {
- display: block;
- border: 2px solid rgb(0,0,0);
- width: 650px;
- height: 460px;
- margin: 0 auto;
- margin-top: 5%;
- position: relative;
- border-radius: 25px;
- background: rgb(255,255,255);
- }
-
- #page1 {
- text-align: center;
- }
-
- #main {
- /* clear:both; */
- position:relative;
- margin: 0 auto;
- width: 250px;
- text-align: center;
- }
-
- .OA_header {
- /* background-color: white;*/
- font-size: 20pt;
- margin-bottom: 25px;
- margin-top: 25px;
- }
-
- #leftcontent {
- /*float:left; */
- width:250px;
- margin-bottom: 25px;
- text-align: left;
- border: 1px solid rgb(0,0,0);
- }
-
- #selectArea {
- font-size: 15px;
- padding-bottom: 65px;
- }
-
- #leftcontent {
- width: 300px;
- margin-top: 30px;
- }
-
- #bku_header {
- height: 5%;
- padding-bottom: 3px;
- padding-top: 3px;
- }
-
- #bkulogin {
- overflow:hidden;
- min-width: 190px;
- min-height: 180px;
- /*height: 260px;*/
- }
-
- h2#tabheader{
- font-size: 1.1em;
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- }
-
- #stork h2 {
- font-size: 1.0em;
- margin-bottom: 2%;
- }
-
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 100px;
- height: 30px
- }
-
- #leftbutton {
- width: 30%;
- float:left;
- margin-left: 40px;
- }
-
- #rightbutton {
- width: 30%;
- float:right;
- margin-right: 45px;
- text-align: right;
- }
-
- button {
- height: 25px;
- width: 75px;
- margin-bottom: 10px;
- }
-
- #validation {
- position: absolute;
- bottom: 0px;
- margin-left: 270px;
- padding-bottom: 10px;
- }
-
- }
-
- @media screen and (max-width: 205px) {
- #localBKU p {
- font-size: 0.6em;
- }
-
- #localBKU input {
- font-size: 0.6em;
- min-width: 60px;
- /* max-width: 65px; */
- min-height: 1.0em;
- /* border-radius: 5px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.7em;
- min-width: 55px;
- /*min-height: 1.1em;
- border-radius: 5px;*/
- margin-bottom: 2%
- }
-
- #mandateLogin {
- font-size: 0.65em;
- }
-
- #bku_header h2 {
- font-size: 0.8em;
- margin-top: -0.4em;
- padding-top: 0.4em;
- }
-
- #bkulogin {
- min-height: 150px;
- }
- }
-
- @media screen and (max-width: 249px) and (min-width: 206px) {
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input {
- font-size: 0.7em;
- min-width: 70px;
- /* max-width: 75px; */
- min-height: 0.95em;
- /* border-radius: 6px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.75em;
- min-width: 60px;
- /* min-height: 0.95em;
- border-radius: 6px; */
- margin-bottom: 5%
- }
-
- #mandateLogin {
- font-size: 0.75em;
- }
-
- #bku_header h2 {
- font-size: 0.9em;
- margin-top: -0.45em;
- padding-top: 0.45em;
- }
-
- #bkulogin {
- min-height: 180px;
- }
- }
-
- @media screen and (max-width: 299px) and (min-width: 250px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.85em;
- /* min-height: 1.05em;
- border-radius: 7px; */
- margin-bottom: 10%;
- }
-
- #mandateLogin {
- font-size: 1em;
- }
-
- #bku_header h2 {
- font-size: 1.0em;
- margin-top: -0.50em;
- padding-top: 0.50em;
- }
- }
-
- @media screen and (max-width: 399px) and (min-width: 300px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.9em;
- /* min-height: 1.2em;
- border-radius: 8px; */
- margin-bottom: 10%;
- max-width: 80px;
- }
-
- #mandateLogin {
- font-size: 1em;
- }
-
- #bku_header h2 {
- font-size: 1.1em;
- margin-top: -0.55em;
- padding-top: 0.55em;
- }
- }
-
- @media screen and (max-width: 649px) and (min-width: 400px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 80px; */
- /* border-radius: 6px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 1.0em;
- /* min-height: 1.3em;
- border-radius: 10px; */
- margin-bottom: 10%;
- max-width: 85px;
- }
-
- #mandateLogin {
- font-size: 1.2em;
- }
-
- #bku_header h2 {
- font-size: 1.3em;
- margin-top: -0.65em;
- padding-top: 0.65em;
- }
- }
-
-
-
- @media screen and (max-width: 649px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
-
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
-
- #page1 {
- visibility: hidden;
- }
-
- #main {
- visibility: hidden;
- }
-
- #validation {
- visibility: hidden;
- display: none;
- }
-
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
-
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border:none;
- vertical-align: middle;
- min-height: 173px;
- min-width: 204px;
-
- }
-
- #bku_header {
- height: 10%;
- min-height: 1.2em;
- margin-top: 1%;
- }
-
- h2#tabheader{
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- top: 50%;
- }
-
- #stork h2 {
- font-size: 0.9em;
- margin-bottom: 2%;
- }
-
- #bkulogin {
- min-width: 190px;
- min-height: 155px;
- }
-
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- input[type=button] {
-/* height: 11%; */
- width: 70%;
- }
- }
-
- * {
- margin: 0;
- padding: 0;
- font-family: #FONTTYPE#;
- }
-
- #selectArea {
- padding-top: 10px;
- padding-bottom: 55px;
- padding-left: 10px;
- }
-
- .setAssertionButton {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- #leftbutton {
- width: 35%;
- float:left;
- margin-left: 15px;
- }
-
- #rightbutton {
- width: 35%;
- float:right;
- margin-right: 25px;
- text-align: right;
- }
-
- #stork {
- /*margin-bottom: 10px;*/
- /* margin-top: 5px; */
- }
-
- #mandateLogin {
- padding-bottom: 4%;
- padding-top: 4%;
- height: 10%;
- position: relative;
- text-align: center;
- }
-
- .verticalcenter {
- vertical-align: middle;
- }
-
- #mandateLogin div {
- clear: both;
- margin-top: -1%;
- position: relative;
- top: 50%;
- }
-
- #bkuselectionarea {
- position: relative;
- display: block;
- }
-
- #localBKU {
- padding-left: 5%;
- padding-right: 2%;
- padding-bottom: 4%;
- /*padding-top: 4%;*/
- position: relative;
- clear: both;
- }
-
- #bkukarte {
- float:left;
- text-align:center;
- width:40%;
- min-height: 70px;
- padding-left: 5%;
- padding-top: 2%;
- }
-
- #bkuhandy {
- float:right;
- text-align:center;
- width:40%;
- min-height: 90px;
- padding-right: 5%;
- padding-top: 2%;
- }
-
- .bkuimage {
- width: 90%;
- height: auto;
- }
-
- #mandate{
- text-align:center;
- padding : 5px 5px 5px 5px;
- }
-
-/* input[type=button], .sendButton {
- background: #BUTTON_BACKGROUNDCOLOR#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: 3px 3px 3px #222222; */
-/* }
-
-/* button:hover, button:focus, button:active,
- .sendButton:hover , .sendButton:focus, .sendButton:active,
- #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
- background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: -1px -1px 3px #222222; */
-/* }
-
-*/
- input {
- /*border:1px solid #000;*/
- cursor: pointer;
- }
-
- #localBKU input {
-/* color: #BUTTON_COLOR#; */
- border: 0px;
- display: inline-block;
-
- }
-
- #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
- text-decoration: underline;
- }
-
- #installJava, #BrowserNOK {
- clear:both;
- font-size:0.8em;
- padding:4px;
- }
-
- .selectText{
-
- }
-
- .selectTextHeader{
-
- }
-
- .sendButton {
- width: 30%;
- margin-bottom: 1%;
- }
-
- #leftcontent a {
- text-decoration:none;
- color: #000;
- /* display:block;*/
- padding:4px;
- }
-
- #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
- text-decoration:underline;
- color: #000;
- }
-
- .infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
- }
-
- .hell {
- background-color : #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
- }
-
- .dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
- }
-
- .main_header {
- color: black;
- font-size: 32pt;
- position: absolute;
- right: 10%;
- top: 40px;
-
- }
-
- </style>
-<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-<script type="text/javascript">
- function isIE() {
- return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
- }
- function isFullscreen() {
- try {
- return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
- } catch (e) {
- return false;
- }
- }
- function isActivexEnabled() {
- var supported = null;
- try {
- supported = !!new ActiveXObject("htmlfile");
- } catch (e) {
- supported = false;
- }
- return supported;
- }
- function isMetro() {
- if (!isIE())
- return false;
- return !isActivexEnabled() && isFullscreen();
- }
- window.onload=function() {
- document.getElementById("localBKU").style.display="block";
- return;
- }
- function bkuLocalClicked() {
- setMandateSelection();
- }
-
- function bkuOnlineClicked() {
- if (isMetro())
- document.getElementById("metroDetected").style.display="block";
- document.getElementById("localBKU").style.display="block";
-/* if (checkMandateSSO())
- return; */
-
- setMandateSelection();
-/* setSSOSelection(); */
-
- var iFrameURL = "#AUTH_URL#" + "?";
- iFrameURL += "bkuURI=" + "#ONLINE#";
- iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
- iFrameURL += "&MODUL=" + "#MODUL#";
- iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
- generateIFrame(iFrameURL);
- }
- function bkuHandyClicked() {
- document.getElementById("localBKU").style.display="none";
-/* if (checkMandateSSO())
- return; */
-
- setMandateSelection();
-/* setSSOSelection(); */
-
- var iFrameURL = "#AUTH_URL#" + "?";
- iFrameURL += "bkuURI=" + "#HANDY#";
- iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
- iFrameURL += "&MODUL=" + "#MODUL#";
- iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
- generateIFrame(iFrameURL);
- }
- function storkClicked() {
- document.getElementById("localBKU").style.display="none";
-/* if (checkMandateSSO())
- return; */
-
- setMandateSelection();
-/* setSSOSelection(); */
-
- var ccc = "AT";
- var countrySelection = document.getElementById("cccSelection");
- if (countrySelection != null) {
- ccc = document.getElementById("cccSelection").value;
- }
- var iFrameURL = "#AUTH_URL#" + "?";
- iFrameURL += "bkuURI=" + "#ONLINE#";
- iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
- iFrameURL += "&CCC=" + ccc;
-/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
- iFrameURL += "&MODUL=" + "#MODUL#";
- iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
- generateIFrame(iFrameURL);
- }
- function generateIFrame(iFrameURL) {
- var el = document.getElementById("bkulogin");
- var width = el.clientWidth;
- var heigth = el.clientHeight - 20;
- var parent = el.parentNode;
-
- iFrameURL += "&heigth=" + heigth;
- iFrameURL += "&width=" + width;
-
- var iframe = document.createElement("iframe");
- iframe.setAttribute("src", iFrameURL);
- iframe.setAttribute("width", el.clientWidth - 1);
- iframe.setAttribute("height", el.clientHeight - 1);
- iframe.setAttribute("frameborder", "0");
- iframe.setAttribute("scrolling", "no");
- iframe.setAttribute("title", "Login");
- parent.replaceChild(iframe, el);
- }
- function setMandateSelection() {
- document.getElementById("moaidform").action = "#AUTH_URL#";
- document.getElementById("useMandate").value = "false";
- var checkbox = document.getElementById("mandateCheckBox");
- if (checkbox != null) {
- if (document.getElementById("mandateCheckBox").checked) {
- document.getElementById("useMandate").value = "true";
- }
- }
- }
- function onChangeChecks() {
- if (top.innerWidth < 650) {
- document.getElementById("moaidform").setAttribute("target","_parent");
- } else {
- document.getElementById("moaidform").removeAttribute("target");
- }
-
- }
-/* function setSSOSelection() {
- document.getElementById("useSSO").value = "false";
- var checkbox = document.getElementById("SSOCheckBox");
- if (checkbox != null) {
- if (document.getElementById("SSOCheckBox").checked) {
- document.getElementById("useSSO").value = "true";
- }
- }
- } */
-
-/* function checkMandateSSO() {
- var sso = document.getElementById("SSOCheckBox");
- var mandate = document.getElementById("mandateCheckBox");
-
-
- if (sso.checked && mandate.checked) {
- alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
- mandate.checked = false;
- sso.checked = false;
- return true;
- } else {
- return false;
- }
- } */
- </script>
-<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
-</head>
-<body onload="onChangeChecks();" onresize="onChangeChecks();">
- <div id="page">
- <div id="page1" class="case selected-case" role="main">
- <h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
- <div id="main">
- <div id="leftcontent" class="hell" role="application">
- <div id="bku_header" class="dunkel">
- <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
- </div>
- <div id="bkulogin" class="hell" role="form">
- <div id="mandateLogin" style="">
- <div>
- <input tabindex="1" type="checkbox" name="Mandate"
- id="mandateCheckBox" class="verticalcenter" role="checkbox"
- onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
- <label for="mandateCheckBox" class="verticalcenter">in
- Vertretung anmelden</label>
- <!--a href="info_mandates.html"
- target="_blank"
- class="infobutton verticalcenter"
- tabindex="5">i</a-->
- </div>
- </div>
- <div id="bkuselectionarea">
- <div id="bkukarte">
- <img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
- alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
- onClick="bkuOnlineClicked();" tabindex="2" role="button"
- value="Karte" />
- </div>
- <div id="bkuhandy">
- <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
- alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
- onClick="bkuHandyClicked();" tabindex="3" role="button"
- value="HANDY" />
- </div>
- </div>
- <div id="localBKU">
- <form method="get" id="moaidform" action="#AUTH_URL#"
- class="verticalcenter" target="_parent">
- <input type="hidden" name="bkuURI" value="#LOCAL#"> <input
- type="hidden" name="useMandate" id="useMandate"> <input
- type="hidden" name="SSO" id="useSSO"> <input
- type="hidden" name="CCC" id="ccc"> <input type="hidden"
- name="MODUL" value="#MODUL#"> <input type="hidden"
- name="ACTION" value="#ACTION#"> <input type="hidden"
- name="MOASessionID" value="#SESSIONID#">
- <input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
- role="button" class="hell"
- onclick="setMandateSelection();"
- >
- <!--p>
- <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
- </p-->
- </form>
- </div>
-
- <div id="stork" align="center" style="#STORKVISIBLE#">
- <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
- <p>
- <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
- #PEPSLIST#
- </select>
- <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
- <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
- </p>
- </div>
-
- <div id="metroDetected" style="display: none">
- <p>Anscheinend verwenden Sie Internet Explorer im
- Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
- Optionen um die Karten-Anmeldung starten zu können.</p>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div id="validation">
- <a href="http://validator.w3.org/check?uri="> <img
- style="border: 0; width: 88px; height: 31px"
- src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
- </a> <a href="http://jigsaw.w3.org/css-validator/"> <img
- style="border: 0; width: 88px; height: 31px"
- src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
- alt="CSS ist valide!" />
- </a>
- </div>
- </div>
-</body>
-</html>
diff --git a/id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html b/id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
deleted file mode 100644
index b80d654cc..000000000
--- a/id/server/doc/conf/moa-id-configuration/htmlTemplates/sendAssertionFormFull.html
+++ /dev/null
@@ -1,617 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
- <!-- MOA-ID 2.x BKUSelection Layout CSS -->
- <style type="text/css">
- @media screen and (min-width: 650px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- background-color : #fff;
- text-align: center;
- background-color: #6B7B8B;
- }
-
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input{
- font-size: 0.7em;
- border-radius: 5px;
- }
-
- #bkuselectionarea button {
- font-size: 0.85em;
- border-radius: 7px;
- margin-bottom: 25px;
- }
-
- #mandateLogin {
- font-size: 0.85em;
- }
-
- #bku_header h2 {
- font-size: 0.8em;
- }
-
-
- #page {
- display: block;
- border: 2px solid rgb(0,0,0);
- width: 650px;
- height: 440px;
- margin: 0 auto;
- margin-top: 5%;
- position: relative;
- border-radius: 25px;
- background: rgb(255,255,255);
- }
-
- #page1 {
- text-align: center;
- }
-
- #main {
- /* clear:both; */
- position:relative;
- margin: 0 auto;
- width: 250px;
- text-align: center;
- }
-
- .OA_header {
- /* background-color: white;*/
- font-size: 20pt;
- margin-bottom: 25px;
- margin-top: 25px;
- }
-
- #leftcontent {
- width: 300px;
- margin-top: 30px;
- padding-bottom: 15px;
- margin-bottom: 25px;
- text-align: left;
- border: 1px solid rgb(0,0,0);
- }
-
- #selectArea {
- font-size: 15px;
- padding-bottom: 65px;
- }
-
- #selectArea h3 {
- margin-bottom: 25px;
- }
-
- #bku_header {
- height: 5%;
- padding-bottom: 3px;
- padding-top: 3px;
- }
-
- #bkulogin {
- overflow:hidden;
- min-width: 190px;
- min-height: 180px;
- /*height: 260px;*/
- }
-
- h2#tabheader{
- font-size: 1.1em;
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- }
-
- .setAssertionButton_full {
- margin-top: 15px;
- width: 100px;
- height: 30px;
- font-size: 1.3em;
- min-height: 1.3em;
-/* border-radius: 10px;*/
- }
-
- #leftbutton {
- width: 30%;
- float:left;
- margin-left: 40px;
- }
-
- #rightbutton {
- width: 30%;
- float:right;
- margin-right: 45px;
- text-align: right;
- }
-
- button {
- height: 25px;
- width: 90px;
- margin-bottom: 10px;
- }
-
- #validation {
- position: absolute;
- bottom: 0px;
- margin-left: 270px;
- padding-bottom: 10px;
- }
-
- }
-
- @media screen and (max-width: 205px) {
- #localBKU p {
- font-size: 0.6em;
- }
-
- #localBKU input {
- font-size: 0.7em;
- min-width: 70px;
- min-height: 1.2em;
- border-radius: 5px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 0.8em;
- min-width: 65px;
- min-height: 1.3em;
- /* border-radius: 5px; */
- margin-bottom: 2%
- }
-
- #mandateLogin {
- font-size: 0.65em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 0.8em;
- margin-top: -0.4em;
- }
- }
-
- @media screen and (max-width: 249px) and (min-width: 206px) {
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input {
- font-size: 0.85em;
- min-width: 80px;
- min-height: 0.95em;
- border-radius: 6px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 0.85em;
- min-width: 70px;
- min-height: 0.95em;
- /* border-radius: 6px; */
- margin-bottom: 2%
- }
-
- #mandateLogin {
- font-size: 0.75em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 0.9em;
- margin-top: -0.45em;
- }
- }
-
- @media screen and (max-width: 299px) and (min-width: 250px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.9em;
- min-width: 100px;
- border-radius: 6px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 1.0em;
- min-height: 1.05em;
- /* border-radius: 7px; */
- margin-bottom: 5%;
- }
-
- #mandateLogin {
- font-size: 1em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 1.0em;
- margin-top: -0.50em;
- }
- }
-
- @media screen and (max-width: 399px) and (min-width: 300px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.9em;
- min-width: 100px;
- border-radius: 6px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 1.1em;
- min-height: 1.2em;
- /* border-radius: 8px; */
- margin-bottom: 5%;
- }
-
- #mandateLogin {
- font-size: 1em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 1.1em;
- margin-top: -0.55em;
- }
- }
-
- @media screen and (max-width: 649px) and (min-width: 400px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.9em;
- min-width: 100px;
- border-radius: 6px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 1.3em;
- min-height: 1.3em;
-/* border-radius: 10px; */
- margin-bottom: 5%;
- }
-
- #mandateLogin {
- font-size: 1.2em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 1.3em;
- margin-top: -0.65em;
- }
- }
-
-
-
- @media screen and (max-width: 649px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
-
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
-
- #page1 {
- visibility: hidden;
- }
-
- #main {
- visibility: hidden;
- }
-
- #validation {
- visibility: hidden;
- display: none;
- }
-
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
-
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border:none;
- min-width: 190px;
-/* min-height: 190px; */
- vertical-align: middle;
-
- }
-
- #bku_header {
- height: 10%;
- min-height: 1.2em;
- margin-top: 1%;
- }
-
- h2#tabheader{
- padding-left: 2%;
- padding-right: 2%;
- padding-top: 1%;
- position: relative;
- top: 50%;
- }
-
- #bkulogin {
- min-width: 190px;
- min-height: 150px;
- }
-
- .setAssertionButton_full {
- margin-top: 15px;
- width: 70%;
- height: 11%;
- min-width: 60px;
- min-height: 25px;
- }
-
- #selectArea h3 {
- margin-top: 2%;
- }
-
- button {
- height: 11%;
- width: 70%;
- }
- }
-
- * {
- margin: 0;
- padding: 0;
-/* border: 0; */
- font-family: #FONTTYPE#;
- }
-
- #selectArea {
- padding-top: 10px;
- padding-bottom: 55px;
- padding-left: 10px;
- }
-
- .setAssertionButton {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- #leftbutton {
- width: 35%;
- float:left;
- margin-left: 15px;
- }
-
- #rightbutton {
- width: 35%;
- float:right;
- margin-right: 25px;
- text-align: right;
- }
-
- #stork {
- margin-bottom: 10px;
- margin-top: 5px;
- }
-
- #mandateLogin {
- padding-bottom: 2%;
- padding-top: 2%;
- height: 10%;
- position: relative;
- text-align: center;
- }
-
- .verticalcenter {
- vertical-align: middle;
- }
-
- #mandateLogin > div {
- clear: both;
- margin-top: -1%;
- position: relative;
- top: 50%;
- }
-
- #bkuselectionarea {
- position: relative;
- display: block;
- }
-
- #localBKU {
- padding-left: 5%;
- padding-right: 2%;
- padding-bottom: 2%;
- position: relative;
- clear: both;
- }
-
- #bkukarte {
- float:left;
- text-align:center;
- width:40%;
- min-height: 70px;
- padding-left: 5%;
- padding-top: 2%;
- }
-
- #bkuhandy {
- float:right;
- text-align:center;
- width:40%;
- min-height: 90px;
- padding-right: 5%;
- padding-top: 2%;
- }
-
- .bkuimage {
- width: 90%;
- height: auto;
- }
-
- #mandate{
- text-align:center;
- padding : 5px 5px 5px 5px;
- }
-
- button, .sendButton {
-/* background: #BUTTON_BACKGROUNDCOLOR#;
- color: #BUTTON_COLOR#; */
- cursor: pointer;
-
-/* border:1px solid #000;
- box-shadow: 3px 3px 3px #222222; */
- }
-
- button:hover, button:focus, button:active,
- .sendButton:hover , .sendButton:focus, .sendButton:active,
- #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-/* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
- color: #BUTTON_COLOR#; */
- cursor: pointer;
-
-/* border:1px solid #000;
- box-shadow: -1px -1px 3px #222222; */
- }
-
- #installJava, #BrowserNOK {
- clear:both;
- font-size:0.8em;
- padding:4px;
- }
-
- .selectText{
-
- }
-
- .selectTextHeader{
-
- }
-
- #leftcontent a {
- text-decoration:none;
- color: #000;
- /* display:block;*/
- padding:4px;
- }
-
- #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
- text-decoration:underline;
- color: #000;
- }
-
- .infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
- }
-
- .hell {
- background-color : #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
- }
-
- .dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
- }
-
- .main_header {
- color: black;
- font-size: 32pt;
- position: absolute;
- right: 10%;
- top: 40px;
-
- }
-
- </style>
-
-
- <title>Anmeldung an Online-Applikation</title>
-</head>
-
-
-<body>
- <div id="page">
-
- <div id="page1" class="case selected-case" role="main">
-
-<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
-
- <div id="main">
- <div id="leftcontent" class="hell">
- <div id="bku_header" class="dunkel">
- <h2 id="tabheader" class="dunkel" role="heading">
- Anmeldeinformationen:
- </h2>
- </div>
-
- <div id="selectArea" class="hell" role="application">
- <h3>Anmeldung an: #OAName#</h3>
-
-<!-- <div class="hell"> -->
- <div id="leftbutton">
- <form method="post" id="moaidform_yes" action="#URL#">
- <input type="hidden" name="value" value="true">
- <input type="hidden" name="mod" value="#MODUL#">
- <input type="hidden" name="action" value="#ACTION#">
- <input type="hidden" name="identifier" value="#ID#">
- <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button">
- </form>
- </div>
- <div id="rightbutton">
- <form method="post" id="moaidform_no" action="#URL#">
- <input type="hidden" name="value" value="false">
- <input type="hidden" name="mod" value="#MODUL#">
- <input type="hidden" name="action" value="#ACTION#">
- <input type="hidden" name="identifier" value="#ID#">
- <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button">
- </form>
- </div>
-
- </div>
- </div>
- </div>
- </div>
- <div id="validation">
- <a href="http://validator.w3.org/check?uri=">
- <img style="border:0;width:88px;height:31px"
- src="#CONTEXTPATH#/img/valid-html5-blue.png"
- alt="HTML5 ist valide!" />
- </a>
- <a href="http://jigsaw.w3.org/css-validator/">
- <img style="border:0;width:88px;height:31px"
- src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
- alt="CSS ist valide!" />
- </a>
- </div>
- </div>
-</body>
-</html>
diff --git a/id/server/doc/conf/moa-id-configuration/keys/application[password].p12 b/id/server/doc/conf/moa-id-configuration/keys/application[password].p12
deleted file mode 100644
index 78cab1e89..000000000
--- a/id/server/doc/conf/moa-id-configuration/keys/application[password].p12
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id-configuration/keys/assertion.crt b/id/server/doc/conf/moa-id-configuration/keys/assertion.crt
deleted file mode 100644
index aa4e23cb1..000000000
--- a/id/server/doc/conf/moa-id-configuration/keys/assertion.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0
-MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV
-BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
-ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts
-2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y
-+4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8
-upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn
-SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9
-8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O
-BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3
-EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T
-dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD
-ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl
-DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b
-crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60
-LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3
-0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5
-ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-configuration/keys/encryption.crt b/id/server/doc/conf/moa-id-configuration/keys/encryption.crt
deleted file mode 100644
index c9d94f9b6..000000000
--- a/id/server/doc/conf/moa-id-configuration/keys/encryption.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID9zCCAt+gAwIBAgIJAMC/5DRgVin3MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCkVuY3J5cHRpb24wHhcNMTQwMjA0MTA0
-MjA2WhcNMjQwMjAyMTA0MjA2WjBaMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29t
-ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
-VQQDEwpFbmNyeXB0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-qgKWs3IW4giGsbAUm/wRH+lcggVpOPkNqqtNA48Qfwkq/lSWdeHp0+xXOwR1Oull
-TpmfbqJouUoHf6jCt1EXqlQR2oQ1oYYjLncVMhZ9ajXVFJEBl6tw9Em4aCzkkTdL
-HfWoh21iDnYOXTgP23/59xpuvy85O39hKnysXIcniqeb1uHthMiN25R8g4bPOQNb
-OfoMXpXdVbHxM77ZDSbk88BMRsq8SnlPdelaf8HsZomtnLKXvSDLivTZloxtHjBa
-aJNS/H1zr3HI+lq4S4VH+8ilj53OeWHjstGCFiTRtZy2hZvG2PegNIL7shMN/h4i
-h+OCn/ImAW9Kf599wve5iQIDAQABo4G/MIG8MB0GA1UdDgQWBBQzMzOrGfjN+Tnz
-zbFTyLPgHS4FkjCBjAYDVR0jBIGEMIGBgBQzMzOrGfjN+TnzzbFTyLPgHS4FkqFe
-pFwwWjELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoT
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMKRW5jcnlwdGlvboIJ
-AMC/5DRgVin3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADZoknf
-lcG0O9sL8CALO6UmPy1+ZlOXndoqqNu3uvzj7hvjT5RPY4hTyfrkUn5EqlHwLSCf
-C7rOxcGvRHT3/REwOef8H3MGdSV81esa5EbrRfGWjLOXoQFrIOhz5bxqoU0B7Obh
-3IUA2yCGz4SlXjMdMWN670ETglnthdY4z2Ot8n4E2YNXlRSubowat7ylkqjKvyaB
-Iz/RVgDxblkOK+bqPSKaNWvadItnMyh7Y8C3LD3tQpwYViJ0QOJ9BMujULma7Tb8
-lVIhmx3y2cU8nCqG0VPSTE6AMnuONuQjJTGFsRdDREFrALtjUpsUOXU6+19ywYSi
-LYiLYskPglktuck=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-configuration/keys/moa_idp.crt b/id/server/doc/conf/moa-id-configuration/keys/moa_idp.crt
deleted file mode 100644
index bd9640b37..000000000
--- a/id/server/doc/conf/moa-id-configuration/keys/moa_idp.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw
-MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE
-CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
-MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD
-ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x
-tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY
-O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh
-zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS
-ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW
-BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw
-ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh
-dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ
-TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M
-+uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0
-p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA
-oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv
-tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/
-Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-configuration/keys/moa_idp[password].p12 b/id/server/doc/conf/moa-id-configuration/keys/moa_idp[password].p12
deleted file mode 100644
index 78cab1e89..000000000
--- a/id/server/doc/conf/moa-id-configuration/keys/moa_idp[password].p12
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id-configuration/keys/request.crt b/id/server/doc/conf/moa-id-configuration/keys/request.crt
deleted file mode 100644
index aa4e23cb1..000000000
--- a/id/server/doc/conf/moa-id-configuration/keys/request.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0
-MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV
-BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
-ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts
-2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y
-+4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8
-upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn
-SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9
-8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O
-BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3
-EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T
-dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD
-ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl
-DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b
-crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60
-LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3
-0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5
-ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-configuration/mail/activation_template.html b/id/server/doc/conf/moa-id-configuration/mail/activation_template.html
deleted file mode 100644
index adac14f56..000000000
--- a/id/server/doc/conf/moa-id-configuration/mail/activation_template.html
+++ /dev/null
@@ -1,39 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
-<title>Benachrichtigung</title>
-<style type="text/css">
-body {
- line-height: 1;
- color: black;
- background: white;
- min-height: 101%;
- font-size: 0.8em;
- font-family: Verdana, Arial, Helvetica, sans-serif;
-}
-</style>
-
-</head>
-
-<body>
-<div style="width: 708px; border: 1px solid #bbbbbb">
- <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p>
- <p>&nbsp;</p>
- <p>Ihr Benutzeraccount f&uuml;r das MOA-ID 2.x Verwaltungs- und Konfigurationstool wurde soeben durch den Administrator freigegeben.</p>
- <p>Sie k&ouml;nnen Sich ab nun unter folgendem Link am Konfigurationstool anmelden und Ihre Online-Applikationen verwalten.
- <a href="#MANDATE_SERVICE_LINK#">#MANDATE_SERVICE_LINK#</a>.</p>
-
- <p>&nbsp;</p>
- <p>Graz, #TODAY_DATE#</p>
- <p align="right">E-Government Innovationszentrum <br />
- Inffeldgasse 16a<br />
- 8010 Graz<br />
- <br />
- Telefon: +43 (316) 873-5514 <br />
- Fax: +43 (316) 873-5520 <br />
- E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
- </p>
-</div>
-</body>
-</html>
diff --git a/id/server/doc/conf/moa-id-configuration/mail/admin_template.html b/id/server/doc/conf/moa-id-configuration/mail/admin_template.html
deleted file mode 100644
index dd5872514..000000000
--- a/id/server/doc/conf/moa-id-configuration/mail/admin_template.html
+++ /dev/null
@@ -1,40 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
-<title>Benachrichtigung</title>
-<style type="text/css">
-body {
- line-height: 1;
- color: black;
- background: white;
- min-height: 101%;
- font-size: 0.8em;
- font-family: Verdana, Arial, Helvetica, sans-serif;
-}
-</style>
-
-</head>
-
-<body>
-<div style="width: 708px; border: 1px solid #bbbbbb">
- <p>Sehr geehrte(r) Administrator(in),</p>
- <p>&nbsp;</p>
- <p>Am MOA-ID 2.x Verwaltungs- und Konfigurationstool liegen offene Antr&auml;ge vor.</p>
-
- <p>Aktuell warten #NUMBER_USERSS# neue Benutzeraccount(s) und #NUMBER_OAS# neue Online-Applikation(en)
- auf eine Freigabe durch einen Administrator.</p>
-
- <p>&nbsp;</p>
- <p>Graz, #TODAY_DATE#</p>
- <p align="right">E-Government Innovationszentrum <br />
- Inffeldgasse 16a<br />
- 8010 Graz<br />
- <br />
- Telefon: +43 (316) 873-5514 <br />
- Fax: +43 (316) 873-5520 <br />
- E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
- </p>
-</div>
-</body>
-</html>
diff --git a/id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html b/id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html
deleted file mode 100644
index e809de743..000000000
--- a/id/server/doc/conf/moa-id-configuration/mail/oa_activation_template.html
+++ /dev/null
@@ -1,37 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
-<title>Benachrichtigung</title>
-<style type="text/css">
-body {
- line-height: 1;
- color: black;
- background: white;
- min-height: 101%;
- font-size: 0.8em;
- font-family: Verdana, Arial, Helvetica, sans-serif;
-}
-</style>
-
-</head>
-
-<body>
-<div style="width: 708px; border: 1px solid #bbbbbb">
- <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p>
- <p>&nbsp;</p>
- <p>Ihre Online-Applikation mit der ID #OANAME# wurde soeben durch den Administrator freigegeben.</p>
-
- <p>&nbsp;</p>
- <p>Graz, #TODAY_DATE#</p>
- <p align="right">E-Government Innovationszentrum <br />
- Inffeldgasse 16a<br />
- 8010 Graz<br />
- <br />
- Telefon: +43 (316) 873-5514 <br />
- Fax: +43 (316) 873-5520 <br />
- E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
- </p>
-</div>
-</body>
-</html>
diff --git a/id/server/doc/conf/moa-id-configuration/mail/rejected_template.html b/id/server/doc/conf/moa-id-configuration/mail/rejected_template.html
deleted file mode 100644
index b5abff125..000000000
--- a/id/server/doc/conf/moa-id-configuration/mail/rejected_template.html
+++ /dev/null
@@ -1,37 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
-<title>Benachrichtigung</title>
-<style type="text/css">
-body {
- line-height: 1;
- color: black;
- background: white;
- min-height: 101%;
- font-size: 0.8em;
- font-family: Verdana, Arial, Helvetica, sans-serif;
-}
-</style>
-
-</head>
-
-<body>
-<div style="width: 708px; border: 1px solid #bbbbbb">
- <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p>
- <p>&nbsp;</p>
- <p>Ihr Benutzeraccount f&uuml;r das MOA-ID 2.x Verwaltungs- und Konfigurationstool wurde soeben durch einen Administrator gel&ouml;scht.</p>
-
- <p>&nbsp;</p>
- <p>Graz, #TODAY_DATE#</p>
- <p align="right">E-Government Innovationszentrum <br />
- Inffeldgasse 16a<br />
- 8010 Graz<br />
- <br />
- Telefon: +43 (316) 873-5514 <br />
- Fax: +43 (316) 873-5520 <br />
- E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
- </p>
-</div>
-</body>
-</html>
diff --git a/id/server/doc/conf/moa-id-configuration/mail/verification_template.html b/id/server/doc/conf/moa-id-configuration/mail/verification_template.html
deleted file mode 100644
index fb4a3f2c4..000000000
--- a/id/server/doc/conf/moa-id-configuration/mail/verification_template.html
+++ /dev/null
@@ -1,43 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-15" />
-<title>Benachrichtigung</title>
-<style type="text/css">
-body {
- line-height: 1;
- color: black;
- background: white;
- min-height: 101%;
- font-size: 0.8em;
- font-family: Verdana, Arial, Helvetica, sans-serif;
-}
-</style>
-
-</head>
-
-<body>
-<div style="width: 708px; border: 1px solid #bbbbbb">
- <p>Sehr geehrte(r) #GIVENNAME# #FAMILYNAME#,</p>
- <p>&nbsp;</p>
- <p>Sie haben einen Benutzeraccount f&uuml;r das MOA-ID 2.x Verwaltungs- und Konfigurationstool beantragt.</p>
- <p>Um Ihren Antrag abzuschließen &ouml;ffnen Sie bitte den folgenden Link in Ihrem Browser.<br>
- <a href="#MANDATE_SERVICE_LINK#">#MANDATE_SERVICE_LINK#</a>.<br>
- Anschließend wird Ihre Antrag an den zust&auml;ndigen Administrator weitergeleitet.
- Sie erhalten danach eine weitere Best&auml;tigung sobald Ihr Benutzeraccount freigeschalten wurde.</p>
-
- <p>Sollten Sie keinen Account beantragt haben k&ouml;nnen Sie dieses Mail ignorieren.</p>
-
- <p>&nbsp;</p>
- <p>Graz, #TODAY_DATE#</p>
- <p align="right">E-Government Innovationszentrum <br />
- Inffeldgasse 16a<br />
- 8010 Graz<br />
- <br />
- Telefon: +43 (316) 873-5514 <br />
- Fax: +43 (316) 873-5520 <br />
- E-Mail: <a href="mailto:moa-id-configuration@egiz.gv.at" target="_blank" title="E-Mail an: ">moa-id-configuration@egiz.gv.at</a>
- </p>
-</div>
-</body>
-</html>
diff --git a/id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties b/id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties
deleted file mode 100644
index db158ed23..000000000
--- a/id/server/doc/conf/moa-id-configuration/moa-id-configtool.properties
+++ /dev/null
@@ -1,84 +0,0 @@
-********
-*
-*$PATH_TO_CONFIG$ muss durch den eigentlichen Pfad ersetzt werden!
-*
-******
-
-#General config
-general.login.deaktivate=false
-general.publicURLContext=https://localhost:8443/moa-id-configuration
-general.moaid.instance.url=https://localhost:8443/moa-id-auth
-
-general.defaultlanguage=de
-general.ssl.certstore=certs/certstore
-general.ssl.truststore=certs/truststore
-
-##Mail
-general.mail.host=smtp.localhost...
-#general.mail.host.port=
-#general.mail.host.username=
-#general.mail.host.password=
-
-general.mail.from.name=MOA-ID 2.x Konfigurationstool
-general.mail.from.address=no-reply@localhost
-
-general.mail.useraccountrequest.verification.subject=MOA-ID 2.x - Benutzerverifikation
-general.mail.useraccountrequest.verification.template=mail/verification_template.html
-
-general.mail.useraccountrequest.isactive.subject=MOA-ID 2.x - Benutzeraktivierung
-general.mail.useraccountrequest.isactive.template=mail/activation_template.html
-general.mail.useraccountrequest.rejected.template=mail/rejected_template.html
-
-general.mail.createOArequest.isactive.subject=MOA-ID 2.x - Online-Applikationsaktivierung
-general.mail.createOArequest.isactive.template=mail/oa_activation_template.html
-
-general.mail.admin.adress=admin@localhost
-general.mail.admin.subject=MOA-ID 2.x - Statusmeldung
-general.mail.admin.adresses.template=mail/admin_template.html
-
-
-##PVP2 Authentication
-general.login.pvp2.isactive=true
-
-general.login.pvp2.idp.metadata.url=https://localhost:8443/moa-id-auth/pvp2/metadata
-general.login.pvp2.idp.metadata.certificate=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/moa_idp.crt
-general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth
-general.login.pvp2.idp.sso.logout.url=https://localhost:8443/moa-id-auth/LogOut?redirect=
-
-general.login.pvp2.metadata.entities.name=MOA-ID 2.x Configuration Tool
-general.login.pvp2.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-configuration/keys/application[password].p12
-general.login.pvp2.keystore.password=password
-general.login.pvp2.keystore.type=PKCS12
-
-general.login.pvp2.keystore.metadata.key.alias=pvp_metadata
-general.login.pvp2.keystore.metadata.key.password=password
-
-general.login.pvp2.keystore.authrequest.encryption.key.alias=pvp_encryption
-general.login.pvp2.keystore.authrequest.encryption.key.password=password
-
-general.login.pvp2.keystore.authrequest.key.alias=pvp_request
-general.login.pvp2.keystore.authrequest.key.password=password
-
-#UserRequestCleanUP time in hours
-general.userrequests.cleanup.delay=18
-
-##Hibnerate configuration for MOA-ID 2.0 configuration
-hibernate.dialect=org.hibernate.dialect.MySQLDialect
-hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true
-hibernate.connection.charSet=utf-8
-hibernate.connection.driver_class=com.mysql.jdbc.Driver
-hibernate.connection.username=
-hibernate.connection.password=
-
-hibernate.hbm2ddl.auto=update
-hibernate.current_session_context_class=thread
-hibernate.transaction.flush_before_completion=true
-hibernate.transaction.auto_close_session=true
-hibernate.show_sql=false
-hibernate.format_sql=true
-hibernate.c3p0.acquire_increment=3
-hibernate.c3p0.idle_test_period=300
-hibernate.c3p0.timeout=300
-hibernate.c3p0.max_size=20
-hibernate.c3p0.max_statements=0
-hibernate.c3p0.min_size=3 \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml b/id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml
deleted file mode 100644
index e225ca6e0..000000000
--- a/id/server/doc/conf/moa-id-configuration/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
- .normalstyle { font-size: medium; }
- .italicstyle { font-size: medium; font-style: italic; }
- .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
- .h4style{ font-size: large; }
- </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle">Österreich</td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
- Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-oa/keys/application[password].p12 b/id/server/doc/conf/moa-id-oa/keys/application[password].p12
deleted file mode 100644
index 78cab1e89..000000000
--- a/id/server/doc/conf/moa-id-oa/keys/application[password].p12
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id-oa/keys/assertion.crt b/id/server/doc/conf/moa-id-oa/keys/assertion.crt
deleted file mode 100644
index aa4e23cb1..000000000
--- a/id/server/doc/conf/moa-id-oa/keys/assertion.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0
-MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV
-BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
-ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts
-2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y
-+4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8
-upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn
-SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9
-8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O
-BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3
-EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T
-dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD
-ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl
-DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b
-crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60
-LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3
-0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5
-ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-oa/keys/encryption.crt b/id/server/doc/conf/moa-id-oa/keys/encryption.crt
deleted file mode 100644
index c9d94f9b6..000000000
--- a/id/server/doc/conf/moa-id-oa/keys/encryption.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID9zCCAt+gAwIBAgIJAMC/5DRgVin3MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCkVuY3J5cHRpb24wHhcNMTQwMjA0MTA0
-MjA2WhcNMjQwMjAyMTA0MjA2WjBaMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29t
-ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
-VQQDEwpFbmNyeXB0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-qgKWs3IW4giGsbAUm/wRH+lcggVpOPkNqqtNA48Qfwkq/lSWdeHp0+xXOwR1Oull
-TpmfbqJouUoHf6jCt1EXqlQR2oQ1oYYjLncVMhZ9ajXVFJEBl6tw9Em4aCzkkTdL
-HfWoh21iDnYOXTgP23/59xpuvy85O39hKnysXIcniqeb1uHthMiN25R8g4bPOQNb
-OfoMXpXdVbHxM77ZDSbk88BMRsq8SnlPdelaf8HsZomtnLKXvSDLivTZloxtHjBa
-aJNS/H1zr3HI+lq4S4VH+8ilj53OeWHjstGCFiTRtZy2hZvG2PegNIL7shMN/h4i
-h+OCn/ImAW9Kf599wve5iQIDAQABo4G/MIG8MB0GA1UdDgQWBBQzMzOrGfjN+Tnz
-zbFTyLPgHS4FkjCBjAYDVR0jBIGEMIGBgBQzMzOrGfjN+TnzzbFTyLPgHS4FkqFe
-pFwwWjELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoT
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMKRW5jcnlwdGlvboIJ
-AMC/5DRgVin3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADZoknf
-lcG0O9sL8CALO6UmPy1+ZlOXndoqqNu3uvzj7hvjT5RPY4hTyfrkUn5EqlHwLSCf
-C7rOxcGvRHT3/REwOef8H3MGdSV81esa5EbrRfGWjLOXoQFrIOhz5bxqoU0B7Obh
-3IUA2yCGz4SlXjMdMWN670ETglnthdY4z2Ot8n4E2YNXlRSubowat7ylkqjKvyaB
-Iz/RVgDxblkOK+bqPSKaNWvadItnMyh7Y8C3LD3tQpwYViJ0QOJ9BMujULma7Tb8
-lVIhmx3y2cU8nCqG0VPSTE6AMnuONuQjJTGFsRdDREFrALtjUpsUOXU6+19ywYSi
-LYiLYskPglktuck=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-oa/keys/metadata.crt b/id/server/doc/conf/moa-id-oa/keys/metadata.crt
deleted file mode 100644
index bd9640b37..000000000
--- a/id/server/doc/conf/moa-id-oa/keys/metadata.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw
-MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE
-CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
-MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD
-ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x
-tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY
-O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh
-zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS
-ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW
-BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw
-ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh
-dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ
-TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M
-+uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0
-p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA
-oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv
-tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/
-Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-oa/keys/moa_idp.crt b/id/server/doc/conf/moa-id-oa/keys/moa_idp.crt
deleted file mode 100644
index bd9640b37..000000000
--- a/id/server/doc/conf/moa-id-oa/keys/moa_idp.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw
-MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE
-CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
-MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD
-ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x
-tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY
-O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh
-zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS
-ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW
-BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw
-ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh
-dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ
-TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M
-+uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0
-p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA
-oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv
-tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/
-Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id-oa/oa.properties b/id/server/doc/conf/moa-id-oa/oa.properties
deleted file mode 100644
index f247dcea6..000000000
--- a/id/server/doc/conf/moa-id-oa/oa.properties
+++ /dev/null
@@ -1,27 +0,0 @@
-********
-*
-*$PATH_TO_CONFIG$ muss durch den eigentlichen Pfad ersetzt werden!
-*
-******
-
-general.publicURLContext=https://localhost:8443/moa-id-oa
-
-general.login.pvp2.idp.metadata.url=https://localhost:8443/moa-id-auth/pvp2/metadata
-general.login.pvp2.idp.metadata.certificate=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/moa_idp.crt
-general.login.pvp2.idp.metadata.entityID=https://localhost:8443/moa-id-auth
-
-general.login.pvp2.OA.metadata.entities.name=MOA-ID 2.x Demo-Application
-
-general.login.pvp2.OA.keystore.url=$PATH_TO_CONFIG$/conf/moa-id-oa/keys/application[password].p12
-general.login.pvp2.OA.keystore.password=password
-general.login.pvp2.OA.keystore.type=PKCS12
-
-general.login.pvp2.OA.keystore.metadata.sign.key.alias=pvp_metadata
-general.login.pvp2.OA.keystore.metadata.sign.key.password=password
-
-general.login.pvp2.keystore.authrequest.sign.key.alias=pvp_request
-general.login.pvp2.keystore.authrequest.sign.key.password=password
-
-general.login.pvp2.keystore.assertion.encryption.key.alias=pvp_encryption
-general.login.pvp2.keystore.assertion.encryption.key.password=password
-
diff --git a/id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml b/id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml
deleted file mode 100644
index 51b36a1da..000000000
--- a/id/server/doc/conf/moa-id-proxy/MOAIDConfiguration.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration fuer MOA-ID -->
-<MOA-IDConfiguration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:sl11="http://www.buergerkarte.at/namespaces/securitylayer/20020831#">
- <!-- Konfiguration fuer MOA-ID-PROXY -->
- <ProxyComponent>
- <!-- URL und akzeptierte TLS-Server-Zertifikate des MOA-ID-AUTH Web Service -->
- <AuthComponent>
- <ConnectionParameter URL="http://labda.iaik.tugraz.at:8080/moa-id-auth/services/GetAuthenticationData">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
- </ConnectionParameter>
- </AuthComponent>
- </ProxyComponent>
-
- <!-- Eintragung fuer jede Online-Applikation -->
- <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
- <OnlineApplication type="businessService" publicURLPrefix="https://proxy.gv.at" friendlyName="Test Application">
- <!-- fuer MOA-ID-PROXY -->
- <ProxyComponent configFileURL="oa/BasicOAConfiguration.xml" sessionTimeOut="600"
- loginParameterResolverImpl="at.gv.egiz.moa.id.proxy.MySQLLoginParameterResolver"
- loginParameterResolverConfiguration="/var/lib/tomcat6/webapps/moa-id-proxy-umgmt/WEB-INF/classes/hibernate.cfg.xml"
- connectionBuilderImpl="at.gv.egovernment.moa.id.proxy.EnhancedConnectionBuilder"
- errorRedirectURL="https://proxy.gv.at/oa2">
-
- <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
- <ConnectionParameter URL="https://proxy.gv.at/oa">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
- </ConnectionParameter>
- </ProxyComponent>
- </OnlineApplication>
-
- <!-- Eintragung fuer jede Online-Applikation -->
- <!-- Demo Online-Applikation: Zugriff auf www.digitales.oesterreich.gv.at ueber MOA-ID-PROXY -->
- <OnlineApplication type="businessService" publicURLPrefix="https://proxy.gv.at" friendlyName="Test Application">
- <!-- fuer MOA-ID-PROXY -->
- <ProxyComponent configFileURL="oa/BasicOAConfiguration.xml" sessionTimeOut="600"
- errorRedirectURL="https://proxy.gv.at/oa2">
-
- <!-- URL und akzeptierte TLS-Server-Zertifikate der Online-Applikation -->
- <ConnectionParameter URL="https://proxy.gv.at/oa">
- <AcceptedServerCertificates>certs/server-certs</AcceptedServerCertificates>
- <!-- <ClientKeyStore password="Keystore Pass">file_to_clientkeystore</ClientKeyStore> -->
- </ConnectionParameter>
- </ProxyComponent>
- </OnlineApplication>
-
- <!-- ChainingModes fuer die Zertifikatspfadueberpruefug der TLS-Zertifikate -->
- <ChainingModes systemDefaultMode="pkix">
- </ChainingModes>
- <!-- fuer MOA-ID-AUTH: CA-Zertifikat des Servers MOA-SP, falls dieses Service ueber HTTPS angesprochen wird
- fuer MOA-ID-PROXY: CA-Zertifikat des Servers MOA-ID-AUTH, falls dieses Service ueber HTTPS angesprochen wird
- zusaeztlich: CA-Zertifikat aller Online-Applikationen, die ueber HTTPS angesprochen werden -->
- <TrustedCACertificates>certs/ca-certs</TrustedCACertificates>
- <!-- Cache-Verzeichnis fuer-Zertifikate -->
- <!-- Hinweis: wenn TC in linux oder unix betrieben wird vollstaendigen pfad fuer DirectoryCertStoreParameters.RootDir verwenden -->
- <GenericConfiguration name="DirectoryCertStoreParameters.RootDir" value="/etc/tomcat6/moa-id/certs/certstore"/>
- <!-- Time-Out fuer die Anmeldung von Beginn bis zum Anlegen der Anmeldedaten, in Sekunden -->
- <GenericConfiguration name="AuthenticationSession.TimeOut" value="600"/>
- <!-- Time-Out fuer die Anmeldung vom Anlegen bis zum Abholen der Anmeldedaten, in Sekunden -->
- <GenericConfiguration name="AuthenticationData.TimeOut" value="120"/>
- <!-- Alternatives Data URL prefix (falls Webserver vorgeschaltet wird) -->
- <!--GenericConfiguration name="FrontendServlets.DataURLPrefix" value="https://<your_webserver>/moa-id-auth/"/ -->
- <!-- HTTP Verbindung auf Frontend Servlets zulassen / verbieten (falls Webserver vorgeschaltet wird) -->
- <!-- GenericConfiguration name="FrontendServlets.EnableHTTPConnection" value="true"/ -->
- <!-- URL Liste der vertrauenwürdigen Bürgekartenumgebungen -->
-</MOA-IDConfiguration>
diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp
deleted file mode 100644
index 0cb4e8fea..000000000
--- a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_debug.jsp
+++ /dev/null
@@ -1,53 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>Ein Fehler ist aufgetreten</title>
-</head>
-<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
- String errorMessage = (String)request.getAttribute("ErrorMessage");
- String wrongParameters = (String)request.getAttribute("WrongParameters");
- String logLevel = (String)request.getAttribute("LogLevel");
-%>
-
-<body>
-<h1>Fehler bei der Anmeldung</h1>
-<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
-
-<% if (logLevel != null) { %>
-<% if (errorMessage != null) { %>
-<p>
-<%= errorMessage%><br>
-</p>
-<% } %>
-<% if (exceptionThrown != null) { %>
-<p>
-<%= exceptionThrown.getMessage()%>
-</p>
-<% } %>
-<% if (wrongParameters != null) { %>
-<p>Die Angabe der Parameter ist unvollst&auml;ndig.<br></p>
-<b> <%= wrongParameters %> </b><br>
-<p>
- Beispiele f&uuml;r korrekte Links zur MOA-ID Authentisierung sind:
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entf&auml;llt die Angabe des <i>Target</i> Parameters:
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>Die Angabe der Parameter <tt>&quot;Template&quot;</tt> und <tt>&quot;BKUSelectionTemplate&quot;</tt> ist optional.</p>
-<% } %>
-<% } %>
-</body>
-</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp
deleted file mode 100644
index 0b3992bfd..000000000
--- a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-auth_empty.jsp
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>Ein Fehler ist aufgetreten</title>
-</head>
-
-<body>
-<h1>Fehler bei der Anmeldung</h1>
-<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
-
-</body>
-</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp
deleted file mode 100644
index 0cb4e8fea..000000000
--- a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_debug.jsp
+++ /dev/null
@@ -1,53 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>Ein Fehler ist aufgetreten</title>
-</head>
-<% Throwable exceptionThrown = (Throwable)request.getAttribute("ExceptionThrown");
- String errorMessage = (String)request.getAttribute("ErrorMessage");
- String wrongParameters = (String)request.getAttribute("WrongParameters");
- String logLevel = (String)request.getAttribute("LogLevel");
-%>
-
-<body>
-<h1>Fehler bei der Anmeldung</h1>
-<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
-
-<% if (logLevel != null) { %>
-<% if (errorMessage != null) { %>
-<p>
-<%= errorMessage%><br>
-</p>
-<% } %>
-<% if (exceptionThrown != null) { %>
-<p>
-<%= exceptionThrown.getMessage()%>
-</p>
-<% } %>
-<% if (wrongParameters != null) { %>
-<p>Die Angabe der Parameter ist unvollst&auml;ndig.<br></p>
-<b> <%= wrongParameters %> </b><br>
-<p>
- Beispiele f&uuml;r korrekte Links zur MOA-ID Authentisierung sind:
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?Target=&lt;Gesch&auml;ftsbereich&gt;&amp;OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-Im Falle einer Applikation aus dem privatwirtschaftlichen Bereich (type="businessService") entf&auml;llt die Angabe des <i>Target</i> Parameters:
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/StartAuthentication?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>
-<tt>&lt;a href="https://&lt;MOA-URL&gt;/SelectBKU?OA=&lt;OA-URL&gt;&amp;Template=&lt;Template-URL&gt;&amp;BKUSelectionTemplate=&lt;BKU-Template-URL&gt;&quot;&gt;</tt>
-</p>
-<p>Die Angabe der Parameter <tt>&quot;Template&quot;</tt> und <tt>&quot;BKUSelectionTemplate&quot;</tt> ist optional.</p>
-<% } %>
-<% } %>
-</body>
-</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp b/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp
deleted file mode 100644
index 0b3992bfd..000000000
--- a/id/server/doc/conf/moa-id-proxy/errorpages/errorpage-proxy_empty.jsp
+++ /dev/null
@@ -1,13 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
-<%@ page contentType="text/html; charset=UTF-8" %>
-<html>
-<head>
-<title>Ein Fehler ist aufgetreten</title>
-</head>
-
-<body>
-<h1>Fehler bei der Anmeldung</h1>
-<p>Bei der Anmeldung ist ein Fehler aufgetreten.</p>
-
-</body>
-</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id/MOAIdentities.xsd b/id/server/doc/conf/moa-id/MOAIdentities.xsd
deleted file mode 100644
index e075ead5e..000000000
--- a/id/server/doc/conf/moa-id/MOAIdentities.xsd
+++ /dev/null
@@ -1,59 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- edited with XMLSPY v5 rel. 4 U (http://www.xmlspy.com) by Rudolf Schamberger (Stabsstelle IKT-Strategie) (Bundesrechenzentrum GmbH) -->
-<xs:schema targetNamespace="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:tns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" elementFormDefault="qualified" attributeFormDefault="unqualified">
- <xs:element name="MOAIdentities">
- <xs:annotation>
- <xs:documentation>MOAIdentities provides a mapping from identities to parameters used in the XMLLoginParameterResolver of MOA-ID</xs:documentation>
- </xs:annotation>
- <xs:complexType>
- <xs:sequence maxOccurs="unbounded">
- <xs:element name="Mapping">
- <xs:complexType>
- <xs:sequence>
- <xs:element name="Identity">
- <xs:complexType>
- <xs:choice>
- <xs:element name="NamedIdentity" type="tns:NamedIdentityType"/>
- <xs:element name="bPKIdentity" type="tns:bPKIdentitiyType"/>
- <xs:element name="wbPKIdentity" type="tns:wbPKIdentitiyType"/>
- </xs:choice>
- </xs:complexType>
- </xs:element>
- <xs:element name="Parameters" type="tns:ParametersType"/>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- </xs:sequence>
- </xs:complexType>
- </xs:element>
- <xs:complexType name="wbPKIdentitiyType">
- <xs:simpleContent>
- <xs:extension base="xs:boolean">
- <xs:attribute name="wbPK" type="xs:string" use="required"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- <xs:complexType name="bPKIdentitiyType">
- <xs:simpleContent>
- <xs:extension base="xs:boolean">
- <xs:attribute name="bPK" type="xs:string" use="required"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- <xs:complexType name="NamedIdentityType">
- <xs:simpleContent>
- <xs:extension base="xs:boolean">
- <xs:attribute name="SurName" type="xs:string" use="required"/>
- <xs:attribute name="GivenName" type="xs:string" use="required"/>
- <xs:attribute name="BirthDate" type="xs:string" use="optional"/>
- </xs:extension>
- </xs:simpleContent>
- </xs:complexType>
- <xs:complexType name="ParametersType">
- <xs:attribute name="UN" type="xs:string" use="optional"/>
- <xs:attribute name="PW" type="xs:string" use="optional"/>
- <xs:attribute name="Param1" type="xs:string" use="optional"/>
- <xs:attribute name="Param2" type="xs:string" use="optional"/>
- <xs:attribute name="Param3" type="xs:string" use="optional"/>
- </xs:complexType>
-</xs:schema>
diff --git a/id/server/doc/conf/moa-id/SLTemplates/template_handyBKU.html b/id/server/doc/conf/moa-id/SLTemplates/template_handyBKU.html
deleted file mode 100644
index 5a335f9a1..000000000
--- a/id/server/doc/conf/moa-id/SLTemplates/template_handyBKU.html
+++ /dev/null
@@ -1,38 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html lang="de">
- <head>
- <title></title>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <script language="javascript" type="text/javascript">
- function onAnmeldeSubmit() {
- document.CustomizedForm.submit();
- document.CustomizedForm.Senden.disabled=true;
- }
- </script>
- </head>
- <body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
- <input class="button" type="submit" value="Starte Anmeldung" name="Senden">
- <input type="hidden" name="XMLRequest" value="<XMLRequest>">
- <input type="hidden" name="DataURL" value="<DataURL>">
- <input type="hidden" name="PushInfobox" value="<PushInfobox>">
-
- <!-- Angabe der Parameter für die Handy-BKU -->
- <input type="hidden" name="appletWidth" value="<APPLETWIDTH>">
- <input type="hidden" name="appletHeight" value="<APPLETHEIGHT>">
-
- <!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Handy-BKU -->
- <input type="hidden" name="backgroundColor" value="<COLOR>">
-
- <input type="hidden" name="redirecttarget" value="<REDIRECTTARGET>">
- </form>
-
- <form name="CustomizedInfoForm" action="<BKU>" method="post">
- <input type="hidden" name="XMLRequest" value="<CertInfoXMLRequest>">
- <input type="hidden" name="DataURL" value="<CertInfoDataURL>">
- </form>
- <form name="DummyForm" action="<BKU>" method="post">
- </form>
- </body>
-</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id/SLTemplates/template_localBKU.html b/id/server/doc/conf/moa-id/SLTemplates/template_localBKU.html
deleted file mode 100644
index 329fe6f8d..000000000
--- a/id/server/doc/conf/moa-id/SLTemplates/template_localBKU.html
+++ /dev/null
@@ -1,30 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html lang="de">
- <head>
- <title></title>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <script language="javascript" type="text/javascript">
- function onAnmeldeSubmit() {
- document.CustomizedForm.submit();
- document.CustomizedForm.Senden.disabled=true;
- }
- </script>
- </head>
- <body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
- <input class="button" type="submit" value="Starte Anmeldung" name="Senden">
- <input type="hidden" name="XMLRequest" value="<XMLRequest>">
- <input type="hidden" name="DataURL" value="<DataURL>">
- <input type="hidden" name="PushInfobox" value="<PushInfobox>">
- </form>
-
- <form name="CustomizedInfoForm" action="<BKU>" method="post">
- <input type="hidden" name="XMLRequest" value="<CertInfoXMLRequest>">
- <input type="hidden" name="DataURL" value="<CertInfoDataURL>">
- </form>
-
- <form name="DummyForm" action="<BKU>" method="post">
- </form>
- </body>
-</html>
diff --git a/id/server/doc/conf/moa-id/SLTemplates/template_onlineBKU.html b/id/server/doc/conf/moa-id/SLTemplates/template_onlineBKU.html
deleted file mode 100644
index 52abf83fb..000000000
--- a/id/server/doc/conf/moa-id/SLTemplates/template_onlineBKU.html
+++ /dev/null
@@ -1,37 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<html lang="de">
- <head>
- <title></title>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <script language="javascript" type="text/javascript">
- function onAnmeldeSubmit() {
- document.CustomizedForm.submit();
- document.CustomizedForm.Senden.disabled=true;
- }
- </script>
- </head>
- <body onLoad="onAnmeldeSubmit()">
- <form name="CustomizedForm" action="<BKU>" method="post" enctype="multipart/form-data<>">
- Falls Sie nicht automatisch weitergeleitet werden klicken Sie bitte hier:
- <input class="button" type="hidden" value="Starte Anmeldung" name="Senden">
- <input type="hidden" name="XMLRequest" value="<XMLRequest>">
- <input type="hidden" name="DataURL" value="<DataURL>">
- <input type="hidden" name="PushInfobox" value="<PushInfobox>">
-
- <!-- Angabe der Parameter fuer die Online-BKU -->
- <input type="hidden" name="appletWidth" value="<APPLETWIDTH>">
- <input type="hidden" name="appletHeight" value="<APPLETHEIGHT>">
-
- <!-- [OPTIONAL] Aendern Sie hier die Hintergrundfarbe der Online-BKU -->
- <input type="hidden" name="appletBackgroundColor" value="<COLOR>">
- <input type="hidden" name="redirectTarget" value="<REDIRECTTARGET>">
- </form>
-
- <form name="CustomizedInfoForm" action="<BKU>" method="post">
- <input type="hidden" name="XMLRequest" value="<CertInfoXMLRequest>">
- <input type="hidden" name="DataURL" value="<CertInfoDataURL>">
- </form>
- <form name="DummyForm" action="<BKU>" method="post">
- </form>
- </body>
-</html>
diff --git a/id/server/doc/conf/moa-id/SampleIdentities.xml b/id/server/doc/conf/moa-id/SampleIdentities.xml
deleted file mode 100644
index abda0bf64..000000000
--- a/id/server/doc/conf/moa-id/SampleIdentities.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Beispielkonfiguration für den Einsatz der MOA-ID Proxy-Komponenten unter Einsatz eines speziellen XMLLoginParameterResolver
- Damit kann unter Einsatz des XMLLoginParameterResolverPlainData (s.u.) eine Einschränkung von Benutzer für OA erfolgen. -->
-<!-- Beispiel für ein Element ProxyComponent in der MOA-ID Konfigurationsdatei welches den XMLLoginParameterResolverPlainData
- mit der Benutzerdatei Identities.xml verwendet um sich über Basic Authentication (401) an einer Webseite anzumeldne -->
-
-
-<!--
- <ProxyComponent configFileURL="oa/SampleOAConfiguration.xml" sessionTimeOut="600"
- loginParameterResolverImpl="at.gv.egovernment.moa.id.proxy.XMLLoginParameterResolverPlainData"
- loginParameterResolverConfiguration="Identities.xml">
- <ConnectionParameter URL="http://www.digitales.oesterreich.gv.at/">
- </ConnectionParameter>
- </ProxyComponent>
--->
-<MOAIdentities xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://reference.e-government.gv.at/namespace/moa/20020822#/xmllpr20030814 MOAIdentities.xsd">
- <!-- Eintrag aller Benutzer mit Berechtigung -->
- <!-- Die Daten müssen in der Schreibweise wie in der Personenbindung (= Schreibweise des ZMRs) eingegeben werden -->
-
- <!-- Benutzerin Kunz -->
- <Mapping>
- <Identity>
- <NamedIdentity SurName="Kunz" GivenName="Karin Stella" BirthDate="1900-01-01">1</NamedIdentity>
- </Identity>
- <Parameters UN="KunzKS" PW="geheim"/>
- </Mapping>
- <!-- Benutzer Mustermann -->
- <Mapping>
- <Identity>
- <NamedIdentity SurName="Mustermann-Fall" GivenName="Max Moriz" BirthDate="1900-01-01">1</NamedIdentity>
- </Identity>
- <Parameters UN="MustMM" PW="höchst?Geheim"/>
- </Mapping>
-</MOAIdentities>
diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer b/id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer
deleted file mode 100644
index 33e776369..000000000
--- a/id/server/doc/conf/moa-id/certs/ca-certs/A-Trust-nQual-03.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer b/id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer
deleted file mode 100644
index a699436ca..000000000
--- a/id/server/doc/conf/moa-id/certs/ca-certs/a-sign-SSL-03.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer b/id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer
deleted file mode 100644
index ff90e35f5..000000000
--- a/id/server/doc/conf/moa-id/certs/ca-certs/gateway.stammzahlenregister.gv.at.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt b/id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt
deleted file mode 100644
index 0780bc44f..000000000
--- a/id/server/doc/conf/moa-id/certs/ca-certs/szrgw.egiz.gv.at.crt
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFsDCCBJigAwIBAgIHASBxw0JY9jANBgkqhkiG9w0BAQUFADCBrDEcMBoGA1UE
-AxMTRXVyb1BLSSBJQUlLIFNTTCBDQTEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5
-IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ
-bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczENMAsGA1UE
-BxMER3JhejELMAkGA1UEBhMCQVQwHhcNMTMxMjAzMTYzODUyWhcNMTUxMjAzMTYz
-ODUyWjCBqTELMAkGA1UEBhMCQVQxDTALBgNVBAcTBEdyYXoxJjAkBgNVBAoTHUdy
-YXogVW5pdmVyc2l0eSBvZiBUZWNobm9sb2d5MUgwRgYDVQQLEz9JbnN0aXR1dGUg
-Zm9yIEFwcGxpZWQgSW5mb3JtYXRpb24gUHJvY2Vzc2luZyBhbmQgQ29tbXVuaWNh
-dGlvbnMxGTAXBgNVBAMTEHN6cmd3LmVnaXouZ3YuYXQwggEiMA0GCSqGSIb3DQEB
-AQUAA4IBDwAwggEKAoIBAQDPDRBxrsDziPzz+GAcdJ2m6kOkJcr4REzMzP9dULRv
-R6EbVvvwQgPpAEcuqH+101ZwcIHNSCSQF30HnkJVF9hQ+4jIKjvUQ96hkZUC8OyI
-9WfJfPjCtMea9Mk4YsI2DVc6xoiuNKSeZt6ER0b3YDRFX6x4QqQpgt3uIMKjHxBf
-ESB9ehKLEPnQTgIzblvVrPWRAjVd+nZq40ZW1Im9Kq2pRk1gt5xiGh0q5qCV17Yj
-mzTcO4tcgW7iFJ8Tj1Cdog7AOBkhGXGtndfhH/EwGo08PZ1PEYwA5wTVHEhq/Nom
-zBKhDBRdDBhWOuxMeX8zSffuBYf9Oa9RGZBPErUi9HgHAgMBAAGjggHWMIIB0jAO
-BgNVHQ8BAf8EBAMCBLAwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDAYDVR0TAQH/
-BAIwADBQBgNVHSAESTBHMEUGDCsGAQQBlRIBAgMBATA1MDMGCCsGAQUFBwIBFido
-dHRwOi8vZXVyb3BraS5pYWlrLmF0L2NhL2lhaWsvY3BzLzEuMy8wHQYDVR0OBBYE
-FFi1nfsT7YEJ9PKNzMHBtXbl574ZMEgGA1UdHwRBMD8wPaA7oDmGN2h0dHA6Ly9j
-YS5pYWlrLnR1Z3Jhei5hdC9jYXBzby9jcmxzL0V1cm9QS0lJQUlLX1NTTC5jcmww
-gZoGCCsGAQUFBwEBBIGNMIGKMEIGCCsGAQUFBzABhjZodHRwOi8vY2EuaWFpay50
-dWdyYXouYXQvY2Fwc28vT0NTUD9jYT1FdXJvUEtJSUFJS19TU0wwRAYIKwYBBQUH
-MAKGOGh0dHA6Ly9jYS5pYWlrLnR1Z3Jhei5hdC9jYXBzby9jZXJ0cy9FdXJvUEtJ
-SUFJS19TU0wuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56QGVnaXouZ3YuYXQw
-HwYDVR0jBBgwFoAUFZk0u+CXsy4oNl3WeM9osRQzuEkwDQYJKoZIhvcNAQEFBQAD
-ggEBAItlnRWi7nFbd9oahK06YNgkI6c3zPfWp3anaYOxZt+AakjI7IoV2YprNVWJ
-2RZ2KA7rM3xNO1i1/H6TcWpjIJy+zsejvyXjQbC9e+wy3hD7iqtCt4oWqzIg61NE
-u1j1u/r9/yozDEkOYv7XY+X5xNBCZ1YfbOwKltLdCWhk6MSK9xDUoeub0DyD3OIS
-4VBVfftsVaJA9vY9e62aSpysEU6VoJpoXVLv1pGeCMajF9d7umCs+daguugbUNMM
-FIfAll/9kcEG7FmpLaWA1qRpfTb8XZ6j/J0YrWAzyyCmLiQJRmhDDipi7PqAJBz6
-9aau5Lhfs4OYoKxgiw7WxOJldFo=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html
deleted file mode 100644
index ef070b8eb..000000000
--- a/id/server/doc/conf/moa-id/htmlTemplates/loginFormFull.html
+++ /dev/null
@@ -1,846 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
-<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-
- <!-- MOA-ID 2.x BKUSelection Layout CSS -->
- <style type="text/css">
- @media screen and (min-width: 650px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- background-color : #fff;
- text-align: center;
- background-color: #6B7B8B;
- }
-
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input{
- font-size: 0.7em;
- /*border-radius: 5px;*/
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.85em;
- /*border-radius: 7px;*/
- margin-bottom: 25px;
- min-width: 80px;
- }
-
- #mandateLogin {
- font-size: 0.85em;
- }
-
- #bku_header h2 {
- font-size: 0.8em;
- }
-
-
- #page {
- display: block;
- border: 2px solid rgb(0,0,0);
- width: 650px;
- height: 460px;
- margin: 0 auto;
- margin-top: 5%;
- position: relative;
- border-radius: 25px;
- background: rgb(255,255,255);
- }
-
- #page1 {
- text-align: center;
- }
-
- #main {
- /* clear:both; */
- position:relative;
- margin: 0 auto;
- width: 250px;
- text-align: center;
- }
-
- .OA_header {
- /* background-color: white;*/
- font-size: 20pt;
- margin-bottom: 25px;
- margin-top: 25px;
- }
-
- #leftcontent {
- /*float:left; */
- width:250px;
- margin-bottom: 25px;
- text-align: left;
- border: 1px solid rgb(0,0,0);
- }
-
- #selectArea {
- font-size: 15px;
- padding-bottom: 65px;
- }
-
- #leftcontent {
- width: 300px;
- margin-top: 30px;
- }
-
- #bku_header {
- height: 5%;
- padding-bottom: 3px;
- padding-top: 3px;
- }
-
- #bkulogin {
- overflow:hidden;
- min-width: 190px;
- min-height: 180px;
- /*height: 260px;*/
- }
-
- h2#tabheader{
- font-size: 1.1em;
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- }
-
- #stork h2 {
- font-size: 1.0em;
- margin-bottom: 2%;
- }
-
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 100px;
- height: 30px
- }
-
- #leftbutton {
- width: 30%;
- float:left;
- margin-left: 40px;
- }
-
- #rightbutton {
- width: 30%;
- float:right;
- margin-right: 45px;
- text-align: right;
- }
-
- button {
- height: 25px;
- width: 75px;
- margin-bottom: 10px;
- }
-
- #validation {
- position: absolute;
- bottom: 0px;
- margin-left: 270px;
- padding-bottom: 10px;
- }
-
- }
-
- @media screen and (max-width: 205px) {
- #localBKU p {
- font-size: 0.6em;
- }
-
- #localBKU input {
- font-size: 0.6em;
- min-width: 60px;
- /* max-width: 65px; */
- min-height: 1.0em;
- /* border-radius: 5px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.7em;
- min-width: 55px;
- /*min-height: 1.1em;
- border-radius: 5px;*/
- margin-bottom: 2%
- }
-
- #mandateLogin {
- font-size: 0.65em;
- }
-
- #bku_header h2 {
- font-size: 0.8em;
- margin-top: -0.4em;
- padding-top: 0.4em;
- }
-
- #bkulogin {
- min-height: 150px;
- }
- }
-
- @media screen and (max-width: 249px) and (min-width: 206px) {
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input {
- font-size: 0.7em;
- min-width: 70px;
- /* max-width: 75px; */
- min-height: 0.95em;
- /* border-radius: 6px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.75em;
- min-width: 60px;
- /* min-height: 0.95em;
- border-radius: 6px; */
- margin-bottom: 5%
- }
-
- #mandateLogin {
- font-size: 0.75em;
- }
-
- #bku_header h2 {
- font-size: 0.9em;
- margin-top: -0.45em;
- padding-top: 0.45em;
- }
-
- #bkulogin {
- min-height: 180px;
- }
- }
-
- @media screen and (max-width: 299px) and (min-width: 250px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.85em;
- /* min-height: 1.05em;
- border-radius: 7px; */
- margin-bottom: 10%;
- }
-
- #mandateLogin {
- font-size: 1em;
- }
-
- #bku_header h2 {
- font-size: 1.0em;
- margin-top: -0.50em;
- padding-top: 0.50em;
- }
- }
-
- @media screen and (max-width: 399px) and (min-width: 300px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 0.9em;
- /* min-height: 1.2em;
- border-radius: 8px; */
- margin-bottom: 10%;
- max-width: 80px;
- }
-
- #mandateLogin {
- font-size: 1em;
- }
-
- #bku_header h2 {
- font-size: 1.1em;
- margin-top: -0.55em;
- padding-top: 0.55em;
- }
- }
-
- @media screen and (max-width: 649px) and (min-width: 400px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 80px; */
- /* border-radius: 6px; */
- }
-
- #bkuselectionarea input[type=button] {
- font-size: 1.0em;
- /* min-height: 1.3em;
- border-radius: 10px; */
- margin-bottom: 10%;
- max-width: 85px;
- }
-
- #mandateLogin {
- font-size: 1.2em;
- }
-
- #bku_header h2 {
- font-size: 1.3em;
- margin-top: -0.65em;
- padding-top: 0.65em;
- }
- }
-
-
-
- @media screen and (max-width: 649px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
-
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
-
- #page1 {
- visibility: hidden;
- }
-
- #main {
- visibility: hidden;
- }
-
- #validation {
- visibility: hidden;
- display: none;
- }
-
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
-
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border:none;
- vertical-align: middle;
- min-height: 173px;
- min-width: 204px;
-
- }
-
- #bku_header {
- height: 10%;
- min-height: 1.2em;
- margin-top: 1%;
- }
-
- h2#tabheader{
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- top: 50%;
- }
-
- #stork h2 {
- font-size: 0.9em;
- margin-bottom: 2%;
- }
-
- #bkulogin {
- min-width: 190px;
- min-height: 155px;
- }
-
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- input[type=button] {
-/* height: 11%; */
- width: 70%;
- }
- }
-
- * {
- margin: 0;
- padding: 0;
- font-family: #FONTTYPE#;
- }
-
- #selectArea {
- padding-top: 10px;
- padding-bottom: 55px;
- padding-left: 10px;
- }
-
- .setAssertionButton {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- #leftbutton {
- width: 35%;
- float:left;
- margin-left: 15px;
- }
-
- #rightbutton {
- width: 35%;
- float:right;
- margin-right: 25px;
- text-align: right;
- }
-
- #stork {
- /*margin-bottom: 10px;*/
- /* margin-top: 5px; */
- }
-
- #mandateLogin {
- padding-bottom: 4%;
- padding-top: 4%;
- height: 10%;
- position: relative;
- text-align: center;
- }
-
- .verticalcenter {
- vertical-align: middle;
- }
-
- #mandateLogin div {
- clear: both;
- margin-top: -1%;
- position: relative;
- top: 50%;
- }
-
- #bkuselectionarea {
- position: relative;
- display: block;
- }
-
- #localBKU {
- padding-left: 5%;
- padding-right: 2%;
- padding-bottom: 4%;
- /*padding-top: 4%;*/
- position: relative;
- clear: both;
- }
-
- #bkukarte {
- float:left;
- text-align:center;
- width:40%;
- min-height: 70px;
- padding-left: 5%;
- padding-top: 2%;
- }
-
- #bkuhandy {
- float:right;
- text-align:center;
- width:40%;
- min-height: 90px;
- padding-right: 5%;
- padding-top: 2%;
- }
-
- .bkuimage {
- width: 90%;
- height: auto;
- }
-
- #mandate{
- text-align:center;
- padding : 5px 5px 5px 5px;
- }
-
-/* input[type=button], .sendButton {
- background: #BUTTON_BACKGROUNDCOLOR#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: 3px 3px 3px #222222; */
-/* }
-
-/* button:hover, button:focus, button:active,
- .sendButton:hover , .sendButton:focus, .sendButton:active,
- #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
- background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: -1px -1px 3px #222222; */
-/* }
-
-*/
- input {
- /*border:1px solid #000;*/
- cursor: pointer;
- }
-
- #localBKU input {
-/* color: #BUTTON_COLOR#; */
- border: 0px;
- display: inline-block;
-
- }
-
- #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
- text-decoration: underline;
- }
-
- #installJava, #BrowserNOK {
- clear:both;
- font-size:0.8em;
- padding:4px;
- }
-
- .selectText{
-
- }
-
- .selectTextHeader{
-
- }
-
- .sendButton {
- width: 30%;
- margin-bottom: 1%;
- }
-
- #leftcontent a {
- text-decoration:none;
- color: #000;
- /* display:block;*/
- padding:4px;
- }
-
- #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
- text-decoration:underline;
- color: #000;
- }
-
- .infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
- }
-
- .hell {
- background-color : #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
- }
-
- .dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
- }
-
- .main_header {
- color: black;
- font-size: 32pt;
- position: absolute;
- right: 10%;
- top: 40px;
-
- }
-
- </style>
-<!-- MOA-ID 2.x BKUSelection JavaScript fucnctions-->
-<script type="text/javascript">
- function isIE() {
- return (/MSIE (\d+\.\d+);/.test(navigator.userAgent));
- }
- function isFullscreen() {
- try {
- return ((top.innerWidth == screen.width) && (top.innerHeight == screen.height));
- } catch (e) {
- return false;
- }
- }
- function isActivexEnabled() {
- var supported = null;
- try {
- supported = !!new ActiveXObject("htmlfile");
- } catch (e) {
- supported = false;
- }
- return supported;
- }
- function isMetro() {
- if (!isIE())
- return false;
- return !isActivexEnabled() && isFullscreen();
- }
- window.onload=function() {
- document.getElementById("localBKU").style.display="block";
- return;
- }
- function bkuLocalClicked() {
- setMandateSelection();
- }
-
- function bkuOnlineClicked() {
- if (isMetro())
- document.getElementById("metroDetected").style.display="block";
- document.getElementById("localBKU").style.display="block";
-/* if (checkMandateSSO())
- return; */
-
- setMandateSelection();
-/* setSSOSelection(); */
-
- var iFrameURL = "#AUTH_URL#" + "?";
- iFrameURL += "bkuURI=" + "#ONLINE#";
- iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
- iFrameURL += "&MODUL=" + "#MODUL#";
- iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
- generateIFrame(iFrameURL);
- }
- function bkuHandyClicked() {
- document.getElementById("localBKU").style.display="none";
-/* if (checkMandateSSO())
- return; */
-
- setMandateSelection();
-/* setSSOSelection(); */
-
- var iFrameURL = "#AUTH_URL#" + "?";
- iFrameURL += "bkuURI=" + "#HANDY#";
- iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
-/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
- iFrameURL += "&MODUL=" + "#MODUL#";
- iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
- generateIFrame(iFrameURL);
- }
- function storkClicked() {
- document.getElementById("localBKU").style.display="none";
-/* if (checkMandateSSO())
- return; */
-
- setMandateSelection();
-/* setSSOSelection(); */
-
- var ccc = "AT";
- var countrySelection = document.getElementById("cccSelection");
- if (countrySelection != null) {
- ccc = document.getElementById("cccSelection").value;
- }
- var iFrameURL = "#AUTH_URL#" + "?";
- iFrameURL += "bkuURI=" + "#ONLINE#";
- iFrameURL += "&useMandate=" + document.getElementById("useMandate").value;
- iFrameURL += "&CCC=" + ccc;
-/* iFrameURL += "&SSO=" + document.getElementById("useSSO").value; */
- iFrameURL += "&MODUL=" + "#MODUL#";
- iFrameURL += "&ACTION=" + "#ACTION#";
- iFrameURL += "&MOASessionID=" + "#SESSIONID#";
- generateIFrame(iFrameURL);
- }
- function generateIFrame(iFrameURL) {
- var el = document.getElementById("bkulogin");
- var width = el.clientWidth;
- var heigth = el.clientHeight - 20;
- var parent = el.parentNode;
-
- iFrameURL += "&heigth=" + heigth;
- iFrameURL += "&width=" + width;
-
- var iframe = document.createElement("iframe");
- iframe.setAttribute("src", iFrameURL);
- iframe.setAttribute("width", el.clientWidth - 1);
- iframe.setAttribute("height", el.clientHeight - 1);
- iframe.setAttribute("frameborder", "0");
- iframe.setAttribute("scrolling", "no");
- iframe.setAttribute("title", "Login");
- parent.replaceChild(iframe, el);
- }
- function setMandateSelection() {
- document.getElementById("moaidform").action = "#AUTH_URL#";
- document.getElementById("useMandate").value = "false";
- var checkbox = document.getElementById("mandateCheckBox");
- if (checkbox != null) {
- if (document.getElementById("mandateCheckBox").checked) {
- document.getElementById("useMandate").value = "true";
- }
- }
- }
- function onChangeChecks() {
- if (top.innerWidth < 650) {
- document.getElementById("moaidform").setAttribute("target","_parent");
- } else {
- document.getElementById("moaidform").removeAttribute("target");
- }
-
- }
-/* function setSSOSelection() {
- document.getElementById("useSSO").value = "false";
- var checkbox = document.getElementById("SSOCheckBox");
- if (checkbox != null) {
- if (document.getElementById("SSOCheckBox").checked) {
- document.getElementById("useSSO").value = "true";
- }
- }
- } */
-
-/* function checkMandateSSO() {
- var sso = document.getElementById("SSOCheckBox");
- var mandate = document.getElementById("mandateCheckBox");
-
-
- if (sso.checked && mandate.checked) {
- alert("Anmeldung in Vertretung in kombination mit Single Sign-On wird aktuell noch nicht unterstützt!")
- mandate.checked = false;
- sso.checked = false;
- return true;
- } else {
- return false;
- }
- } */
- </script>
-<title>Anmeldung mittels Bürgerkarte oder Handy-Signatur</title>
-</head>
-<body onload="onChangeChecks();" onresize="onChangeChecks();">
- <div id="page">
- <div id="page1" class="case selected-case" role="main">
- <h2 class="OA_header" role="heading">Anmeldung an: #OAName#</h2>
- <div id="main">
- <div id="leftcontent" class="hell" role="application">
- <div id="bku_header" class="dunkel">
- <h2 id="tabheader" class="dunkel" role="heading">#HEADER_TEXT#</h2>
- </div>
- <div id="bkulogin" class="hell" role="form">
- <div id="mandateLogin" style="">
- <div>
- <input tabindex="1" type="checkbox" name="Mandate"
- id="mandateCheckBox" class="verticalcenter" role="checkbox"
- onClick='document.getElementById("mandateCheckBox").setAttribute("aria-checked", document.getElementById("mandateCheckBox").checked);'#MANDATECHECKED#>
- <label for="mandateCheckBox" class="verticalcenter">in
- Vertretung anmelden</label>
- <!--a href="info_mandates.html"
- target="_blank"
- class="infobutton verticalcenter"
- tabindex="5">i</a-->
- </div>
- </div>
- <div id="bkuselectionarea">
- <div id="bkukarte">
- <img class="bkuimage" src="#CONTEXTPATH#/img/online-bku.png"
- alt="OnlineBKU" /> <input name="bkuButtonOnline" type="button"
- onClick="bkuOnlineClicked();" tabindex="2" role="button"
- value="Karte" />
- </div>
- <div id="bkuhandy">
- <img class="bkuimage" src="#CONTEXTPATH#/img/mobile-bku.png"
- alt="HandyBKU" /> <input name="bkuButtonHandy" type="button"
- onClick="bkuHandyClicked();" tabindex="3" role="button"
- value="HANDY" />
- </div>
- </div>
- <div id="localBKU">
- <form method="get" id="moaidform" action="#AUTH_URL#"
- class="verticalcenter" target="_parent">
- <input type="hidden" name="bkuURI" value="#LOCAL#"> <input
- type="hidden" name="useMandate" id="useMandate"> <input
- type="hidden" name="SSO" id="useSSO"> <input
- type="hidden" name="CCC" id="ccc"> <input type="hidden"
- name="MODUL" value="#MODUL#"> <input type="hidden"
- name="ACTION" value="#ACTION#"> <input type="hidden"
- name="MOASessionID" value="#SESSIONID#">
- <input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
- role="button" class="hell"
- onclick="setMandateSelection();"
- >
- <!--p>
- <small>Alternativ können Sie eine lokal installierte BKU verwenden.</small>
- </p-->
- </form>
- </div>
-
- <div id="stork" align="center" style="#STORKVISIBLE#">
- <h2 id="tabheader" class="dunkel">Home Country Selection</h2>
- <p>
- <select name="cccSelection" id="cccSelection" size="1" style="width: 120px; margin-right: 5px;" >
- #PEPSLIST#
- </select>
- <button name="bkuButton" type="button" onClick="storkClicked();">Proceed</button>
- <a href="info_stork.html" target="_blank" class="infobutton" style="color:#FFF">i</a>
- </p>
- </div>
-
- <div id="metroDetected" style="display: none">
- <p>Anscheinend verwenden Sie Internet Explorer im
- Metro-Modus. Wählen Sie bitte "Auf dem Desktop anzeigen" aus den
- Optionen um die Karten-Anmeldung starten zu können.</p>
- </div>
- </div>
- </div>
- </div>
- </div>
- <div id="validation">
- <a href="http://validator.w3.org/check?uri="> <img
- style="border: 0; width: 88px; height: 31px"
- src="#CONTEXTPATH#/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
- </a> <a href="http://jigsaw.w3.org/css-validator/"> <img
- style="border: 0; width: 88px; height: 31px"
- src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
- alt="CSS ist valide!" />
- </a>
- </div>
- </div>
-</body>
-</html>
diff --git a/id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html b/id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
deleted file mode 100644
index b80d654cc..000000000
--- a/id/server/doc/conf/moa-id/htmlTemplates/sendAssertionFormFull.html
+++ /dev/null
@@ -1,617 +0,0 @@
-<!DOCTYPE html>
-<html>
-<head>
- <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
- <!-- MOA-ID 2.x BKUSelection Layout CSS -->
- <style type="text/css">
- @media screen and (min-width: 650px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- background-color : #fff;
- text-align: center;
- background-color: #6B7B8B;
- }
-
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input{
- font-size: 0.7em;
- border-radius: 5px;
- }
-
- #bkuselectionarea button {
- font-size: 0.85em;
- border-radius: 7px;
- margin-bottom: 25px;
- }
-
- #mandateLogin {
- font-size: 0.85em;
- }
-
- #bku_header h2 {
- font-size: 0.8em;
- }
-
-
- #page {
- display: block;
- border: 2px solid rgb(0,0,0);
- width: 650px;
- height: 440px;
- margin: 0 auto;
- margin-top: 5%;
- position: relative;
- border-radius: 25px;
- background: rgb(255,255,255);
- }
-
- #page1 {
- text-align: center;
- }
-
- #main {
- /* clear:both; */
- position:relative;
- margin: 0 auto;
- width: 250px;
- text-align: center;
- }
-
- .OA_header {
- /* background-color: white;*/
- font-size: 20pt;
- margin-bottom: 25px;
- margin-top: 25px;
- }
-
- #leftcontent {
- width: 300px;
- margin-top: 30px;
- padding-bottom: 15px;
- margin-bottom: 25px;
- text-align: left;
- border: 1px solid rgb(0,0,0);
- }
-
- #selectArea {
- font-size: 15px;
- padding-bottom: 65px;
- }
-
- #selectArea h3 {
- margin-bottom: 25px;
- }
-
- #bku_header {
- height: 5%;
- padding-bottom: 3px;
- padding-top: 3px;
- }
-
- #bkulogin {
- overflow:hidden;
- min-width: 190px;
- min-height: 180px;
- /*height: 260px;*/
- }
-
- h2#tabheader{
- font-size: 1.1em;
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- }
-
- .setAssertionButton_full {
- margin-top: 15px;
- width: 100px;
- height: 30px;
- font-size: 1.3em;
- min-height: 1.3em;
-/* border-radius: 10px;*/
- }
-
- #leftbutton {
- width: 30%;
- float:left;
- margin-left: 40px;
- }
-
- #rightbutton {
- width: 30%;
- float:right;
- margin-right: 45px;
- text-align: right;
- }
-
- button {
- height: 25px;
- width: 90px;
- margin-bottom: 10px;
- }
-
- #validation {
- position: absolute;
- bottom: 0px;
- margin-left: 270px;
- padding-bottom: 10px;
- }
-
- }
-
- @media screen and (max-width: 205px) {
- #localBKU p {
- font-size: 0.6em;
- }
-
- #localBKU input {
- font-size: 0.7em;
- min-width: 70px;
- min-height: 1.2em;
- border-radius: 5px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 0.8em;
- min-width: 65px;
- min-height: 1.3em;
- /* border-radius: 5px; */
- margin-bottom: 2%
- }
-
- #mandateLogin {
- font-size: 0.65em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 0.8em;
- margin-top: -0.4em;
- }
- }
-
- @media screen and (max-width: 249px) and (min-width: 206px) {
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input {
- font-size: 0.85em;
- min-width: 80px;
- min-height: 0.95em;
- border-radius: 6px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 0.85em;
- min-width: 70px;
- min-height: 0.95em;
- /* border-radius: 6px; */
- margin-bottom: 2%
- }
-
- #mandateLogin {
- font-size: 0.75em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 0.9em;
- margin-top: -0.45em;
- }
- }
-
- @media screen and (max-width: 299px) and (min-width: 250px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.9em;
- min-width: 100px;
- border-radius: 6px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 1.0em;
- min-height: 1.05em;
- /* border-radius: 7px; */
- margin-bottom: 5%;
- }
-
- #mandateLogin {
- font-size: 1em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 1.0em;
- margin-top: -0.50em;
- }
- }
-
- @media screen and (max-width: 399px) and (min-width: 300px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.9em;
- min-width: 100px;
- border-radius: 6px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 1.1em;
- min-height: 1.2em;
- /* border-radius: 8px; */
- margin-bottom: 5%;
- }
-
- #mandateLogin {
- font-size: 1em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 1.1em;
- margin-top: -0.55em;
- }
- }
-
- @media screen and (max-width: 649px) and (min-width: 400px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.9em;
- min-width: 100px;
- border-radius: 6px;
- }
-
- #bkuselectionarea button, .setAssertionButton_full {
- font-size: 1.3em;
- min-height: 1.3em;
-/* border-radius: 10px; */
- margin-bottom: 5%;
- }
-
- #mandateLogin {
- font-size: 1.2em;
- }
-
- #bku_header h2, #selectArea h3 {
- font-size: 1.3em;
- margin-top: -0.65em;
- }
- }
-
-
-
- @media screen and (max-width: 649px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
-
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
-
- #page1 {
- visibility: hidden;
- }
-
- #main {
- visibility: hidden;
- }
-
- #validation {
- visibility: hidden;
- display: none;
- }
-
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
-
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border:none;
- min-width: 190px;
-/* min-height: 190px; */
- vertical-align: middle;
-
- }
-
- #bku_header {
- height: 10%;
- min-height: 1.2em;
- margin-top: 1%;
- }
-
- h2#tabheader{
- padding-left: 2%;
- padding-right: 2%;
- padding-top: 1%;
- position: relative;
- top: 50%;
- }
-
- #bkulogin {
- min-width: 190px;
- min-height: 150px;
- }
-
- .setAssertionButton_full {
- margin-top: 15px;
- width: 70%;
- height: 11%;
- min-width: 60px;
- min-height: 25px;
- }
-
- #selectArea h3 {
- margin-top: 2%;
- }
-
- button {
- height: 11%;
- width: 70%;
- }
- }
-
- * {
- margin: 0;
- padding: 0;
-/* border: 0; */
- font-family: #FONTTYPE#;
- }
-
- #selectArea {
- padding-top: 10px;
- padding-bottom: 55px;
- padding-left: 10px;
- }
-
- .setAssertionButton {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- #leftbutton {
- width: 35%;
- float:left;
- margin-left: 15px;
- }
-
- #rightbutton {
- width: 35%;
- float:right;
- margin-right: 25px;
- text-align: right;
- }
-
- #stork {
- margin-bottom: 10px;
- margin-top: 5px;
- }
-
- #mandateLogin {
- padding-bottom: 2%;
- padding-top: 2%;
- height: 10%;
- position: relative;
- text-align: center;
- }
-
- .verticalcenter {
- vertical-align: middle;
- }
-
- #mandateLogin > div {
- clear: both;
- margin-top: -1%;
- position: relative;
- top: 50%;
- }
-
- #bkuselectionarea {
- position: relative;
- display: block;
- }
-
- #localBKU {
- padding-left: 5%;
- padding-right: 2%;
- padding-bottom: 2%;
- position: relative;
- clear: both;
- }
-
- #bkukarte {
- float:left;
- text-align:center;
- width:40%;
- min-height: 70px;
- padding-left: 5%;
- padding-top: 2%;
- }
-
- #bkuhandy {
- float:right;
- text-align:center;
- width:40%;
- min-height: 90px;
- padding-right: 5%;
- padding-top: 2%;
- }
-
- .bkuimage {
- width: 90%;
- height: auto;
- }
-
- #mandate{
- text-align:center;
- padding : 5px 5px 5px 5px;
- }
-
- button, .sendButton {
-/* background: #BUTTON_BACKGROUNDCOLOR#;
- color: #BUTTON_COLOR#; */
- cursor: pointer;
-
-/* border:1px solid #000;
- box-shadow: 3px 3px 3px #222222; */
- }
-
- button:hover, button:focus, button:active,
- .sendButton:hover , .sendButton:focus, .sendButton:active,
- #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
-/* background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
- color: #BUTTON_COLOR#; */
- cursor: pointer;
-
-/* border:1px solid #000;
- box-shadow: -1px -1px 3px #222222; */
- }
-
- #installJava, #BrowserNOK {
- clear:both;
- font-size:0.8em;
- padding:4px;
- }
-
- .selectText{
-
- }
-
- .selectTextHeader{
-
- }
-
- #leftcontent a {
- text-decoration:none;
- color: #000;
- /* display:block;*/
- padding:4px;
- }
-
- #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
- text-decoration:underline;
- color: #000;
- }
-
- .infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
- }
-
- .hell {
- background-color : #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
- }
-
- .dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
- }
-
- .main_header {
- color: black;
- font-size: 32pt;
- position: absolute;
- right: 10%;
- top: 40px;
-
- }
-
- </style>
-
-
- <title>Anmeldung an Online-Applikation</title>
-</head>
-
-
-<body>
- <div id="page">
-
- <div id="page1" class="case selected-case" role="main">
-
-<!-- <h2 class="OA_header">Anmeldung an: #OAName#</h2> -->
-
- <div id="main">
- <div id="leftcontent" class="hell">
- <div id="bku_header" class="dunkel">
- <h2 id="tabheader" class="dunkel" role="heading">
- Anmeldeinformationen:
- </h2>
- </div>
-
- <div id="selectArea" class="hell" role="application">
- <h3>Anmeldung an: #OAName#</h3>
-
-<!-- <div class="hell"> -->
- <div id="leftbutton">
- <form method="post" id="moaidform_yes" action="#URL#">
- <input type="hidden" name="value" value="true">
- <input type="hidden" name="mod" value="#MODUL#">
- <input type="hidden" name="action" value="#ACTION#">
- <input type="hidden" name="identifier" value="#ID#">
- <input type="submit" value="Ja" class="setAssertionButton_full sendButton" role="button">
- </form>
- </div>
- <div id="rightbutton">
- <form method="post" id="moaidform_no" action="#URL#">
- <input type="hidden" name="value" value="false">
- <input type="hidden" name="mod" value="#MODUL#">
- <input type="hidden" name="action" value="#ACTION#">
- <input type="hidden" name="identifier" value="#ID#">
- <input type="submit" value="Nein" class="setAssertionButton_full sendButton" role="button">
- </form>
- </div>
-
- </div>
- </div>
- </div>
- </div>
- <div id="validation">
- <a href="http://validator.w3.org/check?uri=">
- <img style="border:0;width:88px;height:31px"
- src="#CONTEXTPATH#/img/valid-html5-blue.png"
- alt="HTML5 ist valide!" />
- </a>
- <a href="http://jigsaw.w3.org/css-validator/">
- <img style="border:0;width:88px;height:31px"
- src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
- alt="CSS ist valide!" />
- </a>
- </div>
- </div>
-</body>
-</html>
diff --git a/id/server/doc/conf/moa-id/htmlTemplates/slo_template.html b/id/server/doc/conf/moa-id/htmlTemplates/slo_template.html
deleted file mode 100644
index 88279ee96..000000000
--- a/id/server/doc/conf/moa-id/htmlTemplates/slo_template.html
+++ /dev/null
@@ -1,451 +0,0 @@
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
-<head>
- <meta content="text/html; charset=utf-8" http-equiv="Content-Type">
-
- <!-- MOA-ID 2.x BKUSelection Layout CSS -->
- <style type="text/css">
- @media screen and (min-width: 650px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- background-color : #fff;
- text-align: center;
- background-color: #6B7B8B;
- }
-
- #page {
- display: block;
- border: 2px solid rgb(0,0,0);
- width: 650px;
- height: 460px;
- margin: 0 auto;
- margin-top: 5%;
- position: relative;
- border-radius: 25px;
- background: rgb(255,255,255);
- }
-
- #page1 {
- text-align: center;
- }
-
- #main {
- /* clear:both; */
- position:relative;
- margin: 0 auto;
- width: 250px;
- text-align: center;
- }
-
- .OA_header {
- /* background-color: white;*/
- font-size: 20pt;
- margin-bottom: 25px;
- margin-top: 25px;
- }
-
- #leftcontent {
- /*float:left; */
- width:250px;
- margin-bottom: 25px;
- text-align: left;
- /*border: 1px solid rgb(0,0,0);*/
- }
-
- #leftcontent {
- width: 300px;
- margin-top: 30px;
- }
-
- h2#tabheader{
- font-size: 1.1em;
- padding-left: 2%;
- padding-right: 2%;
- position: relative;
- }
-
- .setAssertionButton_full {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 100px;
- height: 30px
- }
-
- #leftbutton {
- width: 30%;
- float:left;
- margin-left: 40px;
- }
-
- #rightbutton {
- width: 30%;
- float:right;
- margin-right: 45px;
- text-align: right;
- }
-
- button {
- height: 25px;
- width: 75px;
- margin-bottom: 10px;
- }
-
- #validation {
- position: absolute;
- bottom: 0px;
- margin-left: 270px;
- padding-bottom: 10px;
- }
-
- }
-
- @media screen and (max-width: 205px) {
- #localBKU p {
- font-size: 0.6em;
- }
-
- #localBKU input {
- font-size: 0.6em;
- min-width: 60px;
- /* max-width: 65px; */
- min-height: 1.0em;
- /* border-radius: 5px; */
- }
-
- }
-
- @media screen and (max-width: 249px) and (min-width: 206px) {
- #localBKU p {
- font-size: 0.7em;
- }
-
- #localBKU input {
- font-size: 0.7em;
- min-width: 70px;
- /* max-width: 75px; */
- min-height: 0.95em;
- /* border-radius: 6px; */
- }
-
- }
-
- @media screen and (max-width: 299px) and (min-width: 250px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
-
- }
-
- @media screen and (max-width: 399px) and (min-width: 300px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 75px; */
- /* border-radius: 6px; */
- }
-
- }
-
- @media screen and (max-width: 649px) and (min-width: 400px) {
- #localBKU p {
- font-size: 0.9em;
- }
-
- #localBKU input {
- font-size: 0.8em;
- min-width: 70px;
- /* max-width: 80px; */
- /* border-radius: 6px; */
- }
-
- }
-
-
-
- @media screen and (max-width: 649px) {
-
- body {
- margin:0;
- padding:0;
- color : #000;
- text-align: center;
- font-size: 100%;
- background-color: #MAIN_BACKGOUNDCOLOR#;
- }
-
- #page {
- visibility: hidden;
- margin-top: 0%;
- }
-
- #page1 {
- visibility: hidden;
- }
-
- #main {
- visibility: hidden;
- }
-
- #validation {
- visibility: hidden;
- display: none;
- }
-
- .OA_header {
- margin-bottom: 0px;
- margin-top: 0px;
- font-size: 0pt;
- visibility: hidden;
- }
-
- #leftcontent {
- visibility: visible;
- margin-bottom: 0px;
- text-align: left;
- border:none;
- vertical-align: middle;
- min-height: 173px;
- min-width: 204px;
-
- }
-
- input[type=button] {
-/* height: 11%; */
- width: 70%;
- }
- }
-
- * {
- margin: 0;
- padding: 0;
- font-family: #FONTTYPE#;
- }
-
- #selectArea {
- padding-top: 10px;
- padding-bottom: 55px;
- padding-left: 10px;
- }
-
- .setAssertionButton {
- background: #efefef;
- cursor: pointer;
- margin-top: 15px;
- width: 70px;
- height: 25px;
- }
-
- #leftbutton {
- width: 35%;
- float:left;
- margin-left: 15px;
- }
-
- #rightbutton {
- width: 35%;
- float:right;
- margin-right: 25px;
- text-align: right;
- }
-
-/* input[type=button], .sendButton {
- background: #BUTTON_BACKGROUNDCOLOR#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: 3px 3px 3px #222222; */
-/* }
-
-/* button:hover, button:focus, button:active,
- .sendButton:hover , .sendButton:focus, .sendButton:active,
- #mandateCheckBox:hover, #mandateCheckBox:focus, #mandateCheckBox:active {
- background: #BUTTON_BACKGROUNDCOLOR_FOCUS#;
- color: #BUTTON_COLOR#;
-/* border:1px solid #000; */
-/* cursor: pointer;
-/* box-shadow: -1px -1px 3px #222222; */
-/* }
-
-*/
- input {
- /*border:1px solid #000;*/
- cursor: pointer;
- }
-
- #localBKU input {
-/* color: #BUTTON_COLOR#; */
- border: 0px;
- display: inline-block;
-
- }
-
- #localBKU input:hover, #localBKU input:focus, #localBKU input:active {
- text-decoration: underline;
- }
-
- #installJava, #BrowserNOK {
- clear:both;
- font-size:0.8em;
- padding:4px;
- }
-
- .selectText{
-
- }
-
- .selectTextHeader{
-
- }
-
- .sendButton {
- width: 30%;
- margin-bottom: 1%;
- }
-
- #leftcontent a {
- text-decoration:none;
- color: #000;
- /* display:block;*/
- padding:4px;
- }
-
- #leftcontent a:hover, #leftcontent a:focus, #leftcontent a:active {
- text-decoration:underline;
- color: #000;
- }
-
- .infobutton {
- background-color: #005a00;
- color: white;
- font-family: serif;
- text-decoration: none;
- padding-top: 2px;
- padding-right: 4px;
- padding-bottom: 2px;
- padding-left: 4px;
- font-weight: bold;
- }
-
- .hell {
- background-color : #MAIN_BACKGOUNDCOLOR#;
- color: #MAIN_COLOR#;
- }
-
- .dunkel {
- background-color: #HEADER_BACKGROUNDCOLOR#;
- color: #HEADER_COLOR#;
- }
-
- .main_header {
- color: black;
- font-size: 32pt;
- position: absolute;
- right: 10%;
- top: 40px;
-
- }
-
- #alert {
- margin: 100px 250px;
- font-family: Verdana, Arial, Helvetica, sans-serif;
- font-size: 14px;
- font-weight: normal;
- color: red;
- }
-
- .reqframe {
- /*display: none;*/
- visibility: hidden;
-
- }
-
- </style>
-
- #if($timeoutURL)
- <script type="text/javascript">
- function sloTimeOut() {
- window.location.href="$timeoutURL";
-
- }
-
- </script>
- #end
-
- <title>Single LogOut Vorgang ... </title>
-</head>
-
-#if($timeoutURL)
- <body onload='setTimeout(sloTimeOut(), $timeout);'>
-#else
- <body>
-#end
- <noscript>
- <p>
- <strong>Note:</strong> Since your browser does not support
- JavaScript, you must press the Continue button once to proceed.
- </p>
- </noscript>
-
- <div id="page">
- <div id="page1" class="case selected-case" role="main">
- <h2 class="OA_header" role="heading">MOA-ID Single LogOut Information</h2>
- <div id="main">
- <div id="leftcontent" class="hell" role="application">
-
- #if($errorMsg)
- <div class="alert">
- <p>$errorMsg</p>
- </div>
- #end
-
- #if($successMsg)
- <div>
- <p>$successMsg</p>
- </div>
- #end
-
- #if($redirectURLs)
- <div>
- <p>
- Sie werden von allen Online-Applikationen abgemeldet. <br>
- Dieser Vorgang kann einige Zeit in Anspruch nehmen.
- </p>
- </div>
- #end
-
- </div>
- </div>
- </div>
- <div id="validation">
- <a href="http://validator.w3.org/check?uri="> <img
- style="border: 0; width: 88px; height: 31px"
- src="$contextpath/img/valid-html5-blue.png" alt="HTML5 ist valide!" />
- </a> <a href="http://jigsaw.w3.org/css-validator/"> <img
- style="border: 0; width: 88px; height: 31px"
- src="http://jigsaw.w3.org/css-validator/images/vcss-blue"
- alt="CSS ist valide!" />
- </a>
- </div>
- </div>
-
-
- #foreach( $el in $redirectURLs )
- <iframe src=$el class="reqframe"></iframe>
- #end
-
-</body>
-</html> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id/keys/assertion.crt b/id/server/doc/conf/moa-id/keys/assertion.crt
deleted file mode 100644
index aa4e23cb1..000000000
--- a/id/server/doc/conf/moa-id/keys/assertion.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEDDCCAvSgAwIBAgIJAI6ivoxdit5XMA0GCSqGSIb3DQEBBQUAMGExCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxGjAYBgNVBAMTEUFzc2VydGlvbiBTaWduaW5nMB4XDTE0
-MDIwNDEwNDEzOVoXDTI0MDIwMjEwNDEzOVowYTELMAkGA1UEBhMCQVQxEzARBgNV
-BAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0
-ZDEaMBgGA1UEAxMRQXNzZXJ0aW9uIFNpZ25pbmcwggEiMA0GCSqGSIb3DQEBAQUA
-A4IBDwAwggEKAoIBAQD5tysT9qt3zoIf6GZJP0qCO0wuAD9lS0v6IzF6lKmY2sts
-2OHjC2KX2CQWruLmA2bdxeVSX21JrcCJrLh3qzpEkBGrcaqJz2AeJ6jRamYgWa/y
-+4AADlPHJntdX3w+H/z6quCgvuylGcOhEo5Eoaef0U1cn3AR5Cu1yAtSMhnhrBU8
-upiHfpRvGx+UA55zQpctlhB8vw2i+6zvFI2MGV5cmJ56dF7IlDa+Yp6udlUhUAEn
-SKVLSiEifvnYD3F5F/yHg08zxvjU0Q2Yx/dp+gYK7obZvDtsmPRd24oo+CThhdf9
-8PHtfHew4cwUXyUiMzDYC0i4m8a4FsViryPBnjL9AgMBAAGjgcYwgcMwHQYDVR0O
-BBYEFCx2GmAN2fE3EdGbt/9tQZZFKGR6MIGTBgNVHSMEgYswgYiAFCx2GmAN2fE3
-EdGbt/9tQZZFKGR6oWWkYzBhMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29tZS1T
-dGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRowGAYDVQQD
-ExFBc3NlcnRpb24gU2lnbmluZ4IJAI6ivoxdit5XMAwGA1UdEwQFMAMBAf8wDQYJ
-KoZIhvcNAQEFBQADggEBAPIKVBFv+lGInuACtVTVfkhHp9OJWQxDaf6vxYjvqmDl
-DZ6XMQgglNRTrF1iXxWGWU+JQQWITAWFeGJ83KhFcP7jycsW3cUmwoQDmI34Zv/b
-crS0/NFug/n8hITUCBfZwpyrBXUnJrIqtPdfPXYJNN4D/XHZBJ8NeaQWg8SApJ60
-LuUIAZcFSyTiOC0qI9VlBmSpqp5rJwLnvoadNECubwuHlws0e0lTtRBNOuq0mId3
-0isb3ct7x4628JIWTH1GjuFa05YG1d6Tt0mkyfNXK2I9OYx44b9UrJIpfIDdE6E5
-ljapkxheZJuBZWjH01dgo5/Fl3OLczcWQKdSHdHREfo=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/keys/encryption.crt b/id/server/doc/conf/moa-id/keys/encryption.crt
deleted file mode 100644
index c9d94f9b6..000000000
--- a/id/server/doc/conf/moa-id/keys/encryption.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIID9zCCAt+gAwIBAgIJAMC/5DRgVin3MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxEzARBgNVBAMTCkVuY3J5cHRpb24wHhcNMTQwMjA0MTA0
-MjA2WhcNMjQwMjAyMTA0MjA2WjBaMQswCQYDVQQGEwJBVDETMBEGA1UECBMKU29t
-ZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMRMwEQYD
-VQQDEwpFbmNyeXB0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-qgKWs3IW4giGsbAUm/wRH+lcggVpOPkNqqtNA48Qfwkq/lSWdeHp0+xXOwR1Oull
-TpmfbqJouUoHf6jCt1EXqlQR2oQ1oYYjLncVMhZ9ajXVFJEBl6tw9Em4aCzkkTdL
-HfWoh21iDnYOXTgP23/59xpuvy85O39hKnysXIcniqeb1uHthMiN25R8g4bPOQNb
-OfoMXpXdVbHxM77ZDSbk88BMRsq8SnlPdelaf8HsZomtnLKXvSDLivTZloxtHjBa
-aJNS/H1zr3HI+lq4S4VH+8ilj53OeWHjstGCFiTRtZy2hZvG2PegNIL7shMN/h4i
-h+OCn/ImAW9Kf599wve5iQIDAQABo4G/MIG8MB0GA1UdDgQWBBQzMzOrGfjN+Tnz
-zbFTyLPgHS4FkjCBjAYDVR0jBIGEMIGBgBQzMzOrGfjN+TnzzbFTyLPgHS4FkqFe
-pFwwWjELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoT
-GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDETMBEGA1UEAxMKRW5jcnlwdGlvboIJ
-AMC/5DRgVin3MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAADZoknf
-lcG0O9sL8CALO6UmPy1+ZlOXndoqqNu3uvzj7hvjT5RPY4hTyfrkUn5EqlHwLSCf
-C7rOxcGvRHT3/REwOef8H3MGdSV81esa5EbrRfGWjLOXoQFrIOhz5bxqoU0B7Obh
-3IUA2yCGz4SlXjMdMWN670ETglnthdY4z2Ot8n4E2YNXlRSubowat7ylkqjKvyaB
-Iz/RVgDxblkOK+bqPSKaNWvadItnMyh7Y8C3LD3tQpwYViJ0QOJ9BMujULma7Tb8
-lVIhmx3y2cU8nCqG0VPSTE6AMnuONuQjJTGFsRdDREFrALtjUpsUOXU6+19ywYSi
-LYiLYskPglktuck=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/keys/metadata.crt b/id/server/doc/conf/moa-id/keys/metadata.crt
deleted file mode 100644
index bd9640b37..000000000
--- a/id/server/doc/conf/moa-id/keys/metadata.crt
+++ /dev/null
@@ -1,24 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIECTCCAvGgAwIBAgIJAIHjIpba8E6mMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
-BAYTAkFUMRMwEQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBX
-aWRnaXRzIFB0eSBMdGQxGTAXBgNVBAMTEE1ldGFkYXRhIFNpZ25pbmcwHhcNMTQw
-MjA0MTA0MTA4WhcNMjQwMjAyMTA0MTA4WjBgMQswCQYDVQQGEwJBVDETMBEGA1UE
-CBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRk
-MRkwFwYDVQQDExBNZXRhZGF0YSBTaWduaW5nMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAvfDn2hbBnvywRNc7wmToItDzXitkl9nfM9Q3ubEN9qAh4/PD
-ICrKdzFBq08a7NR5xNJhDCUhhZ/W20ZJvh+1dwQdgSzanA91iVKbL4YFYKbnM9/x
-tarTAMZMWH34qIkfwkKyTEDWeOqFG2653azO5e+0DFiBV7AytR3dmy1ZnJoqhGIY
-O4EzINikof1M7t5I8xBS3gAyQKyu0yhbj5AyUujpNIPX0JeE1C1DsrHaeuAHZXLh
-zHEWSG3NVXrn8HAXAAtqGJ+E9SRztqsigDjNjbqrrp/vmPUag9Rb2o8/flEZTPRS
-ttCQTHK8jst/I2qgLkePB5kSp65caXUf4xuFqQIDAQABo4HFMIHCMB0GA1UdDgQW
-BBQFbqjmW9JHVCWwocMdO0EodAfy/jCBkgYDVR0jBIGKMIGHgBQFbqjmW9JHVCWw
-ocMdO0EodAfy/qFkpGIwYDELMAkGA1UEBhMCQVQxEzARBgNVBAgTClNvbWUtU3Rh
-dGUxITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEZMBcGA1UEAxMQ
-TWV0YWRhdGEgU2lnbmluZ4IJAIHjIpba8E6mMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQEFBQADggEBAECK58eJgkd54gQAV9gGXRC2LV1tdBzn89Q57Ff/UwBQzN0M
-+uytem8lwVCpUeAk6N01/krzmSbJojqpXId+O/iHhQ8lwDmJnXRrCZH7APiQ3yC0
-p4ufWtxhqixc+Itl96HzHDRXb7eZkXdVERGM26UGwyaBfxkIcLdpMoojlHBJlHaA
-oHDYiJHQBmqk5+YMOuEOnpsKY0115MZ38DoppNfeAFG8K4ZDI5vH9VWk8PDJu+jv
-tWbhXNsKiiCMdZrsnvGjxPpk/6zJpJpBcwCzhIvnaEobijKMO+6aH/6zfbB6JKn/
-Dz3Rw+0WbypFYbbpIzWRCkXSAQju/w3vHBGnCyI=
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/keys/moa_idp[password].p12 b/id/server/doc/conf/moa-id/keys/moa_idp[password].p12
deleted file mode 100644
index 25f585be5..000000000
--- a/id/server/doc/conf/moa-id/keys/moa_idp[password].p12
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id/keys/storkDemoKeys.jks b/id/server/doc/conf/moa-id/keys/storkDemoKeys.jks
deleted file mode 100644
index 8196ab319..000000000
--- a/id/server/doc/conf/moa-id/keys/storkDemoKeys.jks
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id/log4j.properties b/id/server/doc/conf/moa-id/log4j.properties
deleted file mode 100644
index c7dece5c5..000000000
--- a/id/server/doc/conf/moa-id/log4j.properties
+++ /dev/null
@@ -1,27 +0,0 @@
-# commons-logging setup
-org.apache.commons.logging.LogFactory=org.apache.commons.logging.impl.Log4jFactory
-
-# define log4j root loggers
-log4j.rootLogger=info, stdout
-log4j.logger.at.gv.egovernment.moa=info
-log4j.logger.at.gv.egovernment.moa.spss=info
-log4j.logger.iaik.server=info
-log4j.logger.at.gv.egovernment.moa.id=info,R
-log4j.logger.at.gv.egovernment.moa.id.proxy=info
-log4j.logger.eu.stork=info
-log4j.logger.org.hibernate=warn
-
-# configure the stdout appender
-log4j.appender.stdout=org.apache.log4j.ConsoleAppender
-log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
-#log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20c | %10t | %m%n
-log4j.appender.stdout.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %20.20c | %10t | %m%n
-
-# configure the rolling file appender (R)
-log4j.appender.R=org.apache.log4j.RollingFileAppender
-log4j.appender.R.File=${catalina.base}/logs/moa-id.log
-log4j.appender.R.MaxFileSize=10000KB
-log4j.appender.R.MaxBackupIndex=1
-log4j.appender.R.layout=org.apache.log4j.PatternLayout
-log4j.appender.R.layout.ConversionPattern=%5p | %d{dd HH:mm:ss,SSS} | %t | %m%n
-
diff --git a/id/server/doc/conf/moa-id/moa-id.properties b/id/server/doc/conf/moa-id/moa-id.properties
deleted file mode 100644
index e8a75c348..000000000
--- a/id/server/doc/conf/moa-id/moa-id.properties
+++ /dev/null
@@ -1,126 +0,0 @@
-********
-*
-*$PATH_TO_CONFIG$ muss durch den eigentlichen Pfad ersetzt werden!
-*
-******
-
-
-##General MOA-ID 2.0 Configuration
-
-#MOA-ID 2.0 XML configuration files (necessary, if inmemory database is used)
-#configuration.xml=$PATH_TO_CONFIG$/conf/moa-id/MOAIDConfiguration-2.0.xml
-
-##For Testing
-configuration.validation.certificate.QC.ignore=false
-protocols.pvp2.assertion.encryption.active=false
-
-##General MOA-ID 2.0 operations
-#MOA-ID 2.0 session information encryption key (PassPhrase)
-configuration.moasession.key=SessionEncryptionKey
-
-#MOA-ID 2.0 Monitoring Servlet
-configuration.monitoring.active=false
-configuration.monitoring.message.success=All Tests passed!
-configuration.monitoring.test.identitylink.url=$PATH_TO_CONFIG$/conf/moa-id/monitoring/monitoring_idl.xml
-
-#MOA-ID 2.0 Advanced Logging
-configuration.advancedlogging.active=false
-
-##Webservice Client Configuration
-#MOA-SP webservice
-#service.moasp.acceptedServerCertificates=
-#service.moasp.clientKeyStore=
-#service.moasp.clientKeyStorePassword=
-
-#Online mandates webservice (MIS)
-service.onlinemandates.acceptedServerCertificates=
-service.onlinemandates.clientKeyStore=keys/....
-service.onlinemandates.clientKeyStorePassword=
-
-#Foreign Identities (SZRGW)
-service.foreignidentities.acceptedServerCertificates=
-service.foreignidentities.clientKeyStore=keys/....
-service.foreignidentities.clientKeyStorePassword=
-
-
-##Protocol configuration##
-#PVP2
-protocols.pvp2.idp.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
-protocols.pvp2.idp.ks.kspassword=password
-protocols.pvp2.idp.ks.metadata.alias=pvp_metadata
-protocols.pvp2.idp.ks.metadata.keypassword=password
-protocols.pvp2.idp.ks.assertion.sign.alias=pvp_assertion
-protocols.pvp2.idp.ks.assertion.sign.keypassword=password
-protocols.pvp2.idp.ks.assertion.encryption.alias=pvp_assertion
-protocols.pvp2.idp.ks.assertion.encryption.keypassword=password
-
-#OpenID connect (OAuth)
-protocols.oauth20.jwt.ks.file=file:$PATH_TO_CONFIG$/conf/moa-id/keys/moa_idp[password].p12
-protocols.oauth20.jwt.ks.password=password
-protocols.oauth20.jwt.ks.key.name=oauth
-protocols.oauth20.jwt.ks.key.password=password
-
-##Database configuration##
-#Hibnerate configuration for MOA-ID 2.0 session store
-moasession.hibernate.dialect=org.hibernate.dialect.MySQLDialect
-moasession.hibernate.connection.url=jdbc:mysql://localhost/moa-id-session?charSet=utf-8
-moasession.hibernate.connection.charSet=utf-8
-moasession.hibernate.connection.driver_class=com.mysql.jdbc.Driver
-moasession.hibernate.connection.username=
-moasession.hibernate.connection.password=
-
-moasession.hibernate.hbm2ddl.auto=update
-moasession.hibernate.current_session_context_class=thread
-moasession.hibernate.transaction.flush_before_completion=true
-moasession.hibernate.transaction.auto_close_session=true
-moasession.hibernate.show_sql=false
-moasession.hibernate.format_sql=true
-moasession.hibernate.c3p0.acquire_increment=3
-moasession.hibernate.c3p0.idle_test_period=60
-moasession.hibernate.c3p0.timeout=60
-moasession.hibernate.c3p0.max_size=20
-moasession.hibernate.c3p0.max_statements=0
-moasession.hibernate.c3p0.min_size=3
-
-#Hibnerate configuration for MOA-ID 2.0 configuration
-configuration.hibernate.dialect=org.hibernate.dialect.MySQLDialect
-configuration.hibernate.connection.url=jdbc:mysql://localhost/moa-id-config?charSet=utf-8&autoReconnect=true
-configuration.hibernate.connection.charSet=utf-8
-configuration.hibernate.connection.driver_class=com.mysql.jdbc.Driver
-configuration.hibernate.connection.username=
-configuration.hibernate.connection.password=
-
-configuration.hibernate.hbm2ddl.auto=update
-configuration.hibernate.current_session_context_class=thread
-configuration.hibernate.transaction.auto_close_session=true
-configuration.hibernate.show_sql=false
-configuration.hibernate.format_sql=true
-configuration.hibernate.connection.provider_class=org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider
-configuration.hibernate.c3p0.acquire_increment=3
-configuration.hibernate.c3p0.idle_test_period=60
-configuration.hibernate.c3p0.timeout=300
-configuration.hibernate.c3p0.max_size=20
-configuration.hibernate.c3p0.max_statements=0
-configuration.hibernate.c3p0.min_size=3
-
-#
-#Hibnerate configuration for MOA-ID 2.0 advanced statistic logging
-advancedlogging.hibernate.dialect=org.hibernate.dialect.MySQLDialect
-advancedlogging.hibernate.connection.url=jdbc:mysql://localhost/moa-id-statistic?charSet=utf-8&autoReconnect=true
-advancedlogging.hibernate.connection.charSet=utf-8
-advancedlogging.hibernate.connection.driver_class=com.mysql.jdbc.Driver
-advancedlogging.hibernate.connection.username=
-advancedlogging.hibernate.connection.password=
-
-advancedlogging.hibernate.hbm2ddl.auto=update
-advancedlogging.hibernate.current_session_context_class=thread
-advancedlogging.hibernate.transaction.auto_close_session=true
-advancedlogging.hibernate.show_sql=false
-advancedlogging.hibernate.format_sql=true
-advancedlogging.hibernate.connection.provider_class=org.hibernate.service.jdbc.connections.internal.C3P0ConnectionProvider
-advancedlogging.hibernate.c3p0.acquire_increment=3
-advancedlogging.hibernate.c3p0.idle_test_period=60
-advancedlogging.hibernate.c3p0.timeout=300
-advancedlogging.hibernate.c3p0.max_size=20
-advancedlogging.hibernate.c3p0.max_statements=0
-advancedlogging.hibernate.c3p0.min_size=3
diff --git a/id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt b/id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt
deleted file mode 100644
index 7c3252dcb..000000000
--- a/id/server/doc/conf/moa-id/monitoring/MOA-ID-Auth_Monitoring.crt
+++ /dev/null
@@ -1,18 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIC8TCCAdkCBFM0RyYwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UEBhMCQVQxDTAL
-BgNVBAoMBEVHSVoxHzAdBgNVBAMMFk1PQS1JRC1BdXRoX01vbml0b3JpbmcwHhcN
-MTQwMzI3MTU0MzM0WhcNMTYwOTEyMTU0MzM0WjA9MQswCQYDVQQGEwJBVDENMAsG
-A1UECgwERUdJWjEfMB0GA1UEAwwWTU9BLUlELUF1dGhfTW9uaXRvcmluZzCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSQBR+b3KmRUklO9lmQzVtWCY4Y
-/mI3FR5Jma5hjosmKaFfLrExwpXMZIpDFljULtF1+pOaln66rlqRBOvzkhJvY5xD
-31GEG1XRi6rWxLGObmTuG2ZeSh3KpPOReUyrkrQ2UFQEo5Ytc/C/Ad3vQJdw3hPa
-Koi0Uszgyf3a1RD8b2EewqYXxPHMortSzbpg9cZ7BYg2+iAF2WbgAmUx0Kp7GvfN
-QnPMWZtu0E/pBEn5QKc6UZm1F0KR/Vq/ymDdEPlX+4261Ak26lyJJcn0BRRgrkK5
-bced+/SvxzXNae03ePSx4q9g4VLZw+j28lIpk1ngH8V8EAjzQDOBzvQQ6jsCAwEA
-ATANBgkqhkiG9w0BAQUFAAOCAQEAPis2r4hI6ld6KDnHs+f8wC3Vr/atFqeryqlj
-COIoX6HoxSczvGY7uimek43ezD+PDUntohrlukZO6YfqKrlgKBWg1kiBxK0ISZkS
-QgIraHexuT6eZ4558I43eGEiATzEkb+h60aO4YI7IyVbS5T9Rwb8fv9LzUgDtTtZ
-ALtVVr9c3ZG+O7bYEFNA0jkHU3n8gzLNsR5TVB8S693VDv8OMn8oef0EXRCuTW9V
-GUQyNpAO/gtlSW43NOc/ZL4lPdl0qzYtil5mKUTvuMvec37lhlpbzywSHq8boGBA
-RDjfEDR8ObgjGU7ik9nBkNMgeB6rEOAYZmiCZVMMUxPuIF9Nzw==
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml b/id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml
deleted file mode 100644
index 6a0602c04..000000000
--- a/id/server/doc/conf/moa-id/monitoring/monitoring_idl.xml
+++ /dev/null
@@ -1,87 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:ecdsa="http://www.w3.org/2001/04/xmldsig-more#" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:si="http://www.w3.org/2001/XMLSchema-instance" AssertionID="szr.bmi.gv.at-AssertionID13456264458587874" IssueInstant="2012-08-22T11:07:25+01:00" Issuer="http://portal.bmi.gv.at/ref/szr/issuer" MajorVersion="1" MinorVersion="0" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <saml:AttributeStatement>
- <saml:Subject>
- <saml:SubjectConfirmation>
- <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>
- <saml:SubjectConfirmationData>
- <pr:Person si:type="pr:PhysicalPersonType">
- <pr:Identification>
- <pr:Value>wJO/bvDJjUysG0yARn7I6w==</pr:Value>
- <pr:Type>urn:publicid:gv.at:baseid</pr:Type>
- </pr:Identification>
- <pr:Name>
- <pr:GivenName>XXXRúùd</pr:GivenName>
- <pr:FamilyName primary="undefined">XXXVàn Nisteĺrooy</pr:FamilyName>
- </pr:Name>
- <pr:DateOfBirth>1969-02-13</pr:DateOfBirth>
- </pr:Person>
- </saml:SubjectConfirmationData>
- </saml:SubjectConfirmation>
- </saml:Subject>
- <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2">
- <saml:AttributeValue>
- <ecdsa:ECDSAKeyValue>
- <ecdsa:DomainParameters>
- <ecdsa:NamedCurve URN="urn:oid:1.2.840.10045.3.1.7"/>
- </ecdsa:DomainParameters>
- <ecdsa:PublicKey>
- <ecdsa:X Value="22280299907126338788314199678167217078072953115254374209747379168424021905237" si:type="ecdsa:PrimeFieldElemType"/>
- <ecdsa:Y Value="40387096985250872237992703378062984723606079359080588656963239072881568409170" si:type="ecdsa:PrimeFieldElemType"/>
- </ecdsa:PublicKey>
- </ecdsa:ECDSAKeyValue>
- </saml:AttributeValue>
- </saml:Attribute>
- <saml:Attribute AttributeName="CitizenPublicKey" AttributeNamespace="urn:publicid:gv.at:namespaces:identitylink:1.2">
- <saml:AttributeValue>
- <dsig:RSAKeyValue>
- <dsig:Modulus>4Y4FL09VhczsfYQgFPuycP8quJNZBAAu1R1rFXNodI2711B6BTMjAGQn6xuFWfd3/nyFav/MLTr/
-t2VazvANS4TRFxJAcWyIx7xbxCdzZr6gJ+FCmq4g5JPrQvt50v3JX+wKSYft1gHBOWlDn90Ia4Gm
-P8MVuze21T+VVKM6ZklmS6d5PT1er/uYQFydGErmJ17xlSQG6Fi5xuftopBDyJxG1tL1KIebpLFg
-gaM2EyuB1HxH8/+Mfqa4UgeqIH65</dsig:Modulus>
- <dsig:Exponent>AQAB</dsig:Exponent>
- </dsig:RSAKeyValue>
- </saml:AttributeValue>
- </saml:Attribute>
- </saml:AttributeStatement>
- <dsig:Signature>
- <dsig:SignedInfo>
- <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
- <dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
- <dsig:Reference URI="">
- <dsig:Transforms>
- <dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
- </dsig:Transforms>
- <dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
- <dsig:DigestValue>s/7GYPVfkHIvy5RcB5QRnXVSWwo=</dsig:DigestValue>
- </dsig:Reference>
- </dsig:SignedInfo>
- <dsig:SignatureValue>LSsx2zO/XyJ9RCEcChmQ2+251PtaFz07sBw1DBw0Eui4mjRRMSaKXxD0GoQDRzvQQNYusLNqpGiixscBIb4XcR8ipSjZVPnH2E19o/O2fz2uFDWnlCHEhhG8OMNT2XzS6lZtMSSzVcAJINLBlz6DKG63+NhClb+1lUHoLa5CpwYDW/guVKLng8PNElBY5mw3GOSL8PskFsYK+bnRUAvvgGigm3XLtlZ4QQWDsGBNgJxW0boAm5vei+YVHVxrkL2YDkdvGUmD+RjzwZx8fxlfN4ajR00Q5mNc0xQtaL/g+vKdL6EeegZAKPZ/jrEpN0RZfuxPaAmt4t0Jav51mTKa4w==</dsig:SignatureValue>
- <dsig:KeyInfo>
- <dsig:KeyValue>
- <dsig:RSAKeyValue>
- <dsig:Modulus>lJAFH5vcqZFSSU72WZDNW1YJjhj+YjcVHkmZrmGOiyYpoV8usTHClcxkikMWWNQu0XX6k5qWfrquWpEE6/OSEm9jnEPfUYQbVdGLqtbEsY5uZO4bZl5KHcqk85F5TKuStDZQVASjli1z8L8B3e9Al3DeE9oqiLRSzODJ/drVEPxvYR7CphfE8cyiu1LNumD1xnsFiDb6IAXZZuACZTHQqnsa981Cc8xZm27QT+kESflApzpRmbUXQpH9Wr/KYN0Q+Vf7jbrUCTbqXIklyfQFFGCuQrltx5379K/HNc1p7Td49LHir2DhUtnD6PbyUimTWeAfxXwQCPNAM4HO9BDqOw==</dsig:Modulus>
- <dsig:Exponent>AAEAAQ==</dsig:Exponent>
- </dsig:RSAKeyValue>
- </dsig:KeyValue>
- <dsig:X509Data>
- <dsig:X509Certificate>MIIC8TCCAdkCBFM0RyYwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UEBhMCQVQxDTAL
-BgNVBAoMBEVHSVoxHzAdBgNVBAMMFk1PQS1JRC1BdXRoX01vbml0b3JpbmcwHhcN
-MTQwMzI3MTU0MzM0WhcNMTYwOTEyMTU0MzM0WjA9MQswCQYDVQQGEwJBVDENMAsG
-A1UECgwERUdJWjEfMB0GA1UEAwwWTU9BLUlELUF1dGhfTW9uaXRvcmluZzCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJSQBR+b3KmRUklO9lmQzVtWCY4Y
-/mI3FR5Jma5hjosmKaFfLrExwpXMZIpDFljULtF1+pOaln66rlqRBOvzkhJvY5xD
-31GEG1XRi6rWxLGObmTuG2ZeSh3KpPOReUyrkrQ2UFQEo5Ytc/C/Ad3vQJdw3hPa
-Koi0Uszgyf3a1RD8b2EewqYXxPHMortSzbpg9cZ7BYg2+iAF2WbgAmUx0Kp7GvfN
-QnPMWZtu0E/pBEn5QKc6UZm1F0KR/Vq/ymDdEPlX+4261Ak26lyJJcn0BRRgrkK5
-bced+/SvxzXNae03ePSx4q9g4VLZw+j28lIpk1ngH8V8EAjzQDOBzvQQ6jsCAwEA
-ATANBgkqhkiG9w0BAQUFAAOCAQEAPis2r4hI6ld6KDnHs+f8wC3Vr/atFqeryqlj
-COIoX6HoxSczvGY7uimek43ezD+PDUntohrlukZO6YfqKrlgKBWg1kiBxK0ISZkS
-QgIraHexuT6eZ4558I43eGEiATzEkb+h60aO4YI7IyVbS5T9Rwb8fv9LzUgDtTtZ
-ALtVVr9c3ZG+O7bYEFNA0jkHU3n8gzLNsR5TVB8S693VDv8OMn8oef0EXRCuTW9V
-GUQyNpAO/gtlSW43NOc/ZL4lPdl0qzYtil5mKUTvuMvec37lhlpbzywSHq8boGBA
-RDjfEDR8ObgjGU7ik9nBkNMgeB6rEOAYZmiCZVMMUxPuIF9Nzw==</dsig:X509Certificate>
- </dsig:X509Data>
- </dsig:KeyInfo>
- </dsig:Signature>
-</saml:Assertion>
diff --git a/id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml
deleted file mode 100644
index fc99cea79..000000000
--- a/id/server/doc/conf/moa-id/oa/BasicOAConfiguration.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <BasicAuth>
- <UserID>MOAFamilyName</UserID>
- <Password>MOAGivenName</Password>
- </BasicAuth>
-</Configuration>
diff --git a/id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml
deleted file mode 100644
index 4d34c3646..000000000
--- a/id/server/doc/conf/moa-id/oa/HeaderOAConfiguration.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Header Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <HeaderAuth>
- <!-- zusaetzlicher Header GivenName -->
- <Header Name="X-MOAParameterGivenName" Value="MOAGivenName"></Header>
- <Header Name="X-MOAParameterFamilyName" Value="MOAFamilyName"></Header>
- </HeaderAuth>
-</Configuration>
diff --git a/id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml
deleted file mode 100644
index 979faca95..000000000
--- a/id/server/doc/conf/moa-id/oa/ParamOAConfiguration.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche Parameter Authentication verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <ParamAuth>
- <!-- URL Parameter GivenName und FamilyName -->
- <Parameter Name="GivenName" Value="MOAGivenName"></Parameter>
- <Parameter Name="FamilyName" Value="MOAFamilyName"></Parameter>
- </ParamAuth>
-</Configuration>
diff --git a/id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml
deleted file mode 100644
index edbfe7aa5..000000000
--- a/id/server/doc/conf/moa-id/oa/SampleOAConfiguration.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <BasicAuth>
- <UserID>MOAFamilyName</UserID>
- <Password>MOAGivenName</Password>
- </BasicAuth>
-</Configuration>
diff --git a/id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml b/id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
deleted file mode 100644
index 2cff3bd67..000000000
--- a/id/server/doc/conf/moa-id/oa/SamplewbPKOAConfiguration.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Demokonfiguration fuer eine Online Applikation (OA) welche 401 Basic Authentication zur Uebergabe der Parameter verwendet -->
-<Configuration xmlns="http://www.buergerkarte.at/namespaces/moaconfig#" xmlns:sl10="http://www.buergerkarte.at/namespaces/securitylayer/20020225#" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
- <LoginType>stateless</LoginType>
- <BasicAuth>
- <UserID>MOAWBPK</UserID>
- <Password>MOAGivenName</Password>
- </BasicAuth>
-</Configuration>
diff --git a/id/server/doc/conf/moa-id/stork/SamlEngine.xml b/id/server/doc/conf/moa-id/stork/SamlEngine.xml
deleted file mode 100644
index eca38ec8c..000000000
--- a/id/server/doc/conf/moa-id/stork/SamlEngine.xml
+++ /dev/null
@@ -1,70 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<instances>
-
-
- <!-- Configuration name-->
- <instance name="outgoing">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_outgoing.xml" />
- </configuration>
-
- <!-- Settings module signature-->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_outgoing.xml" />
- </configuration>
- </instance>
-
- <instance name="incoming">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_incoming.xml" />
- </configuration>
-
- <!-- Settings module signature-->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_incoming.xml" />
- </configuration>
- </instance>
-
-
- <instance name="incoming_attr">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_incoming_attr.xml" />
- </configuration>
-
- <!-- Settings module signature-->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_incoming_attr.xml" />
- </configuration>
- </instance>
-
-
- <instance name="VIDP">
- <!-- Configurations parameters StorkSamlEngine -->
- <configuration name="SamlEngineConf">
- <parameter name="fileConfiguration" value="StorkSamlEngine_VIDP.xml" />
- </configuration>
-
- <!-- Settings module signature-->
- <configuration name="SignatureConf">
- <!-- Specific signature module -->
- <parameter name="class" value="eu.stork.peps.auth.engine.core.impl.SignSW" />
- <!-- Settings specific module -->
- <parameter name="fileConfiguration" value="SignModule_VIDP.xml" />
- </configuration>
- </instance>
-
-
-
-</instances>
diff --git a/id/server/doc/conf/moa-id/stork/SignModule_incoming.xml b/id/server/doc/conf/moa-id/stork/SignModule_incoming.xml
deleted file mode 100644
index 68b15e667..000000000
--- a/id/server/doc/conf/moa-id/stork/SignModule_incoming.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
-</properties>
diff --git a/id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml b/id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml
deleted file mode 100644
index 68b15e667..000000000
--- a/id/server/doc/conf/moa-id/stork/SignModule_incoming_attr.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">/home/stork/repos/moa-idspss/id/server/data/deploy/conf/moa-id/stork/storkDemoKeysPT.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
-</properties>
diff --git a/id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml b/id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml
deleted file mode 100644
index 7139c5a41..000000000
--- a/id/server/doc/conf/moa-id/stork/SignModule_outgoing.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SWModule sign with JKS.</comment>
- <entry key="keystorePath">projects/stork2/code/moa-idspss/id/server/stork2-saml-engine/src/test/resources/storkDemoKeys.jks</entry>
- <entry key="keyStorePassword">local-demo</entry>
- <entry key="keyPassword">local-demo</entry>
- <entry key="issuer">CN=local-demo-cert, O=Indra, L=Madrid, ST=Spain, C=ES</entry>
- <entry key="serialNumber">4BA89DB2</entry>
- <entry key="keystoreType">JKS</entry>
-</properties> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
deleted file mode 100644
index 5aff0d1fa..000000000
--- a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_VIDP.xml
+++ /dev/null
@@ -1,95 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SAML constants for AuthnRequests and Responses.</comment>
-
- <!--
- Types of consent obtained from the user for this authentication and
- data transfer.
- Allow values: 'unspecified'.
- -->
- <entry key="consentAuthnRequest">unspecified</entry>
-
- <!--
- Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
- -->
- <entry key="consentAuthnResponse">obtained</entry>
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- -->
- <entry key="formatEntity">entity</entry>
-
- <!--Only HTTP-POST binding is only supported for inter PEPS-->
- <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
- <entry key="protocolBinding">HTTP-POST</entry>
-
-
-
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- <entry key="eIDSectorShare">true</entry>
- <entry key="eIDCrossSectorShare">true</entry>
- <entry key="eIDCrossBorderShare">true</entry>
- -->
-
-
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="friendlyName">false</entry>
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="isRequired">true</entry>
-
- <!--PEPS in the Service Provider's country-->
- <entry key="requester">http://S-PEPS.gov.xx</entry>
-
- <!--PEPS in the citizen's origin country-->
- <entry key="responder">http://C-PEPS.gov.xx</entry>
-
- <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
- <entry key="timeNotOnOrAfter">300</entry>
-
- <!--Validation IP of the response-->
- <entry key="ipAddrValidation">false</entry>
-
-
- <!--Subject Attribute Definitions-->
- <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
- <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
- <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
- <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
- <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
- <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
- <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
- <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
- <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
- <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
- <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
- <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
- <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
- <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
- <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
- <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
- <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
- <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
- <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
- <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
- <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
- <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
- <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-
- <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
- <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
- <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
- <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
- <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
- <entry key="mandateType">http://www.stork.gov.eu/1.0/mandateType</entry>
-
-</properties>
diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml
deleted file mode 100644
index 83e69ac23..000000000
--- a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming.xml
+++ /dev/null
@@ -1,94 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SAML constants for AuthnRequests and Responses.</comment>
-
- <!--
- Types of consent obtained from the user for this authentication and
- data transfer.
- Allow values: 'unspecified'.
- -->
- <entry key="consentAuthnRequest">unspecified</entry>
-
- <!--
- Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
- -->
- <entry key="consentAuthnResponse">obtained</entry>
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- -->
- <entry key="formatEntity">entity</entry>
-
- <!--Only HTTP-POST binding is only supported for inter PEPS-->
- <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
- <entry key="protocolBinding">HTTP-POST</entry>
-
-
-
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- <entry key="eIDSectorShare">true</entry>
- <entry key="eIDCrossSectorShare">true</entry>
- <entry key="eIDCrossBorderShare">true</entry>
- -->
-
-
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="friendlyName">false</entry>
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="isRequired">true</entry>
-
- <!--PEPS in the Service Provider's country-->
- <entry key="requester">http://S-PEPS.gov.xx</entry>
-
- <!--PEPS in the citizen's origin country-->
- <entry key="responder">http://C-PEPS.gov.xx</entry>
-
- <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
- <entry key="timeNotOnOrAfter">300</entry>
-
- <!--Validation IP of the response-->
- <entry key="ipAddrValidation">false</entry>
-
-
- <!--Subject Attribute Definitions-->
- <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
- <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
- <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
- <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
- <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
- <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
- <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
- <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
- <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
- <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
- <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
- <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
- <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
- <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
- <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
- <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
- <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
- <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
- <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
- <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
- <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
- <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
- <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-
- <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
- <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
- <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
- <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
- <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-
-</properties>
diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
deleted file mode 100644
index 83e69ac23..000000000
--- a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_incoming_attr.xml
+++ /dev/null
@@ -1,94 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SAML constants for AuthnRequests and Responses.</comment>
-
- <!--
- Types of consent obtained from the user for this authentication and
- data transfer.
- Allow values: 'unspecified'.
- -->
- <entry key="consentAuthnRequest">unspecified</entry>
-
- <!--
- Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
- -->
- <entry key="consentAuthnResponse">obtained</entry>
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- -->
- <entry key="formatEntity">entity</entry>
-
- <!--Only HTTP-POST binding is only supported for inter PEPS-->
- <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
- <entry key="protocolBinding">HTTP-POST</entry>
-
-
-
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- <entry key="eIDSectorShare">true</entry>
- <entry key="eIDCrossSectorShare">true</entry>
- <entry key="eIDCrossBorderShare">true</entry>
- -->
-
-
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="friendlyName">false</entry>
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="isRequired">true</entry>
-
- <!--PEPS in the Service Provider's country-->
- <entry key="requester">http://S-PEPS.gov.xx</entry>
-
- <!--PEPS in the citizen's origin country-->
- <entry key="responder">http://C-PEPS.gov.xx</entry>
-
- <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
- <entry key="timeNotOnOrAfter">300</entry>
-
- <!--Validation IP of the response-->
- <entry key="ipAddrValidation">false</entry>
-
-
- <!--Subject Attribute Definitions-->
- <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
- <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
- <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
- <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
- <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
- <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
- <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
- <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
- <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
- <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
- <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
- <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
- <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
- <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
- <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
- <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
- <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
- <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
- <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
- <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
- <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
- <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
- <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-
- <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
- <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
- <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
- <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
- <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-
-</properties>
diff --git a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml b/id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
deleted file mode 100644
index b095b9e7e..000000000
--- a/id/server/doc/conf/moa-id/stork/StorkSamlEngine_outgoing.xml
+++ /dev/null
@@ -1,94 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE properties SYSTEM "http://java.sun.com/dtd/properties.dtd">
-
-<properties>
- <comment>SAML constants for AuthnRequests and Responses.</comment>
-
- <!--
- Types of consent obtained from the user for this authentication and
- data transfer.
- Allow values: 'unspecified'.
- -->
- <entry key="consentAuthnRequest">unspecified</entry>
-
- <!--
- Allow values: 'obtained', 'prior', 'current-implicit', 'current-explicit', 'unspecified'.
- -->
- <entry key="consentAuthnResponse">obtained</entry>
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- -->
- <entry key="formatEntity">entity</entry>
-
- <!--Only HTTP-POST binding is only supported for inter PEPS-->
- <!--The SOAP binding is only supported for direct communication between SP-MW and VIdP-->
- <entry key="protocolBinding">HTTP-POST</entry>
-
-
-
-
- <!--URI representing the classification of the identifier
- Allow values: 'entity'.
- <entry key="eIDSectorShare">true</entry>
- <entry key="eIDCrossSectorShare">true</entry>
- <entry key="eIDCrossBorderShare">true</entry>
- -->
-
-
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="friendlyName">false</entry>
-
- <!-- A friendly name for the attribute that can be displayed to a user -->
- <entry key="isRequired">true</entry>
-
- <!--PEPS in the Service Provider's country-->
- <entry key="requester">http://S-PEPS.gov.xx</entry>
-
- <!--PEPS in the citizen's origin country-->
- <entry key="responder">http://C-PEPS.gov.xx</entry>
-
- <!--Subject cannot be confirmed on or after this seconds time (positive number)-->
- <entry key="timeNotOnOrAfter">300</entry>
-
- <!--Validation IP of the response-->
- <entry key="ipAddrValidation">false</entry>
-
-
- <!--Subject Attribute Definitions-->
- <entry key="eIdentifier">http://www.stork.gov.eu/1.0/eIdentifier</entry>
- <entry key="givenName">http://www.stork.gov.eu/1.0/givenName</entry>
- <entry key="surname">http://www.stork.gov.eu/1.0/surname</entry>
- <entry key="inheritedFamilyName">http://www.stork.gov.eu/1.0/inheritedFamilyName</entry>
- <entry key="adoptedFamilyName">http://www.stork.gov.eu/1.0/adoptedFamilyName</entry>
- <entry key="gender">http://www.stork.gov.eu/1.0/gender</entry>
- <entry key="dateOfBirth">http://www.stork.gov.eu/1.0/dateOfBirth</entry>
- <entry key="countryCodeOfBirth">http://www.stork.gov.eu/1.0/countryCodeOfBirth</entry>
- <entry key="nationalityCode">http://www.stork.gov.eu/1.0/nationalityCode</entry>
- <entry key="maritalStatus">http://www.stork.gov.eu/1.0/maritalStatus</entry>
- <entry key="residenceAddress">http://www.stork.gov.eu/1.0/residenceAddress</entry>
- <entry key="eMail">http://www.stork.gov.eu/1.0/eMail</entry>
- <entry key="academicTitle">http://www.stork.gov.eu/1.0/academicTitle</entry>
- <entry key="pseudonym">http://www.stork.gov.eu/1.0/pseudonym</entry>
- <entry key="age">http://www.stork.gov.eu/1.0/age</entry>
- <entry key="isAgeOver">http://www.stork.gov.eu/1.0/isAgeOver</entry>
- <entry key="fiscalNumber">http://www.stork.gov.eu/1.0/fiscalNumber</entry>
-
- <entry key="textResidenceAddress">http://www.stork.gov.eu/1.0/textResidenceAddress</entry>
- <entry key="canonicalResidenceAddress">http://www.stork.gov.eu/1.0/canonicalResidenceAddress</entry>
-
- <entry key="title">http://www.stork.gov.eu/1.0/title</entry>
- <entry key="residencePermit">http://www.stork.gov.eu/1.0/residencePermit</entry>
-
- <entry key="signedDoc">http://www.stork.gov.eu/1.0/signedDoc</entry>
- <entry key="citizen509Certificate">http://www.stork.gov.eu/1.0/citizen509Certificate</entry>
-
- <entry key="newAttribute1">http://www.stork.gov.eu/1.0/newAttribute1</entry>
- <entry key="newAttribute2">http://www.stork.gov.eu/1.0/newAttribute2</entry>
- <entry key="hasDegree">http://www.stork.gov.eu/1.0/hasDegree</entry>
- <entry key="mandateContent">http://www.stork.gov.eu/1.0/mandateContent</entry>
- <entry key="representative">http://www.stork.gov.eu/1.0/representative</entry>
- <entry key="represented">http://www.stork.gov.eu/1.0/represented</entry>
-
-</properties> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jks b/id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jks
deleted file mode 100644
index f9baad202..000000000
--- a/id/server/doc/conf/moa-id/stork/storkDemoKeysPT.jks
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jks b/id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jks
deleted file mode 100644
index efaeac86c..000000000
--- a/id/server/doc/conf/moa-id/stork/storkDemoKeys_minividp_old.jks
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml b/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml
deleted file mode 100644
index e225ca6e0..000000000
--- a/id/server/doc/conf/moa-id/transforms/TransformsInfoAuthBlockTable_DE_2.0.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<sl10:TransformsInfo><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
- .normalstyle { font-size: medium; }
- .italicstyle { font-size: medium; font-style: italic; }
- .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
- .h4style{ font-size: large; }
- </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle">Österreich</td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
- Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><sl10:FinalDataMetaInfo><sl10:MimeType>application/xhtml+xml</sl10:MimeType></sl10:FinalDataMetaInfo></sl10:TransformsInfo> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration (2).xml b/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration (2).xml
deleted file mode 100644
index 14acd54f2..000000000
--- a/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration (2).xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper-->
-<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <cfg:SignatureVerification>
- <cfg:CertificateValidation>
- <cfg:PathConstruction>
- <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
- <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
- <cfg:CertificateStore>
- <cfg:DirectoryStore>
- <cfg:Location>certstore</cfg:Location>
- </cfg:DirectoryStore>
- </cfg:CertificateStore>
- </cfg:PathConstruction>
- <cfg:PathValidation>
- <cfg:ChainingMode>
- <cfg:DefaultMode>pkix</cfg:DefaultMode>
- <cfg:TrustAnchor>
- <cfg:Identification>
- <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
- <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
- </cfg:Identification>
- <cfg:Mode>chaining</cfg:Mode>
- </cfg:TrustAnchor>
- </cfg:ChainingMode>
- <cfg:TrustProfile>
- <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>C-PEPS-Test</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS-Test</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>C-PEPS</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- </cfg:PathValidation>
- <cfg:RevocationChecking>
- <cfg:EnableChecking>true</cfg:EnableChecking>
- <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge>
- <cfg:ServiceOrder>
- <cfg:Service>CRL</cfg:Service>
- <cfg:Service>OCSP</cfg:Service>
- </cfg:ServiceOrder>
- <cfg:Archiving>
- <cfg:EnableArchiving>false</cfg:EnableArchiving>
- <cfg:ArchiveDuration>365</cfg:ArchiveDuration>
- <cfg:Archive>
- <cfg:DatabaseArchive>
- <cfg:JDBCURL>jdbc:url</cfg:JDBCURL>
- <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName>
- </cfg:DatabaseArchive>
- </cfg:Archive>
- </cfg:Archiving>
- </cfg:RevocationChecking>
- </cfg:CertificateValidation>
- <cfg:VerifyTransformsInfoProfile>
- <cfg:Id>MOAIDTransformAuthBlockTable_DE_2.0</cfg:Id>
- <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml</cfg:Location>
- </cfg:VerifyTransformsInfoProfile>
- <cfg:VerifyTransformsInfoProfile>
- <cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
- <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
- </cfg:VerifyTransformsInfoProfile>
- <cfg:VerifyTransformsInfoProfile>
- <cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
- <cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
- </cfg:VerifyTransformsInfoProfile>
- </cfg:SignatureVerification>
-</cfg:MOAConfiguration>
diff --git a/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml
deleted file mode 100644
index 14acd54f2..000000000
--- a/id/server/doc/conf/moa-spss/SampleMOASPSSConfiguration.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--MOA SPSS 1.3 Configuration File created by MOA SPSS Configuration Mapper-->
-<cfg:MOAConfiguration xmlns:cfg="http://reference.e-government.gv.at/namespace/moaconfig/20021122#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <cfg:SignatureVerification>
- <cfg:CertificateValidation>
- <cfg:PathConstruction>
- <cfg:AutoAddCertificates>true</cfg:AutoAddCertificates>
- <cfg:UseAuthorityInformationAccess>true</cfg:UseAuthorityInformationAccess>
- <cfg:CertificateStore>
- <cfg:DirectoryStore>
- <cfg:Location>certstore</cfg:Location>
- </cfg:DirectoryStore>
- </cfg:CertificateStore>
- </cfg:PathConstruction>
- <cfg:PathValidation>
- <cfg:ChainingMode>
- <cfg:DefaultMode>pkix</cfg:DefaultMode>
- <cfg:TrustAnchor>
- <cfg:Identification>
- <dsig:X509IssuerName>CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT</dsig:X509IssuerName>
- <dsig:X509SerialNumber>536</dsig:X509SerialNumber>
- </cfg:Identification>
- <cfg:Mode>chaining</cfg:Mode>
- </cfg:TrustAnchor>
- </cfg:ChainingMode>
- <cfg:TrustProfile>
- <cfg:Id>MOAIDBuergerkartePersonenbindung</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>MOAIDBuergerkarteAuthentisierungsDaten</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>C-PEPS-Test</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS-Test</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- <cfg:TrustProfile>
- <cfg:Id>C-PEPS</cfg:Id>
- <cfg:TrustAnchorsLocation>trustProfiles/C-PEPS</cfg:TrustAnchorsLocation>
- </cfg:TrustProfile>
- </cfg:PathValidation>
- <cfg:RevocationChecking>
- <cfg:EnableChecking>true</cfg:EnableChecking>
- <cfg:MaxRevocationAge>0</cfg:MaxRevocationAge>
- <cfg:ServiceOrder>
- <cfg:Service>CRL</cfg:Service>
- <cfg:Service>OCSP</cfg:Service>
- </cfg:ServiceOrder>
- <cfg:Archiving>
- <cfg:EnableArchiving>false</cfg:EnableArchiving>
- <cfg:ArchiveDuration>365</cfg:ArchiveDuration>
- <cfg:Archive>
- <cfg:DatabaseArchive>
- <cfg:JDBCURL>jdbc:url</cfg:JDBCURL>
- <cfg:JDBCDriverClassName>fully.qualified.classname</cfg:JDBCDriverClassName>
- </cfg:DatabaseArchive>
- </cfg:Archive>
- </cfg:Archiving>
- </cfg:RevocationChecking>
- </cfg:CertificateValidation>
- <cfg:VerifyTransformsInfoProfile>
- <cfg:Id>MOAIDTransformAuthBlockTable_DE_2.0</cfg:Id>
- <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml</cfg:Location>
- </cfg:VerifyTransformsInfoProfile>
- <cfg:VerifyTransformsInfoProfile>
- <cfg:Id>MOAIDTransformAuthBlockTable_DE</cfg:Id>
- <cfg:Location>profiles/MOAIDTransformAuthBlockTable_DE.xml</cfg:Location>
- </cfg:VerifyTransformsInfoProfile>
- <cfg:VerifyTransformsInfoProfile>
- <cfg:Id>MOAIDTransformAuthBlockTable_EN</cfg:Id>
- <cfg:Location>profiles/MOAIDTransformAuthBlockTable_EN.xml</cfg:Location>
- </cfg:VerifyTransformsInfoProfile>
- </cfg:SignatureVerification>
-</cfg:MOAConfiguration>
diff --git a/id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
deleted file mode 100644
index 33e776369..000000000
--- a/id/server/doc/conf/moa-spss/certstore/238ACC1D03DA5A2E7E580D760FB3EE218FDC5A97/D3C063F219ED073E34AD5D750B327629FFD59AF2
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
deleted file mode 100644
index a699436ca..000000000
--- a/id/server/doc/conf/moa-spss/certstore/88BBA52A5AF119284F03A7D0D1DA61934EE57A79/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
deleted file mode 100644
index b9a0e5a61..000000000
--- a/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
deleted file mode 100644
index 33e776369..000000000
--- a/id/server/doc/conf/moa-spss/certstore/toBeAdded/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cer b/id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cer
deleted file mode 100644
index a699436ca..000000000
--- a/id/server/doc/conf/moa-spss/certstore/toBeAdded/a-sign-SSL-03.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt b/id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
deleted file mode 100644
index ebfbce9a0..000000000
--- a/id/server/doc/conf/moa-spss/certstore/toBeAdded/atrust_OCSP_Responder_03-1.crt
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
deleted file mode 100644
index afeccd25f..000000000
--- a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE.xml
+++ /dev/null
@@ -1,159 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
- <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
- <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
- <xsl:output method="xml" xml:space="default"/>
- <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
- <html>
- <head>
- <title>Signatur der Anmeldedaten</title>
- <style type="text/css" media="screen">
- .normalstyle { font-size: medium; }
- .italicstyle { font-size: medium; font-style: italic; }
- .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
- .h4style{ font-size: large; }
- </style>
- </head>
- <body>
- <h4 class="h4style">Anmeldedaten:</h4>
- <p class="titlestyle">Daten zur Person</p>
- <table class="parameters">
- <xsl:if test="normalize-space(//@Issuer)">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle">
- <xsl:value-of select="//@Issuer"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
- <tr>
- <td class="italicstyle">Geburtsdatum:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">Rolle:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
- <tr>
- <td class="italicstyle">Vollmacht:</td>
- <td class="normalstyle">
- <xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text>
- </td>
- </tr>
- </xsl:if>
- </table>
- <p class="titlestyle">Daten zur Anwendung</p>
- <table class="parameters">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
- </td>
- </tr>
- <tr>
- <td class="italicstyle">Staat:</td>
- <td class="normalstyle">Österreich</td>
- </tr>
- </table>
- <p class="titlestyle">Technische Parameter</p>
- <table class="parameters">
- <tr>
- <td class="italicstyle">URL:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
- </td>
- </tr>
- <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
- <tr>
- <td class="italicstyle">Bereich:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
- <tr>
- <td class="italicstyle">
- Vollmachten-Referenz:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
- <tr>
- <td class="italicstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
- <tr>
- <td class="italicstyle">Identifikator:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">OID:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
- <tr>
- <td class="italicstyle">HPI:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
- </td>
- </tr>
- </xsl:if>
- <tr>
- <td class="italicstyle">Datum:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
- </td>
- </tr>
- <tr>
- <td class="italicstyle">Uhrzeit:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
- </td>
- </tr>
- </table>
- </body>
- </html>
- </xsl:template>
- </xsl:stylesheet>
- </dsig:Transform>
- <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
- </dsig:Transforms>
-</VerifyTransformsInfoProfile>
diff --git a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml
deleted file mode 100644
index dc472efcb..000000000
--- a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_DE_2.0.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?><VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#"><dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"><xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml"><xsl:output method="xml" xml:space="default"/><xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml"><html><head><title>Signatur der Anmeldedaten</title><style type="text/css" media="screen">
- .normalstyle { font-size: medium; }
- .italicstyle { font-size: medium; font-style: italic; }
- .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
- .h4style{ font-size: large; }
- </style></head><body><h4 class="h4style">Anmeldedaten:</h4><xsl:if test="string(//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue)"><p class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='SpecialText']/saml:AttributeValue"/></p></xsl:if><p class="titlestyle">Daten zur Person</p><table class="parameters"><xsl:if test="normalize-space(//@Issuer)"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//@Issuer"/></td></tr></xsl:if><xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)"><tr><td class="italicstyle">Geburtsdatum:</td><td class="normalstyle"><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">Rolle:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">Vollmacht:</td><td class="normalstyle"><xsl:text>Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.</xsl:text></td></tr></xsl:if></table><p class="titlestyle">Daten zur Anwendung</p><table class="parameters"><tr><td class="italicstyle">Name:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/></td></tr><tr><td class="italicstyle">Staat:</td><td class="normalstyle">Österreich</td></tr></table><p class="titlestyle">Technische Parameter</p><table class="parameters"><tr><td class="italicstyle">URL:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/></td></tr><xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']"><tr><td class="italicstyle">Bereich:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']"><tr><td class="italicstyle">
- Vollmachten-Referenz:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"><tr><td class="italicstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']"><tr><td class="italicstyle">Identifikator:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/><xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']"><tr><td class="italicstyle">OID:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='HPI']"><tr><td class="italicstyle">HPI:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/></td></tr></xsl:if><xsl:if test="//saml:Attribute[@AttributeName='UniqueTokken']"><tr><td class="italicstyle">SessionTokken:</td><td class="normalstyle"><xsl:value-of select="//saml:Attribute[@AttributeName='UniqueTokken']/saml:AttributeValue"/></td></tr></xsl:if><tr><td class="italicstyle">Datum:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,9,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,6,2)"/><xsl:text>.</xsl:text><xsl:value-of select="substring(//@IssueInstant,1,4)"/></td></tr><tr><td class="italicstyle">Uhrzeit:</td><td class="normalstyle"><xsl:value-of select="substring(//@IssueInstant,12,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,15,2)"/><xsl:text>:</xsl:text><xsl:value-of select="substring(//@IssueInstant,18,2)"/></td></tr></table></body></html></xsl:template></xsl:stylesheet></dsig:Transform><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms></VerifyTransformsInfoProfile> \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml b/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
deleted file mode 100644
index 1665254fd..000000000
--- a/id/server/doc/conf/moa-spss/profiles/MOAIDTransformAuthBlockTable_EN.xml
+++ /dev/null
@@ -1,159 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<VerifyTransformsInfoProfile xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#">
- <dsig:Transforms xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
- <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
- <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:pr="http://reference.e-government.gv.at/namespace/persondata/20020228#" exclude-result-prefixes="pr saml">
- <xsl:output method="xml" xml:space="default"/>
- <xsl:template match="/" xmlns="http://www.w3.org/1999/xhtml">
- <html>
- <head>
- <title>Signing the authentication data</title>
- <style type="text/css" media="screen">
- .normalstyle { font-size: medium; }
- .italicstyle { font-size: medium; font-style: italic; }
- .titlestyle{ text-decoration:underline; font-weight:bold; font-size: medium; }
- .h4style{ font-size: large; }
- </style>
- </head>
- <body>
- <h4 class="h4style">Authentication Data:</h4>
- <p class="titlestyle">Personal Data</p>
- <table class="parameters">
- <xsl:if test="normalize-space(//@Issuer)">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle">
- <xsl:value-of select="//@Issuer"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="string(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue)">
- <tr>
- <td class="italicstyle">Date of Birth:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//saml:Attribute[@AttributeName='Geburtsdatum']/saml:AttributeValue,1,4)"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">Role:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='OIDTextualDescription']/saml:AttributeValue"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
- <tr>
- <td class="italicstyle">Mandate:</td>
- <td class="normalstyle">
- <xsl:text>I log in as representative. In the next step a list of available mandates is shown. Here I select one mandate.</xsl:text>
- </td>
- </tr>
- </xsl:if>
- </table>
- <p class="titlestyle">Application Data</p>
- <table class="parameters">
- <tr>
- <td class="italicstyle">Name:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='oaFriendlyName']/saml:AttributeValue"/>
- </td>
- </tr>
- <tr>
- <td class="italicstyle">Country:</td>
- <td class="normalstyle">Austria</td>
- </tr>
- </table>
- <p class="titlestyle">Technical Parameters</p>
- <table class="parameters">
- <tr>
- <td class="italicstyle">URL:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='OA']/saml:AttributeValue"/>
- </td>
- </tr>
- <xsl:if test="//saml:Attribute[@AttributeName='Geschaeftsbereich']">
- <tr>
- <td class="italicstyle">Sector:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='Geschaeftsbereich']/saml:AttributeValue"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='mandateReferenceValue']">
- <tr>
- <td class="italicstyle">
- Mandate Reference:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='mandateReferenceValue']"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']">
- <tr>
- <td class="italicstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='IdentityLinkDomainIdentifierType']"/>:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Type"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='bPK'] or //saml:Attribute[@AttributeName='wbPK']">
- <tr>
- <td class="italicstyle">Identifier:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='bPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- <xsl:value-of select="//saml:Attribute[@AttributeName='wbPK']/saml:AttributeValue/pr:Identification/pr:Value"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='OIDTextualDescription']">
- <tr>
- <td class="italicstyle">OID:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='OID']/saml:AttributeValue"/>
- </td>
- </tr>
- </xsl:if>
- <xsl:if test="//saml:Attribute[@AttributeName='HPI']">
- <tr>
- <td class="italicstyle">HPI:</td>
- <td class="normalstyle">
- <xsl:value-of select="//saml:Attribute[@AttributeName='HPI']/saml:AttributeValue"/>
- </td>
- </tr>
- </xsl:if>
- <tr>
- <td class="italicstyle">Date:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,9,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,6,2)"/>
- <xsl:text>.</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,1,4)"/>
- </td>
- </tr>
- <tr>
- <td class="italicstyle">Time:</td>
- <td class="normalstyle">
- <xsl:value-of select="substring(//@IssueInstant,12,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,15,2)"/>
- <xsl:text>:</xsl:text>
- <xsl:value-of select="substring(//@IssueInstant,18,2)"/>
- </td>
- </tr>
- </table>
- </body>
- </html>
- </xsl:template>
- </xsl:stylesheet>
- </dsig:Transform>
- <dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
- </dsig:Transforms>
-</VerifyTransformsInfoProfile>
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der
deleted file mode 100644
index 1851527de..000000000
--- a/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1.der
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12 b/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12
deleted file mode 100644
index 314cbc862..000000000
--- a/id/server/doc/conf/moa-spss/sslKeys/customer1/moa-ssl-kunde1[pwd=kunde1].p12
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystore b/id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystore
deleted file mode 100644
index bd9765a4c..000000000
--- a/id/server/doc/conf/moa-spss/sslKeys/customer1/trustedServers[pwd=servers].keystore
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der
deleted file mode 100644
index f50aa4d68..000000000
--- a/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2.der
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12 b/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12
deleted file mode 100644
index e5820fdf2..000000000
--- a/id/server/doc/conf/moa-spss/sslKeys/customer2/moa-ssl-kunde2[pwd=kunde2].p12
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystore b/id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystore
deleted file mode 100644
index bd9765a4c..000000000
--- a/id/server/doc/conf/moa-spss/sslKeys/customer2/trustedServers[pwd=servers].keystore
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.der b/id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.der
deleted file mode 100644
index e0f78a82c..000000000
--- a/id/server/doc/conf/moa-spss/sslKeys/server/moa-ssl-server.der
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystore b/id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystore
deleted file mode 100644
index da42549d4..000000000
--- a/id/server/doc/conf/moa-spss/sslKeys/tomcat/tomcat[pwd=server].keystore
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer
deleted file mode 100644
index af1f5f4a3..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/ES_C-PEPS_Test.cer
+++ /dev/null
@@ -1,16 +0,0 @@
-MIIDWDCCAkCgAwIBAAIETgGmXDANBgkqhkiG9w0BAQUFADBuMSYwJAYJKoZIhvcNAQkBFhdqYWxj
-YWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UEBhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNV
-BAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQuOTQuMjQwHhcNMTEwNjIyMDgyMjUyWhcNMTQwMzE4
-MDgyMjUyWjBuMSYwJAYJKoZIhvcNAQkBFhdqYWxjYWxkZW1vcmFub0BpbmRyYS5lczELMAkGA1UE
-BhMCRVMxEDAOBgNVBAgMB0VzcGHDsWExDzANBgNVBAoTBm1wdC5lczEUMBIGA1UEAxMLODguODQu
-OTQuMjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCSNeKJi+dOYTy4s/7aL1AXRBj0
-BlPRgHUYknGMU/Aog09AqKz5WZ95926NpufBHVZ5XVKW42Fxfrpk2fnSaAORrk6affYgdfm8HXcd
-dCD9i4yQkLADKpe3Gi29YeBUNC+j+E+iJaxP2whuXsLCpkYcmfbvx6yQkiPa3VFtw7omfEgGe1LQ
-9+ZvNh36Z895rUP/vgoOKi6AjXed4OgOmtyKx9k7AwnG2w040pt1I6LErlbmxoxtk0/11ecaEjzU
-RhxKdCXTuV9jSH7hsnbM9qehLnZSoZqdTYJgxVGyzqpo3SUta13oTn/8ugpRAneoC86m+AA0xmNn
-XZRY4pPgqLjxAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBABwRU7MLJcbm51fPQHtT+mypYslA4xFy
-zve7SyC2zCowFVZhnIwW19Cd0izGjfKPZZYS28N5EHmIQgxSNgJZi6693HINr0K5NPZd/jWRK46I
-uLK7je/K3oDUHnQXJ9xDkgRSDPZj/Wf0ZN+CDEAadhKopF5aJi8QyoYIsPxzn0p8SSgy5UsuKko6
-ov12x3B9O9mwM9HprO8FqzXbKdTaBgrZWVYOHPlD+cl9xSdrcZH347iwI6xEMtkASpXmxN9xLueE
-jI4eTuH148+Pzyr4iNIvfRQLY9iNJSmjoTJm0oKdGzKN0orSw/Ni53vpInziuR2FjYtQ4Zpf2why
-Ht0CXp0= \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer
deleted file mode 100644
index e754cad52..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/IT_C-PEPS_Test.cer
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN
-AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO
-MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt
-c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow
-ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL
-MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD
-VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv
-z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+
-+v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT
-OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE
-WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au
-zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF
-AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o
-/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu
-WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W
-VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7
-M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ
-QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA==
------END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer
deleted file mode 100644
index e05727d0a..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/PT_C-PEPS_Test.cer
+++ /dev/null
@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFjTCCBHWgAwIBAgIEQm3h+zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw
-dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg
-MDIwHhcNMTEwNzIxMTU0NjMxWhcNMTIwODE3MTU0MTE3WjCBwTELMAkGA1UEBhMC
-UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS
-QTESMBAGA1UECxMJQ29ycG9yYXRlMTMwMQYDVQQLEypBZ2VuY2lhIHBhcmEgYSBN
-b2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmExGDAWBgNVBAsTD1dlYiBBcHBsaWNh
-dGlvbjEgMB4GA1UEAxMXUEVQUyBQb3J0dWd1ZXMgZGUgVGVzdGUwgZ8wDQYJKoZI
-hvcNAQEBBQADgY0AMIGJAoGBALo91gnq+SQj8yPx8ssFEKuPvAfagO8f+EagEs+u
-XJhLx41GpFZesMuolxf86n3TdxJHcLSXI224HqZu3BtXExUiD1LCAvtGCjzOr6Rg
-oySwhIQrgMEsKRRpkQN0jQHIMze11EXqVAJ2+MDX9V4cABuIEd9LOOl0PcQmc7m8
-jcKXAgMBAAGjggKRMIICjTALBgNVHQ8EBAMCA/gwOAYIKwYBBQUHAQEELDAqMCgG
-CCsGAQUFBzABhhxodHRwOi8vb2NzcC5tdWx0aWNlcnQuY29tL2NhMIHgBgNVHSAE
-gdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYBBQUHAgEWMmh0dHA6Ly93d3cubXVs
-dGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNhLWNwcy5odG1sMIGDBgsrBgEEAbA8
-CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQAdABwADoALwAvAHcAdwB3AC4AbQB1
-AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMAcAAvAG0AdQBsAHQAaQBjAGUAcgB0
-AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGwwEQYJYIZIAYb4QgEBBAQDAgSwMIIB
-AQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRwOi8vd3d3Lm11bHRpY2VydC5jb20v
-Y2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRhcDovL2xkYXAubXVsdGljZXJ0LmNv
-bS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1VTFRJQ0VSVC1DQSxjPVBUP2NlcnRp
-ZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBXoFWgU6RRME8xCzAJBgNVBAYTAnB0
-MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAWBgNVBAMTD01VTFRJQ0VSVC1DQSAw
-MjEPMA0GA1UEAxMGQ1JMMjI4MB8GA1UdIwQYMBaAFB3DuYilGL5gpyymY8pmKvwM
-J8G9MB0GA1UdDgQWBBRH/+uES4Jsr1UV5WeSoN3v1vUaPDAJBgNVHRMEAjAAMA0G
-CSqGSIb3DQEBBQUAA4IBAQAOFAxM2U6HyZgWl5h6UB1MUUL4j9VTQQOs6nw4hm22
-QK3SF+DPL6oXS1j+RKDHYNlpAfQ5r5ObcaxhEkaXOUZJ4q/3z1qScMVaZ1fjU0FB
-hRyAUE2qfiHp/0Ql4V2IrQqcBZ+mEQD5DFwNgx/UDr22lO0idjHnmxRed83/Mrm0
-03v+2eAujlsE9NfayP8oo9HkYNh5KvFjveCpUNv4IW18xEJLNDFd3dUEeb9UO+Bv
-eEkrxmo6k/k7usuRUfGrXBaFuxcL71l3lFD4k66CB3m7atcbohmbiAYhfHnLegpR
-EVKVolR6O3ljt3ou+Y79oI4U7bhn0U256R9hoobnX9Un
------END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer
deleted file mode 100644
index a131767fb..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS-Test/SI_C-PEPS_Test.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFbDCCBFSgAwIBAgIEQLK59zANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJz
-aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3Qt
-Y2EwHhcNMTAwMzMwMTMwOTIzWhcNMTUwMzMwMTMzOTIzWjCBhjELMAkGA1UEBhMC
-c2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0aW9uczESMBAGA1UECxMJU0lURVNU
-LUNBMRkwFwYDVQQLExBjZXJ0aWZpY2F0ZXMtd2ViMSswEwYDVQQDEwxURVNUIFBF
-UFMgU0kwFAYDVQQFEw0zMDAzMjAxMDAwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA4h6L9Pv1TK7fz5K6Uur0Rli6EKzZwTtv9xXhSt2xlI4wFWzz
-FiCy5/O/Q5GPRa10YoMc8s7WmMdM5yI/bU0BF2t5SYtEH7MwbGaFZFKJt17OtbpZ
-AaCSoh6fm1yO0HtVVkG9UdH4mswS3wHp/d1C91lQNba2enVc2p9Nd4gYop/zbroE
-toFeDyHxTl0mYN/cUHQFT4H24hzAfWXh2FOBfNSnvNl2HnPJOT6HnrUBsdyzkSzL
-N0Eis2R1G5+mQkzAwW6UOroojvMclEJK3z1oekj2OWj1FhalTNmA5D9dkDymTRn4
-o3BW2S7ovmWPmxYUW9s26bkPhz/CbCQwIF9yPQIDAQABo4ICJzCCAiMwDgYDVR0P
-AQH/BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwMzMwMTMwOTIzWoEPMjAxNTAzMzAx
-MzM5MjNaMEsGA1UdIAREMEIwNgYLKwYBBAGvWQIBAQIwJzAlBggrBgEFBQcCARYZ
-aHR0cDovL3d3dy5jYS5nb3Yuc2kvY3BzLzAIBgYEAIswAQIwGAYIKwYBBQUHAQME
-DDAKMAgGBgQAjkYBATAeBgNVHREEFzAVgRN0ZXN0LnNpLXBlcHNAZ292LnNpMIH2
-BgNVHR8Ege4wgeswVaBToFGkTzBNMQswCQYDVQQGEwJzaTEbMBkGA1UEChMSc3Rh
-dGUtaW5zdGl0dXRpb25zMRIwEAYDVQQLEwlzaXRlc3QtY2ExDTALBgNVBAMTBENS
-TDMwgZGggY6ggYuGWGxkYXA6Ly94NTAwLmdvdi5zaS9vdT1zaXRlc3QtY2Esbz1z
-dGF0ZS1pbnN0aXR1dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0
-P2Jhc2WGL2h0dHA6Ly93d3cuc2lnZW4tY2Euc2kvY3JsL3NpdGVzdC9zaXRlc3Qt
-Y2EuY3JsMB8GA1UdIwQYMBaAFFRJB0aHzx2JncqucqeooKBptyHnMB0GA1UdDgQW
-BBQySemeDi10DbeTYj1tkGZ5Zo4mwjAJBgNVHRMEAjAAMBkGCSqGSIb2fQdBAAQM
-MAobBFY3LjEDAgOoMA0GCSqGSIb3DQEBBQUAA4IBAQASQ4l1Vd+MRDLFo2A6qYYW
-LVqTvtPLIk7v7Bswmq2SFAL2XmPoL5xbQFeDW+LiWhQBmrlgWyI7gbi/1/rs1E00
-Z4Skn8l97tuIyuxvCKTFhJDx9pzgUQGowoCYo9IzcMNQpxx6lkepreCDuc+e0fAb
-vTNGEpvQ7DkgrwJdcsUAElQ4OJ0ifELoah1DH8wpU31zr7D3YsizZgpu5TEIGP54
-AOhbFeZEmZlTU6gwNw4iTf6nVQkGaxsJt6gGGsyL8RUuvwpVRR3WmplCtjXryGCe
-4B/agAe3EKUh15IaPvWqdixSjySxjBI1bN8IEFHYPZmuwh7Y1FQuOYQGjuSLsJy9
------END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer
deleted file mode 100644
index d79ad8385..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/ES_C-PEPS.cer
+++ /dev/null
@@ -1,43 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIHrDCCBpSgAwIBAgIIZFwvd8biuV0wDQYJKoZIhvcNAQEFBQAwUjERMA8GA1UE
-AxMIQUNDVi1DQTIxDzANBgNVBAsTBlBLSUdWQTEfMB0GA1UEChMWR2VuZXJhbGl0
-YXQgVmFsZW5jaWFuYTELMAkGA1UEBhMCRVMwHhcNMTAwNTI3MTYxNTA2WhcNMTMw
-NTI2MTYyNTA2WjCBgTEaMBgGA1UEAwwRUGxhdGFmb3JtYSBAZmlybWExEjAQBgNV
-BAUTCVMyODExMDAxQzEbMBkGA1UECwwSc2VsbG8gZWxlY3Ryw7NuaWNvMSUwIwYD
-VQQKExxNaW5pc3RlcmlvIGRlIGxhIFByZXNpZGVuY2lhMQswCQYDVQQGEwJFUzCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM3IaIrzYOjbUYmS2nK7/GpD
-R6N3sVbBNxF5s/bCCQ44tL5MIz7I889GCMD8vrCd//5pAezPO8vZLpdh78QUZrCl
-k+E79ENYjVmjP4g0KlqlI0b5AOVc+dcE27/V6D6pCYDkVdn7puFDgzzSqksTNdL5
-uZZMM1L7Dkq0DfCjumYrfulp5i5PrYqrOh7wkXB1G+FGP0plN8at0tm5Q8EPXT7n
-/ogV9glWXG+vLkfIe2SKkdyU/08fecQH3f/jhrc5Bm0+uFvHP9DcS8usWpZojJWW
-iQb96B5bdPXqUsKnZVDj+b7HRkx3UjvvEipMV3Kr5E+E0sg1K4jLgj5+atyoRcEC
-AwEAAaOCBFQwggRQMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgTwMB0GA1Ud
-JQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDAdBgNVHQ4EFgQUhAkD/z9ux2qjm4l+
-FheI6+F3CfwwHwYDVR0jBBgwFoAUs3jtBaV5QTrC9MBSKP9jQz+/44EwggEyBgNV
-HREEggEpMIIBJYEWc29wb3J0ZS5hZmlybWE1QG1wci5lc6SCAQkwggEFMSEwHwYJ
-YIVUAQMFAgIBDBJzZWxsbyBlbGVjdHLDs25pY28xKzApBglghVQBAwUCAgITHE1p
-bmlzdGVyaW8gZGUgbGEgUHJlc2lkZW5jaWExGDAWBglghVQBAwUCAgMTCVMyODEx
-MDAxQzEPMA0GCWCFVAEDBQICBBMAMUQwQgYJYIVUAQMFAgIFDDVQbGF0YWZvcm1h
-IGRlIHZhbGlkYWNpw7NuIHkgZmlybWEgZWxlY3Ryw7NuaWNhIEBmaXJtYTEPMA0G
-CWCFVAEDBQICBhMAMQ8wDQYJYIVUAQMFAgIHEwAxDzANBglghVQBAwUCAggTADEP
-MA0GCWCFVAEDBQICCRMAMIIB8AYDVR0gBIIB5zCCAeMwggHfBgsrBgEEAb9VAxEC
-ADCCAc4wggGYBggrBgEFBQcCAjCCAYoeggGGAEMAZQByAHQAaQBmAGkAYwBhAGQA
-bwAgAHIAZQBjAG8AbgBvAGMAaQBkAG8AIABwAGEAcgBhACAAcwBlAGwAbABvACAA
-ZABlACAA8wByAGcAYQBuAG8AIABlAG4AIABzAG8AcABvAHIAdABlACAAcwBvAGYA
-dAB3AGEAcgBlACAAZQB4AHAAZQBkAGkAZABvACAAcABvAHIAIABsAGEAIABBAHUA
-dABvAHIAaQB0AGEAdAAgAGQAZQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzACAA
-ZABlACAAbABhACAAQwBvAG0AdQBuAGkAdABhAHQAIABWAGEAbABlAG4AYwBpAGEA
-bgBhACAAKABQAGwALgAgAE0AYQBuAGkAcwBlAHMAIAAxAC4AIABDAEkARgAgAFMA
-NAA2ADEAMQAwADAAMQBBACkALgAgAEMAUABTACAAeQAgAEMAUAAgAGUAbgAgAGgA
-dAB0AHAAOgAvAC8AdwB3AHcALgBhAGMAYwB2AC4AZQBzMDAGCCsGAQUFBwIBFiRo
-dHRwOi8vd3d3LmFjY3YuZXMvbGVnaXNsYWNpb25fYy5odG0wOQYDVR0fBDIwMDAu
-oCygKoYoaHR0cDovL3d3dy5hY2N2LmVzL2dlc3RjZXJ0L2FjY3YtY2EyLmNybDAv
-BggrBgEFBQcBAQQjMCEwHwYIKwYBBQUHMAGGE2h0dHA6Ly9vY3NwLmFjY3YuZXMw
-OwYIKwYBBQUHAQMELzAtMBQGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQEw
-CwYGBACORgEDAgEPMA0GCSqGSIb3DQEBBQUAA4IBAQCknVr82ZpMROTkrk/OwC7e
-fccNqbmKEwM4peAUG4tLWnYaDh2hav/3Y7auXkd2CW9XID6C/6E8EqG6wGNwplyq
-LyfrkYmbppJN2/LDr+ZHFoul030o/KzbVRrzZ5zAS5vUnOG42TzpP3sgtMV5V2vg
-V3ZygZbm55+2JDH1RBlCZuJzOPSwLk2rfGcMecHduUN8AxuLN52VKs1LMdmuPhe0
-ZvcVabvmmqzBJGRC8VJ0fwJKB/c6b4rl5WZTYUnQ7+SIoI/+RxJCITnO2SrxRh0Z
-rXLaE62aJ6W/Jnu+lfqIVoQSyauSlybpbL1iS/o0IFFbQvnY6RoCAOqsg3ee+4Om
------END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer
deleted file mode 100644
index e754cad52..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/IT_C-PEPS.cer
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDcjCCAlqgAwIBAgIES8cgYjANBgkqhkiG9w0BAQUFADB7MSswKQYJKoZIhvcN
-AQkBFhx3ZWJtYXN0ZXJAc3R1ZGVudGkucG9saXRvLml0MQswCQYDVQQGEwJJVDEO
-MAwGA1UECgwFU1RPUksxDTALBgNVBAsMBFBFUFMxIDAeBgNVBAMMF2l0LXBlcHMt
-c3RvcmsucG9saXRvLml0MB4XDTEwMDQxNTE0MTkxNFoXDTM1MDQwOTE0MTkxNFow
-ezErMCkGCSqGSIb3DQEJARYcd2VibWFzdGVyQHN0dWRlbnRpLnBvbGl0by5pdDEL
-MAkGA1UEBhMCSVQxDjAMBgNVBAoMBVNUT1JLMQ0wCwYDVQQLDARQRVBTMSAwHgYD
-VQQDDBdpdC1wZXBzLXN0b3JrLnBvbGl0by5pdDCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAMtNR5qqszWjwl8TlGpYUPrglCCrEZQSQYnekPcSLhumMxCv
-z0+pksnf/ArfSDisvzVNYSbpuEBr4o/LM3WahBMGJVJZJjXstNjePNETvfBbfEU+
-+v27AabeZRK8KGizfry1q1tPuXRp/g+AfftZ/SBYe5CkdCUylnBItU22aEAHhGNT
-OkFebwWUxgWjy1mIjljnoish2y9UrWadvW+2rdkNT6m1WyG1aHy2K9rXldi82PGE
-WgCNNS+baj/2gVVAMo+iqZn8E/2n9Q0kSbJ60GTXWivWqdQbX3oJnS8t30Iha7Au
-zHmOvFbsi8LVA6Z4UfItgHrLxzO+U+x9ZSvA6TsCAwEAATANBgkqhkiG9w0BAQUF
-AAOCAQEAUPDg0VD4CG46bwYEbJ1H+5oDJibQ264JDq+E4z5YY2HLMf640ujKCz+o
-/33GIDyVrqjq8Zk1l0CSyLEW/49r87g4LunMVilty63aYRnj3+wWPNTbSTwfWXgu
-WcD00QnVoWparUnh75CfKUBm7lzn+q2WZPU18KpbXLw5E9rsRHnmaINqa9c5Fm6W
-VcP0qvrDizkEJ04gW3hadSKUEmHLNt1hnX1pnq7LJblb4AwLrpXNDfVZr8RdwRg7
-M5tBvGeKVRpniGILiND0UXkrKgkuWJkMzBiShg8YULtAaOC2D6lIkXAZnute6xaJ
-QNVdXrjW5oFUTw/YnHcg+bdCRlTCaA==
------END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer
deleted file mode 100644
index 950aaab0d..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/PT_C-PEPS.cer
+++ /dev/null
@@ -1,33 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFojCCBIqgAwIBAgIEQmx+HTANBgkqhkiG9w0BAQUFADA+MQswCQYDVQQGEwJw
-dDEVMBMGA1UEChMMTVVMVElDRVJULUNBMRgwFgYDVQQDEw9NVUxUSUNFUlQtQ0Eg
-MDIwHhcNMTAwNTE3MTAyMjMyWhcNMTMwNTE3MTAyMzM4WjCB1jELMAkGA1UEBhMC
-UFQxFTATBgNVBAoTDE1VTFRJQ0VSVC1DQTEWMBQGA1UECxMNQ0VSVElQT1IgLSBS
-QTESMBAGA1UECxMJQ29ycG9yYXRlMT4wPAYDVQQLEzVBTUEgLSBBZ2VuY2lhIHBh
-cmEgYSBNb2Rlcm5pemFjYW8gQWRtaW5pc3RyYXRpdmEgSS5QLjEYMBYGA1UECxMP
-V2ViIEFwcGxpY2F0aW9uMSowKAYDVQQDEyFzYW1sLmV1LWlkLmNhcnRhb2RlY2lk
-YWRhby5nb3YucHQwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMe2B9O1xCJp
-CmT2/AuypD1q9kbwge1Y0VjY5FOkhYPfki/XuuFpEdUa7KrurbcoDuuAmgjIxCIn
-v8vYAK5axY8hlPg9fp+vtRlmo1it5Y9IGY2mMvtN6OwoBzJOqKJypNexyAgIIR/u
-PqhVZjQAwGkTe1JrcDswKOKGbv21M1+pAgMBAAGjggKRMIICjTALBgNVHQ8EBAMC
-A/gwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzABgRxodHRwOi8vb2NzcC5tdWx0
-aWNlcnQuY29tL2NhMIHgBgNVHSAEgdgwgdUwTQYJKwYBBAGwPAoCMEAwPgYIKwYB
-BQUHAgEWMmh0dHA6Ly93d3cubXVsdGljZXJ0LmNvbS9jcHMvbXVsdGljZXJ0LWNh
-LWNwcy5odG1sMIGDBgsrBgEEAbA8CgKIBjB0MHIGCCsGAQUFBwICMGYeZABoAHQA
-dABwADoALwAvAHcAdwB3AC4AbQB1AGwAdABpAGMAZQByAHQALgBjAG8AbQAvAGMA
-cAAvAG0AdQBsAHQAaQBjAGUAcgB0AC0AYwBhAC0AMQAwADMAMAAuAGgAdABtAGww
-EQYJYIZIAYb4QgEBBAQDAgSwMIIBAQYDVR0fBIH5MIH2MIGaoIGXoIGUhi9odHRw
-Oi8vd3d3Lm11bHRpY2VydC5jb20vY2EvbXVsdGljZXJ0LWNhLTAyLmNybIZhbGRh
-cDovL2xkYXAubXVsdGljZXJ0LmNvbS9jbj1NVUxUSUNFUlQtQ0ElMjAwMixvPU1V
-TFRJQ0VSVC1DQSxjPVBUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxpc3Q/YmFzZTBX
-oFWgU6RRME8xCzAJBgNVBAYTAnB0MRUwEwYDVQQKEwxNVUxUSUNFUlQtQ0ExGDAW
-BgNVBAMTD01VTFRJQ0VSVC1DQSAwMjEPMA0GA1UEAxMGQ1JMMTczMB8GA1UdIwQY
-MBaAFB3DuYilGL5gpyymY8pmKvwMJ8G9MB0GA1UdDgQWBBT+DvK0cR8Qa3uUWWYV
-rUfVGZeUTDAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBBQUAA4IBAQBiXYB/Nst7hDnV
-RS9D6VjifN1F+JaxtwSLZBoxkij2mi/1kXRugKjkpo6e8Kwb24Wv7G+/ZAFjm3zN
-WK9v0ziR192l+4lWke8wRVwHW4Ecsp3nOwOxCiCYkX4uVPDZQT5+cPeNYJbOwYyd
-4jbHTPrPT7T2CmtgdqOIu2Dc+1aHyg9ZnhCGgwEwDbvq+grUr9RcHqmWqfdR3Eou
-TvLugaM54N4Bur8rolFatHzETbKjvXfWzpHoTTFEekyHgQXWdnmVny8JajBFUmE5
-TkONB+V+Jj/R2YPfF++9tRKwc4ifNeduWzSD6ohx+OFimdx2gKHIdkkAMfK09z1M
-vz83eaDr
------END CERTIFICATE-----
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer b/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer
deleted file mode 100644
index 2051a22c2..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/C-PEPS/SI_C-PEPS.cer
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFXDCCBESgAwIBAgIEOl3pnzANBgkqhkiG9w0BAQUFADA9MQswCQYDVQQGEwJz
-aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMREwDwYDVQQLEwhzaWdvdi1j
-YTAeFw0xMDA2MTAxMDUwMTVaFw0xNTA2MTAxMTIwMTVaMIGEMQswCQYDVQQGEwJz
-aTEbMBkGA1UEChMSc3RhdGUtaW5zdGl0dXRpb25zMRkwFwYDVQQLExB3ZWItY2Vy
-dGlmaWNhdGVzMRMwEQYDVQQLEwpHb3Zlcm5tZW50MSgwEAYDVQQDEwlQRVBTIFNB
-TUwwFAYDVQQFEw0xMjM1ODU3NTE4MDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAw9gh7flrQC1UUc0Dw1jFXQ5sDVwSjjO/QqUsvIysAGELNJTxs3/j
-vFOsokBOWlZEbocZXDqeLJtzO4zmpblc7c9okyZIi0sj+dEqKiMF7XbFfjo1NZ2c
-xJdQ4ENR1jLkiHSb5Z345dQ7VY6wju0ezMMA5O9cIywGWcSyH9h007tezhTWJeL5
-aN2gMvFs3tGx7Uv9JH9geIOopWlcQANSDkvAnCf/iu1YhbUmx+jYtcxlywtJ8Tri
-ON3GlFLr4ew4O8SrVxeQQ28yKKDEP/Y3399KWdQDwK/CeFy6flW3kYTiGDPnUH5T
-u9yEATomwnujhPHJZN6d46JFiTWFsll4aQIDAQABo4ICGjCCAhYwDgYDVR0PAQH/
-BAQDAgWgMCsGA1UdEAQkMCKADzIwMTAwNjEwMTA1MDE1WoEPMjAxNTA2MTAxMTIw
-MTVaMEoGA1UdIARDMEEwNQYKKwYBBAGvWQEBBTAnMCUGCCsGAQUFBwIBFhlodHRw
-Oi8vd3d3LmNhLmdvdi5zaS9jcHMvMAgGBgQAizABAjAYBggrBgEFBQcBAwQMMAow
-CAYGBACORgEBMBcGA1UdEQQQMA6BDHN0b3JrQGdvdi5zaTCB8QYDVR0fBIHpMIHm
-MFWgU6BRpE8wTTELMAkGA1UEBhMCc2kxGzAZBgNVBAoTEnN0YXRlLWluc3RpdHV0
-aW9uczERMA8GA1UECxMIc2lnb3YtY2ExDjAMBgNVBAMTBUNSTDI3MIGMoIGJoIGG
-hldsZGFwOi8veDUwMC5nb3Yuc2kvb3U9c2lnb3YtY2Esbz1zdGF0ZS1pbnN0aXR1
-dGlvbnMsYz1zaT9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0P2Jhc2WGK2h0dHA6
-Ly93d3cuc2lnb3YtY2EuZ292LnNpL2NybC9zaWdvdi1jYS5jcmwwHwYDVR0jBBgw
-FoAUHvjUU2uzgwbpBAZXAvmlv8ZYPHIwHQYDVR0OBBYEFDY0NJgPdteoK8mw3FG7
-lde6PRboMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEVjcuMQMCA6gwDQYJ
-KoZIhvcNAQEFBQADggEBAInmtHMCOob3469jLaA/WvRXFUv0QelW4cS9Zr1QrZzW
-Wp1YUiwkWfILHkDJgvbo6qn8iUDyKSNPhgXFVKfWbBlbuUds9F2FCJ41g5n2jXZc
-Lz0IOpae4a9LHmNLdT0UKEGbUJ5a4wRaZEWLVfwrkN2GJPeWeeigbunYKtdVlceP
-4DZg8T1c/vpi8lrbTxSLUAzn0ie8FRod6k19y49QG5sudvwjeQgp309dUze0ULun
-YYTFkkc5d2uzqEa2WYcxHYz4+hKPHejbGGKC1OZz+zH7ZGGr0mtLYjSvXv+5VKTj
-85/a/sdD+vzNneKEGbLk7iupk0On5BIkJdWqnz/IeDk=
------END CERTIFICATE----- \ No newline at end of file
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
deleted file mode 100644
index d361d919f..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
deleted file mode 100644
index ad13d7b28..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
deleted file mode 100644
index f9f27442b..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
deleted file mode 100644
index b6f39e354..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
deleted file mode 100644
index f9fef65fc..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
deleted file mode 100644
index 3c7775b6e..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
deleted file mode 100644
index 36a442b89..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
deleted file mode 100644
index 54f809962..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
deleted file mode 100644
index ab9e0cd7d..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
deleted file mode 100644
index 01965769d..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
deleted file mode 100644
index b9a0e5a61..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
deleted file mode 100644
index 33e776369..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
deleted file mode 100644
index 3be7b6a06..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer
deleted file mode 100644
index 73553b996..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/EGIZ_Test_CA_-_User.20070829-20140101.SerNo00.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer
deleted file mode 100644
index 911640d0e..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
deleted file mode 100644
index cac44093a..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
deleted file mode 100644
index 32893db7f..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
deleted file mode 100644
index d361d919f..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
deleted file mode 100644
index ad13d7b28..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
deleted file mode 100644
index f9f27442b..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
deleted file mode 100644
index b6f39e354..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
deleted file mode 100644
index f9fef65fc..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
deleted file mode 100644
index 3c7775b6e..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
deleted file mode 100644
index 36a442b89..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
deleted file mode 100644
index 54f809962..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
deleted file mode 100644
index ab9e0cd7d..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
deleted file mode 100644
index 01965769d..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
deleted file mode 100644
index b9a0e5a61..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
deleted file mode 100644
index 33e776369..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
deleted file mode 100644
index 3be7b6a06..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
deleted file mode 100644
index afe6fdf09..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
deleted file mode 100644
index 33e776369..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
deleted file mode 100644
index 277b6083a..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
deleted file mode 100644
index 376d0753f..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
deleted file mode 100644
index 592c96230..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer
deleted file mode 100644
index 61a7ccb15..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
deleted file mode 100644
index 5171276f4..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
deleted file mode 100644
index afe6fdf09..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
deleted file mode 100644
index 33e776369..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
deleted file mode 100644
index 376d0753f..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
deleted file mode 100644
index 592c96230..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer
deleted file mode 100644
index 61a7ccb15..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
deleted file mode 100644
index 5171276f4..000000000
--- a/id/server/doc/conf/moa-spss/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer
+++ /dev/null
Binary files differ
diff --git a/id/server/doc/handbook/additional/additional.html b/id/server/doc/handbook/additional/additional.html
index 97c7794cf..fb4e76733 100644
--- a/id/server/doc/handbook/additional/additional.html
+++ b/id/server/doc/handbook/additional/additional.html
@@ -30,6 +30,7 @@
<li><a href="#statisticdata">Logging von Statistikdaten</a></li>
</ol>
</li>
+ <li><a href="#networkconnections">Ben&ouml;tigte Netzwerkverbindungen (incoming / outgoing)</a></li>
</ol>
<hr/>
<h1><a name="allgemeines"></a>1 Datenmanagement</h1>
@@ -191,6 +192,63 @@
<td width="757" valign="top"><p>Fehlermeldung in textueller Form (max. 255 Zeichen lang)</p></td>
</tr>
</table>
+<p>&nbsp;</p>
+<h1><a name="networkconnections" id="networkconnections"></a>2 Ben&ouml;tigte Netzwerkverbindungen (incoming / outgoing)</h1>
+<p>F&uuml;r die Betrieb des Modules MOA-ID-Auth werden Netzwerkverbindungen zu externen Service ben&ouml;tigt. Die nachfolgende Tabelle gibt eine Aufstellung der ben&ouml;tigten Verbindungen und eine kurze Beschreibung &uuml;ber deren Funktion.</p>
+<table border="1" cellpadding="0" cellspacing="0">
+ <tr>
+ <td width="105" height="34" valign="middle"><strong>Service</strong></td>
+ <td width="275" valign="middle"><strong>URL</strong></td>
+ <td width="63" valign="middle"><strong>Port</strong></td>
+ <td width="87" valign="middle"><strong>Richtung</strong></td>
+ <td width="702" valign="middle"><strong>Beschreibung</strong></td>
+ </tr>
+ <tr>
+ <td valign="middle"><p>MOA-ID-Auth</p></td>
+ <td align="center" valign="middle">*</td>
+ <td align="center" valign="middle">80, 443</td>
+ <td align="center" valign="middle">eingehend</td>
+ <td valign="middle"><p>Front-Channel und Back-Channel Verbinding zum IDP</p></td>
+ </tr>
+ <tr>
+ <td valign="middle"><p>MOA-ID-Auth</p></td>
+ <td align="center" valign="middle">*</td>
+ <td align="center" valign="middle">80, 443</td>
+ <td align="center" valign="middle">ausgehend</td>
+ <td valign="middle">Abholen von Template oder PVP 2.1 Metadaten</td>
+ </tr>
+ <tr>
+ <td height="26" valign="middle">LDAP</td>
+ <td align="center" valign="middle">*</td>
+ <td align="center" valign="middle">389, 636</td>
+ <td align="center" valign="middle">ausgehend</td>
+ <td valign="middle">Zertifikatspr&uuml;fung</td>
+ </tr>
+ <tr>
+ <td width="105" valign="middle"><p>OSCP / CRL</p></td>
+ <td width="275" align="center" valign="middle">*</td>
+ <td width="63" align="center" valign="middle">80, 443</td>
+ <td width="87" align="center" valign="middle">ausgehend</td>
+ <td width="702" valign="middle"><p>Zertifikatspr&uuml;fung</p></td>
+ </tr>
+ <tr>
+ <td valign="middle">OVS</td>
+ <td align="center" valign="middle"><p><strong>Prod:</strong> <a href="https://vollmachten.stammzahlenregister.gv.at/mis/">vollmachten.stammzahlenregister.gv.at</a><br>
+ <strong>Test:</strong> <a href="https://vollmachten.egiz.gv.at/mis-test/">vollmachten.egiz.gv.at</a></p></td>
+ <td align="center" valign="middle">443</td>
+ <td align="center" valign="middle">ausgehend</td>
+ <td valign="middle">Online-Vollmachten Service (MIS) via SOAP Service</td>
+ </tr>
+ <tr>
+ <td height="46" valign="middle">SZR-Gateway</td>
+ <td align="left" valign="middle"><strong>Prod: </strong><a href="https://gateway.stammzahlenregister.gv.at/">gateway.stammzahlenregister.gv.at</a><br>
+ <strong>Test:</strong> <a href="http://szrgw.egiz.gv.at/">szrgw.egiz.gv.at</a></td>
+ <td align="center" valign="middle">443</td>
+ <td align="center" valign="middle">ausgehend</td>
+ <td valign="middle">Stammzahlenregister Gateway via SOAP Service</td>
+ </tr>
+</table>
+<p>&nbsp;</p>
<p align="left">&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
diff --git a/id/server/doc/handbook/config/config.html b/id/server/doc/handbook/config/config.html
index 24e80c588..2d2709bcc 100644
--- a/id/server/doc/handbook/config/config.html
+++ b/id/server/doc/handbook/config/config.html
@@ -129,6 +129,7 @@
<li><a href="#konfigurationsparameter_oa_additional">Zus&auml;tzliche allgemeine Einstellungen</a>
<ol>
<li><a href="#konfigurationsparameter_oa_additional_formular">Login-Fenster Konfiguration</a></li>
+ <li><a href="#konfigurationsparameter_oa_additional_encbpk">Fremd-bPK Konfiguration</a></li>
</ol>
</li>
</ol>
@@ -217,6 +218,12 @@
<td>TrustedCACertificates enth&auml;lt das Verzeichnis (relativ zur MOA-ID-Auth Basiskonfigurationsdatei), das jene Zertifikate enth&auml;lt, die als vertrauensw&uuml;rdig betrachtet werden. Im Zuge der &Uuml;berpr&uuml;fung der TLS-Serverzertifikate wird die Zertifikatspfaderstellung an einem dieser Zertifikate beendet. Dieses Verzeichnis wird zur Pr&uuml;fung der SSL Serverzertifikate beim Download von PVP 2.1 Metadaten verwendet.</td>
</tr>
<tr>
+ <td>general.moaconfig.key</td>
+ <td>ConfigurationEncryptionKey</td>
+ <td><p>Passwort zum Verschl&uuml;sseln von Konfigurationsteilen welche in der Datenbank abgelegt werden. Hierbei kann jede beliebige Zeichenfolge aus Buchstaben, Zahlen und Sonderzeichen verwendet werden.</p>
+ <p><strong>Hinweis:</strong> Dieses Passwort muss identisch zu dem im <a href="#basisconfig_moa_id_auth_param_general">Modul MOA-ID-Auth</a> hinterlegten Passwort sein.</p></td>
+ </tr>
+ <tr>
<td>general.userrequests.cleanup.delay</td>
<td>18</td>
<td>Innerhalb dieses Zeitraums muss ein neuer Benutzer die im Benutzerprofil hinterlegte eMail Adresse validieren. </td>
@@ -571,6 +578,12 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-configuration/secure/usermanagementInit
<td>Passwort zum Verschl&uuml;sseln von personenbezogenen Session Daten die w&auml;hrend eines Anmeldevorgangs und f&uuml;r Single Sign-On in der Datenbank abgelegt werden. Hierbei kann jede beliebige Zeichenfolge aus Buchstaben, Zahlen und Sonderzeichen verwendet werden.</td>
</tr>
<tr>
+ <td>configuration.moaconfig.key</td>
+ <td>ConfigurationEncryptionKey</td>
+ <td><p>Passwort zum Verschl&uuml;sseln von Konfigurationsteilen welche in der Datenbank abgelegt werden. Hierbei kann jede beliebige Zeichenfolge aus Buchstaben, Zahlen und Sonderzeichen verwendet werden.</p>
+ <p><strong>Hinweis:</strong> Dieses Passwort muss identisch zu dem im Modul <a href="#moa_id_config_parameters_generel">MOA-ID-Configuration</a> hinterlegten Passwort sein.</p></td>
+ </tr>
+ <tr>
<td>configuration.monitoring.active</td>
<td>true / false</td>
<td>Aktiviert das Modul f&uuml;r internes Monitoring / Testing.</td>
@@ -1037,6 +1050,7 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<h3><a name="konfigurationsparameter_allgemein_sl-templates" id="konfigurationsparameter_allgemein_bku2"></a>3.1.3 Security-Layer Request Templates</h3>
<p>Security-Layer (SL) Templates dienen der Kommunikation mit der gew&auml;hlten B&uuml;rgerkartenumgebung. Die hier hinterlegen SL-Templates werden f&uuml;r die Kommunikation mit der jeweiligen BKU verwendet. N&auml;here Details zum Aufbau dieser SL-Templates finden Sie im <a href="#import_template_sltemplate">Kapitel 4.3</a>. </p>
<p>Die Lage der Templates wird in Form einer URL beschrieben, wobei sowohl lokale Referenzen als der Bezug &uuml;ber http(s) m&ouml;glich sind. Relative Pfadangaben werden dabei relativ zum Verzeichnis, in dem sich die MOA-ID-Auth Basiskonfigurationsdatei befindet, interpretiert. Bei Templates die &uuml;ber das Protokoll https referenziert werden, muss vor dem Start des Tomcat ein Truststore angegeben werden, das die notwendigen vertrauensw&uuml;rdigen Zertifikate enth&auml;lt.</p>
+<p><strong>Hinweis:</strong> Diese hier definierten Templates dienen als zus&auml;tzliche WhiteList f&uuml;r Templates welche im &bdquo;StartAuthentication&ldquo; Request mit dem Parameter &bdquo;template&ldquo; &uuml;bergeben werden. Sollte im &bdquo;StartAuthentication&ldquo; Request der Parameter &bdquo;template&ldquo; fehlen, es wurde jedoch eine &bdquo;bkuURL&ldquo; &uuml;bergeben, dann wird f&uuml;r den Authentifizierungsvorgang ein bei der <a href="#konfigurationsparameter_oa_bku">Online Applikation konfiguriertes Tempalte</a> oder als Backup das erste Template in dieser Liste verwendet. Detailinformationen zum <a href="./../protocol/protocol.html#allgemeines_legacy">Legacy Request</a> finden Sie im Kapitel Protokolle.</p>
<table width="1247" border="1">
<tr>
<th width="89" scope="col">Name</th>
@@ -1046,7 +1060,7 @@ https://&lt;host&gt;:&lt;port&gt;/moa-id-auth/MonitoringServlet</pre>
<tr>
<td>Online BKU</td>
<td><p>SLTemplates/template_onlineBKU.html</p></td>
- <td>SL Template zur Kommunikation mit der Online-BKU</td>
+ <td><p>SL Template zur Kommunikation mit der Online-BKU.</p></td>
</tr>
<tr>
<td>Handy BKU</td>
@@ -2050,8 +2064,38 @@ Alle in diesem Abschnitt angegebenen Parameter sind Optional und werden bei Beda
</table>
<p>&nbsp;</p>
<p><strong>Hinweis:</strong> Bei Verwendung einer online-applikationsspezifischen Bürgerkartenauswahl stehen alle Parameter die die Bürgerkartenauswahl betreffen nicht zur Verfügung.</p>
-<p><strong>Hinweis:</strong> Bei Verwendung eines online-applikationsspezifischen Security-Layer-Request Templates stehen alle Parameter die das SL-Template betreffen nicht zur Verfügung.</p>
+<p><strong>Hinweis:</strong> Bei Verwendung eines online-applikationsspezifischen Security-Layer-Request Templates stehen alle Parameter die das SL-Template betreffen nicht zur Verfügung.</p>
+<h4><a name="konfigurationsparameter_oa_additional_encbpk" id="uebersicht_zentraledatei_aktualisierung31"></a>3.2.8.2 Fremd-bPK Konfiguration</h4>
+<p>Dieser Konfigurationsparameter erm&ouml;glicht die Konfiguration eines Key Stores, welcher im Falle einer<a href="../interfederation/interfederation.html"> Anmeldung mittels Single Sign-On Interfederation</a> zur Entschl&uuml;sselung einer verschl&uuml;sselten Fremd-bPK verwendet werden soll. Hierf&uuml;r sind folgende Konfigurationsparameter notwenig.</p>
+<table width="1247" border="1">
+ <tr>
+ <th width="272" scope="col">Name</th>
+ <th width="147" scope="col">Beispielwert</th>
+ <th width="806" scope="col">Beschreibung</th>
+ </tr>
+ <tr>
+ <td>KeyStore hochladen</td>
+ <td>&nbsp;</td>
+ <td>Dateiname des Java Keystore oder PKCS12 Keystore welcher den privaten Schl&uuml;ssel zur Entschl&uuml;sselung von Fremd-bPKs beinhaltet.</td>
+ </tr>
+ <tr>
+ <td><span id="wwlbl_loadOA_BPKEncDecr_keyStorePassword">KeyStore Password</span></td>
+ <td>password</td>
+ <td>Passwort zum Keystore</td>
+ </tr>
+ <tr>
+ <td><span id="wwlbl_loadOA_BPKEncDecr_keyAlias">Schl&uuml;sselname</span></td>
+ <td>pvp_metadata</td>
+ <td>Name des Schl&uuml;ssels der zum Entschl&uuml;sseln der Fremd-bPK verwendet werden soll</td>
+ </tr>
+ <tr>
+ <td><span id="wwlbl_loadOA_BPKEncDecr_keyPassword">Schl&uuml;sselpassword</span></td>
+ <td>password</td>
+ <td>Passwort des Schl&uuml;ssels der zum Entschl&uuml;sseln der Fremd-bPK verwendet werden soll</td>
+ </tr>
+</table>
<p>&nbsp;</p>
+<p><strong>Hinweis:</strong> Diese Konfiguration ist jedoch nur n&ouml;tig wenn die f&uuml;r das Modul MOA-ID-Auth Interfederation verwendet und von weiteren Identity Providern in der Federation Fremd-bPKs &uuml;bermittelt werden welche bereits im Modul MOA-ID-Auth entschl&uuml;sselt werden sollen (z.B. bei Verwendung von SAML 1 als Authentifizierungsprotokoll). Bei Verwendung von PVP 2.1 und OpenID Connect kann die Fremd-bPK auch direkt an die Online Applikation weitergeben werden wodurch eine Entschl&uuml;sselung auf Seiten des Modules MOA-ID-Auth nicht zwingend notwendig ist.</p>
<h2><a name="import_export" id="uebersicht_zentraledatei_aktualisierung4"></a>3.3 Import / Export</h2>
<p>Über diese Funktionalität besteht die Möglichkeit eine bestehende MOA-ID 1.5.1
Konfiguration in MOA-ID 2.0 zu importieren. Zusätzlich besteht die Möglichkeit eine MOA-ID-Auth 2.0
diff --git a/id/server/doc/handbook/index.html b/id/server/doc/handbook/index.html
index acab7517a..892a82484 100644
--- a/id/server/doc/handbook/index.html
+++ b/id/server/doc/handbook/index.html
@@ -15,7 +15,7 @@
</table>
<hr/>
<p class="title">MOA-ID (Identifikation) </p>
- <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 2.1.0 </p>
+ <p class="subtitle">&Uuml;bersicht zur Dokumentation der Version 2.1.1 </p>
<hr/>
<dl>
<dt><a href="./intro/intro.html">Einf&uuml;hrung</a></dt>
diff --git a/id/server/doc/handbook/interfederation/interfederation.html b/id/server/doc/handbook/interfederation/interfederation.html
index d30c93008..bd97061ab 100644
--- a/id/server/doc/handbook/interfederation/interfederation.html
+++ b/id/server/doc/handbook/interfederation/interfederation.html
@@ -73,7 +73,8 @@
<li>MOA-ID 1 validiert den Authentifizierungsrequest und generiert eine Assertion f&uuml;r MOA-ID 2 welche Session-Token f&uuml;r die Benutzerin oder den Benutzer enth&auml;lt. In diesem Schritt werden jedoch noch keine personenbezogenen Daten ausgetauscht.</li>
<li>Die Assertion wird an MOA-ID 2 zur&uuml;ckgesendet.</li>
<li>MOA-ID 2 validiert die Assertion und extrahiert das Session-Token. <br>
- <strong>Hinweis:</strong> Sollte die Validierung der Assertion fehlschlagen oder keine aktive SSO Session bei MOA-ID 1 existieren wird eine lokale Authentifizierung der Benutzerin oder des Benutzers mittels B&uuml;rgerkarte oder Handy-Signatur durchgef&uuml;hrt.</li>
+ <strong>Hinweis:</strong> Sollte die Validierung der Assertion fehlschlagen oder keine aktive SSO Session bei MOA-ID 1 existieren wird eine lokale Authentifizierung der Benutzerin oder des Benutzers mittels B&uuml;rgerkarte oder Handy-Signatur durchgef&uuml;hrt.<br>
+ <strong>Hinweis:</strong> Sollte die Assertion bereits alle notwenigen Anmeldeinformationen beinhalten wird Schritt 13 und 14 &uuml;bersprungen. </li>
<li>MOA-ID 2 generiert einen Attribut Request mit den von Online Applikation 2 angeforderten Attributen und sendet diesen &uuml;ber SOAP Binding an MOA-ID 1.</li>
<li>MOA-ID 1 generiert eine Assertion mit den angeforderten Attributen f&uuml;r Online Applikation 2 und sendet diese an MOA-ID 2.</li>
<li>MOA-ID 2 generiert eine Assertion f&uuml;r Online Applikation 2</li>
@@ -154,8 +155,9 @@
<tr>
<td><span id="wwlbl_loadIDP_moaIDP_queryURL">AttributQuery Service URL</span></td>
<td>https://demo.egiz.gv.at/moa-id-auth/pvp2/attributequery</td>
- <td align="center">&nbsp;</td>
- <td><p>URL auf das Attribute-Query Service des konfigurierten IDP. &Uuml;ber dieses WebService werden die Authentifizierungsdaten vom IDP abgeholt.</p></td>
+ <td align="center">X</td>
+ <td><p>URL auf das Attribute-Query Service des konfigurierten IDP. &Uuml;ber dieses WebService werden die Authentifizierungsdaten vom IDP abgeholt.</p>
+ <p><strong>Hinweis:</strong> Wenn kein Service konfiguriert ist m&uuml;ssen alle f&uuml;r den Anmeldevorgang ben&ouml;tigten Informationen bereits in der Assertion im Schritt 11 (siehe <a href="#sequenzediagramm">Sequenzdiagramm</a>) &uuml;bermittelt werden.</p></td>
</tr>
</table>
<p>&nbsp;</p>
diff --git a/id/server/idserverlib/pom.xml b/id/server/idserverlib/pom.xml
index c1ea05e4b..a8ffd10bc 100644
--- a/id/server/idserverlib/pom.xml
+++ b/id/server/idserverlib/pom.xml
@@ -142,11 +142,11 @@
</dependency>
- <dependency>
+<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.7.6</version>
- </dependency>
+ <version>1.7.7</version>
+ </dependency> -->
<!-- <dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-simple</artifactId>
@@ -267,20 +267,20 @@
<dependency>
<groupId>commons-codec</groupId>
<artifactId>commons-codec</artifactId>
- <version>1.8</version>
+ <version>1.9</version>
</dependency>
<!-- Google OAuth Client -->
<dependency>
<groupId>com.google.http-client</groupId>
<artifactId>google-http-client-jackson2</artifactId>
- <version>1.18.0-rc</version>
+ <version>1.19.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client-jetty</artifactId>
- <version>1.18.0-rc</version>
+ <version>1.19.0</version>
<scope>test</scope>
</dependency>
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index a8cf5014f..a33c4fdf4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -2,8 +2,6 @@
package at.gv.egovernment.moa.id.auth;
import iaik.asn1.ObjectID;
-import iaik.pki.PKIRuntimeException;
-import iaik.util.logging.Log;
import iaik.x509.X509Certificate;
import iaik.x509.X509ExtensionInitException;
@@ -11,6 +9,7 @@ import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
@@ -19,14 +18,12 @@ import java.util.ArrayList;
//import java.security.cert.CertificateFactory;
import java.util.Calendar;
import java.util.Date;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
@@ -43,13 +40,11 @@ import org.opensaml.xml.util.XMLHelper;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
-import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder;
import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder;
@@ -60,7 +55,6 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
-import at.gv.egovernment.moa.id.auth.data.InfoboxValidationResult;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.BKUException;
@@ -72,18 +66,14 @@ import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
-import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet;
+import at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet;
import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator;
-import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants;
import at.gv.egovernment.moa.id.client.SZRGWClient;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
@@ -96,14 +86,11 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.config.stork.CPEPS;
import at.gv.egovernment.moa.id.config.stork.STORKConfig;
-import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AssertionStorage;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-import at.gv.egovernment.moa.id.util.HTTPUtils;
import at.gv.egovernment.moa.id.util.MOAIDMessageProvider;
-import at.gv.egovernment.moa.id.util.Random;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.id.util.client.mis.simple.MISMandate;
@@ -115,7 +102,6 @@ import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.FileUtils;
import at.gv.egovernment.moa.util.MiscUtil;
import at.gv.egovernment.moa.util.StringUtils;
-import at.gv.egovernment.moa.util.XPathUtils;
import at.gv.util.xsd.mis.MandateIdentifiers;
import at.gv.util.xsd.mis.Target;
import at.gv.util.xsd.srzgw.CreateIdentityLinkRequest;
@@ -139,11 +125,6 @@ import eu.stork.peps.auth.commons.STORKAuthnRequest;
import eu.stork.peps.auth.engine.STORKSAMLEngine;
import eu.stork.peps.exceptions.STORKSAMLEngineException;
-//import java.security.cert.CertificateFactory;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.CreateIdentityLinkResponse;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClient;
-//import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWClientException;
-
/**
* API for MOA ID Authentication Service.<br> {@link AuthenticationSession} is
* stored in a session store and retrieved by giving the session ID.
@@ -154,1434 +135,1434 @@ import eu.stork.peps.exceptions.STORKSAMLEngineException;
*/
public class AuthenticationServer implements MOAIDAuthConstants {
- /**
- * single instance
- */
- private static AuthenticationServer instance;
-
- /**
- * time out in milliseconds used by {@link cleanup} for session store
- */
- private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes
- private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes
- /**
- * time out in milliseconds used by {@link cleanup} for authentication data
- * store
- */
- private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
-
- /**
- * Returns the single instance of <code>AuthenticationServer</code>.
- *
- * @return the single instance of <code>AuthenticationServer</code>
- */
- public static AuthenticationServer getInstance() {
- if (instance == null)
- instance = new AuthenticationServer();
- return instance;
- }
-
- /**
- * Constructor for AuthenticationServer.
- */
- public AuthenticationServer() {
- super();
- }
-
-
- /**
- * Processes the beginning of an authentication session.
- * <ul>
- * <li>Starts an authentication session</li>
- * <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>Creates an HTML form for querying the identity link from the security
- * layer implementation. <br>
- * Form parameters include
- * <ul>
- * <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
- * <li>the data URL where the security layer implementation sends it
- * response to</li>
- * </ul>
- * </ul>
- *
- * @param authURL URL of the servlet to be used as data URL
- * @param target "Gesch&auml;ftsbereich" of the online application requested
- * @param targetFriendlyName Friendly name of the target if the target is configured via
- * configuration
- * @param oaURL online application URL requested
- * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used; may be
- * <code>null</code>; in this case, the default location will be
- * used
- * @param useMandate Indicates if mandate is used or not
- * @param templateURL URL providing an HTML template for the HTML form generated
- * @param templateMandteURL URL providing an HTML template for the HTML form generated
- * (for signing in mandates mode)
- * @param req determines the protocol used
- * @param sourceID
- * @return HTML form
- * @throws AuthenticationException
- * @see GetIdentityLinkFormBuilder
- * @see InfoboxReadRequestBuilder
- */
- public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException,
- AuthenticationException, ConfigurationException, BuildException {
-
- if (session == null) {
- throw new AuthenticationException("auth.18", new Object[]{});
- }
-
- //load OnlineApplication configuration
- OAAuthParameter oaParam =
- AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()});
-
- //load Template
- String template = null;
- if (session.getTemplateURL() != null) {
- try {
-
- template = new String(FileUtils.readURL(session.getTemplateURL()));
- } catch (IOException ex) {
- throw new AuthenticationException("auth.03", new Object[]{
- session.getTemplateURL(), ex.toString()}, ex);
- }
- }
-
- String infoboxReadRequest = "";
-
- String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim();
- if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) {
- //do not use SSO if no Target is set
- Log.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
- session.setSsoRequested(false);
-
- }
-
- if (session.isSsoRequested()) {
- Log.info("SSO Login requested");
- //load identityLink with SSO Target
- boolean isbuisness = false;
-
- if (domainIdentifier.startsWith(PREFIX_WPBK)) {
-
- isbuisness = true;
-
- } else {
- isbuisness = false;
-
- }
-
- //build ReadInfobox request
- infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- isbuisness, domainIdentifier);
-
- } else {
- Log.info("Non-SSO Login requested");
- //build ReadInfobox request
- infoboxReadRequest = new InfoboxReadRequestBuilder().build(
- oaParam.getBusinessService(), oaParam
- .getIdentityLinkDomainIdentifier());
-
- }
-
-
- String dataURL = new DataURLBuilder().buildDataURL(
- session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
- .getSessionID());
-
- //removed in MOAID 2.0
- String pushInfobox = "";
-
-// VerifyInfoboxParameters verifyInfoboxParameters = oaParam
-// .getVerifyInfoboxParameters();
-// if (verifyInfoboxParameters != null) {
-// pushInfobox = verifyInfoboxParameters.getPushInfobox();
-// session.setPushInfobox(pushInfobox);
-// }
+ /**
+ * single instance
+ */
+ private static AuthenticationServer instance;
+
+ /**
+ * time out in milliseconds used by {@link cleanup} for session store
+ */
+ private long sessionTimeOutCreated = 15 * 60 * 1000; // default 10 minutes
+ private long sessionTimeOutUpdated = 10 * 60 * 1000; // default 10 minutes
+ /**
+ * time out in milliseconds used by {@link cleanup} for authentication data
+ * store
+ */
+ private long authDataTimeOut = 2 * 60 * 1000; // default 2 minutes
+
+ /**
+ * Returns the single instance of <code>AuthenticationServer</code>.
+ *
+ * @return the single instance of <code>AuthenticationServer</code>
+ */
+ public static AuthenticationServer getInstance() {
+ if (instance == null)
+ instance = new AuthenticationServer();
+ return instance;
+ }
+
+ /**
+ * Constructor for AuthenticationServer.
+ */
+ public AuthenticationServer() {
+ super();
+ }
+
+
+ /**
+ * Processes the beginning of an authentication session.
+ * <ul>
+ * <li>Starts an authentication session</li>
+ * <li>Creates an <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>Creates an HTML form for querying the identity link from the security
+ * layer implementation. <br>
+ * Form parameters include
+ * <ul>
+ * <li>the <code>&lt;InfoboxReadRequest&gt;</code></li>
+ * <li>the data URL where the security layer implementation sends it
+ * response to</li>
+ * </ul>
+ * </ul>
+ *
+ * @param authURL URL of the servlet to be used as data URL
+ * @param target "Gesch&auml;ftsbereich" of the online application requested
+ * @param targetFriendlyName Friendly name of the target if the target is configured via
+ * configuration
+ * @param oaURL online application URL requested
+ * @param bkuURL URL of the "B&uuml;rgerkartenumgebung" to be used; may be
+ * <code>null</code>; in this case, the default location will be
+ * used
+ * @param useMandate Indicates if mandate is used or not
+ * @param templateURL URL providing an HTML template for the HTML form generated
+ * @param templateMandteURL URL providing an HTML template for the HTML form generated
+ * (for signing in mandates mode)
+ * @param req determines the protocol used
+ * @param sourceID
+ * @return HTML form
+ * @throws AuthenticationException
+ * @see GetIdentityLinkFormBuilder
+ * @see InfoboxReadRequestBuilder
+ */
+ public String startAuthentication(AuthenticationSession session, HttpServletRequest req) throws WrongParametersException,
+ AuthenticationException, ConfigurationException, BuildException {
+
+ if (session == null) {
+ throw new AuthenticationException("auth.18", new Object[]{});
+ }
+
+ //load OnlineApplication configuration
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[]{session.getPublicOAURLPrefix()});
+
+ //load Template
+ String template = null;
+ if (session.getTemplateURL() != null) {
+ try {
+
+ template = new String(FileUtils.readURL(session.getTemplateURL()));
+ } catch (IOException ex) {
+ throw new AuthenticationException("auth.03", new Object[]{
+ session.getTemplateURL(), ex.toString()}, ex);
+ }
+ }
+
+ String infoboxReadRequest = "";
+
+ String domainIdentifier = AuthConfigurationProvider.getInstance().getSSOTagetIdentifier().trim();
+ if (MiscUtil.isEmpty(domainIdentifier) && session.isSsoRequested()) {
+ //do not use SSO if no Target is set
+ Logger.warn("NO SSO-Target found in configuration. Single Sign-On is deaktivated!");
+ session.setSsoRequested(false);
+
+ }
+
+ if (session.isSsoRequested()) {
+ Logger.info("SSO Login requested");
+ //load identityLink with SSO Target
+ boolean isbuisness = false;
+
+ if (domainIdentifier.startsWith(PREFIX_WPBK)) {
+
+ isbuisness = true;
+
+ } else {
+ isbuisness = false;
+
+ }
+
+ //build ReadInfobox request
+ infoboxReadRequest = new InfoboxReadRequestBuilder().build(
+ isbuisness, domainIdentifier);
+
+ } else {
+ Logger.info("Non-SSO Login requested");
+ //build ReadInfobox request
+ infoboxReadRequest = new InfoboxReadRequestBuilder().build(
+ oaParam.getBusinessService(), oaParam
+ .getIdentityLinkDomainIdentifier());
+
+ }
+
+
+ String dataURL = new DataURLBuilder().buildDataURL(
+ session.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, session
+ .getSessionID());
+
+ //removed in MOAID 2.0
+ String pushInfobox = "";
+
+ // VerifyInfoboxParameters verifyInfoboxParameters = oaParam
+ // .getVerifyInfoboxParameters();
+ // if (verifyInfoboxParameters != null) {
+ // pushInfobox = verifyInfoboxParameters.getPushInfobox();
+ // session.setPushInfobox(pushInfobox);
+ // }
//build CertInfo request
//removed in MOA-ID 2.0
-// String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
-// .build();
-// String certInfoDataURL = new DataURLBuilder()
-// .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
-// session.getSessionID());
-
- //get Applet Parameters
- String appletwidth = req.getParameter(PARAM_APPLET_WIDTH);
- String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH);
- appletheigth = StringEscapeUtils.escapeHtml(appletheigth);
- appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
-
-
- //TODO: cleanup before MOA-ID 2.1 release
- try {
- String htmlForm = new GetIdentityLinkFormBuilder().build(template,
- session.getBkuURL(), infoboxReadRequest, dataURL, null,
- null, pushInfobox, oaParam, appletheigth, appletwidth);
-
- return htmlForm;
-
- } catch (BuildException e) {
- throw new BuildException("builder.07", null, e);
-
- }
- }
-
- /**
- * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Parses identity link enclosed in
- * <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Verifies identity link by calling the MOA SP component</li>
- * <li>Checks certificate authority of identity link</li>
- * <li>Stores identity link in the session</li>
- * <li>Verifies all additional infoboxes returned from the BKU</li>
- * <li>Creates an authentication block to be signed by the user</li>
- * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * containg the authentication block, meant to be returned to the security
- * layer implementation</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param infoboxReadResponseParameters The parameters from the response returned from the BKU
- * including the <code>&lt;InfoboxReadResponse&gt;</code>
- * @return String representation of the
- * <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * @throws BKUException
- */
- public String verifyIdentityLink(AuthenticationSession session,
- Map<String, String> infoboxReadResponseParameters) throws AuthenticationException,
- BuildException, ParseException, ConfigurationException,
- ValidateException, ServiceException, BKUException {
-
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
-
- String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters
- .get(PARAM_XMLRESPONSE);
-
- if (isEmpty(xmlInfoboxReadResponse))
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
-
- AuthConfigurationProvider authConf = AuthConfigurationProvider
- .getInstance();
-
- // check if an identity link was found
- // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform
- // (SL1.2))
- // CharSequence se = "ErrorCode>2911".substring(0);
- // boolean b = xmlInfoboxReadResponse.contains(se);
- String se = "ErrorCode>2911";
- int b = xmlInfoboxReadResponse.indexOf(se);
- if (b != -1) { // no identity link found
- Logger
- .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID.");
- return null;
- }
- // spezifikationsgemaess (SL1.2) Errorcode
- se = "ErrorCode>4002";
- // b = xmlInfoboxReadResponse.contains(se);
- b = xmlInfoboxReadResponse.indexOf(se);
- if (b != -1) { // Unbekannter Infoboxbezeichner
- Logger
- .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID.");
- return null;
- }
-
- // parses the <InfoboxReadResponse>
- IdentityLink identityLink = new InfoboxReadResponseParser(
- xmlInfoboxReadResponse).parseIdentityLink();
- // validates the identity link
- IdentityLinkValidator.getInstance().validate(identityLink);
- // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .build(identityLink, authConf
- .getMoaSpIdentityLinkTrustProfileID());
-
- // invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVerifyXMLSignatureRequest);
- // parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
- domVerifyXMLSignatureResponse).parseData();
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- // validates the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponseValidator.getInstance().validate(
- verifyXMLSignatureResponse,
- authConf.getIdentityLinkX509SubjectNames(),
- VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
- oaParam);
-
- session.setIdentityLink(identityLink);
- // now validate the extended infoboxes
-
- //Removed in MOA-ID 2.0
- //verifyInfoboxes(session, infoboxReadResponseParameters, false);
-
- return "found!";
- }
-
- /**
- * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Parses identity link enclosed in
- * <code>&lt;InfoboxReadResponse&gt;</code></li>
- * <li>Verifies identity link by calling the MOA SP component</li>
- * <li>Checks certificate authority of identity link</li>
- * <li>Stores identity link in the session</li>
- * <li>Verifies all additional infoboxes returned from the BKU</li>
- * <li>Creates an authentication block to be signed by the user</li>
- * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * containg the authentication block, meant to be returned to the security
- * layer implementation</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param infoboxReadResponseParameters The parameters from the response returned from the BKU
- * including the <code>&lt;InfoboxReadResponse&gt;</code>
- * @return String representation of the
- * <code>&lt;CreateXMLSignatureRequest&gt;</code>
- */
- public String verifyCertificate(AuthenticationSession session,
- X509Certificate certificate) throws AuthenticationException,
- BuildException, ParseException, ConfigurationException,
- ValidateException, ServiceException, MOAIDException {
-
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
- // check if person is a Organwalter
- // if true - don't show bPK in AUTH Block
- try {
- for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) {
- if (certificate.getExtension(OWid) != null) {
- session.setOW(true);
- }
-
- }
-
- } catch (X509ExtensionInitException e) {
- Logger.warn("Certificate extension is not readable.");
- session.setOW(false);
- }
-
- AuthConfigurationProvider authConf = AuthConfigurationProvider
- .getInstance();
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
- authConf, oaParam);
-
- return returnvalue;
- }
-
- /**
- * Processes an <code>Mandate</code> sent by the MIS.<br>
- * <ul>
- * <li>Validates given <code>Mandate</code></li>
- * <li>Verifies Mandate by calling the MOA SP component</li>
- * <li>Creates an authentication block to be signed by the user</li>
- * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
- * containg the authentication block, meant to be returned to the security
- * layer implementation</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param infoboxReadResponseParameters The parameters from the response returned from the BKU
- * including the <code>&lt;InfoboxReadResponse&gt;</code>
- * @return String representation of the
- * <code>&lt;CreateXMLSignatureRequest&gt;</code>
- */
- public void verifyMandate(AuthenticationSession session, MISMandate mandate)
- throws AuthenticationException, BuildException, ParseException,
- ConfigurationException, ValidateException, ServiceException {
-
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- GET_MIS_SESSIONID, PARAM_SESSIONID});
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- try {
- // sets the extended SAML attributes for OID (Organwalter)
- setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
- .getBusinessService());
-
- validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
-
-
- } catch (SAXException e) {
- throw new AuthenticationException("auth.15",
- new Object[]{GET_MIS_SESSIONID}, e);
- } catch (IOException e) {
- throw new AuthenticationException("auth.15",
- new Object[]{GET_MIS_SESSIONID}, e);
- } catch (ParserConfigurationException e) {
- throw new AuthenticationException("auth.15",
- new Object[]{GET_MIS_SESSIONID}, e);
- } catch (TransformerException e) {
- throw new AuthenticationException("auth.15",
- new Object[]{GET_MIS_SESSIONID}, e);
- }
-
- }
-
- /**
- * @param session
- * @param authConf
- * @param oaParam
- * @return
- * @throws ConfigurationException
- * @throws BuildException
- * @throws ValidateException
- */
- public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
- AuthenticationSession session, AuthConfigurationProvider authConf,
- OAAuthParameter oaParam) throws ConfigurationException,
- BuildException, ValidateException {
-
-// // check for intermediate processing of the infoboxes
-// if (session.isValidatorInputPending())
-// return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = AuthConfigurationProvider.getInstance();
- if (oaParam == null)
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
-
- // builds the AUTH-block
- String authBlock = buildAuthenticationBlock(session, oaParam);
-
- // builds the <CreateXMLSignatureRequest>
- List<String> transformsInfos = authConf.getTransformsInfos();
-
- String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
- .build(authBlock, oaParam.getKeyBoxIdentifier(),
- transformsInfos);
- return createXMLSignatureRequest;
- }
-
- /**
- * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
- * <ul>
- * <li>Creates an CreateXMLSignatureRequest to be signed by the user</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param cert The certificate from the user
- * @return String representation of the
- * <code>&lt;CreateXMLSignatureRequest&gt;</code>
- */
- public String createXMLSignatureRequestForeignID(AuthenticationSession session,
- X509Certificate cert) throws AuthenticationException,
- BuildException, ParseException, ConfigurationException,
- ValidateException, ServiceException {
-
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
- AuthConfigurationProvider authConf = AuthConfigurationProvider
- .getInstance();
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
- cert);
- }
-
- public String getCreateXMLSignatureRequestForeigID(
- AuthenticationSession session, AuthConfigurationProvider authConf,
- OAAuthParameter oaParam, X509Certificate cert)
- throws ConfigurationException {
-
-// // check for intermediate processing of the infoboxes
-// if (session.isValidatorInputPending())
-// return "Redirect to Input Processor";
-
- if (authConf == null)
- authConf = AuthConfigurationProvider.getInstance();
- if (oaParam == null)
- oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(
- session.getPublicOAURLPrefix());
-
- Principal subject = cert.getSubjectDN();
-
- String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
- .buildForeignID(subject.toString(), oaParam, session);
- return createXMLSignatureRequest;
- }
-
- /**
- * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Parses response enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Verifies signature by calling the MOA SP component</li>
- * <li>Returns the signer certificate</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU
- * including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
- * @throws BKUException
- */
- public X509Certificate verifyXMLSignature(String sessionID,
- Map<String, String> createXMLSignatureResponseParameters)
- throws AuthenticationException, BuildException, ParseException,
- ConfigurationException, ValidateException, ServiceException, BKUException {
-
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
-
- String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters
- .get(PARAM_XMLRESPONSE);
-
- if (isEmpty(xmlCreateXMLSignatureResponse))
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
-
- AuthConfigurationProvider authConf = AuthConfigurationProvider
- .getInstance();
-
- // parses the <CreateXMLSignatureResponse>
- CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(
- xmlCreateXMLSignatureResponse);
- CreateXMLSignatureResponse createXMLSignatureResponse = p
- .parseResponseDsig();
-
- // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
- Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .buildDsig(createXMLSignatureResponse, authConf
- .getMoaSpAuthBlockTrustProfileID());
-
- // invokes the call
- Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVerifyXMLSignatureRequest);
-
- // parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
- domVerifyXMLSignatureResponse).parseData();
-
- return verifyXMLSignatureResponse.getX509certificate();
-
- }
-
- /**
- * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Parses response enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Verifies signature by calling the MOA SP component</li>
- * <li>Returns the signer certificate</li>
- * </ul>
- *
- * @param sessionID ID of associated authentication session data
- * @param readInfoboxResponseParameters The parameters from the response returned from the BKU
- * including the <code>&lt;ReadInfoboxResponse&gt;</code>
- * @throws BKUException
- */
- public X509Certificate getCertificate(String sessionID,
- Map<String, String> readInfoboxResponseParameters) throws AuthenticationException,
- BuildException, ParseException, ConfigurationException,
- ValidateException, ServiceException, BKUException {
-
- if (isEmpty(sessionID))
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
-
- String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters
- .get(PARAM_XMLRESPONSE);
-
- if (isEmpty(xmlReadInfoboxResponse))
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE});
-
- // parses the <CreateXMLSignatureResponse>
- InfoboxReadResponseParser p = new InfoboxReadResponseParser(
- xmlReadInfoboxResponse);
- X509Certificate cert = p.parseCertificate();
-
- return cert;
-
- }
-
- /**
- * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
- * given session data.
- *
- * @param session authentication session
- * @return <code>&lt;saml:Assertion&gt;</code> as a String
- * @throws BuildException If an error occurs on serializing an extended SAML attribute
- * to be appended to the AUTH-Block.
- */
- private String buildAuthenticationBlock(AuthenticationSession session,
- OAAuthParameter oaParam) throws BuildException {
-
- IdentityLink identityLink = session.getIdentityLink();
- String issuer = identityLink.getName();
- String gebDat = identityLink.getDateOfBirth();
-
- String identificationValue = null;
- String identificationType = null;
-
- //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested
- if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) {
- identificationType = "";
- identificationValue = "";
-
- } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
-
- if (oaParam.getBusinessService()) {
-
- String bpkBase64 = new BPKBuilder().buildWBPK(identityLink
- .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier());
- identificationValue = bpkBase64;
-
- if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+"))
- identificationType = oaParam.getIdentityLinkDomainIdentifier();
- else
- identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
-
- } else {
- String bpkBase64 = new BPKBuilder().buildBPK(identityLink
- .getIdentificationValue(), session.getTarget());
- identificationValue = bpkBase64;
- identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
- }
-
-
- } else {
- identificationValue = identityLink.getIdentificationValue();
- identificationType = identityLink.getIdentificationType();
-
- }
-
- String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar
- .getInstance());
- session.setIssueInstant(issueInstant);
- String authURL = session.getAuthURL();
- String target = session.getTarget();
- String targetFriendlyName = session.getTargetFriendlyName();
-
- // Bug #485
- // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
- // String oaURL = session.getPublicOAURLPrefix();
-
- List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
-
-
- if (session.isSsoRequested()) {
- String oaURL = new String();
- try {
- oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
-
- if (MiscUtil.isNotEmpty(oaURL))
- oaURL = oaURL.replaceAll("&", "&amp;");
-
- } catch (ConfigurationException e) {
- }
- String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlockSSO(issuer, issueInstant, authURL, target,
- targetFriendlyName, identificationValue,
- identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session, oaParam);
- return authBlock;
-
- } else {
- String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
- String authBlock = new AuthenticationBlockAssertionBuilder()
- .buildAuthBlock(issuer, issueInstant, authURL, target,
- targetFriendlyName, identificationValue,
- identificationType, oaURL, gebDat,
- extendedSAMLAttributes, session, oaParam);
- return authBlock;
- }
- }
-
-
- /**
- * Verifies the infoboxes (except of the identity link infobox) returned by
- * the BKU by calling appropriate validator classes.
- *
- * @param session The actual authentication session.
- * @param mandate The Mandate from the MIS
- * @throws AuthenticationException
- * @throws ConfigurationException
- * @throws TransformerException
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SAXException
- */
- private void validateExtendedSAMLAttributeForMandates(
- AuthenticationSession session, MISMandate mandate,
- boolean business)
- throws ValidateException, ConfigurationException, SAXException,
- IOException, ParserConfigurationException, TransformerException {
-
- ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
- mandate, business, false);
-
- int length = extendedSAMLAttributes.length;
- for (int i = 0; i < length; i++) {
- ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
-
- verifySAMLAttribute(samlAttribute, i, "MISService",
- "MISService");
-
- }
- }
-
- /**
- * Verifies the infoboxes (except of the identity link infobox) returned by
- * the BKU by calling appropriate validator classes.
- *
- * @param session The actual authentication session.
- * @param mandate The Mandate from the MIS
- * @throws AuthenticationException
- * @throws ConfigurationException
- * @throws TransformerException
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SAXException
- */
- private void setExtendedSAMLAttributeForMandatesOID(
- AuthenticationSession session, MISMandate mandate, boolean business)
- throws ValidateException, ConfigurationException, SAXException,
- IOException, ParserConfigurationException, TransformerException {
-
- ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID(
- mandate, business);
-
- AddAdditionalSAMLAttributes(session, extendedSamlAttributes,
- "MISService", "MISService");
-
- }
-
- /**
- * Adds given SAML Attributes to the current session. They will be appended
- * to the final SAML Assertion or the AUTH block. If the attributes are
- * already in the list, they will be replaced.
- *
- * @param session The current session
- * @param extendedSAMLAttributes The SAML attributes to add
- * @param identifier The infobox identifier for debug purposes
- * @param friendlyNam The friendly name of the infobox for debug purposes
- */
- private static void AddAdditionalSAMLAttributes(
- AuthenticationSession session,
- ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier,
- String friendlyName) throws ValidateException {
- if (extendedSAMLAttributes == null)
- return;
- List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA();
- if (oaAttributes == null)
- oaAttributes = new Vector<ExtendedSAMLAttribute>();
- List<ExtendedSAMLAttribute> authAttributes = session.getExtendedSAMLAttributesAUTH();
- if (authAttributes == null)
- authAttributes = new Vector<ExtendedSAMLAttribute>();
- int length = extendedSAMLAttributes.length;
- for (int i = 0; i < length; i++) {
- ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
-
- Object value = verifySAMLAttribute(samlAttribute, i, identifier,
- friendlyName);
-
- if ((value instanceof String) || (value instanceof Element)) {
- switch (samlAttribute.getAddToAUTHBlock()) {
- case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
- replaceExtendedSAMLAttribute(authAttributes, samlAttribute);
- break;
- case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
- replaceExtendedSAMLAttribute(authAttributes, samlAttribute);
- replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
- break;
- case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
- replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
- break;
- default:
- Logger
- .info("Invalid return value from method \"getAddToAUTHBlock()\" ("
- + samlAttribute.getAddToAUTHBlock()
- + ") in SAML attribute number "
- + (i + 1)
- + " for infobox " + identifier);
- throw new ValidateException("validator.47", new Object[]{
- friendlyName, String.valueOf((i + 1))});
- }
- } else {
- Logger
- .info("The type of SAML-Attribute number "
- + (i + 1)
- + " returned from "
- + identifier
- + "-infobox validator is not valid. Must be either \"java.Lang.String\""
- + " or \"org.w3c.dom.Element\"");
- throw new ValidateException("validator.46", new Object[]{
- identifier, String.valueOf((i + 1))});
- }
- }
- session.setExtendedSAMLAttributesAUTH(authAttributes);
- session.setExtendedSAMLAttributesOA(oaAttributes);
- }
-
- /**
- * Adds the AUTH block related SAML attributes to the validation result.
- * This is needed always before the AUTH block is to be signed, because the
- * name of the mandator has to be set
- *
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SAXException
- * @throws TransformerException
- */
-
- protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes(
- MISMandate mandate, boolean business, boolean provideStammzahl)
- throws SAXException, IOException, ParserConfigurationException,
- TransformerException {
- Vector<ExtendedSAMLAttribute> extendedSamlAttributes = new Vector<ExtendedSAMLAttribute>();
-
- extendedSamlAttributes.clear();
-
- // Name
- Element domMandate = mandateToElement(mandate);
- Element nameSpaceNode = domMandate.getOwnerDocument().createElement(
- "NameSpaceNode");
- nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX,
- Constants.PD_NS_URI);
- nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX,
- SZRGWConstants.MANDATE_NS);
-
- Element mandator = (Element) XPathAPI.selectSingleNode(domMandate,
- "//md:Mandate/md:Mandator", nameSpaceNode);
-
- // Mandate
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
- EXT_SAML_MANDATE_RAW, domMandate,
- SZRGWConstants.MANDATE_NS,
- ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
- // (w)bpk
- String wbpk = ParepUtils.extractMandatorWbpk(mandator);
- if (!ParepUtils.isEmpty(wbpk)) {
- if (!ParepUtils.isPhysicalPerson(mandator)) {
- String idType = ParepUtils
- .extractMandatorIdentificationType(mandator);
- if (!ParepUtils.isEmpty(idType)
- && idType.startsWith(Constants.URN_PREFIX_BASEID)) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
- EXT_SAML_MANDATE_CB_BASE_ID,
- ParepUtils.getRegisterString(idType) + ": " + wbpk,
- SZRGWConstants.MANDATE_NS,
- ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- } else if (business) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
- EXT_SAML_MANDATE_WBPK, wbpk,
- SZRGWConstants.MANDATE_NS,
- ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
- }
- }
-
- ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes
- .size()];
- extendedSamlAttributes.copyInto(ret);
- Logger.debug("ExtendedSAML Attributes: " + ret.length);
- return ret;
-
- }
-
- /**
- * Adds the AUTH block related SAML attributes to the validation result.
- * This is needed always before the AUTH block is to be signed, because the
- * name of the mandator has to be set
- *
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SAXException
- * @throws TransformerException
- */
- private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID(
- MISMandate mandate, boolean business) throws SAXException,
- IOException, ParserConfigurationException, TransformerException {
-
- Vector<ExtendedSAMLAttribute> extendedSamlAttributes = new Vector<ExtendedSAMLAttribute>();
-
- extendedSamlAttributes.clear();
-
- // RepresentationType
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
- EXT_SAML_MANDATE_REPRESENTATIONTYPE,
- EXT_SAML_MANDATE_REPRESENTATIONTEXT,
- SZRGWConstants.MANDATE_NS,
- ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
- String oid = mandate.getProfRep();
-
- if (oid != null) {
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
- EXT_SAML_MANDATE_OID, oid,
- SZRGWConstants.MANDATE_NS,
- ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
- String oidDescription = mandate.getTextualDescriptionOfOID();
- extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
- EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
- oidDescription, SZRGWConstants.MANDATE_NS,
- ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
-
- }
-
- ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes
- .size()];
- extendedSamlAttributes.copyInto(ret);
- Logger.debug("ExtendedSAML Attributes: " + ret.length);
- return ret;
-
- }
-
- /**
- * @param mandate
- * @return
- * @throws ParserConfigurationException
- * @throws IOException
- * @throws SAXException
- */
- private static Element mandateToElement(MISMandate mandate)
- throws SAXException, IOException, ParserConfigurationException {
- ByteArrayInputStream bais = new ByteArrayInputStream(mandate
- .getMandate());
- Document doc = DOMUtils.parseDocumentSimple(bais);
- return doc.getDocumentElement();
- }
-
- protected static void replaceExtendedSAMLAttribute(List<ExtendedSAMLAttribute> attributes,
- ExtendedSAMLAttribute samlAttribute) {
- if (null == attributes) {
- attributes = new Vector<ExtendedSAMLAttribute>();
- } else {
- String id = samlAttribute.getName();
- int length = attributes.size();
- for (int i = 0; i < length; i++) {
- ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes
- .get(i);
- if (id.equals(att.getName())) {
- // replace attribute
- attributes.set(i, samlAttribute);
- return;
- }
- }
- attributes.add(samlAttribute);
- }
- }
-
- /**
- * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error
- * codes</li>
- * <li>Parses authentication block enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Verifies authentication block by calling the MOA SP component</li>
- * <li>Creates authentication data</li>
- * <li>Creates a corresponding SAML artifact</li>
- * <li>Stores authentication data in the authentication data store indexed
- * by the SAML artifact</li>
- * <li>Deletes authentication session</li>
- * <li>Returns the SAML artifact, encoded BASE64</li>
- * </ul>
- *
- * @param sessionID session ID of the running authentication session
- * @param xmlCreateXMLSignatureReadResponse String representation of the
- * <code>&lt;CreateXMLSignatureResponse&gt;</code>
- * @return SAML artifact needed for retrieving authentication data, encoded
- * BASE64
- * @throws BKUException
- */
- public String verifyAuthenticationBlock(AuthenticationSession session,
- String xmlCreateXMLSignatureReadResponse)
- throws AuthenticationException, BuildException, ParseException,
- ConfigurationException, ServiceException, ValidateException, BKUException {
-
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
- if (isEmpty(xmlCreateXMLSignatureReadResponse))
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
-
- AuthConfigurationProvider authConf = AuthConfigurationProvider
- .getInstance();
- // parses <CreateXMLSignatureResponse>
- CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(
- xmlCreateXMLSignatureReadResponse).parseResponse();
-
- try {
- String serializedAssertion = DOMUtils.serializeNode(csresp
- .getSamlAssertion());
- session.setAuthBlock(serializedAssertion);
- } catch (TransformerException e) {
- throw new ParseException("parser.04", new Object[]{
- REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
- } catch (IOException e) {
- throw new ParseException("parser.04", new Object[]{
- REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
- }
- // validates <CreateXMLSignatureResponse>
- if (session.isSsoRequested())
- new CreateXMLSignatureResponseValidator().validateSSO(csresp, session);
- else
- new CreateXMLSignatureResponseValidator().validate(csresp, session);
-
- // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
- List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
- String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
- Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
- vtids, tpid);
- // debug output
-
- Element domVsresp = null;
-
-// try {
- // invokes the call
- domVsresp = new SignatureVerificationInvoker()
- .verifyXMLSignature(domVsreq);
- // debug output
-
-// } catch ( ServiceException e) {
-// Logger.error("Signature verification error. ", e);
-// Logger.error("Signed Data: " + session.getAuthBlock());
-// try {
-// Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
-// } catch (TransformerException e1) {
-// e1.printStackTrace();
-//
-// } catch (IOException e1) {
-// e1.printStackTrace();
-//
-// }
-//
-// throw e;
-// }
-
-
- // parses the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
- domVsresp).parseData();
-
- if (Logger.isTraceEnabled()) {
- if (domVsresp != null) {
- try {
- String xmlVerifyXMLSignatureResponse = DOMUtils
- .serializeNode(domVsresp, true);
- Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse));
- Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse));
- } catch (Throwable t) {
- t.printStackTrace();
- Logger.info(new LogMsg(t.getStackTrace()));
- }
- }
- }
-
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
- .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
-
- // validates the <VerifyXMLSignatureResponse>
- VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,
- null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK,
- oaParam);
-
- // Compare AuthBlock Data with information stored in session, especially
- // date and time
- CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
-
- try {
- // compares the public keys from the identityLink with the AuthBlock
- VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
- vsresp, session.getIdentityLink());
-
- } catch ( ValidateException e) {
- Logger.error("Signature verification error. ", e);
- Logger.error("Signed Data: " + session.getAuthBlock());
- try {
+ // String certInfoRequest = new CertInfoVerifyXMLSignatureRequestBuilder()
+ // .build();
+ // String certInfoDataURL = new DataURLBuilder()
+ // .buildDataURL(session.getAuthURL(), REQ_START_AUTHENTICATION,
+ // session.getSessionID());
+
+ //get Applet Parameters
+ String appletwidth = req.getParameter(PARAM_APPLET_WIDTH);
+ String appletheigth = req.getParameter(PARAM_APPLET_HEIGTH);
+ appletheigth = StringEscapeUtils.escapeHtml(appletheigth);
+ appletwidth = StringEscapeUtils.escapeHtml(appletwidth);
+
+
+ //TODO: cleanup before MOA-ID 2.1 release
+ try {
+ String htmlForm = new GetIdentityLinkFormBuilder().build(template,
+ session.getBkuURL(), infoboxReadRequest, dataURL, null,
+ null, pushInfobox, oaParam, appletheigth, appletwidth);
+
+ return htmlForm;
+
+ } catch (BuildException e) {
+ throw new BuildException("builder.07", null, e);
+
+ }
+ }
+
+ /**
+ * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Parses identity link enclosed in
+ * <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Verifies identity link by calling the MOA SP component</li>
+ * <li>Checks certificate authority of identity link</li>
+ * <li>Stores identity link in the session</li>
+ * <li>Verifies all additional infoboxes returned from the BKU</li>
+ * <li>Creates an authentication block to be signed by the user</li>
+ * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * containg the authentication block, meant to be returned to the security
+ * layer implementation</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param infoboxReadResponseParameters The parameters from the response returned from the BKU
+ * including the <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return String representation of the
+ * <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * @throws BKUException
+ */
+ public String verifyIdentityLink(AuthenticationSession session,
+ Map<String, String> infoboxReadResponseParameters) throws AuthenticationException,
+ BuildException, ParseException, ConfigurationException,
+ ValidateException, ServiceException, BKUException {
+
+ if (session == null)
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_VERIFY_IDENTITY_LINK, PARAM_SESSIONID});
+
+ String xmlInfoboxReadResponse = (String) infoboxReadResponseParameters
+ .get(PARAM_XMLRESPONSE);
+
+ if (isEmpty(xmlInfoboxReadResponse))
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_VERIFY_IDENTITY_LINK, PARAM_XMLRESPONSE});
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+
+ // check if an identity link was found
+ // Errorcode 2911 von Trustdesk BKU (nicht spezifikationskonform
+ // (SL1.2))
+ // CharSequence se = "ErrorCode>2911".substring(0);
+ // boolean b = xmlInfoboxReadResponse.contains(se);
+ String se = "ErrorCode>2911";
+ int b = xmlInfoboxReadResponse.indexOf(se);
+ if (b != -1) { // no identity link found
+ Logger
+ .info("Es konnte keine Personenbindung auf der Karte gefunden werden. Versuche Anmeldung als auslaendische eID.");
+ return null;
+ }
+ // spezifikationsgemaess (SL1.2) Errorcode
+ se = "ErrorCode>4002";
+ // b = xmlInfoboxReadResponse.contains(se);
+ b = xmlInfoboxReadResponse.indexOf(se);
+ if (b != -1) { // Unbekannter Infoboxbezeichner
+ Logger
+ .info("Unbekannter Infoboxbezeichner. Versuche Anmeldung als auslaendische eID.");
+ return null;
+ }
+
+ // parses the <InfoboxReadResponse>
+ IdentityLink identityLink = new InfoboxReadResponseParser(
+ xmlInfoboxReadResponse).parseIdentityLink();
+ // validates the identity link
+ IdentityLinkValidator.getInstance().validate(identityLink);
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+ .build(identityLink, authConf
+ .getMoaSpIdentityLinkTrustProfileID());
+
+ // invokes the call
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVerifyXMLSignatureRequest);
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ domVerifyXMLSignatureResponse).parseData();
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(
+ verifyXMLSignatureResponse,
+ authConf.getIdentityLinkX509SubjectNames(),
+ VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK,
+ oaParam);
+
+ session.setIdentityLink(identityLink);
+ // now validate the extended infoboxes
+
+ //Removed in MOA-ID 2.0
+ //verifyInfoboxes(session, infoboxReadResponseParameters, false);
+
+ return "found!";
+ }
+
+ /**
+ * Processes an <code>&lt;InfoboxReadResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Parses identity link enclosed in
+ * <code>&lt;InfoboxReadResponse&gt;</code></li>
+ * <li>Verifies identity link by calling the MOA SP component</li>
+ * <li>Checks certificate authority of identity link</li>
+ * <li>Stores identity link in the session</li>
+ * <li>Verifies all additional infoboxes returned from the BKU</li>
+ * <li>Creates an authentication block to be signed by the user</li>
+ * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * containg the authentication block, meant to be returned to the security
+ * layer implementation</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param infoboxReadResponseParameters The parameters from the response returned from the BKU
+ * including the <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return String representation of the
+ * <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String verifyCertificate(AuthenticationSession session,
+ X509Certificate certificate) throws AuthenticationException,
+ BuildException, ParseException, ConfigurationException,
+ ValidateException, ServiceException, MOAIDException {
+
+ if (session == null)
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
+
+ // check if person is a Organwalter
+ // if true - don't show bPK in AUTH Block
+ try {
+ for (ObjectID OWid : MOAIDAuthConstants.OW_LIST) {
+ if (certificate.getExtension(OWid) != null) {
+ session.setOW(true);
+ }
+
+ }
+
+ } catch (X509ExtensionInitException e) {
+ Logger.warn("Certificate extension is not readable.");
+ session.setOW(false);
+ }
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ String returnvalue = getCreateXMLSignatureRequestAuthBlockOrRedirect(session,
+ authConf, oaParam);
+
+ return returnvalue;
+ }
+
+ /**
+ * Processes an <code>Mandate</code> sent by the MIS.<br>
+ * <ul>
+ * <li>Validates given <code>Mandate</code></li>
+ * <li>Verifies Mandate by calling the MOA SP component</li>
+ * <li>Creates an authentication block to be signed by the user</li>
+ * <li>Creates and returns a <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ * containg the authentication block, meant to be returned to the security
+ * layer implementation</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param infoboxReadResponseParameters The parameters from the response returned from the BKU
+ * including the <code>&lt;InfoboxReadResponse&gt;</code>
+ * @return String representation of the
+ * <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public void verifyMandate(AuthenticationSession session, MISMandate mandate)
+ throws AuthenticationException, BuildException, ParseException,
+ ConfigurationException, ValidateException, ServiceException {
+
+ if (session == null)
+ throw new AuthenticationException("auth.10", new Object[]{
+ GET_MIS_SESSIONID, PARAM_SESSIONID});
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ try {
+ // sets the extended SAML attributes for OID (Organwalter)
+ setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam
+ .getBusinessService());
+
+ validateExtendedSAMLAttributeForMandates(session, mandate, oaParam.getBusinessService());
+
+
+ } catch (SAXException e) {
+ throw new AuthenticationException("auth.15",
+ new Object[]{GET_MIS_SESSIONID}, e);
+ } catch (IOException e) {
+ throw new AuthenticationException("auth.15",
+ new Object[]{GET_MIS_SESSIONID}, e);
+ } catch (ParserConfigurationException e) {
+ throw new AuthenticationException("auth.15",
+ new Object[]{GET_MIS_SESSIONID}, e);
+ } catch (TransformerException e) {
+ throw new AuthenticationException("auth.15",
+ new Object[]{GET_MIS_SESSIONID}, e);
+ }
+
+ }
+
+ /**
+ * @param session
+ * @param authConf
+ * @param oaParam
+ * @return
+ * @throws ConfigurationException
+ * @throws BuildException
+ * @throws ValidateException
+ */
+ public String getCreateXMLSignatureRequestAuthBlockOrRedirect(
+ AuthenticationSession session, AuthConfigurationProvider authConf,
+ OAAuthParameter oaParam) throws ConfigurationException,
+ BuildException, ValidateException {
+
+ // // check for intermediate processing of the infoboxes
+ // if (session.isValidatorInputPending())
+ // return "Redirect to Input Processor";
+
+ if (authConf == null)
+ authConf = AuthConfigurationProvider.getInstance();
+ if (oaParam == null)
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+
+ // builds the AUTH-block
+ String authBlock = buildAuthenticationBlock(session, oaParam);
+
+ // builds the <CreateXMLSignatureRequest>
+ List<String> transformsInfos = authConf.getTransformsInfos();
+
+ String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
+ .build(authBlock, oaParam.getKeyBoxIdentifier(),
+ transformsInfos);
+ return createXMLSignatureRequest;
+ }
+
+ /**
+ * Returns an CreateXMLSignatureRequest for signing the ERnP statement.<br>
+ * <ul>
+ * <li>Creates an CreateXMLSignatureRequest to be signed by the user</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param cert The certificate from the user
+ * @return String representation of the
+ * <code>&lt;CreateXMLSignatureRequest&gt;</code>
+ */
+ public String createXMLSignatureRequestForeignID(AuthenticationSession session,
+ X509Certificate cert) throws AuthenticationException,
+ BuildException, ParseException, ConfigurationException,
+ ValidateException, ServiceException {
+
+ if (session == null)
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ return getCreateXMLSignatureRequestForeigID(session, authConf, oaParam,
+ cert);
+ }
+
+ public String getCreateXMLSignatureRequestForeigID(
+ AuthenticationSession session, AuthConfigurationProvider authConf,
+ OAAuthParameter oaParam, X509Certificate cert)
+ throws ConfigurationException {
+
+ // // check for intermediate processing of the infoboxes
+ // if (session.isValidatorInputPending())
+ // return "Redirect to Input Processor";
+
+ if (authConf == null)
+ authConf = AuthConfigurationProvider.getInstance();
+ if (oaParam == null)
+ oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+
+ Principal subject = cert.getSubjectDN();
+
+ String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder()
+ .buildForeignID(subject.toString(), oaParam, session);
+ return createXMLSignatureRequest;
+ }
+
+ /**
+ * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses response enclosed in
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies signature by calling the MOA SP component</li>
+ * <li>Returns the signer certificate</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param createXMLSignatureResponseParameters The parameters from the response returned from the BKU
+ * including the <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * @throws BKUException
+ */
+ public X509Certificate verifyXMLSignature(String sessionID,
+ Map<String, String> createXMLSignatureResponseParameters)
+ throws AuthenticationException, BuildException, ParseException,
+ ConfigurationException, ValidateException, ServiceException, BKUException {
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_GET_FOREIGN_ID, PARAM_SESSIONID});
+
+ String xmlCreateXMLSignatureResponse = (String) createXMLSignatureResponseParameters
+ .get(PARAM_XMLRESPONSE);
+
+ if (isEmpty(xmlCreateXMLSignatureResponse))
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_GET_FOREIGN_ID, PARAM_XMLRESPONSE});
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+
+ // parses the <CreateXMLSignatureResponse>
+ CreateXMLSignatureResponseParser p = new CreateXMLSignatureResponseParser(
+ xmlCreateXMLSignatureResponse);
+ CreateXMLSignatureResponse createXMLSignatureResponse = p
+ .parseResponseDsig();
+
+ // builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
+ .buildDsig(createXMLSignatureResponse, authConf
+ .getMoaSpAuthBlockTrustProfileID());
+
+ // invokes the call
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVerifyXMLSignatureRequest);
+
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(
+ domVerifyXMLSignatureResponse).parseData();
+
+ return verifyXMLSignatureResponse.getX509certificate();
+
+ }
+
+ /**
+ * Processes an <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses response enclosed in
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies signature by calling the MOA SP component</li>
+ * <li>Returns the signer certificate</li>
+ * </ul>
+ *
+ * @param sessionID ID of associated authentication session data
+ * @param readInfoboxResponseParameters The parameters from the response returned from the BKU
+ * including the <code>&lt;ReadInfoboxResponse&gt;</code>
+ * @throws BKUException
+ */
+ public X509Certificate getCertificate(String sessionID,
+ Map<String, String> readInfoboxResponseParameters) throws AuthenticationException,
+ BuildException, ParseException, ConfigurationException,
+ ValidateException, ServiceException, BKUException {
+
+ if (isEmpty(sessionID))
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_VERIFY_CERTIFICATE, PARAM_SESSIONID});
+
+ String xmlReadInfoboxResponse = (String) readInfoboxResponseParameters
+ .get(PARAM_XMLRESPONSE);
+
+ if (isEmpty(xmlReadInfoboxResponse))
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_VERIFY_CERTIFICATE, PARAM_XMLRESPONSE});
+
+ // parses the <CreateXMLSignatureResponse>
+ InfoboxReadResponseParser p = new InfoboxReadResponseParser(
+ xmlReadInfoboxResponse);
+ X509Certificate cert = p.parseCertificate();
+
+ return cert;
+
+ }
+
+ /**
+ * Builds an authentication block <code>&lt;saml:Assertion&gt;</code> from
+ * given session data.
+ *
+ * @param session authentication session
+ * @return <code>&lt;saml:Assertion&gt;</code> as a String
+ * @throws BuildException If an error occurs on serializing an extended SAML attribute
+ * to be appended to the AUTH-Block.
+ */
+ private String buildAuthenticationBlock(AuthenticationSession session,
+ OAAuthParameter oaParam) throws BuildException {
+
+ IdentityLink identityLink = session.getIdentityLink();
+ String issuer = identityLink.getName();
+ String gebDat = identityLink.getDateOfBirth();
+
+ String identificationValue = null;
+ String identificationType = null;
+
+ //set empty AuthBlock BPK in case of OW or SSO or bpk is not requested
+ if (session.isOW() || session.isSsoRequested() || oaParam.isRemovePBKFromAuthBlock()) {
+ identificationType = "";
+ identificationValue = "";
+
+ } else if (identityLink.getIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
+
+ if (oaParam.getBusinessService()) {
+
+ String bpkBase64 = new BPKBuilder().buildWBPK(identityLink
+ .getIdentificationValue(), oaParam.getIdentityLinkDomainIdentifier());
+ identificationValue = bpkBase64;
+
+ if (oaParam.getIdentityLinkDomainIdentifier().startsWith(Constants.URN_PREFIX_WBPK + "+"))
+ identificationType = oaParam.getIdentityLinkDomainIdentifier();
+ else
+ identificationType = Constants.URN_PREFIX_WBPK + "+" + oaParam.getIdentityLinkDomainIdentifier();
+
+ } else {
+ String bpkBase64 = new BPKBuilder().buildBPK(identityLink
+ .getIdentificationValue(), session.getTarget());
+ identificationValue = bpkBase64;
+ identificationType = Constants.URN_PREFIX_CDID + "+" + session.getTarget();
+ }
+
+
+ } else {
+ identificationValue = identityLink.getIdentificationValue();
+ identificationType = identityLink.getIdentificationType();
+
+ }
+
+ String issueInstant = DateTimeUtils.buildDateTimeUTC(Calendar
+ .getInstance());
+ session.setIssueInstant(issueInstant);
+ String authURL = session.getAuthURL();
+ String target = session.getTarget();
+ String targetFriendlyName = session.getTargetFriendlyName();
+
+ // Bug #485
+ // (https://egovlabs.gv.at/tracker/index.php?func=detail&aid=485&group_id=6&atid=105)
+ // String oaURL = session.getPublicOAURLPrefix();
+
+ List<ExtendedSAMLAttribute> extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH();
+
+
+ if (session.isSsoRequested()) {
+ String oaURL = new String();
+ try {
+ oaURL = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+
+ if (MiscUtil.isNotEmpty(oaURL))
+ oaURL = oaURL.replaceAll("&", "&amp;");
+
+ } catch (ConfigurationException e) {
+ }
+ String authBlock = new AuthenticationBlockAssertionBuilder()
+ .buildAuthBlockSSO(issuer, issueInstant, authURL, target,
+ targetFriendlyName, identificationValue,
+ identificationType, oaURL, gebDat,
+ extendedSAMLAttributes, session, oaParam);
+ return authBlock;
+
+ } else {
+ String oaURL = session.getPublicOAURLPrefix().replaceAll("&", "&amp;");
+ String authBlock = new AuthenticationBlockAssertionBuilder()
+ .buildAuthBlock(issuer, issueInstant, authURL, target,
+ targetFriendlyName, identificationValue,
+ identificationType, oaURL, gebDat,
+ extendedSAMLAttributes, session, oaParam);
+ return authBlock;
+ }
+ }
+
+
+ /**
+ * Verifies the infoboxes (except of the identity link infobox) returned by
+ * the BKU by calling appropriate validator classes.
+ *
+ * @param session The actual authentication session.
+ * @param mandate The Mandate from the MIS
+ * @throws AuthenticationException
+ * @throws ConfigurationException
+ * @throws TransformerException
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ */
+ private void validateExtendedSAMLAttributeForMandates(
+ AuthenticationSession session, MISMandate mandate,
+ boolean business)
+ throws ValidateException, ConfigurationException, SAXException,
+ IOException, ParserConfigurationException, TransformerException {
+
+ ExtendedSAMLAttribute[] extendedSAMLAttributes = addExtendedSamlAttributes(
+ mandate, business, false);
+
+ int length = extendedSAMLAttributes.length;
+ for (int i = 0; i < length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+
+ verifySAMLAttribute(samlAttribute, i, "MISService",
+ "MISService");
+
+ }
+ }
+
+ /**
+ * Verifies the infoboxes (except of the identity link infobox) returned by
+ * the BKU by calling appropriate validator classes.
+ *
+ * @param session The actual authentication session.
+ * @param mandate The Mandate from the MIS
+ * @throws AuthenticationException
+ * @throws ConfigurationException
+ * @throws TransformerException
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ */
+ private void setExtendedSAMLAttributeForMandatesOID(
+ AuthenticationSession session, MISMandate mandate, boolean business)
+ throws ValidateException, ConfigurationException, SAXException,
+ IOException, ParserConfigurationException, TransformerException {
+
+ ExtendedSAMLAttribute[] extendedSamlAttributes = addExtendedSamlAttributesOID(
+ mandate, business);
+
+ AddAdditionalSAMLAttributes(session, extendedSamlAttributes,
+ "MISService", "MISService");
+
+ }
+
+ /**
+ * Adds given SAML Attributes to the current session. They will be appended
+ * to the final SAML Assertion or the AUTH block. If the attributes are
+ * already in the list, they will be replaced.
+ *
+ * @param session The current session
+ * @param extendedSAMLAttributes The SAML attributes to add
+ * @param identifier The infobox identifier for debug purposes
+ * @param friendlyNam The friendly name of the infobox for debug purposes
+ */
+ private static void AddAdditionalSAMLAttributes(
+ AuthenticationSession session,
+ ExtendedSAMLAttribute[] extendedSAMLAttributes, String identifier,
+ String friendlyName) throws ValidateException {
+ if (extendedSAMLAttributes == null)
+ return;
+ List<ExtendedSAMLAttribute> oaAttributes = session.getExtendedSAMLAttributesOA();
+ if (oaAttributes == null)
+ oaAttributes = new Vector<ExtendedSAMLAttribute>();
+ List<ExtendedSAMLAttribute> authAttributes = session.getExtendedSAMLAttributesAUTH();
+ if (authAttributes == null)
+ authAttributes = new Vector<ExtendedSAMLAttribute>();
+ int length = extendedSAMLAttributes.length;
+ for (int i = 0; i < length; i++) {
+ ExtendedSAMLAttribute samlAttribute = extendedSAMLAttributes[i];
+
+ Object value = verifySAMLAttribute(samlAttribute, i, identifier,
+ friendlyName);
+
+ if ((value instanceof String) || (value instanceof Element)) {
+ switch (samlAttribute.getAddToAUTHBlock()) {
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY:
+ replaceExtendedSAMLAttribute(authAttributes, samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(authAttributes, samlAttribute);
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ case ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK:
+ replaceExtendedSAMLAttribute(oaAttributes, samlAttribute);
+ break;
+ default:
+ Logger
+ .info("Invalid return value from method \"getAddToAUTHBlock()\" ("
+ + samlAttribute.getAddToAUTHBlock()
+ + ") in SAML attribute number "
+ + (i + 1)
+ + " for infobox " + identifier);
+ throw new ValidateException("validator.47", new Object[]{
+ friendlyName, String.valueOf((i + 1))});
+ }
+ } else {
+ Logger
+ .info("The type of SAML-Attribute number "
+ + (i + 1)
+ + " returned from "
+ + identifier
+ + "-infobox validator is not valid. Must be either \"java.Lang.String\""
+ + " or \"org.w3c.dom.Element\"");
+ throw new ValidateException("validator.46", new Object[]{
+ identifier, String.valueOf((i + 1))});
+ }
+ }
+ session.setExtendedSAMLAttributesAUTH(authAttributes);
+ session.setExtendedSAMLAttributesOA(oaAttributes);
+ }
+
+ /**
+ * Adds the AUTH block related SAML attributes to the validation result.
+ * This is needed always before the AUTH block is to be signed, because the
+ * name of the mandator has to be set
+ *
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ * @throws TransformerException
+ */
+
+ protected static ExtendedSAMLAttribute[] addExtendedSamlAttributes(
+ MISMandate mandate, boolean business, boolean provideStammzahl)
+ throws SAXException, IOException, ParserConfigurationException,
+ TransformerException {
+ Vector<ExtendedSAMLAttribute> extendedSamlAttributes = new Vector<ExtendedSAMLAttribute>();
+
+ extendedSamlAttributes.clear();
+
+ // Name
+ Element domMandate = mandateToElement(mandate);
+ Element nameSpaceNode = domMandate.getOwnerDocument().createElement(
+ "NameSpaceNode");
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.PD_POSTFIX,
+ Constants.PD_NS_URI);
+ nameSpaceNode.setAttribute("xmlns" + SZRGWConstants.MANDATE_POSTFIX,
+ SZRGWConstants.MANDATE_NS);
+
+ Element mandator = (Element) XPathAPI.selectSingleNode(domMandate,
+ "//md:Mandate/md:Mandator", nameSpaceNode);
+
+ // Mandate
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_RAW, domMandate,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ // (w)bpk
+ String wbpk = ParepUtils.extractMandatorWbpk(mandator);
+ if (!ParepUtils.isEmpty(wbpk)) {
+ if (!ParepUtils.isPhysicalPerson(mandator)) {
+ String idType = ParepUtils
+ .extractMandatorIdentificationType(mandator);
+ if (!ParepUtils.isEmpty(idType)
+ && idType.startsWith(Constants.URN_PREFIX_BASEID)) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_CB_BASE_ID,
+ ParepUtils.getRegisterString(idType) + ": " + wbpk,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ } else if (business) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_WBPK, wbpk,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.ADD_TO_AUTHBLOCK_ONLY));
+ }
+ }
+
+ ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes
+ .size()];
+ extendedSamlAttributes.copyInto(ret);
+ Logger.debug("ExtendedSAML Attributes: " + ret.length);
+ return ret;
+
+ }
+
+ /**
+ * Adds the AUTH block related SAML attributes to the validation result.
+ * This is needed always before the AUTH block is to be signed, because the
+ * name of the mandator has to be set
+ *
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ * @throws TransformerException
+ */
+ private static ExtendedSAMLAttribute[] addExtendedSamlAttributesOID(
+ MISMandate mandate, boolean business) throws SAXException,
+ IOException, ParserConfigurationException, TransformerException {
+
+ Vector<ExtendedSAMLAttribute> extendedSamlAttributes = new Vector<ExtendedSAMLAttribute>();
+
+ extendedSamlAttributes.clear();
+
+ // RepresentationType
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_REPRESENTATIONTYPE,
+ EXT_SAML_MANDATE_REPRESENTATIONTEXT,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ String oid = mandate.getProfRep();
+
+ if (oid != null) {
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_OID, oid,
+ SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+ String oidDescription = mandate.getTextualDescriptionOfOID();
+ extendedSamlAttributes.add(new ExtendedSAMLAttributeImpl(
+ EXT_SAML_MANDATE_OIDTEXTUALDESCRIPTION,
+ oidDescription, SZRGWConstants.MANDATE_NS,
+ ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
+
+ }
+
+ ExtendedSAMLAttribute[] ret = new ExtendedSAMLAttribute[extendedSamlAttributes
+ .size()];
+ extendedSamlAttributes.copyInto(ret);
+ Logger.debug("ExtendedSAML Attributes: " + ret.length);
+ return ret;
+
+ }
+
+ /**
+ * @param mandate
+ * @return
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
+ */
+ private static Element mandateToElement(MISMandate mandate)
+ throws SAXException, IOException, ParserConfigurationException {
+ ByteArrayInputStream bais = new ByteArrayInputStream(mandate
+ .getMandate());
+ Document doc = DOMUtils.parseDocumentSimple(bais);
+ return doc.getDocumentElement();
+ }
+
+ protected static void replaceExtendedSAMLAttribute(List<ExtendedSAMLAttribute> attributes,
+ ExtendedSAMLAttribute samlAttribute) {
+ if (null == attributes) {
+ attributes = new Vector<ExtendedSAMLAttribute>();
+ } else {
+ String id = samlAttribute.getName();
+ int length = attributes.size();
+ for (int i = 0; i < length; i++) {
+ ExtendedSAMLAttribute att = (ExtendedSAMLAttribute) attributes
+ .get(i);
+ if (id.equals(att.getName())) {
+ // replace attribute
+ attributes.set(i, samlAttribute);
+ return;
+ }
+ }
+ attributes.add(samlAttribute);
+ }
+ }
+
+ /**
+ * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error
+ * codes</li>
+ * <li>Parses authentication block enclosed in
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies authentication block by calling the MOA SP component</li>
+ * <li>Creates authentication data</li>
+ * <li>Creates a corresponding SAML artifact</li>
+ * <li>Stores authentication data in the authentication data store indexed
+ * by the SAML artifact</li>
+ * <li>Deletes authentication session</li>
+ * <li>Returns the SAML artifact, encoded BASE64</li>
+ * </ul>
+ *
+ * @param sessionID session ID of the running authentication session
+ * @param xmlCreateXMLSignatureReadResponse String representation of the
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * @return SAML artifact needed for retrieving authentication data, encoded
+ * BASE64
+ * @throws BKUException
+ */
+ public String verifyAuthenticationBlock(AuthenticationSession session,
+ String xmlCreateXMLSignatureReadResponse)
+ throws AuthenticationException, BuildException, ParseException,
+ ConfigurationException, ServiceException, ValidateException, BKUException {
+
+ if (session == null)
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+ if (isEmpty(xmlCreateXMLSignatureReadResponse))
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+
+ AuthConfigurationProvider authConf = AuthConfigurationProvider
+ .getInstance();
+ // parses <CreateXMLSignatureResponse>
+ CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(
+ xmlCreateXMLSignatureReadResponse).parseResponse();
+
+ try {
+ String serializedAssertion = DOMUtils.serializeNode(csresp
+ .getSamlAssertion());
+ session.setAuthBlock(serializedAssertion);
+ } catch (TransformerException e) {
+ throw new ParseException("parser.04", new Object[]{
+ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ } catch (IOException e) {
+ throw new ParseException("parser.04", new Object[]{
+ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE});
+ }
+ // validates <CreateXMLSignatureResponse>
+ if (session.isSsoRequested())
+ new CreateXMLSignatureResponseValidator().validateSSO(csresp, session);
+ else
+ new CreateXMLSignatureResponseValidator().validate(csresp, session);
+
+ // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
+ List<String> vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
+ Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp,
+ vtids, tpid);
+ // debug output
+
+ Element domVsresp = null;
+
+ // try {
+ // invokes the call
+ domVsresp = new SignatureVerificationInvoker()
+ .verifyXMLSignature(domVsreq);
+ // debug output
+
+ // } catch ( ServiceException e) {
+ // Logger.error("Signature verification error. ", e);
+ // Logger.error("Signed Data: " + session.getAuthBlock());
+ // try {
+ // Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
+ // } catch (TransformerException e1) {
+ // e1.printStackTrace();
+ //
+ // } catch (IOException e1) {
+ // e1.printStackTrace();
+ //
+ // }
+ //
+ // throw e;
+ // }
+
+
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(
+ domVsresp).parseData();
+
+ if (Logger.isTraceEnabled()) {
+ if (domVsresp != null) {
+ try {
+ String xmlVerifyXMLSignatureResponse = DOMUtils
+ .serializeNode(domVsresp, true);
+ Logger.trace(new LogMsg(xmlCreateXMLSignatureReadResponse));
+ Logger.trace(new LogMsg(xmlVerifyXMLSignatureResponse));
+ } catch (Throwable t) {
+ t.printStackTrace();
+ Logger.info(new LogMsg(t.getStackTrace()));
+ }
+ }
+ }
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+ .getOnlineApplicationParameter(session.getPublicOAURLPrefix());
+
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp,
+ null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK,
+ oaParam);
+
+ // Compare AuthBlock Data with information stored in session, especially
+ // date and time
+ CreateXMLSignatureResponseValidator.getInstance().validateSigningDateTime(csresp);
+
+ try {
+ // compares the public keys from the identityLink with the AuthBlock
+ VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(
+ vsresp, session.getIdentityLink());
+
+ } catch ( ValidateException e) {
+ Logger.error("Signature verification error. ", e);
+ Logger.error("Signed Data: " + session.getAuthBlock());
+ try {
Logger.error("VerifyRequest: " + DOMUtils.serializeNode(domVsreq));
Logger.error("VerifyResponse: " + DOMUtils.serializeNode(domVsresp));
} catch (TransformerException e1) {
e1.printStackTrace();
-
+
} catch (IOException e1) {
e1.printStackTrace();
-
+
}
-
- throw e;
- }
-
-// // post processing of the infoboxes
-// Iterator iter = session.getInfoboxValidatorIterator();
-// boolean formpending = false;
-// if (iter != null) {
-// while (!formpending && iter.hasNext()) {
-// Vector infoboxValidatorVector = (Vector) iter.next();
-// String identifier = (String) infoboxValidatorVector.get(0);
-// String friendlyName = (String) infoboxValidatorVector.get(1);
-// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
-// .get(2);
-// InfoboxValidationResult infoboxValidationResult = null;
-// try {
-// infoboxValidationResult = infoboxvalidator.validate(csresp
-// .getSamlAssertion());
-// } catch (ValidateException e) {
-// Logger.error("Error validating " + identifier + " infobox:"
-// + e.getMessage());
-// throw new ValidateException("validator.44",
-// new Object[]{friendlyName});
-// }
-// if (!infoboxValidationResult.isValid()) {
-// Logger.info("Validation of " + identifier
-// + " infobox failed.");
-// throw new ValidateException("validator.40", new Object[]{
-// friendlyName,
-// infoboxValidationResult.getErrorMessage()});
-// }
-// String form = infoboxvalidator.getForm();
-// if (ParepUtils.isEmpty(form)) {
-// AddAdditionalSAMLAttributes(
-// session,
-// infoboxValidationResult.getExtendedSamlAttributes(),
-// identifier, friendlyName);
-// } else {
-// return "Redirect to Input Processor";
-// }
-// }
-// }
-
- session.setXMLVerifySignatureResponse(vsresp);
- session.setSignerCertificate(vsresp.getX509certificate());
- vsresp.setX509certificate(null);
- session.setForeigner(false);
-
- if (session.getUseMandate()) {
- // mandate mode
- return null;
-
- } else {
-
- session.setAuthenticatedUsed(false);
- session.setAuthenticated(true);
-
- //set QAA Level four in case of card authentifcation
- session.setQAALevel(PVPConstants.STORK_QAA_1_4);
-
-
- String oldsessionID = session.getSessionID();
-
- //Session is implicte stored in changeSessionID!!!
- String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
-
- Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
- Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
-
- return newMOASessionID;
- }
- }
-
- /**
- * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
- * security layer implementation.<br>
- * <ul>
- * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error
- * codes</li>
- * <li>Parses authentication block enclosed in
- * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
- * <li>Verifies authentication block by calling the MOA SP component</li>
- * <li>Creates authentication data</li>
- * <li>Creates a corresponding SAML artifact</li>
- * <li>Stores authentication data in the authentication data store indexed
- * by the SAML artifact</li>
- * <li>Deletes authentication session</li>
- * <li>Returns the SAML artifact, encoded BASE64</li>
- * </ul>
- *
- * @param sessionID session ID of the running authentication session
- * @param xmlCreateXMLSignatureReadResponse String representation of the
- * <code>&lt;CreateXMLSignatureResponse&gt;</code>
- * @return SAML artifact needed for retrieving authentication data, encoded
- * BASE64
- */
-
- protected Element createIdentificationBPK(Element mandatePerson,
- String baseid, String target) throws BuildException {
- Element identificationBpK = mandatePerson.getOwnerDocument()
- .createElementNS(Constants.PD_NS_URI, "Identification");
- Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
- Constants.PD_NS_URI, "Value");
-
- String bpkBase64 = new BPKBuilder().buildBPK(baseid, target);
- valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
- bpkBase64));
- Element typeBpK = mandatePerson.getOwnerDocument().createElementNS(
- Constants.PD_NS_URI, "Type");
- typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
- "urn:publicid:gv.at:cdid+bpk"));
- identificationBpK.appendChild(valueBpK);
- identificationBpK.appendChild(typeBpK);
-
- return identificationBpK;
-
- }
-
- protected String getBaseId(Element mandatePerson)
- throws TransformerException, IOException {
- NodeList list = mandatePerson.getElementsByTagNameNS(
- Constants.PD_NS_URI, "Identification");
- for (int i = 0; i < list.getLength(); i++) {
- Element identification = (Element) list.item(i);
- Element type = (Element) identification.getElementsByTagNameNS(
- Constants.PD_NS_URI, "Type").item(0);
- if (type.getTextContent().compareToIgnoreCase(
- "urn:publicid:gv.at:baseid") == 0) {
- Element value = (Element) identification
- .getElementsByTagNameNS(Constants.PD_NS_URI, "Value")
- .item(0);
- return value.getTextContent();
- }
- }
- return null;
-
- }
-
- /**
- * Gets the foreign authentication data.<br>
- * <ul>
- * <li>Creates authentication data</li>
- * <li>Creates a corresponding SAML artifact</li>
- * <li>Stores authentication data in the authentication data store indexed
- * by the SAML artifact</li>
- * <li>Deletes authentication session</li>
- * <li>Returns the SAML artifact, encoded BASE64</li>
- * </ul>
- *
- * @param sessionID session ID of the running authentication session
- * @return SAML artifact needed for retrieving authentication data, encoded
- * BASE64
- */
- public String getForeignAuthenticationData(AuthenticationSession session)
- throws AuthenticationException, BuildException, ParseException,
- ConfigurationException, ServiceException, ValidateException {
-
- if (session == null)
- throw new AuthenticationException("auth.10", new Object[]{
- REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
-
-// // post processing of the infoboxes
-// Iterator iter = session.getInfoboxValidatorIterator();
-// boolean formpending = false;
-// if (iter != null) {
-// while (!formpending && iter.hasNext()) {
-// Vector infoboxValidatorVector = (Vector) iter.next();
-// String identifier = (String) infoboxValidatorVector.get(0);
-// String friendlyName = (String) infoboxValidatorVector.get(1);
-// InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
-// .get(2);
-// InfoboxValidationResult infoboxValidationResult = null;
-// try {
-// infoboxValidationResult = infoboxvalidator.validate(session
-// .getIdentityLink().getSamlAssertion());
-// } catch (ValidateException e) {
-// Logger.error("Error validating " + identifier + " infobox:"
-// + e.getMessage());
-// throw new ValidateException("validator.44",
-// new Object[]{friendlyName});
-// }
-// if (!infoboxValidationResult.isValid()) {
-// Logger.info("Validation of " + identifier
-// + " infobox failed.");
-// throw new ValidateException("validator.40", new Object[]{
-// friendlyName,
-// infoboxValidationResult.getErrorMessage()});
-// }
-// String form = infoboxvalidator.getForm();
-// if (ParepUtils.isEmpty(form)) {
-// AddAdditionalSAMLAttributes(
-// session,
-// infoboxValidationResult.getExtendedSamlAttributes(),
-// identifier, friendlyName);
-// } else {
-// return "Redirect to Input Processor";
-// }
-// }
-// }
-
- VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
- X509Certificate cert = session.getSignerCertificate();
- vsresp.setX509certificate(cert);
-
- session.setAuthenticatedUsed(false);
- session.setAuthenticated(true);
-
-
- session.setXMLVerifySignatureResponse(vsresp);
- session.setSignerCertificate(vsresp.getX509certificate());
- vsresp.setX509certificate(null);
- session.setForeigner(true);
-
- //TODO: regenerate MOASession ID!
- return "new Session";
- }
-
- /**
- * Retrieves a session from the session store.
- *
- * @param id session ID
- * @return <code>AuthenticationSession</code> stored with given session ID,
- * <code>null</code> if session ID unknown
- */
- public static AuthenticationSession getSession(String id)
- throws AuthenticationException {
- AuthenticationSession session;
- try {
- session = AuthenticationSessionStoreage.getSession(id);
-
- if (session == null)
- throw new AuthenticationException("auth.02", new Object[]{id});
- return session;
-
- } catch (MOADatabaseException e) {
- throw new AuthenticationException("auth.02", new Object[]{id});
-
- } catch (Exception e) {
- throw new AuthenticationException("parser.04", new Object[]{id});
- }
- }
-
- /**
- * Cleans up expired session and authentication data stores.
- */
- public void cleanup() {
- long now = new Date().getTime();
-
- //clean AuthenticationSessionStore
-
- AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
-
- //clean AssertionStore
- AssertionStorage assertionstore = AssertionStorage.getInstance();
- assertionstore.clean(now, authDataTimeOut);
-
- //clean ExeptionStore
- DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore();
- exstore.clean(now, authDataTimeOut);
-
- }
-
- /**
- * Sets the sessionTimeOut.
- *
- * @param seconds Time out of the session in seconds
- */
- public void setSecondsSessionTimeOutCreated(long seconds) {
- sessionTimeOutCreated = seconds * 1000;
- }
-
- public void setSecondsSessionTimeOutUpdated(long seconds) {
- sessionTimeOutUpdated = seconds * 1000;
- }
-
- /**
- * Sets the authDataTimeOut.
- *
- * @param seconds Time out for signing AuthData in seconds
- */
- public void setSecondsAuthDataTimeOut(long seconds) {
- authDataTimeOut = seconds * 1000;
- }
-
- /**
- * Checks a parameter.
- *
- * @param param parameter
- * @return true if the parameter is null or empty
- */
- private boolean isEmpty(String param) {
- return param == null || param.length() == 0;
- }
-
- /**
- * Checks the correctness of SAML attributes and returns its value.
- *
- * @param param samlAttribute
- * @param i the number of the verified attribute for messages
- * @param identifier the infobox identifier for messages
- * @param friendlyname the friendly name of the infobox for messages
- * @return the SAML attribute value (Element or String)
- */
- protected static Object verifySAMLAttribute(
- ExtendedSAMLAttribute samlAttribute, int i, String identifier,
- String friendlyName) throws ValidateException {
- String name = samlAttribute.getName();
-
- if (name == null) {
- Logger.info("The name of SAML-Attribute number " + (i + 1)
- + " returned from " + identifier
- + "-infobox validator is null.");
- throw new ValidateException("validator.45", new Object[]{
- friendlyName, "Name", String.valueOf((i + 1)), "null"});
- }
- if (name == "") {
- Logger.info("The name of SAML-Attribute number " + (i + 1)
- + " returned from " + identifier
- + "-infobox validator is empty.");
- throw new ValidateException("validator.45", new Object[]{
- friendlyName, "Name", String.valueOf((i + 1)), "leer"});
- }
- if (samlAttribute.getNameSpace() == null) {
- Logger.info("The namespace of SAML-Attribute number " + (i + 1)
- + " returned from " + identifier
- + "-infobox validator is null.");
- throw new ValidateException("validator.45",
- new Object[]{friendlyName, "Namespace",
- String.valueOf((i + 1)), "null"});
- }
- Object value = samlAttribute.getValue();
- if (value == null) {
- Logger.info("The value of SAML-Attribute number " + (i + 1)
- + " returned from " + identifier
- + "-infobox validator is null.");
- throw new ValidateException("validator.45", new Object[]{
- friendlyName, "Wert", String.valueOf((i + 1)), "null"});
- }
-
- return value;
- }
-
+
+ throw e;
+ }
+
+ // // post processing of the infoboxes
+ // Iterator iter = session.getInfoboxValidatorIterator();
+ // boolean formpending = false;
+ // if (iter != null) {
+ // while (!formpending && iter.hasNext()) {
+ // Vector infoboxValidatorVector = (Vector) iter.next();
+ // String identifier = (String) infoboxValidatorVector.get(0);
+ // String friendlyName = (String) infoboxValidatorVector.get(1);
+ // InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ // .get(2);
+ // InfoboxValidationResult infoboxValidationResult = null;
+ // try {
+ // infoboxValidationResult = infoboxvalidator.validate(csresp
+ // .getSamlAssertion());
+ // } catch (ValidateException e) {
+ // Logger.error("Error validating " + identifier + " infobox:"
+ // + e.getMessage());
+ // throw new ValidateException("validator.44",
+ // new Object[]{friendlyName});
+ // }
+ // if (!infoboxValidationResult.isValid()) {
+ // Logger.info("Validation of " + identifier
+ // + " infobox failed.");
+ // throw new ValidateException("validator.40", new Object[]{
+ // friendlyName,
+ // infoboxValidationResult.getErrorMessage()});
+ // }
+ // String form = infoboxvalidator.getForm();
+ // if (ParepUtils.isEmpty(form)) {
+ // AddAdditionalSAMLAttributes(
+ // session,
+ // infoboxValidationResult.getExtendedSamlAttributes(),
+ // identifier, friendlyName);
+ // } else {
+ // return "Redirect to Input Processor";
+ // }
+ // }
+ // }
+
+ session.setXMLVerifySignatureResponse(vsresp);
+ session.setSignerCertificate(vsresp.getX509certificate());
+ vsresp.setX509certificate(null);
+ session.setForeigner(false);
+
+ if (session.getUseMandate()) {
+ // mandate mode
+ return null;
+
+ } else {
+
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+ //set QAA Level four in case of card authentifcation
+ session.setQAALevel(PVPConstants.STORK_QAA_1_4);
+
+
+ String oldsessionID = session.getSessionID();
+
+ //Session is implicte stored in changeSessionID!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+
+ Logger.info("Changed MOASession " + oldsessionID + " to Session " + newMOASessionID);
+ Logger.info("Daten angelegt zu MOASession " + newMOASessionID);
+
+ return newMOASessionID;
+ }
+ }
+
+ /**
+ * Processes a <code>&lt;CreateXMLSignatureResponse&gt;</code> sent by the
+ * security layer implementation.<br>
+ * <ul>
+ * <li>Validates given <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Parses <code>&lt;CreateXMLSignatureResponse&gt;</code> for error
+ * codes</li>
+ * <li>Parses authentication block enclosed in
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code></li>
+ * <li>Verifies authentication block by calling the MOA SP component</li>
+ * <li>Creates authentication data</li>
+ * <li>Creates a corresponding SAML artifact</li>
+ * <li>Stores authentication data in the authentication data store indexed
+ * by the SAML artifact</li>
+ * <li>Deletes authentication session</li>
+ * <li>Returns the SAML artifact, encoded BASE64</li>
+ * </ul>
+ *
+ * @param sessionID session ID of the running authentication session
+ * @param xmlCreateXMLSignatureReadResponse String representation of the
+ * <code>&lt;CreateXMLSignatureResponse&gt;</code>
+ * @return SAML artifact needed for retrieving authentication data, encoded
+ * BASE64
+ */
+
+ protected Element createIdentificationBPK(Element mandatePerson,
+ String baseid, String target) throws BuildException {
+ Element identificationBpK = mandatePerson.getOwnerDocument()
+ .createElementNS(Constants.PD_NS_URI, "Identification");
+ Element valueBpK = mandatePerson.getOwnerDocument().createElementNS(
+ Constants.PD_NS_URI, "Value");
+
+ String bpkBase64 = new BPKBuilder().buildBPK(baseid, target);
+ valueBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
+ bpkBase64));
+ Element typeBpK = mandatePerson.getOwnerDocument().createElementNS(
+ Constants.PD_NS_URI, "Type");
+ typeBpK.appendChild(mandatePerson.getOwnerDocument().createTextNode(
+ "urn:publicid:gv.at:cdid+bpk"));
+ identificationBpK.appendChild(valueBpK);
+ identificationBpK.appendChild(typeBpK);
+
+ return identificationBpK;
+
+ }
+
+ protected String getBaseId(Element mandatePerson)
+ throws TransformerException, IOException {
+ NodeList list = mandatePerson.getElementsByTagNameNS(
+ Constants.PD_NS_URI, "Identification");
+ for (int i = 0; i < list.getLength(); i++) {
+ Element identification = (Element) list.item(i);
+ Element type = (Element) identification.getElementsByTagNameNS(
+ Constants.PD_NS_URI, "Type").item(0);
+ if (type.getTextContent().compareToIgnoreCase(
+ "urn:publicid:gv.at:baseid") == 0) {
+ Element value = (Element) identification
+ .getElementsByTagNameNS(Constants.PD_NS_URI, "Value")
+ .item(0);
+ return value.getTextContent();
+ }
+ }
+ return null;
+
+ }
+
+ /**
+ * Gets the foreign authentication data.<br>
+ * <ul>
+ * <li>Creates authentication data</li>
+ * <li>Creates a corresponding SAML artifact</li>
+ * <li>Stores authentication data in the authentication data store indexed
+ * by the SAML artifact</li>
+ * <li>Deletes authentication session</li>
+ * <li>Returns the SAML artifact, encoded BASE64</li>
+ * </ul>
+ *
+ * @param sessionID session ID of the running authentication session
+ * @return SAML artifact needed for retrieving authentication data, encoded
+ * BASE64
+ */
+ public String getForeignAuthenticationData(AuthenticationSession session)
+ throws AuthenticationException, BuildException, ParseException,
+ ConfigurationException, ServiceException, ValidateException {
+
+ if (session == null)
+ throw new AuthenticationException("auth.10", new Object[]{
+ REQ_VERIFY_AUTH_BLOCK, PARAM_SESSIONID});
+
+ // // post processing of the infoboxes
+ // Iterator iter = session.getInfoboxValidatorIterator();
+ // boolean formpending = false;
+ // if (iter != null) {
+ // while (!formpending && iter.hasNext()) {
+ // Vector infoboxValidatorVector = (Vector) iter.next();
+ // String identifier = (String) infoboxValidatorVector.get(0);
+ // String friendlyName = (String) infoboxValidatorVector.get(1);
+ // InfoboxValidator infoboxvalidator = (InfoboxValidator) infoboxValidatorVector
+ // .get(2);
+ // InfoboxValidationResult infoboxValidationResult = null;
+ // try {
+ // infoboxValidationResult = infoboxvalidator.validate(session
+ // .getIdentityLink().getSamlAssertion());
+ // } catch (ValidateException e) {
+ // Logger.error("Error validating " + identifier + " infobox:"
+ // + e.getMessage());
+ // throw new ValidateException("validator.44",
+ // new Object[]{friendlyName});
+ // }
+ // if (!infoboxValidationResult.isValid()) {
+ // Logger.info("Validation of " + identifier
+ // + " infobox failed.");
+ // throw new ValidateException("validator.40", new Object[]{
+ // friendlyName,
+ // infoboxValidationResult.getErrorMessage()});
+ // }
+ // String form = infoboxvalidator.getForm();
+ // if (ParepUtils.isEmpty(form)) {
+ // AddAdditionalSAMLAttributes(
+ // session,
+ // infoboxValidationResult.getExtendedSamlAttributes(),
+ // identifier, friendlyName);
+ // } else {
+ // return "Redirect to Input Processor";
+ // }
+ // }
+ // }
+
+ VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponse();
+ X509Certificate cert = session.getSignerCertificate();
+ vsresp.setX509certificate(cert);
+
+ session.setAuthenticatedUsed(false);
+ session.setAuthenticated(true);
+
+
+ session.setXMLVerifySignatureResponse(vsresp);
+ session.setSignerCertificate(vsresp.getX509certificate());
+ vsresp.setX509certificate(null);
+ session.setForeigner(true);
+
+ //TODO: regenerate MOASession ID!
+ return "new Session";
+ }
+
+ /**
+ * Retrieves a session from the session store.
+ *
+ * @param id session ID
+ * @return <code>AuthenticationSession</code> stored with given session ID,
+ * <code>null</code> if session ID unknown
+ */
+ public static AuthenticationSession getSession(String id)
+ throws AuthenticationException {
+ AuthenticationSession session;
+ try {
+ session = AuthenticationSessionStoreage.getSession(id);
+
+ if (session == null)
+ throw new AuthenticationException("auth.02", new Object[]{id});
+ return session;
+
+ } catch (MOADatabaseException e) {
+ throw new AuthenticationException("auth.02", new Object[]{id});
+
+ } catch (Exception e) {
+ throw new AuthenticationException("parser.04", new Object[]{id});
+ }
+ }
+
+ /**
+ * Cleans up expired session and authentication data stores.
+ */
+ public void cleanup() {
+ long now = new Date().getTime();
+
+ //clean AuthenticationSessionStore
+
+ AuthenticationSessionStoreage.clean(now, sessionTimeOutCreated, sessionTimeOutUpdated);
+
+ //clean AssertionStore
+ AssertionStorage assertionstore = AssertionStorage.getInstance();
+ assertionstore.clean(now, authDataTimeOut);
+
+ //clean ExeptionStore
+ DBExceptionStoreImpl exstore = DBExceptionStoreImpl.getStore();
+ exstore.clean(now, authDataTimeOut);
+
+ }
+
+ /**
+ * Sets the sessionTimeOut.
+ *
+ * @param seconds Time out of the session in seconds
+ */
+ public void setSecondsSessionTimeOutCreated(long seconds) {
+ sessionTimeOutCreated = seconds * 1000;
+ }
+
+ public void setSecondsSessionTimeOutUpdated(long seconds) {
+ sessionTimeOutUpdated = seconds * 1000;
+ }
+
+ /**
+ * Sets the authDataTimeOut.
+ *
+ * @param seconds Time out for signing AuthData in seconds
+ */
+ public void setSecondsAuthDataTimeOut(long seconds) {
+ authDataTimeOut = seconds * 1000;
+ }
+
+ /**
+ * Checks a parameter.
+ *
+ * @param param parameter
+ * @return true if the parameter is null or empty
+ */
+ private boolean isEmpty(String param) {
+ return param == null || param.length() == 0;
+ }
+
+ /**
+ * Checks the correctness of SAML attributes and returns its value.
+ *
+ * @param param samlAttribute
+ * @param i the number of the verified attribute for messages
+ * @param identifier the infobox identifier for messages
+ * @param friendlyname the friendly name of the infobox for messages
+ * @return the SAML attribute value (Element or String)
+ */
+ protected static Object verifySAMLAttribute(
+ ExtendedSAMLAttribute samlAttribute, int i, String identifier,
+ String friendlyName) throws ValidateException {
+ String name = samlAttribute.getName();
+
+ if (name == null) {
+ Logger.info("The name of SAML-Attribute number " + (i + 1)
+ + " returned from " + identifier
+ + "-infobox validator is null.");
+ throw new ValidateException("validator.45", new Object[]{
+ friendlyName, "Name", String.valueOf((i + 1)), "null"});
+ }
+ if (name == "") {
+ Logger.info("The name of SAML-Attribute number " + (i + 1)
+ + " returned from " + identifier
+ + "-infobox validator is empty.");
+ throw new ValidateException("validator.45", new Object[]{
+ friendlyName, "Name", String.valueOf((i + 1)), "leer"});
+ }
+ if (samlAttribute.getNameSpace() == null) {
+ Logger.info("The namespace of SAML-Attribute number " + (i + 1)
+ + " returned from " + identifier
+ + "-infobox validator is null.");
+ throw new ValidateException("validator.45",
+ new Object[]{friendlyName, "Namespace",
+ String.valueOf((i + 1)), "null"});
+ }
+ Object value = samlAttribute.getValue();
+ if (value == null) {
+ Logger.info("The value of SAML-Attribute number " + (i + 1)
+ + " returned from " + identifier
+ + "-infobox validator is null.");
+ throw new ValidateException("validator.45", new Object[]{
+ friendlyName, "Wert", String.valueOf((i + 1)), "null"});
+ }
+
+ return value;
+ }
+
/**
* Does the request to the SZR-GW.
*
@@ -1593,7 +1574,7 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public CreateIdentityLinkResponse getIdentityLink(Element signature) throws SZRGWClientException, ConfigurationException {
return getIdentityLink(null, null, null, null, XMLHelper.nodeToString(signature), null);
}
-
+
/**
* Does the request to the SZR-GW.
*
@@ -1609,371 +1590,400 @@ public class AuthenticationServer implements MOAIDAuthConstants {
public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String signature, String PEPSFiscalNumber) throws SZRGWClientException {
return getIdentityLink(PEPSIdentifier, PEPSFirstname, PEPSFamilyname, PEPSDateOfBirth, null, signature, null, null, null, null, null, null, null, PEPSFiscalNumber);
}
-
- /**
- * SZR-GW Client interface.
- *
- * @param eIdentifier the e identifier
- * @param givenName the given name
- * @param lastName the last name
- * @param dateOfBirth the date of birth
- * @param citizenSignature the citizen signature
- * @param representative the representative
- * @param represented the represented
- * @param mandate the mandate
- * @return the identity link
- * @throws SZRGWClientException the sZRGW client exception
- */
- public CreateIdentityLinkResponse getIdentityLink(String eIdentifier,
- String givenName, String lastName, String dateOfBirth, String gender,
- String citizenSignature, String representative, String represented,
- String mandate, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException {
- return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender,
- citizenSignature, representative, represented, mandate, null,
- null, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber);
- }
-
- /**
- * Gets the identity link.
- *
- * @param citizenSignature the citizen signature
- * @param representative the representative
- * @param represented the represented
- * @param mandate the mandate
- * @param organizationAddress the organization address
- * @param organizationType the organization type
- * @return the identity link
- * @throws SZRGWClientException
- */
- public CreateIdentityLinkResponse getIdentityLink(String citizenSignature,
- String representative, String represented, String mandateContent,
- String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException {
- return getIdentityLink(null, null, null, null, null,
- citizenSignature, represented, representative, mandateContent, organizationAddress,
- organizationType, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber);
- }
-
- public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException {
+ /**
+ * SZR-GW Client interface.
+ *
+ * @param eIdentifier the e identifier
+ * @param givenName the given name
+ * @param lastName the last name
+ * @param dateOfBirth the date of birth
+ * @param citizenSignature the citizen signature
+ * @param representative the representative
+ * @param represented the represented
+ * @param mandate the mandate
+ * @return the identity link
+ * @throws SZRGWClientException the sZRGW client exception
+ */
+ public CreateIdentityLinkResponse getIdentityLink(String eIdentifier,
+ String givenName, String lastName, String dateOfBirth, String gender,
+ String citizenSignature, String representative, String represented,
+ String mandate, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException {
+ return getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, gender,
+ citizenSignature, representative, represented, mandate, null,
+ null, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber);
+ }
+
+ /**
+ * Gets the identity link.
+ *
+ * @param citizenSignature the citizen signature
+ * @param representative the representative
+ * @param represented the represented
+ * @param mandate the mandate
+ * @param organizationAddress the organization address
+ * @param organizationType the organization type
+ * @return the identity link
+ * @throws SZRGWClientException
+ */
+ public CreateIdentityLinkResponse getIdentityLink(String citizenSignature,
+ String representative, String represented, String mandateContent,
+ String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException {
+ return getIdentityLink(null, null, null, null, null,
+ citizenSignature, represented, representative, mandateContent, organizationAddress,
+ organizationType, targetType, targetValue, oaFriendlyName, filters, PEPSFiscalNumber);
+ }
+
+ public CreateIdentityLinkResponse getIdentityLink(String PEPSIdentifier, String PEPSFirstname, String PEPSFamilyname, String PEPSDateOfBirth, String gender, String citizenSignature, String represented, String representative, String mandateContent, String organizationAddress, String organizationType, String targetType, String targetValue, String oaFriendlyName, List<String> filters, String PEPSFiscalNumber) throws SZRGWClientException {
+
+ try {
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
+
+ SZRGWClient client = new SZRGWClient(connectionParameters);
+
+ CreateIdentityLinkRequest request = new CreateIdentityLinkRequest();
+ request.setSignature(citizenSignature.getBytes("UTF-8"));
+
+ if(PEPSDateOfBirth!=null || PEPSFamilyname!=null || PEPSFirstname!=null || PEPSIdentifier!=null || representative!=null || represented!=null || mandateContent!=null || organizationAddress!=null || organizationType!=null)
+ {
+ PEPSData data = new PEPSData();
+ data.setDateOfBirth(PEPSDateOfBirth);
+ data.setFamilyname(PEPSFamilyname);
+ data.setFirstname(PEPSFirstname);
+ data.setIdentifier(PEPSIdentifier);
+
+ data.setRepresentative(representative);
+ data.setRepresented(represented);
+ data.setMandateContent(mandateContent);
+
+ data.setLegalPersonCanonicalRegisteredAddress(organizationAddress);
+ data.setLegalPersonTranslatableType(organizationType);
+
+ request.setPEPSData(data);
+ }
+ if (null != mandateContent) {
+ MISType mis = new MISType();
+
+ Target targetObject = new Target();
+ targetObject.setType(targetType);
+ targetObject.setValue(targetValue);
+ mis.setTarget(targetObject);
+
+ mis.setOAFriendlyName(oaFriendlyName);
+
+ Filters filterObject = new Filters();
+ MandateIdentifiers mandateIds = new MandateIdentifiers();
+ for(String current : filters)
+ mandateIds.getMandateIdentifier().add(current.trim());
+ filterObject.setMandateIdentifiers(mandateIds);
+ mis.setFilters(filterObject);
+
+ request.setMIS(mis);
+ }
+
+ if (MiscUtil.isEmpty(connectionParameters.getUrl())) {
+ Logger.warn("SZR-Gateway Service URL is empty");
+ throw new SZRGWClientException("service.07");
+ }
+
+ Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
+ CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl());
+ return response;
+
+ }
+ catch (ConfigurationException e) {
+ Logger.warn(e);
+ Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+ } catch (UnsupportedEncodingException e) {
+ Logger.warn(e);
+ }
+
+ return null;
+
+ }
+
+ /**
+ * Starts a MOA-ID authentication process using STORK
+ *
+ * @param req HttpServletRequest
+ * @param resp HttpServletResponse
+ * @param ccc Citizen country code
+ * @param oaURL URL of the online application
+ * @param target Target parameter
+ * @param targetFriendlyName Friendly Name of Target
+ * @param authURL Authentication URL
+ * @param sourceID SourceID parameter
+ * @throws MOAIDException
+ * @throws AuthenticationException
+ * @throws WrongParametersException
+ * @throws ConfigurationException
+ */
+ public static void startSTORKAuthentication(
+ HttpServletRequest req,
+ HttpServletResponse resp,
+ AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
+
+ if (moasession == null) {
+ throw new AuthenticationException("auth.18", new Object[]{});
+ }
+
+ //read configuration paramters of OA
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[]{moasession.getPublicOAURLPrefix()});
+
+ //Start of STORK Processing
+ STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
+
+ CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
+
+ Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:");
+ String destination = cpeps.getPepsURL().toExternalForm();
+ Logger.debug("C-PEPS URL: " + destination);
+
+
+ String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ // String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
+ // PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
+
+ //solve Problem with sessionIDs
+ String acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+ Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
+
+ String providerName = oaParam.getFriendlyName();
+ Logger.debug("Issuer value: " + issuerValue);
+
+ // prepare collection of required attributes
+ // - attributes for online application
+ List<OAStorkAttribute> attributesFromConfig = oaParam.getRequestedAttributes();
+
+ // - prepare attribute list
+ PersonalAttributeList attributeList = new PersonalAttributeList();
+
+ // - fill container
+ for (OAStorkAttribute current : attributesFromConfig) {
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName(current.getName());
+
+ boolean globallyMandatory = false;
+ for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes())
+ if (current.getName().equals(currentGlobalAttribute.getName())) {
+ globallyMandatory = currentGlobalAttribute.isMandatory();
+ break;
+ }
+
+ newAttribute.setIsRequired(current.isMandatory() || globallyMandatory);
+ attributeList.add(newAttribute);
+ }
+
+ // add sign request
+ PersonalAttribute newAttribute = new PersonalAttribute();
+ newAttribute.setName("signedDoc");
+ List<String> value = new ArrayList<String>();
+
+ Logger.debug("PEPS supports XMLSignatures:"+cpeps.isXMLSignatureSupported());
+ if(cpeps.isXMLSignatureSupported())//Send SignRequest to PEPS
+ {
+ value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession),
+ "application/xhtml+xml", moasession.getCcc()));
+ newAttribute.setValue(value);
+ attributeList.add(newAttribute);
+ }
+ else//Process SignRequest locally with MOCCA
+ {
+ String target = moasession.getTarget();
+ moasession.setTarget("AT");
+ String signedDoc = (generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession),
+ "application/xhtml+xml", "AT"));//moasession.getCcc()
+ moasession.setTarget(target);
+ Logger.warn("signedDoc to store:"+signedDoc);
+ //attributeList.add(newAttribute);
+
+ //store SignRequest for later...
+ moasession.setSignedDoc(signedDoc);
+
+ acsURL = issuerValue + PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+ try {
+ AuthenticationSessionStoreage.storeSession(moasession);
+ } catch (MOADatabaseException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+
+ }
+
+ if (Logger.isDebugEnabled()) {
+ Logger.debug("The following attributes are requested for this OA:");
+ for (OAStorkAttribute logReqAttr : attributesFromConfig)
+ Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory());
+ }
+
+ //TODO: check Target in case of SSO!!
+ String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();
+ String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
+ String spApplication = spInstitution;
+ String spCountry = "AT"; // intentionally set AT - the flow is limited on that use case only
+
+ //generate AuthnRquest
+ STORKAuthnRequest authnRequest = new STORKAuthnRequest();
+ authnRequest.setDestination(destination);
+ authnRequest.setAssertionConsumerServiceURL(acsURL);//PEPSConnectorWithLocalSigning
+ authnRequest.setProviderName(providerName);
+ authnRequest.setIssuer(issuerValue);
+ authnRequest.setQaa(oaParam.getQaaLevel());
+ authnRequest.setSpInstitution(spInstitution);
+ authnRequest.setSpCountry(spCountry);
+ authnRequest.setSpApplication(spApplication);
+ authnRequest.setSpSector(spSector);
+ authnRequest.setPersonalAttributeList(attributeList);
+
+ //TODO change
+ authnRequest.setEIDCrossBorderShare(true);
+ authnRequest.setEIDCrossSectorShare(true);
+ authnRequest.setEIDSectorShare(true);
+
+ authnRequest.setCitizenCountryCode(moasession.getCcc());
+
+ Logger.debug("STORK AuthnRequest succesfully assembled.");
+
+ STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing");
+
+ if (samlEngine == null) {
+ Logger.error("Could not initalize STORK SAML engine.");
+ throw new MOAIDException("stork.00", null);
+ }
+
+ try {
+ authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest);
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("Could not sign STORK SAML AuthnRequest.", e);
+ throw new MOAIDException("stork.00", null);
+ }
+
+ Logger.info("STORK AuthnRequest successfully signed!");
+
+ //validate AuthnRequest
+ try {
+ samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml());
+ } catch (STORKSAMLEngineException e) {
+ Logger.error("STORK SAML AuthnRequest not valid.", e);
+ throw new MOAIDException("stork.01", null);
+ }
+
+ Logger.debug("STORK AuthnRequest successfully internally validated.");
+
+ //send
+ moasession.setStorkAuthnRequest(authnRequest);
+
+ AuthenticationSessionStoreage.changeSessionID(moasession, authnRequest.getSamlId());
+
+
+ Logger.info("Preparing to send STORK AuthnRequest.");
+ Logger.info("prepared STORKAuthnRequest: ");
+ Logger.info(new String(authnRequest.getTokenSaml()));
+
+ try {
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm");
+ VelocityContext context = new VelocityContext();
+ context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml()));
+ context.put("RelayState", moasession.getSessionID());
+ context.put("action", destination);
+
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+
+ resp.setContentType("text/html;charset=UTF-8");
+ resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+
+ } catch (Exception e) {
+ Logger.error("Error sending STORK SAML AuthnRequest.", e);
+ throw new MOAIDException("stork.02", new Object[]{destination});
+
+ }
+
+ Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination());
+ }
+
+ private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) {
+ IdentifierGenerator idGenerator;
try {
- AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
- ConnectionParameter connectionParameters = authConf.getForeignIDConnectionParameter();
-
- SZRGWClient client = new SZRGWClient(connectionParameters);
-
- CreateIdentityLinkRequest request = new CreateIdentityLinkRequest();
- request.setSignature(citizenSignature.getBytes());
-
- PEPSData data = new PEPSData();
- data.setDateOfBirth(PEPSDateOfBirth);
- data.setFamilyname(PEPSFamilyname);
- data.setFirstname(PEPSFirstname);
- data.setIdentifier(PEPSIdentifier);
-
- data.setRepresentative(representative);
- data.setRepresented(represented);
- data.setMandateContent(mandateContent);
-
- data.setLegalPersonCanonicalRegisteredAddress(organizationAddress);
- data.setLegalPersonTranslatableType(organizationType);
-
- if (null != mandateContent) {
- MISType mis = new MISType();
-
- Target targetObject = new Target();
- targetObject.setType(targetType);
- targetObject.setValue(targetValue);
- mis.setTarget(targetObject);
-
- mis.setOAFriendlyName(oaFriendlyName);
-
- Filters filterObject = new Filters();
- MandateIdentifiers mandateIds = new MandateIdentifiers();
- for(String current : filters)
- mandateIds.getMandateIdentifier().add(current.trim());
- filterObject.setMandateIdentifiers(mandateIds);
- mis.setFilters(filterObject);
-
- request.setMIS(mis);
- }
-
- if (MiscUtil.isEmpty(connectionParameters.getUrl())) {
- Logger.warn("SZR-Gateway Service URL is empty");
- throw new SZRGWClientException("service.07");
- }
-
- Logger.info("Starte Kommunikation mit dem Stammzahlenregister Gateway(" + connectionParameters.getUrl() + ")...");
- CreateIdentityLinkResponse response = client.sentCreateIDLRequest(request, connectionParameters.getUrl());
- return response;
-
- }
- catch (ConfigurationException e) {
- Logger.warn(e);
- Logger.warn(MOAIDMessageProvider.getInstance().getMessage("config.12", null ));
+ idGenerator = new SecureRandomIdentifierGenerator();
+
+ DocumentType doc = new DocumentType();
+ doc.setBase64XML(text.getBytes("UTF-8"));
+ doc.setID(idGenerator.generateIdentifier());
+
+ SignRequest request = new SignRequest();
+ request.setInputDocuments(ApiUtils.createInputDocuments(doc));
+
+ String id = idGenerator.generateIdentifier();
+ request.setRequestID(id);
+ request.setDocUI(id);
+
+ request.setProfile(Profiles.XADES_BES.toString());
+ request.setNumberOfSigners(BigInteger.ONE);
+ request.setTargetCountry(citizenCountry);
+
+ // no, no todo. PEPS will alter this value anyhow.
+ request.setReturnURL("http://invalid_return");
+
+ AnyType required = new AnyType();
+ required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString()));
+ required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString()));
+ required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG));
+ required.getAny().add(ApiUtils.createIncludeObject(doc));
+ request.setOptionalInputs(required);
+
+ return IOUtils.toString(ApiUtils.marshalToInputStream(request));
+ } catch (NoSuchAlgorithmException e) {
+ Logger.error("Cannot generate id", e);
+ throw new RuntimeException(e);
+ } catch (ApiUtilsException e) {
+ Logger.error("Could not create SignRequest", e);
+ throw new RuntimeException(e);
+ } catch (DOMException e) {
+ Logger.error("Could not create SignRequest", e);
+ throw new RuntimeException(e);
+ } catch (IOException e) {
+ Logger.error("Could not create SignRequest", e);
+ throw new RuntimeException(e);
}
-
- return null;
-
- }
-
- /**
- * Starts a MOA-ID authentication process using STORK
- *
- * @param req HttpServletRequest
- * @param resp HttpServletResponse
- * @param ccc Citizen country code
- * @param oaURL URL of the online application
- * @param target Target parameter
- * @param targetFriendlyName Friendly Name of Target
- * @param authURL Authentication URL
- * @param sourceID SourceID parameter
- * @throws MOAIDException
- * @throws AuthenticationException
- * @throws WrongParametersException
- * @throws ConfigurationException
- */
- public static void startSTORKAuthentication(
- HttpServletRequest req,
- HttpServletResponse resp,
- AuthenticationSession moasession) throws MOAIDException, AuthenticationException, WrongParametersException, ConfigurationException {
-
- if (moasession == null) {
- throw new AuthenticationException("auth.18", new Object[]{});
- }
-
- //read configuration paramters of OA
- OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moasession.getPublicOAURLPrefix());
- if (oaParam == null)
- throw new AuthenticationException("auth.00", new Object[]{moasession.getPublicOAURLPrefix()});
-
- //Start of STORK Processing
- STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
-
- CPEPS cpeps = storkConfig.getCPEPS(moasession.getCcc());
-
- Logger.debug("Preparing to assemble STORK AuthnRequest with the following values:");
- String destination = cpeps.getPepsURL().toExternalForm();
- Logger.debug("C-PEPS URL: " + destination);
-
-
- String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
-// String acsURL = new DataURLBuilder().buildDataURL(issuerValue,
-// PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN, moasession.getSessionID());
-
- //solve Problem with sessionIDs
- String acsURL = issuerValue + PEPSConnectorServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
-
- Logger.debug("MOA Assertion Consumer URL (PEPSConnctor): " + acsURL);
-
- String providerName = oaParam.getFriendlyName();
- Logger.debug("Issuer value: " + issuerValue);
-
- // prepare collection of required attributes
- // - attributes for online application
- List<OAStorkAttribute> attributesFromConfig = oaParam.getRequestedAttributes();
-
- // - prepare attribute list
- PersonalAttributeList attributeList = new PersonalAttributeList();
-
- // - fill container
- for (OAStorkAttribute current : attributesFromConfig) {
- PersonalAttribute newAttribute = new PersonalAttribute();
- newAttribute.setName(current.getName());
-
- boolean globallyMandatory = false;
- for (StorkAttribute currentGlobalAttribute : storkConfig.getStorkAttributes())
- if (current.getName().equals(currentGlobalAttribute.getName())) {
- globallyMandatory = currentGlobalAttribute.isMandatory();
- break;
- }
-
- newAttribute.setIsRequired(current.isMandatory() || globallyMandatory);
- attributeList.add(newAttribute);
- }
-
- // add sign request
- PersonalAttribute newAttribute = new PersonalAttribute();
- newAttribute.setName("signedDoc");
- List<String> value = new ArrayList<String>();
- value.add(generateDssSignRequest(CreateXMLSignatureRequestBuilder.buildForeignIDTextToBeSigned("wie im Signaturzertifikat (as in my signature certificate)", oaParam, moasession),
- "application/xhtml+xml",
- moasession.getCcc()));
- newAttribute.setValue(value);
- attributeList.add(newAttribute);
-
-
- if (Logger.isDebugEnabled()) {
- Logger.debug("The following attributes are requested for this OA:");
- for (OAStorkAttribute logReqAttr : attributesFromConfig)
- Logger.debug("OA specific requested attribute: " + logReqAttr.getName() + ", isRequired: " + logReqAttr.isMandatory());
- }
-
- //TODO: check Target in case of SSO!!
- String spSector = StringUtils.isEmpty(moasession.getTarget()) ? "Business" : moasession.getTarget();
- String spInstitution = StringUtils.isEmpty(oaParam.getFriendlyName()) ? "UNKNOWN" : oaParam.getFriendlyName();
- String spApplication = spInstitution;
- String spCountry = "AT";
-
- //generate AuthnRquest
- STORKAuthnRequest authnRequest = new STORKAuthnRequest();
- authnRequest.setDestination(destination);
- authnRequest.setAssertionConsumerServiceURL(acsURL);
- authnRequest.setProviderName(providerName);
- authnRequest.setIssuer(issuerValue);
- authnRequest.setQaa(oaParam.getQaaLevel());
- authnRequest.setSpInstitution(spInstitution);
- authnRequest.setCountry(spCountry);
- authnRequest.setSpApplication(spApplication);
- authnRequest.setSpSector(spSector);
- authnRequest.setPersonalAttributeList(attributeList);
-
- //TODO change
- authnRequest.setEIDCrossBorderShare(true);
- authnRequest.setEIDCrossSectorShare(true);
- authnRequest.setEIDSectorShare(true);
-
- authnRequest.setCitizenCountryCode(moasession.getCcc());
-
-
- Logger.debug("STORK AuthnRequest succesfully assembled.");
-
- STORKSAMLEngine samlEngine = STORKSAMLEngine.getInstance("outgoing");
-
- if (samlEngine == null) {
- Logger.error("Could not initalize STORK SAML engine.");
- throw new MOAIDException("stork.00", null);
-
- }
-
- try {
- authnRequest = samlEngine.generateSTORKAuthnRequest(authnRequest);
- } catch (STORKSAMLEngineException e) {
- Logger.error("Could not sign STORK SAML AuthnRequest.", e);
- throw new MOAIDException("stork.00", null);
- }
-
- Logger.info("STORK AuthnRequest successfully signed!");
-
- //validate AuthnRequest
- try {
- samlEngine.validateSTORKAuthnRequest(authnRequest.getTokenSaml());
- } catch (STORKSAMLEngineException e) {
- Logger.error("STORK SAML AuthnRequest not valid.", e);
- throw new MOAIDException("stork.01", null);
- }
-
- Logger.debug("STORK AuthnRequest successfully internally validated.");
-
- //send
- moasession.setStorkAuthnRequest(authnRequest);
-
- AuthenticationSessionStoreage.changeSessionID(moasession, authnRequest.getSamlId());
-
-
- Logger.info("Preparing to send STORK AuthnRequest.");
- Logger.info("prepared STORKAuthnRequest: ");
- Logger.info(new String(authnRequest.getTokenSaml()));
-
- try {
- Logger.trace("Initialize VelocityEngine...");
-
- VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
- Template template = velocityEngine.getTemplate("/resources/templates/saml2-post-binding-moa.vm");
- VelocityContext context = new VelocityContext();
- context.put("SAMLRequest", PEPSUtil.encodeSAMLToken(authnRequest.getTokenSaml()));
- context.put("RelayState", moasession.getSessionID());
- context.put("action", destination);
-
- StringWriter writer = new StringWriter();
- template.merge(context, writer);
-
- resp.setContentType("text/html;charset=UTF-8");
- resp.getOutputStream().write(writer.toString().getBytes());
-
- } catch (Exception e) {
- Logger.error("Error sending STORK SAML AuthnRequest.", e);
- throw new MOAIDException("stork.02", new Object[]{destination});
-
- }
-
- Logger.info("STORK AuthnRequest successfully successfully prepared for client with target location: " + authnRequest.getDestination());
- }
-
- private static String generateDssSignRequest(String text, String mimeType, String citizenCountry) {
- IdentifierGenerator idGenerator;
- try {
- idGenerator = new SecureRandomIdentifierGenerator();
-
- DocumentType doc = new DocumentType();
- doc.setBase64XML(text.getBytes());
- doc.setID(idGenerator.generateIdentifier());
-
- SignRequest request = new SignRequest();
- request.setInputDocuments(ApiUtils.createInputDocuments(doc));
-
- String id = idGenerator.generateIdentifier();
- request.setRequestID(id);
- request.setDocUI(id);
-
- request.setProfile(Profiles.XADES_BES.toString());
- request.setNumberOfSigners(BigInteger.ONE);
- request.setTargetCountry(citizenCountry);
-
- // no, no todo. PEPS will alter this value anyhow.
- request.setReturnURL("http://invalid_return");
-
- AnyType required = new AnyType();
- required.getAny().add(ApiUtils.createSignatureType(SignatureTypes.XMLSIG_RFC3275.toString()));
- required.getAny().add(ApiUtils.createAdditionalProfile(AdditionalProfiles.XADES.toString()));
- required.getAny().add(ApiUtils.createQualityRequirements(QualityLevels.QUALITYLEVEL_QUALIFIEDSIG));
- required.getAny().add(ApiUtils.createIncludeObject(doc));
- request.setOptionalInputs(required);
-
- return IOUtils.toString(ApiUtils.marshalToInputStream(request));
- } catch (NoSuchAlgorithmException e) {
- Logger.error("Cannot generate id", e);
- throw new RuntimeException(e);
- } catch (ApiUtilsException e) {
- Logger.error("Could not create SignRequest", e);
- throw new RuntimeException(e);
- } catch (DOMException e) {
- Logger.error("Could not create SignRequest", e);
- throw new RuntimeException(e);
- } catch (IOException e) {
- Logger.error("Could not create SignRequest", e);
- throw new RuntimeException(e);
- }
- }
-
- /**
- * Extracts an X509 Certificate out of an XML signagture element
- *
- * @param signedXML XML signature element
- * @return X509Certificate
- * @throws CertificateException
- */
- public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException {
-
- NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate");
-
- String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList);
-
- if (StringUtils.isEmpty(base64CertString)) {
- String msg = "XML does not contain a X509Certificate element.";
- Logger.error(msg);
- throw new CertificateException(msg);
- }
-
- InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString));
-
- X509Certificate cert;
- try {
- cert = new X509Certificate(is);
- return cert;
-
- } catch (Throwable e) {
- throw new CertificateException(e);
- }
- }
+ }
+
+ /**
+ * Extracts an X509 Certificate out of an XML signagture element
+ *
+ * @param signedXML XML signature element
+ * @return X509Certificate
+ * @throws CertificateException
+ */
+ public static X509Certificate getCertificateFromXML(Element signedXML) throws CertificateException {
+
+ NodeList nList = signedXML.getElementsByTagNameNS(Constants.DSIG_NS_URI, "X509Certificate");
+
+ String base64CertString = XMLUtil.getFirstTextValueFromNodeList(nList);
+
+ if (StringUtils.isEmpty(base64CertString)) {
+ String msg = "XML does not contain a X509Certificate element.";
+ Logger.error(msg);
+ throw new CertificateException(msg);
+ }
+
+ InputStream is = new ByteArrayInputStream(Base64.decode(base64CertString));
+
+ X509Certificate cert;
+ try {
+ cert = new X509Certificate(is);
+ return cert;
+
+ } catch (Throwable e) {
+ throw new CertificateException(e);
+ }
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
index 4cec99b9a..db8b4dd80 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthConstants.java
@@ -164,5 +164,6 @@ public interface MOAIDAuthConstants {
}
});
+ public static final String REGEX_PATTERN_TARGET = "^[A-Za-z]{2}(-.*)?$";
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
index 848bf94af..80afd9f82 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/MOAIDAuthInitializer.java
@@ -72,10 +72,9 @@ public class MOAIDAuthInitializer {
CommandMap.setDefaultCommandMap(mc);
// create some properties and get the default Session
- Properties props = new Properties();
- props.put("mail.smtp.host", "localhost");
-
- Session session = Session.getDefaultInstance(props, null);
+// Properties props = new Properties();
+// props.put("mail.smtp.host", "localhost");
+// Session session = Session.getDefaultInstance(props, null);
// Restricts TLS cipher suites
// System.setProperty(
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
index 35109dfea..89f42ab7d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationAssertionBuilder.java
@@ -92,6 +92,15 @@ public class AuthenticationAssertionBuilder {
String namespace = extendedSAMLAttribute.getNameSpace();
if (value instanceof String) {
sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, value}));
+
+ } else if (value instanceof List<?>) {
+ if (!((List<?>)value).isEmpty()) {
+ Object firstEl = ((List<?>)value).get(0);
+ if (firstEl instanceof String) {
+ sb.append(MessageFormat.format( SAML_ATTRIBUTE, new Object[] {name, namespace, ((String)firstEl)}));
+ }
+ }
+
} else if (value instanceof Element) {
try {
String serializedValue = DOMUtils.serializeNode((Element)(value));
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
index ba4440bf8..fc04fa9a7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java
@@ -278,7 +278,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
- authData.getIssueInstant(),
+ authData.getIssueInstantString(),
pkType,
pkValue,
StringUtils.removeXMLDeclaration(xmlAuthBlock),
@@ -303,7 +303,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
- authData.getIssueInstant(),
+ authData.getIssueInstantString(),
notBefore,
notOnOrAfter,
pkType,
@@ -401,7 +401,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
- authData.getIssueInstant(),
+ authData.getIssueInstantString(),
pkType,
pkValue,
StringUtils.removeXMLDeclaration(xmlAuthBlock),
@@ -427,7 +427,7 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB
assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] {
authData.getAssertionID(),
authData.getIssuer(),
- authData.getIssueInstant(),
+ authData.getIssueInstantString(),
notBefore,
notOnOrAfter,
pkType,
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
index 9af2f5ee5..a8a7d0c51 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java
@@ -24,20 +24,26 @@ package at.gv.egovernment.moa.id.auth.builder;
import iaik.x509.X509Certificate;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.PrivateKey;
import java.util.ArrayList;
+import java.util.Arrays;
import java.util.Date;
-import java.util.GregorianCalendar;
+import java.util.Iterator;
import java.util.List;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
import javax.naming.ldap.LdapName;
import javax.naming.ldap.Rdn;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
-import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeQuery;
-import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Response;
import org.opensaml.ws.soap.common.SOAPException;
import org.opensaml.xml.XMLObject;
@@ -45,11 +51,17 @@ import org.opensaml.xml.security.SecurityException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-import eu.stork.peps.auth.commons.PersonalAttribute;
-import eu.stork.peps.auth.commons.PersonalAttributeList;
-
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
+import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
+import at.gv.e_government.reference.namespace.persondata._20020228_.CorporateBodyType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.IdentificationType.Value;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PersonNameType.FamilyName;
+import at.gv.e_government.reference.namespace.persondata._20020228_.PhysicalPersonType;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
@@ -75,6 +87,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExt
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor;
import at.gv.egovernment.moa.id.protocols.pvp2x.utils.MOASAMLSOAPClient;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngine;
import at.gv.egovernment.moa.id.protocols.pvp2x.verification.TrustEngineFactory;
@@ -116,7 +129,10 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
if (protocolRequest instanceof SAML1RequestImpl) {
//request is SAML1
SAML1AuthenticationData saml1authdata = new SAML1AuthenticationData();
- saml1authdata.setExtendedSAMLAttributesOA(session.getExtendedSAMLAttributesOA());
+ if (session.getExtendedSAMLAttributesOA() == null)
+ saml1authdata.setExtendedSAMLAttributesOA(new ArrayList<ExtendedSAMLAttribute>());
+ else
+ saml1authdata.setExtendedSAMLAttributesOA(session.getExtendedSAMLAttributesOA());
authdata = saml1authdata;
@@ -145,7 +161,6 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
}
-
}
InterfederationSessionStore interfIDP = AuthenticationSessionStoreage.searchInterfederatedIDPFORAttributeQueryWithSessionID(session);
@@ -235,59 +250,68 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
attributs = reqQueryAttr;
//IDP is a service provider IDP and request interfederated IDP to collect attributes
- } else {
-
- //TODO: check if response include attributes and map this attributes to requested attributes
-
+ } else {
//get PVP 2.1 attributes from protocol specific requested attributes
attributs = req.getRequestedAttributes();
}
- //collect attributes by using BackChannel communication
- String endpoint = idp.getIDPAttributQueryServiceURL();
- if (MiscUtil.isEmpty(endpoint)) {
- Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
- throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
- }
+ Response intfResp = (Response) req.getInterfederationResponse().getResponse();
+ AssertionAttributeExtractor extractor =
+ new AssertionAttributeExtractor(intfResp);
- //build attributQuery request
- AttributeQuery query =
- AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
+ if (!extractor.containsAllRequiredAttributes()) {
+ //collect attributes by using BackChannel communication
+ String endpoint = idp.getIDPAttributQueryServiceURL();
+ if (MiscUtil.isEmpty(endpoint)) {
+ Logger.error("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix());
+ throw new ConfigurationException("No AttributeQueryURL for interfederationIDP " + oaParam.getPublicURLPrefix(), null);
+ }
+
+ //build attributQuery request
+ AttributeQuery query =
+ AttributQueryBuilder.buildAttributQueryRequest(interfIDP.getUserNameID(), endpoint, attributs);
- //build SOAP request
- List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
+ //build SOAP request
+ List<XMLObject> xmlObjects = MOASAMLSOAPClient.send(endpoint, query);
- if (xmlObjects.size() == 0) {
- Logger.error("Receive emptry AttributeQuery response-body.");
- throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
+ if (xmlObjects.size() == 0) {
+ Logger.error("Receive emptry AttributeQuery response-body.");
+ throw new AttributQueryException("Receive emptry AttributeQuery response-body.", null);
- }
+ }
- if (xmlObjects.get(0) instanceof Response) {
- Response intfResp = (Response) xmlObjects.get(0);
+ if (xmlObjects.get(0) instanceof Response) {
+ intfResp = (Response) xmlObjects.get(0);
- //validate PVP 2.1 response
- try {
- SAMLVerificationEngine engine = new SAMLVerificationEngine();
- engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
+ //validate PVP 2.1 response
+ try {
+ SAMLVerificationEngine engine = new SAMLVerificationEngine();
+ engine.verifyResponse(intfResp, TrustEngineFactory.getSignatureKnownKeysTrustEngine());
- SAMLVerificationEngine.validateAssertion(intfResp, false);
+ SAMLVerificationEngine.validateAssertion(intfResp, false);
- } catch (Exception e) {
- Logger.warn("PVP 2.1 assertion validation FAILED.", e);
- throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
+ } catch (Exception e) {
+ Logger.warn("PVP 2.1 assertion validation FAILED.", e);
+ throw new AssertionValidationExeption("PVP 2.1 assertion validation FAILED.", null, e);
+ }
+
+ } else {
+ Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
+ throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+
}
- //parse response information to authData
- buildAuthDataFormInterfederationResponse(authdata, session, intfResp);
-
+ //create assertion attribute extractor from AttributeQuery response
+ extractor = new AssertionAttributeExtractor(intfResp);
+
} else {
- Logger.error("Receive AttributeQuery response-body include no PVP 2.1 response");
- throw new AttributQueryException("Receive AttributeQuery response-body include no PVP 2.1 response.", null);
+ Logger.info("Interfedation response include all attributes with are required. Skip AttributQuery request step. ");
}
-
+ //parse response information to authData
+ buildAuthDataFormInterfederationResponse(authdata, session, extractor, oaParam);
+
} catch (SOAPException e) {
throw new BuildException("builder.06", null, e);
@@ -309,146 +333,280 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
}
- private static void buildAuthDataFormInterfederationResponse(AuthenticationData authData, AuthenticationSession session,
- Response intfResp) throws BuildException, AssertionAttributeExtractorExeption {
+ private static void buildAuthDataFormInterfederationResponse(
+ AuthenticationData authData,
+ AuthenticationSession session,
+ AssertionAttributeExtractor extractor,
+ IOAAuthParameters oaParam)
+ throws BuildException, AssertionAttributeExtractorExeption {
Logger.debug("Build AuthData from assertion starts ....");
- Assertion assertion = intfResp.getAssertions().get(0);
+ authData.setFamilyName(extractor.getAttribute(PVPConstants.PRINCIPAL_NAME_NAME));
+ authData.setGivenName(extractor.getAttribute(PVPConstants.GIVEN_NAME_NAME));
+ authData.setDateOfBirth(extractor.getAttribute(PVPConstants.BIRTHDATE_NAME));
+ authData.setBPKType(extractor.getAttribute(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME));
+ authData.setCcc(extractor.getAttribute(PVPConstants.EID_ISSUING_NATION_NAME));
+ authData.setBkuURL(extractor.getAttribute(PVPConstants.EID_CCS_URL_NAME));
+ authData.setIdentificationValue(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_NAME));
+ authData.setIdentificationType(extractor.getAttribute(PVPConstants.EID_SOURCE_PIN_TYPE_NAME));
- if (assertion.getAttributeStatements().size() == 0) {
- Logger.warn("Can not build AuthData from Assertion. NO Attributes included.");
- throw new AssertionAttributeExtractorExeption("Can not build AuthData from Assertion. NO Attributes included.", null);
-
+ if (extractor.containsAttribute(PVPConstants.BPK_NAME)) {
+ String pvpbPK = extractor.getAttribute(PVPConstants.BPK_NAME);
+ authData.setBPK(pvpbPK.split(":")[1]);
}
- AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
- for (Attribute attr : attrStat.getAttributes()) {
-
- if (attr.getName().equals(PVPConstants.PRINCIPAL_NAME_NAME))
- authData.setFamilyName(attr.getAttributeValues().get(0).getDOM().getTextContent());
-
- if (attr.getName().equals(PVPConstants.GIVEN_NAME_NAME))
- authData.setGivenName(attr.getAttributeValues().get(0).getDOM().getTextContent());
-
- if (attr.getName().equals(PVPConstants.BIRTHDATE_NAME))
- authData.setDateOfBirth(attr.getAttributeValues().get(0).getDOM().getTextContent());
-
- if (attr.getName().equals(PVPConstants.BPK_NAME)) {
- String pvpbPK = attr.getAttributeValues().get(0).getDOM().getTextContent();
- authData.setBPK(pvpbPK.split(":")[1]);
- }
-
- if (attr.getName().equals(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME))
- authData.setBPKType(attr.getAttributeValues().get(0).getDOM().getTextContent());
-
- if (attr.getName().equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
- authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
- attr.getAttributeValues().get(0).getDOM().getTextContent());
-
- if (attr.getName().equals(PVPConstants.EID_ISSUING_NATION_NAME))
- authData.setCcc(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ if (extractor.containsAttribute(PVPConstants.ENC_BPK_LIST_NAME)) {
+ List<String> encbPKList = Arrays.asList(
+ extractor.getAttribute(PVPConstants.ENC_BPK_LIST_NAME).split(";"));
+ authData.setEncbPKList(encbPKList);
+ for (String fullEncbPK : encbPKList) {
+ int index = fullEncbPK.indexOf("|");
+ if (index >= 0) {
+ String encbPK = fullEncbPK.substring(index+1);
+ String second = fullEncbPK.substring(0, index);
+ int secIndex = second.indexOf("+");
+ if (secIndex >= 0) {
+ if (oaParam.getTarget().equals(second.substring(secIndex+1))) {
+ Logger.debug("Found encrypted bPK for online-application "
+ + oaParam.getPublicURLPrefix()
+ + " Start decryption process ...");
+ PrivateKey privKey = oaParam.getBPKDecBpkDecryptionKey();
+ if (privKey != null) {
+ try {
+ String bPK = BPKBuilder.decryptBPK(encbPK, oaParam.getTarget(), privKey);
+ if (MiscUtil.isNotEmpty(bPK)) {
+ if (MiscUtil.isEmpty(authData.getBPK())) {
+ authData.setBPK(bPK);
+ authData.setBPKType(Constants.URN_PREFIX_CDID + "+" + oaParam.getTarget());
+ Logger.info("bPK decryption process finished successfully.");
+ }
+
+ } else {
+ Logger.error("bPK decryption FAILED.");
+
+ }
+ } catch (BuildException e) {
+ Logger.error("bPK decryption FAILED.", e);
+
+ }
+
+ } else {
+ Logger.info("bPK decryption FAILED, because no valid decryption key is found.");
+
+ }
+
+ } else {
+ Logger.info("Found encrypted bPK but " +
+ "encrypted bPK target does not match to online-application target");
+
+ }
+ }
+ }
+ }
+ }
+
+ if (MiscUtil.isEmpty(authData.getBPK()) && authData.getEncbPKList().size() == 0) {
+ Logger.error("Federated assertion include no bPK or encrypted bPK");
+ throw new AssertionAttributeExtractorExeption("No " + PVPConstants.BPK_FRIENDLY_NAME
+ + " or " + PVPConstants.ENC_BPK_LIST_FRIENDLY_NAME);
- if (attr.getName().equals(PVPConstants.EID_CCS_URL_NAME))
- authData.setBkuURL(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ }
+
+ if (extractor.containsAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME))
+ authData.setQAALevel(PVPConstants.STORK_QAA_PREFIX +
+ extractor.getAttribute(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME));
+
+ if (extractor.containsAttribute(PVPConstants.EID_AUTH_BLOCK_NAME)) {
+ try {
+ byte[] authBlock = Base64Utils.decode(extractor.getAttribute(PVPConstants.EID_AUTH_BLOCK_NAME), false);
+ authData.setAuthBlock(new String(authBlock, "UTF-8"));
- if (attr.getName().equals(PVPConstants.EID_AUTH_BLOCK_NAME)) {
- try {
- byte[] authBlock = Base64Utils.decode(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
- authData.setAuthBlock(new String(authBlock, "UTF-8"));
+ } catch (IOException e) {
+ Logger.error("Received AuthBlock is not valid", e);
- } catch (IOException e) {
- Logger.error("Received AuthBlock is not valid", e);
-
- }
- }
-
- if (attr.getName().equals(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) {
- try {
- authData.setSignerCertificate(Base64Utils.decode(
- attr.getAttributeValues().get(0).getDOM().getTextContent(), false));
-
- } catch (IOException e) {
- Logger.error("Received SignerCertificate is not valid", e);
-
- }
}
-
- if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_NAME))
- authData.setIdentificationValue(attr.getAttributeValues().get(0).getDOM().getTextContent());
-
- if (attr.getName().equals(PVPConstants.EID_SOURCE_PIN_TYPE_NAME))
- authData.setIdentificationType(attr.getAttributeValues().get(0).getDOM().getTextContent());
-
- if (attr.getName().equals(PVPConstants.EID_IDENTITY_LINK_NAME)) {
- try {
- InputStream idlStream = Base64Utils.decodeToStream(attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
- IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
- authData.setIdentityLink(idl);
-
- } catch (ParseException e) {
- Logger.error("Received IdentityLink is not valid", e);
-
- } catch (Exception e) {
- Logger.error("Received IdentityLink is not valid", e);
-
- }
- }
-
- if (attr.getName().equals(PVPConstants.MANDATE_REFERENCE_VALUE_NAME))
- authData.setMandateReferenceValue(attr.getAttributeValues().get(0).getDOM().getTextContent());
-
-
- if (attr.getName().equals(PVPConstants.MANDATE_FULL_MANDATE_NAME)) {
- try {
- byte[] mandate = Base64Utils.decode(
- attr.getAttributeValues().get(0).getDOM().getTextContent(), false);
-
- if (authData.getMISMandate() == null)
- authData.setMISMandate(new MISMandate());
- authData.getMISMandate().setMandate(mandate);
+ }
+
+ if (extractor.containsAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME)) {
+ try {
+ authData.setSignerCertificate(Base64Utils.decode(
+ extractor.getAttribute(PVPConstants.EID_SIGNER_CERTIFICATE_NAME), false));
+
+ } catch (IOException e) {
+ Logger.error("Received SignerCertificate is not valid", e);
+
+ }
+ }
+
+ if (extractor.containsAttribute(PVPConstants.EID_IDENTITY_LINK_NAME)) {
+ try {
+ InputStream idlStream = Base64Utils.decodeToStream(extractor.getAttribute(PVPConstants.EID_IDENTITY_LINK_NAME), false);
+ IdentityLink idl = new IdentityLinkAssertionParser(idlStream).parseIdentityLink();
+ authData.setIdentityLink(idl);
+
+ } catch (ParseException e) {
+ Logger.error("Received IdentityLink is not valid", e);
+
+ } catch (Exception e) {
+ Logger.error("Received IdentityLink is not valid", e);
- authData.setUseMandate(true);
-
- } catch (Exception e) {
- Logger.error("Received Mandate is not valid", e);
- throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME);
-
- }
}
-
- if (attr.getName().equals(PVPConstants.MANDATE_PROF_REP_OID_NAME)) {
+ }
+
+
+ // set mandate attributes
+ authData.setMandateReferenceValue(extractor.getAttribute(PVPConstants.MANDATE_REFERENCE_VALUE_NAME));
+
+ if (extractor.containsAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)) {
+ try {
+ byte[] mandate = Base64Utils.decode(
+ (extractor.getAttribute(PVPConstants.MANDATE_FULL_MANDATE_NAME)), false);
+
if (authData.getMISMandate() == null)
authData.setMISMandate(new MISMandate());
- authData.getMISMandate().setProfRep(
- attr.getAttributeValues().get(0).getDOM().getTextContent());
+ authData.getMISMandate().setMandate(mandate);
+ authData.getMISMandate().setFullMandateIncluded(true);
+ authData.setUseMandate(true);
+
+ } catch (Exception e) {
+ Logger.error("Received Mandate is not valid", e);
+ throw new AssertionAttributeExtractorExeption(PVPConstants.MANDATE_FULL_MANDATE_NAME);
- }
+ }
+ }
+
+ //TODO: build short mandate if full mandate is no included.
+ if (authData.getMISMandate() == null &&
+ (extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME)
+ || extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME)
+ || extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)) ) {
+ Logger.info("Federated assertion contains no full mandate. Start short mandate generation process ... ");
+
+ MISMandate misMandate = new MISMandate();
+ misMandate.setFullMandateIncluded(false);
+
+ Mandate mandateObject = new Mandate();
+ Mandator mandator = new Mandator();
+ mandateObject.setMandator(mandator);
+
+ //build legal person short mandate
+ if (extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME) &&
+ extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME) &&
+ extractor.containsAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME)) {
+ Logger.debug("Build short mandate for legal person ...");
+ CorporateBodyType legalperson = new CorporateBodyType();
+ IdentificationType legalID = new IdentificationType();
+ Value idvalue = new Value();
+ legalID.setValue(idvalue );
+ legalperson.getIdentification().add(legalID );
+ mandator.setCorporateBody(legalperson );
+
+ legalperson.setFullName(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_FULL_NAME_NAME));
+ legalID.setType(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME));
+ idvalue.setValue(extractor.getAttribute(PVPConstants.MANDATE_LEG_PER_SOURCE_PIN_NAME));
+
+ //build natural person short mandate
+ } else if ( (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME) ||
+ extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME)) &&
+ extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME) &&
+ extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME) &&
+ extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME)) {
+ Logger.debug("Build short mandate for natural person ...");
+ PhysicalPersonType physPerson = new PhysicalPersonType();
+ PersonNameType persName = new PersonNameType();
+ mandator.setPhysicalPerson(physPerson );
+ physPerson.setName(persName );
+ FamilyName familyName = new FamilyName();
+ persName.getFamilyName().add(familyName );
+ IdentificationType persID = new IdentificationType();
+ physPerson.getIdentification().add(persID );
+ Value idValue = new Value();
+ persID.setValue(idValue );
+
+ String[] pvp2GivenName = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME).split(" ");
+ for(int i=0; i<pvp2GivenName.length; i++)
+ persName.getGivenName().add(pvp2GivenName[i]);
+ familyName.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME));
+ physPerson.setDateOfBirth(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME));
+
+ if (extractor.containsAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME)) {
+ persID.setType(Constants.URN_PREFIX_BASEID);
+ idValue.setValue(extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_SOURCE_PIN_NAME));
+
+ } else {
+ String[] pvp2bPK = extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME).split(":");
+ if (pvp2bPK.length == 2) {
+ idValue.setValue(pvp2bPK[1]);
- if (attr.getName().equals(PVPConstants.EID_STORK_TOKEN_NAME)) {
- authData.setStorkAuthnResponse(attr.getAttributeValues().get(0).getDOM().getTextContent());
- authData.setForeigner(true);
+ Pattern pattern = Pattern.compile(MOAIDAuthConstants.REGEX_PATTERN_TARGET);
+ Matcher matcher = pattern.matcher(pvp2bPK[0]);
+ if (matcher.matches())
+ persID.setType(Constants.URN_PREFIX_CDID + "+" + pvp2bPK[0]);
+ else
+ persID.setType(Constants.URN_PREFIX_WBPK + "+" + pvp2bPK[0]);
+
+ } else {
+ Logger.warn("Receive mandator bPK from federation with an unsupported format. " + extractor.getAttribute(PVPConstants.MANDATE_NAT_PER_BPK_NAME));
+ throw new AssertionAttributeExtractorExeption("Receive mandator bPK from federation with an unsupported format.");
+
+ }
+ }
+
+ } else {
+ Logger.error("Short mandate could not generated. Assertion contains not all attributes which are necessary.");
+ throw new AssertionAttributeExtractorExeption("Assertion contains not all attributes which are necessary for mandate generation", null);
+
}
- if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {
+ try {
+ JAXBContext jc = JAXBContext.newInstance("at.gv.e_government.reference.namespace.mandates._20040701_");
+ Marshaller m = jc.createMarshaller();
+ ByteArrayOutputStream stream = new ByteArrayOutputStream();
+ m.marshal(mandateObject, stream);
+ misMandate.setMandate(Base64Utils.encode(stream.toByteArray()).getBytes());
+ stream.close();
- if (authData.getStorkAttributes() == null)
- authData.setStorkAttributes(new PersonalAttributeList());
+ } catch (JAXBException e) {
+ Logger.error("Failed to parse short mandate", e);
+ throw new AssertionAttributeExtractorExeption();
+
+ } catch (IOException e) {
+ Logger.error("Failed to parse short mandate", e);
+ throw new AssertionAttributeExtractorExeption();
- List<String> storkAttrValues = new ArrayList<String>();
- storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent());
- PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
- false, storkAttrValues , "Available");
- authData.getStorkAttributes().put(attr.getName(), storkAttr );
- authData.setForeigner(true);
- }
-
+ }
+ authData.setUseMandate(true);
+
}
+
+ if (extractor.containsAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME)) {
+ if (authData.getMISMandate() == null)
+ authData.setMISMandate(new MISMandate());
+ authData.getMISMandate().setProfRep(
+ extractor.getAttribute(PVPConstants.MANDATE_PROF_REP_OID_NAME));
+
+ }
+
+
+ //set STORK attributes
+ if (extractor.containsAttribute(PVPConstants.EID_STORK_TOKEN_NAME)) {
+ authData.setStorkAuthnResponse(extractor.getAttribute(PVPConstants.EID_STORK_TOKEN_NAME));
+ authData.setForeigner(true);
+
+ }
+
+ if (!extractor.getSTORKAttributes().isEmpty()) {
+ authData.setStorkAttributes(extractor.getSTORKAttributes());
+ authData.setForeigner(true);
+
+ }
+
authData.setSsoSession(true);
- if (assertion.getConditions() != null && assertion.getConditions().getNotOnOrAfter() != null)
- authData.setSsoSessionValidTo(assertion.getConditions().getNotOnOrAfter().toDate());
+ if (extractor.getFullAssertion().getConditions() != null && extractor.getFullAssertion().getConditions().getNotOnOrAfter() != null)
+ authData.setSsoSessionValidTo(extractor.getFullAssertion().getConditions().getNotOnOrAfter().toDate());
//only for SAML1
if (PVPConstants.STORK_QAA_1_4.equals(authData.getQAALevel()))
@@ -504,33 +662,33 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
authData.setQAALevel(session.getQAALevel());
if (session.isForeigner()) {
- if (authData.getStorkAuthnRequest() != null) {
- authData.setCcc(authData.getStorkAuthnRequest()
- .getCitizenCountryCode());
-
- } else {
-
- try {
- //TODO: replace with TSL lookup when TSL is ready!
- X509Certificate certificate = new X509Certificate(authData.getSignerCertificate());
-
- if (certificate != null) {
-
- LdapName ln = new LdapName(certificate.getIssuerDN()
- .getName());
- for (Rdn rdn : ln.getRdns()) {
- if (rdn.getType().equalsIgnoreCase("C")) {
- Logger.info("C is: " + rdn.getValue());
- authData.setCcc(rdn.getValue().toString());
- break;
- }
+ try {
+ //TODO: replace with TSL lookup when TSL is ready!
+ X509Certificate certificate = new X509Certificate(authData.getSignerCertificate());
+ if (certificate != null) {
+ LdapName ln = new LdapName(certificate.getIssuerDN()
+ .getName());
+ for (Rdn rdn : ln.getRdns()) {
+ if (rdn.getType().equalsIgnoreCase("C")) {
+ Logger.info("C is: " + rdn.getValue());
+ authData.setCcc(rdn.getValue().toString());
+ break;
}
}
-
- } catch (Exception e) {
- Logger.error("Failed to extract country code from certificate", e);
+ }
+
+ } catch (Exception e) {
+ Logger.error("Failed to extract country code from certificate", e);
+
+ }
+
+ if (MiscUtil.isEmpty(authData.getCcc())) {
+ if (authData.getStorkAuthnRequest() != null) {
+ authData.setCcc(authData.getStorkAuthnRequest().getCitizenCountryCode());
+ Logger.info("Can not extract country from certificate -> Use country from STORK request.");
}
+
}
} else {
@@ -539,7 +697,6 @@ public class AuthenticationDataBuilder implements MOAIDAuthConstants {
}
try {
-
authData.setSsoSession(AuthenticationSessionStoreage.isSSOSession(session.getSessionID()));
//set max. SSO session time
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
index 20641ca7c..b122ba17e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java
@@ -46,13 +46,27 @@
package at.gv.egovernment.moa.id.auth.builder;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
+import java.io.UnsupportedEncodingException;
+import java.security.InvalidKeyException;
import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.text.SimpleDateFormat;
+import java.util.Date;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.NoSuchPaddingException;
/**
* Builder for the bPK, as defined in
@@ -135,6 +149,58 @@ public class BPKBuilder {
}
}
+ public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException {
+ MiscUtil.assertNotNull(bpk, "BPK");
+ MiscUtil.assertNotNull(publicKey, "publicKey");
+
+ SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss");
+ if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
+ target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
+
+ String input = "V1::urn:publicid:gv.at:cdid+" + target + "::"
+ + bpk + "::"
+ + sdf.format(new Date());
+ System.out.println(input);
+ byte[] result;
+ try {
+ byte[] inputBytes = input.getBytes("ISO-8859-1");
+ result = encrypt(inputBytes, publicKey);
+ return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", "");
+
+ } catch (Exception e) {
+ throw new BuildException("bPK encryption FAILED", null, e);
+ }
+ }
+
+ public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException {
+ MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK");
+ MiscUtil.assertNotNull(privateKey, "Private key");
+ String decryptedString;
+ try {
+ byte[] encryptedBytes = Base64Utils.decode(encryptedBpk, false, "ISO-8859-1");
+ byte[] decryptedBytes = decrypt(encryptedBytes, privateKey);
+ decryptedString = new String(decryptedBytes, "ISO-8859-1");
+
+ } catch (Exception e) {
+ throw new BuildException("bPK decryption FAILED", null, e);
+ }
+ String tmp = decryptedString.substring(decryptedString.indexOf('+') + 1);
+ String sector = tmp.substring(0, tmp.indexOf("::"));
+ tmp = tmp.substring(tmp.indexOf("::") + 2);
+ String bPK = tmp.substring(0, tmp.indexOf("::"));
+
+ if (target.startsWith(Constants.URN_PREFIX_CDID + "+"))
+ target = target.substring((Constants.URN_PREFIX_CDID + "+").length());
+
+ if (target.equals(sector))
+ return bPK;
+
+ else {
+ Logger.error("Decrypted bPK does not match to request bPK target.");
+ return null;
+ }
+ }
+
/**
* Builds the storkeid from the given parameters.
*
@@ -214,6 +280,34 @@ public class BPKBuilder {
throw new BuildException("builder.00", new Object[]{"storkid", ex.toString()}, ex);
}
}
+
+ private static byte[] encrypt(byte[] inputBytes, PublicKey publicKey) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException {
+ byte[] result;
+ Cipher cipher = null;
+ try {
+ cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
+ } catch(NoSuchAlgorithmException e) {
+ cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
+ }
+ cipher.init(Cipher.ENCRYPT_MODE, publicKey);
+ result = cipher.doFinal(inputBytes);
+
+ return result;
+ }
+
+ private static byte[] decrypt(byte[] encryptedBytes, PrivateKey privateKey)
+ throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException{
+ byte[] result;
+ Cipher cipher = null;
+ try {
+ cipher = Cipher.getInstance("RSA/ECB/OAEPPadding"); // try with bouncycastle
+ } catch(NoSuchAlgorithmException e) {
+ cipher = Cipher.getInstance("RSA/ECB/OAEP"); // try with iaik provider
+ }
+ cipher.init(Cipher.DECRYPT_MODE, privateKey);
+ result = cipher.doFinal(encryptedBytes);
+ return result;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
index 9f2d5b641..484fe1f9e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/StartAuthenticationBuilder.java
@@ -56,7 +56,7 @@ public class StartAuthenticationBuilder {
STORKConfig storkConfig = AuthConfigurationProvider.getInstance().getStorkConfig();
- Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
+ Logger.info("Starting authentication for a citizen of country: " + (StringUtils.isEmpty(moasession.getCcc()) ? "AT" : moasession.getCcc()));
// STORK or normal authentication
if (storkConfig.isSTORKAuthentication(moasession.getCcc())) {
//STORK authentication
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
index 8726c1618..26c22fb4a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/data/AuthenticationSession.java
@@ -51,6 +51,7 @@ import org.w3c.dom.Element;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
import at.gv.egovernment.moa.id.auth.validator.InfoboxValidator;
import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils;
import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject;
@@ -291,9 +292,58 @@ public class AuthenticationSession implements Serializable {
private boolean isForeigner;
private IPersonalAttributeList storkAttributes;
-
+
+
+ //Temporary store SignRequest for local processing
+ private String signedDoc;
+ //Temporary store SAMLResponse for processing after user signed signedDoc locally
+ private String SAMLResponse;
+ //
+ private StringBuffer returnURL;
+ private IPersonalAttributeList authnResponseGetPersonalAttributeList;
+ private String authnContextClassRef;
// private String requestedProtocolURL = null;
+ public String getAuthnContextClassRef() {
+ return authnContextClassRef;
+ }
+
+ public void setAuthnContextClassRef(String authnContextClassRef) {
+ this.authnContextClassRef = authnContextClassRef;
+ }
+
+ public IPersonalAttributeList getAuthnResponseGetPersonalAttributeList() {
+ return authnResponseGetPersonalAttributeList;
+ }
+
+ public void setAuthnResponseGetPersonalAttributeList(IPersonalAttributeList authnResponseGetPersonalAttributeList) {
+ this.authnResponseGetPersonalAttributeList = authnResponseGetPersonalAttributeList;
+ }
+
+ public String getSAMLResponse() {
+ return SAMLResponse;
+ }
+
+ public void setSAMLResponse(String samlResponse) {
+ SAMLResponse = samlResponse;
+ }
+
+ public StringBuffer getReturnURL() {
+ return returnURL;
+ }
+
+ public void setReturnURL(StringBuffer returnURL) {
+ this.returnURL = returnURL;
+ }
+
+ public String getSignedDoc() {
+ return signedDoc;
+ }
+
+ public void setSignedDoc(String signedDoc) {
+ this.signedDoc = signedDoc;
+ }
+
public String getModul() {
return modul;
}
@@ -1060,9 +1110,6 @@ public class AuthenticationSession implements Serializable {
*/
public Date getSessionCreated() {
return sessionCreated;
- }
-
-
-
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java
new file mode 100644
index 000000000..69802d7e6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/exception/DatabaseEncryptionException.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.exception;
+
+/**
+ * @author tlenz
+ *
+ */
+public class DatabaseEncryptionException extends MOAIDException {
+
+ /**
+ *
+ */
+ private static final long serialVersionUID = 6387519847869308880L;
+
+ /**
+ * @param messageId
+ * @param parameters
+ * @param wrapped
+ */
+ public DatabaseEncryptionException(String messageId, Object[] parameters,
+ Throwable wrapped) {
+ super(messageId, parameters, wrapped);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
index ff5e62d96..1bc3702e4 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/StartAuthentificationParameterParser.java
@@ -22,8 +22,6 @@
******************************************************************************/
package at.gv.egovernment.moa.id.auth.parser;
-import iaik.util.logging.Log;
-
import java.io.UnsupportedEncodingException;
import java.util.List;
@@ -133,7 +131,10 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
String targetConfig = oaParam.getTarget();
String targetFriendlyNameConfig = oaParam.getTargetFriendlyName();
- if (StringUtils.isEmpty(targetConfig)) {
+ if (StringUtils.isEmpty(targetConfig)
+// || (module.equals(SAML1Protocol.PATH) &&
+// !StringUtils.isEmpty(target))
+ ) {
// no target attribut is given in OA config
// target is used from request
// check parameter
@@ -228,14 +229,22 @@ public class StartAuthentificationParameterParser implements MOAIDAuthConstants{
if (MiscUtil.isEmpty(templateURL)) {
List<TemplateType> templateURLList = oaParam.getTemplateURL();
-
+ List<String> defaulTemplateURLList =
+ AuthConfigurationProvider.getInstance().getSLRequestTemplates();
+
if ( templateURLList != null && templateURLList.size() > 0
&& MiscUtil.isNotEmpty(templateURLList.get(0).getURL()) ) {
templateURL = FileUtils.makeAbsoluteURL(
oaParam.getTemplateURL().get(0).getURL(),
AuthConfigurationProvider.getInstance().getRootConfigFileDir());
- Log.info("No SL-Template in request, load SL-Template from OA config (URL: " + templateURL + ")");
-
+ Logger.info("No SL-Template in request, load SL-Template from OA configuration (URL: " + templateURL + ")");
+
+ } else if ( (defaulTemplateURLList.size() > 0) && MiscUtil.isNotEmpty(defaulTemplateURLList.get(0))) {
+ templateURL = FileUtils.makeAbsoluteURL(
+ defaulTemplateURLList.get(0),
+ AuthConfigurationProvider.getInstance().getRootConfigFileDir());
+ Logger.info("No SL-Template in request, load SL-Template from general configuration (URL: " + templateURL + ")");
+
} else {
Logger.error("NO SL-Tempalte found in OA config");
throw new WrongParametersException("StartAuthentication", PARAM_TEMPLATE, "auth.12");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
index f11489dd2..bbc704f22 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetForeignIDServlet.java
@@ -161,7 +161,6 @@ public class GetForeignIDServlet extends AuthServlet {
AuthenticationSession session = null;
try {
String xmlCreateXMLSignatureResponse = (String)parameters.get(PARAM_XMLRESPONSE);
-
// check parameter
if (!ParamValidatorUtils.isValidSessionID(sessionID))
throw new WrongParametersException("GetForeignID", PARAM_SESSIONID, "auth.12");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
index a7ec4dcb6..c08d77f12 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/IDPSingleLogOutServlet.java
@@ -97,32 +97,31 @@ public class IDPSingleLogOutServlet extends AuthServlet {
return;
- } else if (MiscUtil.isNotEmpty(ssoid)) {
- if (ssomanager.isValidSSOSession(ssoid, null)) {
+ } else if (MiscUtil.isNotEmpty(ssoid)) {
+ try {
+ if (ssomanager.isValidSSOSession(ssoid, null)) {
- AuthenticationManager authmanager = AuthenticationManager.getInstance();
- String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
+ AuthenticationManager authmanager = AuthenticationManager.getInstance();
+ String moaSessionID = AuthenticationSessionStoreage.getMOASessionSSOID(ssoid);
- if (MiscUtil.isNotEmpty(moaSessionID)) {
- AuthenticationSession authSession;
- try {
- authSession = AuthenticationSessionStoreage
+ if (MiscUtil.isNotEmpty(moaSessionID)) {
+ AuthenticationSession authSession = AuthenticationSessionStoreage
.getSession(moaSessionID);
if(authSession != null) {
authmanager.performSingleLogOut(req, resp, authSession, null);
return;
}
-
- } catch (MOADatabaseException e) {
- //TODO: insert error Handling
-
- } catch (MOAIDException e) {
- // TODO Auto-generated catch block
- e.printStackTrace();
}
- }
- }
+ }
+ } catch (MOADatabaseException e) {
+ //TODO: insert error Handling
+ e.printStackTrace();
+
+ } catch (MOAIDException e) {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
} else if (restartProcessObj != null && restartProcessObj instanceof String) {
String restartProcess = (String) restartProcessObj;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
index 670ce8b3d..ade7d3f3c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorServlet.java
@@ -23,16 +23,17 @@
package at.gv.egovernment.moa.id.auth.servlet;
import iaik.x509.X509Certificate;
+
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
import java.util.ArrayList;
+
import javax.activation.DataSource;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.transform.stream.StreamSource;
@@ -50,18 +51,15 @@ import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
import at.gv.egovernment.moa.id.auth.data.IdentityLink;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
import at.gv.egovernment.moa.id.auth.stork.STORKException;
import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
-import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.moduls.ModulUtils;
import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
import at.gv.egovernment.moa.id.util.HTTPUtils;
-import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
import at.gv.egovernment.moa.id.util.VelocityProvider;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.StringUtils;
@@ -188,7 +186,6 @@ public class PEPSConnectorServlet extends AuthServlet {
//load MOASession from database
AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
-
//change MOASessionID
moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
@@ -226,7 +223,7 @@ public class PEPSConnectorServlet extends AuthServlet {
moaSession.setUseMandate("true");
// and check if we have the gender value
- PersonalAttribute gender = attributeList.get("gender");
+ PersonalAttribute gender = attributeList.get("gender"); // TODO Do we need to check gender value if there is no representation case?
if(null == gender) {
String gendervalue = (String) request.getParameter("gender");
if(null != gendervalue) {
@@ -247,7 +244,8 @@ public class PEPSConnectorServlet extends AuthServlet {
//extract signed doc element and citizen signature
String citizenSignature = null;
try {
- String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0);
+ String signatureInfo = authnResponse.getPersonalAttributeList().get("signedDoc").getValue().get(0); // TODO ERROR HANDLING
+
SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
// fetch signed doc
@@ -272,7 +270,7 @@ public class PEPSConnectorServlet extends AuthServlet {
for(Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
if(casted.getName().getLocalPart().equals("X509Certificate")) {
- moaSession.setSignerCertificate(new X509Certificate(((String)casted.getValue()).getBytes()));
+ moaSession.setSignerCertificate(new X509Certificate(((String)casted.getValue()).getBytes("UTF-8")));
break;
}
}
@@ -320,7 +318,7 @@ public class PEPSConnectorServlet extends AuthServlet {
identityLink = STORKResponseProcessor.connectToSZRGateway(authnResponse.getPersonalAttributeList(),
oaParam.getFriendlyName(),
targetType, null,
- oaParam.getMandateProfiles());
+ oaParam.getMandateProfiles(), citizenSignature);
} catch (STORKException e) {
// this is really nasty but we work against the system here. We are supposed to get the gender attribute from
// stork. If we do not, we cannot register the person in the ERnP - we have to have the
@@ -338,7 +336,7 @@ public class PEPSConnectorServlet extends AuthServlet {
StringWriter writer = new StringWriter();
template.merge(context, writer);
- response.getOutputStream().write(writer.toString().getBytes());
+ response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
} catch (Exception e1) {
Logger.error("Error sending gender retrival form.", e1);
// httpSession.invalidate();
@@ -356,7 +354,9 @@ public class PEPSConnectorServlet extends AuthServlet {
if (identityLink == null) {
Logger.error("SZR Gateway did not return an identity link.");
throw new MOAIDException("stork.10", null);
- }
+ }
+ moaSession.setForeigner(true);
+
Logger.info("Received Identity Link from SZR Gateway");
moaSession.setIdentityLink(identityLink);
@@ -399,9 +399,10 @@ public class PEPSConnectorServlet extends AuthServlet {
ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
redirectURL = response.encodeRedirectURL(redirectURL);
- response.setContentType("text/html");
- response.setStatus(302);
- response.addHeader("Location", redirectURL);
+// response.setContentType("text/html");
+// response.setStatus(302);
+// response.addHeader("Location", redirectURL);
+ response.sendRedirect(redirectURL);
Logger.info("REDIRECT TO: " + redirectURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
new file mode 100644
index 000000000..3bc79f8bd
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
@@ -0,0 +1,812 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ ******************************************************************************/
+package at.gv.egovernment.moa.id.auth.servlet;
+
+import iaik.x509.X509Certificate;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateException;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.List;
+
+import javax.activation.DataSource;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServlet;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Source;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.stream.StreamSource;
+
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang.StringEscapeUtils;
+import org.apache.velocity.Template;
+import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
+import org.opensaml.saml2.core.StatusCode;
+import org.xml.sax.SAXException;
+
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.BKUException;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.exception.ParseException;
+import at.gv.egovernment.moa.id.auth.exception.ServiceException;
+import at.gv.egovernment.moa.id.auth.stork.STORKException;
+import at.gv.egovernment.moa.id.auth.stork.STORKResponseProcessor;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.moduls.ModulUtils;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.util.HTTPUtils;
+import at.gv.egovernment.moa.id.util.VelocityProvider;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.spss.MOAException;
+import at.gv.egovernment.moa.spss.api.SPSSFactory;
+import at.gv.egovernment.moa.spss.api.SignatureVerificationService;
+import at.gv.egovernment.moa.spss.api.common.Content;
+
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureInfo;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifySignatureLocation;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest;
+import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.xmldsig.SignatureType;
+import at.gv.util.xsd.xmldsig.X509DataType;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.api.exceptions.UtilsException;
+import eu.stork.oasisdss.profile.SignRequest;
+import eu.stork.oasisdss.profile.SignResponse;
+import eu.stork.peps.auth.commons.IPersonalAttributeList;
+import eu.stork.peps.auth.commons.PEPSUtil;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.STORKAuthnRequest;
+import eu.stork.peps.auth.commons.STORKAuthnResponse;
+import eu.stork.peps.auth.engine.STORKSAMLEngine;
+import eu.stork.peps.exceptions.STORKSAMLEngineException;
+//import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+
+/**
+ * Endpoint for receiving STORK response messages
+ */
+public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
+ private static final long serialVersionUID = 1L;
+
+ public static final String PEPSCONNECTOR_SERVLET_URL_PATTERN = "/PEPSConnectorWithLocalSigning";
+
+ private String oasisDssWebFormURL = "https://testvidp.buergerkarte.at/oasis-dss/DSSWebFormServlet";//load from config below
+
+
+ /**
+ * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
+ */
+ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
+ super.doGet(request, response);
+ }
+
+ /**
+ * Handles the reception of a STORK response message
+ * @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response)
+ */
+ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
+ {
+ String moaSessionID1 = request.getParameter("moaSessionID");
+ String signResponse = request.getParameter("signresponse");
+ Logger.info("moaSessionID1:"+moaSessionID1);
+ Logger.info("signResponse:"+signResponse);
+ if(moaSessionID1!=null)
+ {
+ if(signResponse!=null)
+ {
+ //redirect from oasis with signresponse
+ handleSignResponse(request, response);
+ }
+ else
+ {
+ //should not occur
+ throw new IOException("should not occur");
+ }
+ }
+ else
+ {
+ if(signResponse!=null)
+ {
+ //should not occur
+ throw new IOException("should not occur");
+ }
+ else
+ {
+ //normal saml response
+ handleSAMLResponse(request, response);
+ }
+ }
+ return;
+ }
+
+ private void handleSignResponse(HttpServletRequest request, HttpServletResponse response) {
+ Logger.info("handleSignResponse started");
+ String moaSessionID = request.getParameter("moaSessionID");
+ String signResponse = request.getParameter("signresponse");
+ Logger.info("moaSessionID:"+moaSessionID);
+ Logger.info("signResponse:"+signResponse);
+ String pendingRequestID = null;
+ try{
+
+
+ //load MOASession from database
+ AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+ //change MOASessionID
+ moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+ Logger.info("pendingRequestID:"+pendingRequestID);
+ String signResponseString = new String(Base64.decodeBase64(signResponse), "UTF8");
+ Logger.info("RECEIVED signresponse:"+signResponseString);
+ //create SignResponse object
+ Source response1 = new StreamSource(new java.io.StringReader(signResponseString));
+ SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class);
+
+ // SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(Base64.signResponse)));
+
+ String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+
+ // memorize signature into authblock
+ moaSession.setAuthBlock(citizenSignature);
+
+ X509Certificate cert = getSignerCertificate(citizenSignature);
+ moaSession.setSignerCertificate(cert);
+ VerifyXMLSignatureResponse xMLVerifySignatureResponse = verifyXMLSignature(citizenSignature);
+ at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse tmp = convert(xMLVerifySignatureResponse);
+
+
+ moaSession.setXMLVerifySignatureResponse(tmp);
+ try{
+ IPersonalAttributeList personalAttributeList = moaSession.getAuthnResponseGetPersonalAttributeList();
+ //Add SignResponse TODO Add signature (extracted from signResponse)?
+ List<String> values = new ArrayList<String>();
+ values.add(signResponseString);
+// values.add(citizenSignature);
+ Logger.debug("Assembling signedDoc attribute");
+ PersonalAttribute signedDocAttribute = new PersonalAttribute("signedDoc", false, values,
+ "Available");
+ personalAttributeList.add(signedDocAttribute);
+
+ String authnContextClassRef = moaSession.getAuthnContextClassRef();
+ SZRGInsertion(moaSession, personalAttributeList, authnContextClassRef, citizenSignature);
+ } catch (STORKException e) {
+ // this is really nasty but we work against the system here. We are supposed to get the gender attribute from
+ // stork. If we do not, we cannot register the person in the ERnP - we have to have the
+ // gender for the represented person. So here comes the dirty hack.
+ if(e.getCause() instanceof STORKException && e.getCause().getMessage().equals("gender not found in response")) {
+ try {
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+ VelocityContext context = new VelocityContext();
+ context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+ context.put("action", request.getRequestURL());
+
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+
+ response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+ } catch (Exception e1) {
+ Logger.error("Error sending gender retrival form.", e1);
+ // httpSession.invalidate();
+ throw new MOAIDException("stork.10", null);
+ }
+
+ return;
+ }
+
+ Logger.error("Error connecting SZR Gateway", e);
+ throw new MOAIDException("stork.10", null);
+ }
+
+ Logger.debug("Add full STORK AuthnResponse to MOA session");
+ moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));//TODO ask Florian/Thomas authnResponse?
+ moaSession.setForeigner(true);
+
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+ Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+ //redirect
+ String redirectURL = null;
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+ ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
+ redirectURL = response.encodeRedirectURL(redirectURL);
+
+ response.sendRedirect(redirectURL);
+ Logger.info("REDIRECT TO: " + redirectURL);
+
+ } catch (AuthenticationException e) {
+ handleError(null, e, request, response, pendingRequestID);
+
+ } catch (MOAIDException e) {
+ handleError(null, e, request, response, pendingRequestID);
+
+ } catch (Exception e) {
+ Logger.error("PEPSConnector has an interal Error.", e);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+ }
+
+ private void handleSAMLResponse(HttpServletRequest request, HttpServletResponse response) {
+ Logger.info("handleSAMLResponse started");
+ String pendingRequestID = null;
+
+ try {
+ Logger.info("PEPSConnector Servlet invoked, expecting C-PEPS message.");
+ Logger.debug("This ACS endpoint is: " + HTTPUtils.getBaseURL(request));
+
+ super.setNoCachingHeadersInHttpRespone(request, response);
+ Logger.trace("No Caching headers set for HTTP response");
+
+ //check if https or only http
+ super.checkIfHTTPisAllowed(request.getRequestURL().toString());
+
+ Logger.debug("Beginning to extract SAMLResponse out of HTTP Request");
+
+ //extract STORK Response from HTTP Request
+ //Decodes SAML Response
+ byte[] decSamlToken;
+ try {
+ decSamlToken = PEPSUtil.decodeSAMLToken(request.getParameter("SAMLResponse"));
+ Logger.debug("SAMLResponse: " + new String(decSamlToken));
+
+ } catch(NullPointerException e) {
+ Logger.error("Unable to retrieve STORK Response", e);
+ throw new MOAIDException("stork.04", null);
+ }
+
+ //Get SAMLEngine instance
+ STORKSAMLEngine engine = STORKSAMLEngine.getInstance("outgoing");
+
+ STORKAuthnResponse authnResponse = null;
+ try {
+ //validate SAML Token
+ Logger.debug("Starting validation of SAML response");
+ authnResponse = engine.validateSTORKAuthnResponse(decSamlToken, (String) request.getRemoteHost());
+ Logger.info("SAML response succesfully verified!");
+ }catch(STORKSAMLEngineException e){
+ Logger.error("Failed to verify STORK SAML Response", e);
+ throw new MOAIDException("stork.05", null);
+ }
+
+ Logger.info("STORK SAML Response message succesfully extracted");
+ Logger.debug("STORK response: ");
+ Logger.debug(authnResponse.toString());
+
+ Logger.debug("Trying to find MOA Session-ID ...");
+ //String moaSessionID = request.getParameter(PARAM_SESSIONID);
+ //first use SAML2 relayState
+ String moaSessionID = request.getParameter("RelayState");
+
+ // escape parameter strings
+ moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
+
+ //check if SAML2 relaystate includes a MOA sessionID
+ if (StringUtils.isEmpty(moaSessionID)) {
+ //if relaystate is emtpty, use SAML response -> inResponseTo element as session identifier
+
+ moaSessionID = authnResponse.getInResponseTo();
+ moaSessionID= StringEscapeUtils.escapeHtml(moaSessionID);
+
+ if (StringUtils.isEmpty(moaSessionID)) {
+ //No authentication session has been started before
+ Logger.error("MOA-SessionID was not found, no previous AuthnRequest had been started");
+ Logger.debug("PEPSConnectorURL was: " + request.getRequestURL());
+ throw new AuthenticationException("auth.02", new Object[] { moaSessionID });
+
+ } else
+ Logger.trace("Use MOA SessionID " + moaSessionID + " from AuthnResponse->inResponseTo attribute.");
+
+ } else
+ //Logger.trace("MOA SessionID " + moaSessionID + " is found in http GET parameter.");
+ Logger.trace("MOA SessionID " + moaSessionID + " is found in SAML2 relayState.");
+
+ /*INFO!!!!
+ * SAML message IDs has an different format then MOASessionIDs
+ * This is only a workaround because many PEPS does not support SAML2 relayState or
+ * MOASessionID as AttributConsumerServiceURL GET parameter
+ */
+ // if (!ParamValidatorUtils.isValidSessionID(moaSessionID))
+ // throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_SESSIONID, "auth.12");
+
+ pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moaSessionID);
+
+ //load MOASession from database
+ AuthenticationSession moaSession = AuthenticationServer.getSession(moaSessionID);
+ //change MOASessionID
+ moaSessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+ Logger.info("Found MOA sessionID: " + moaSessionID);
+
+
+
+ String statusCodeValue = authnResponse.getStatusCode();
+
+ if (!statusCodeValue.equals(StatusCode.SUCCESS_URI)) {
+ Logger.error("Received ErrorResponse from PEPS: " + statusCodeValue);
+ throw new MOAIDException("stork.06", new Object[] { statusCodeValue });
+ }
+
+ Logger.info("Got SAML response with authentication success message.");
+
+ Logger.debug("MOA session is still valid");
+
+ STORKAuthnRequest storkAuthnRequest = moaSession.getStorkAuthnRequest();
+
+ if (storkAuthnRequest == null) {
+ Logger.error("Could not find any preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+ throw new MOAIDException("stork.07", null);
+ }
+
+ Logger.debug("Found a preceeding STORK AuthnRequest to this MOA session: " + moaSessionID);
+
+ ////////////// incorporate gender from parameters if not in stork response
+
+ IPersonalAttributeList attributeList = authnResponse.getPersonalAttributeList();
+
+ // but first, check if we have a representation case
+ if(STORKResponseProcessor.hasAttribute("mandateContent", attributeList) || STORKResponseProcessor.hasAttribute("representative", attributeList) || STORKResponseProcessor.hasAttribute("represented", attributeList)) {
+ // in a representation case...
+ moaSession.setUseMandate("true");
+
+ // and check if we have the gender value
+ PersonalAttribute gender = attributeList.get("gender");
+ if(null == gender) {
+ String gendervalue = (String) request.getParameter("gender");
+ if(null != gendervalue) {
+ gender = new PersonalAttribute();
+ gender.setName("gender");
+ ArrayList<String> tmp = new ArrayList<String>();
+ tmp.add(gendervalue);
+ gender.setValue(tmp);
+
+ authnResponse.getPersonalAttributeList().add(gender);
+ }
+ }
+ }
+
+ //////////////////////////////////////////////////////////////////////////
+
+ Logger.debug("Starting extraction of signedDoc attribute");
+ //extract signed doc element and citizen signature
+ String citizenSignature = null;
+ try {
+ PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+ String signatureInfo = null;
+ if(signedDoc!=null)
+ {
+ signatureInfo = signedDoc.getValue().get(0);
+ //should not occur
+ }
+ else
+ {
+
+ //store SAMLResponse
+ moaSession.setSAMLResponse(request.getParameter("SAMLResponse"));
+ //store authnResponse
+
+ //moaSession.setAuthnResponse(authnResponse);//not serializable
+ moaSession.setAuthnResponseGetPersonalAttributeList(authnResponse.getPersonalAttributeList());
+
+ String authnContextClassRef = null;
+ try {
+ authnContextClassRef = authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef();
+ } catch (Throwable e) {
+ Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+ }
+
+ moaSession.setAuthnContextClassRef(authnContextClassRef);
+ moaSession.setReturnURL(request.getRequestURL());
+
+ //load signedDoc
+ String signRequest = moaSession.getSignedDoc();
+
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+ //set return url to PEPSConnectorWithLocalSigningServlet and add newMOASessionID
+ //signRequest
+
+ String issuerValue = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+ String acsURL = issuerValue + PEPSConnectorWithLocalSigningServlet.PEPSCONNECTOR_SERVLET_URL_PATTERN;
+
+ String url = acsURL+"?moaSessionID="+newMOASessionID;
+ //redirect to OASIS module and sign there
+
+ boolean found = false;
+ try{
+ List<AttributeProviderPlugin> aps = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix()).getStorkAPs();
+ Logger.info("Found AttributeProviderPlugins:"+aps.size());
+ for(AttributeProviderPlugin ap : aps)
+ {
+ Logger.info("Found AttributeProviderPlugin attribute:"+ap.getAttributes());
+ if(ap.getAttributes().equalsIgnoreCase("signedDoc"))
+ {
+ oasisDssWebFormURL = ap.getUrl();
+ found = true;
+ Logger.info("Loaded signedDoc attribute provider url from config:"+oasisDssWebFormURL);
+ break;
+ }
+ }
+ }catch(Exception e)
+ {
+ e.printStackTrace();
+ Logger.error("Loading the signedDoc attribute provider url from config failed");
+ }
+ if(!found)
+ {
+ Logger.error("Failed to load the signedDoc attribute provider url from config");
+ }
+ performRedirect(url,request,response,signRequest);
+
+ return;
+ }
+ SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
+
+ citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+
+ // memorize signature into authblock
+ moaSession.setAuthBlock(citizenSignature);
+
+ X509Certificate cert = getSignerCertificate(citizenSignature);
+ moaSession.setSignerCertificate(cert);
+ moaSession.setForeigner(true);
+
+
+ } catch (Throwable e) {
+ Logger.error("Could not extract citizen signature from C-PEPS", e);
+ throw new MOAIDException("stork.09", null);
+ }
+
+ try{
+ SZRGInsertion(moaSession, authnResponse.getPersonalAttributeList(), authnResponse.getAssertions().get(0).getAuthnStatements().get(0).getAuthnContext().getAuthnContextClassRef().getAuthnContextClassRef(),citizenSignature);
+ } catch (STORKException e) {
+ // this is really nasty but we work against the system here. We are supposed to get the gender attribute from
+ // stork. If we do not, we cannot register the person in the ERnP - we have to have the
+ // gender for the represented person. So here comes the dirty hack.
+ if(e.getCause() instanceof STORKException && e.getCause().getMessage().equals("gender not found in response")) {
+ try {
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/fetchGender.html");
+ VelocityContext context = new VelocityContext();
+ context.put("SAMLResponse", request.getParameter("SAMLResponse"));
+ context.put("action", request.getRequestURL());
+
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+
+ response.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+ } catch (Exception e1) {
+ Logger.error("Error sending gender retrival form.", e1);
+ // httpSession.invalidate();
+ throw new MOAIDException("stork.10", null);
+ }
+
+ return;
+ }
+
+ Logger.error("Error connecting SZR Gateway", e);
+ throw new MOAIDException("stork.10", null);
+ }
+
+ Logger.debug("Add full STORK AuthnResponse to MOA session");
+ moaSession.setStorkAuthnResponse(request.getParameter("SAMLResponse"));//TODO ask Florian/Thomas authnResponse?
+
+ //session is implicit stored in changeSessionID!!!!
+ String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(moaSession);
+
+ Logger.info("Changed MOASession " + moaSessionID + " to Session " + newMOASessionID);
+
+ //redirect
+ String redirectURL = null;
+ redirectURL = new DataURLBuilder().buildDataURL(moaSession.getAuthURL(),
+ ModulUtils.buildAuthURL(moaSession.getModul(), moaSession.getAction(), pendingRequestID), newMOASessionID);
+ redirectURL = response.encodeRedirectURL(redirectURL);
+
+ response.setContentType("text/html");
+ response.setStatus(302);
+ response.addHeader("Location", redirectURL);
+ Logger.info("REDIRECT TO: " + redirectURL);
+
+ } catch (AuthenticationException e) {
+ handleError(null, e, request, response, pendingRequestID);
+
+ } catch (MOAIDException e) {
+ handleError(null, e, request, response, pendingRequestID);
+
+ } catch (Exception e) {
+ Logger.error("PEPSConnector has an interal Error.", e);
+ }
+
+ finally {
+ ConfigurationDBUtils.closeSession();
+ }
+
+ }
+
+ private void performRedirect(String url, HttpServletRequest req, HttpServletResponse resp, String signRequestString)
+ throws MOAIDException {
+
+ try {
+ Logger.trace("Initialize VelocityEngine...");
+
+ VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine();
+ Template template = velocityEngine.getTemplate("/resources/templates/oasis_dss_webform_binding.vm");
+ VelocityContext context = new VelocityContext();
+
+ Logger.debug("performRedirect, signrequest:"+signRequestString);
+ Source signDoc = new StreamSource(new java.io.StringReader(signRequestString));
+ SignRequest signRequest = ApiUtils.unmarshal(signDoc, SignRequest.class);
+ signRequest.setReturnURL("TODO");
+ signRequestString = IOUtils.toString(ApiUtils.marshalToInputStream(signRequest));
+ context.put("signrequest", Base64.encodeBase64String(signRequestString.getBytes("UTF8")));
+ context.put("clienturl", url);
+ context.put("action", oasisDssWebFormURL );
+
+ StringWriter writer = new StringWriter();
+ template.merge(context, writer);
+
+ resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
+ } catch (Exception e) {
+ Logger.error("Error sending DSS signrequest.", e);
+ throw new MOAIDException("stork.11", null);
+ }
+ }
+
+ private String getCitizienSignatureFromSignResponseFromSAML(STORKAuthnResponse authnResponse) throws ApiUtilsException, IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, MOAIDException
+ {
+ PersonalAttribute signedDoc = authnResponse.getPersonalAttributeList().get("signedDoc");
+ String signatureInfo = null;
+ if(signedDoc==null)
+ {
+ Logger.error("SignedDoc = null, failed to extract Signresponse from authnResponse");
+ throw new MOAIDException("stork.09", null);
+ }
+ signatureInfo = signedDoc.getValue().get(0);
+
+ SignResponse dssSignResponse = (SignResponse) ApiUtils.unmarshal(new StreamSource(new java.io.StringReader(signatureInfo)));
+ String citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+ return citizenSignature;
+
+ }
+
+ private String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, ApiUtilsException
+ {
+ // fetch signed doc
+ DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+ if(ds == null){
+ throw new ApiUtilsException("No datasource found in response");
+ }
+
+ InputStream incoming = ds.getInputStream();
+ String citizenSignature = IOUtils.toString(incoming);
+ incoming.close();
+
+ return citizenSignature;
+ }
+
+ private X509Certificate getSignerCertificate(String citizenSignature) throws CertificateException, JAXBException, UnsupportedEncodingException
+ {
+ JAXBContext ctx = JAXBContext.newInstance(SignatureType.class.getPackage().getName());
+ SignatureType root = ((JAXBElement<SignatureType>) ctx.createUnmarshaller().unmarshal(IOUtils.toInputStream(citizenSignature))).getValue();
+
+ // extract certificate
+ for(Object current : root.getKeyInfo().getContent())
+ if(((JAXBElement<?>) current).getValue() instanceof X509DataType) {
+ for(Object currentX509Data : ((JAXBElement<X509DataType>) current).getValue().getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
+ JAXBElement<?> casted = ((JAXBElement<?>) currentX509Data);
+ if(casted.getName().getLocalPart().equals("X509Certificate")) {
+ return new X509Certificate(((String)casted.getValue()).getBytes("UTF-8"));
+ }
+ }
+ }
+ return null;
+ }
+
+ private void SZRGInsertion(AuthenticationSession moaSession, IPersonalAttributeList personalAttributeList, String authnContextClassRef, String citizenSignature) throws STORKException, MOAIDException
+ {
+ Logger.debug("Foregin Citizen signature successfully extracted from STORK Assertion (signedDoc)");
+ Logger.debug("Citizen signature will be verified by SZR Gateway!");
+
+ Logger.debug("fetching OAParameters from database");
+
+ OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(moaSession.getPublicOAURLPrefix());
+ if (oaParam == null)
+ throw new AuthenticationException("auth.00", new Object[] { moaSession.getPublicOAURLPrefix() });
+
+ // retrieve target
+ //TODO: check in case of SSO!!!
+ String targetType = null;
+ if(oaParam.getBusinessService()) {
+ String id = oaParam.getIdentityLinkDomainIdentifier();
+ if (id.startsWith(AuthenticationSession.REGISTERANDORDNR_PREFIX_))
+ targetType = id;
+ else
+ targetType = AuthenticationSession.REGISTERANDORDNR_PREFIX_ + moaSession.getDomainIdentifier();
+ } else {
+ targetType = AuthenticationSession.TARGET_PREFIX_ + oaParam.getTarget();
+ }
+
+
+
+ Logger.debug("Starting connecting SZR Gateway");
+ //contact SZR Gateway
+ IdentityLink identityLink = null;
+
+ identityLink = STORKResponseProcessor.connectToSZRGateway(personalAttributeList,
+ oaParam.getFriendlyName(),
+ targetType, null,
+ oaParam.getMandateProfiles(),citizenSignature);
+ Logger.debug("SZR communication was successfull");
+
+ if (identityLink == null) {
+ Logger.error("SZR Gateway did not return an identity link.");
+ throw new MOAIDException("stork.10", null);
+ }
+ Logger.info("Received Identity Link from SZR Gateway");
+ moaSession.setIdentityLink(identityLink);
+
+ Logger.debug("Adding addtional STORK attributes to MOA session");
+ moaSession.setStorkAttributes(personalAttributeList);
+
+ //We don't have BKUURL, setting from null to "Not applicable"
+ moaSession.setBkuURL("Not applicable (STORK Authentication)");
+
+ // free for single use
+ moaSession.setAuthenticatedUsed(false);
+
+ // stork did the authentication step
+ moaSession.setAuthenticated(true);
+
+ //TODO: found better solution, but QAA Level in response could be not supported yet
+ try {
+ if(authnContextClassRef==null)
+ authnContextClassRef = PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel();
+ moaSession.setQAALevel(authnContextClassRef);
+
+ } catch (Throwable e) {
+ Logger.warn("STORK QAA-Level is not found in AuthnResponse. Set QAA Level to requested level");
+ moaSession.setQAALevel(PVPConstants.STORK_QAA_PREFIX + oaParam.getQaaLevel());
+
+ }
+
+ }
+
+ private VerifyXMLSignatureResponse verifyXMLSignature(String signature) throws AuthenticationException, ParseException, BKUException, BuildException, ConfigurationException, ServiceException, UnsupportedEncodingException, SAXException, IOException, ParserConfigurationException, MOAException
+ {
+ //Based on MOA demo client
+ // Factory und Service instanzieren
+ SPSSFactory spssFac = SPSSFactory.getInstance();
+ SignatureVerificationService sigVerifyService = SignatureVerificationService.getInstance();
+
+ Content sigDocContent1 = spssFac.createContent(IOUtils.toInputStream(signature, "UTF-8"), null);
+
+ // Position der zu prüfenden Signatur im Dokument angeben
+ // (Nachdem im XPath-Ausdruck ein NS-Präfix verwendet wird, muss in einer Lookup-Tabelle
+ // der damit bezeichnete Namenraum mitgegeben werden)
+ HashMap nSMap = new HashMap();
+ nSMap.put("dsig", "http://www.w3.org/2000/09/xmldsig#");
+ VerifySignatureLocation sigLocation = spssFac.createVerifySignatureLocation("//dsig:Signature", nSMap);
+
+ // Zu prüfendes Dokument und Signaturposition zusammenfassen
+
+ VerifySignatureInfo sigInfo = spssFac.createVerifySignatureInfo(sigDocContent1, sigLocation);
+
+ // Prüfrequest zusammenstellen
+ VerifyXMLSignatureRequest verifyRequest = spssFac.createVerifyXMLSignatureRequest(
+ null, // Wird Prüfzeit nicht angegeben, wird aktuelle Zeit verwendet
+ sigInfo,
+ null, // Keine Ergänzungsobjekte notwendig
+ null, // Signaturmanifest-Prüfung soll nicht durchgeführt werden
+ false, // Hash-Inputdaten, d.h. tatsächlich signierte Daten werden nicht zurückgeliefert
+ "MOAIDBuergerkartePersonenbindungMitTestkarten");//TODO load from config
+ //"Test-Signaturdienste"); // ID des verwendeten Vertrauensprofils
+
+ VerifyXMLSignatureResponse verifyResponse = null;
+ try
+ {
+ // Aufruf der Signaturprüfung
+ verifyResponse = sigVerifyService.verifyXMLSignature(verifyRequest);
+ }
+ catch (MOAException e)
+ {
+ // Service liefert Fehler
+ System.err.println("Die Signaturprüfung hat folgenden Fehler geliefert:");
+ System.err.println("Fehlercode: " + e.getMessageId());
+ System.err.println("Fehlernachricht: " + e.getMessage());
+ throw e;
+ }
+
+// // Auswertung der Response
+// System.out.println();
+// System.out.println("Ergebnisse der Signaturprüfung:");
+// System.out.println();
+//
+// // Besondere Eigenschaften des Signatorzertifikats
+// SignerInfo signerInfo = verifyResponse.getSignerInfo();
+// System.out.println("*** Ist Zertifikat des Signators qualifiziert? " + ((signerInfo.isQualifiedCertificate()) ? "ja" : "nein"));
+// System.out.println("*** Ist Zertifikat des Signators von einer Behörde? " + ((signerInfo.isPublicAuthority()) ? "ja" : "nein"));
+//
+// // Ergebnisse von Signatur- und Zertifikatsprüfung
+// System.out.println();
+// System.out.println("Ergebniscode der Signaturprüfung: " + verifyResponse.getSignatureCheck().getCode());
+// System.out.println("Ergebniscode der Zertifikatsprüfung: " + verifyResponse.getCertificateCheck().getCode());
+//
+// // Signatorzertifikat
+// System.out.println();
+// System.out.println("*** Zertifikat des Signators:");
+// System.out.println("Aussteller: " + signerInfo.getSignerCertificate().getIssuerDN());
+// System.out.println("Subject: " + signerInfo.getSignerCertificate().getSubjectDN());
+// System.out.println("Seriennummer: " + signerInfo.getSignerCertificate().getSerialNumber());
+ return verifyResponse;
+ }
+
+ private at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse convert(VerifyXMLSignatureResponse xMLVerifySignatureResponse) {
+ at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse response = new at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse();
+ response.setCertificateCheckCode(xMLVerifySignatureResponse.getCertificateCheck().getCode());
+ response.setPublicAuthority(xMLVerifySignatureResponse.getSignerInfo().isPublicAuthority());
+// response.setPublicAuthorityCode(publicAuthorityCode)
+ response.setQualifiedCertificate(xMLVerifySignatureResponse.getSignerInfo().isQualifiedCertificate());
+ response.setSignatureCheckCode(xMLVerifySignatureResponse.getSignatureCheck().getCode());
+ response.setSignatureManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
+// response.setSigningDateTime()
+// response.setX509certificate(x509certificate)
+ response.setXmlDSIGManifestCheckCode(xMLVerifySignatureResponse.getSignatureManifestCheck().getCode());
+// response.setXmlDSIGManigest(xMLVerifySignatureResponse.getSignatureManifestCheck())
+// response.setXmlDsigSubjectName(xmlDsigSubjectName)
+ return response;
+ }
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
index 98edf1fe4..e7fa9cbd7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/VerifyAuthenticationBlockServlet.java
@@ -207,7 +207,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
//System.out.println("IDL: " + s);
- byte[] idl = s.getBytes();
+ byte[] idl = s.getBytes("UTF-8");
// redirect url
// build redirect(to the GetMISSessionIdSerlvet)
@@ -238,7 +238,7 @@ public class VerifyAuthenticationBlockServlet extends AuthServlet {
String oaFriendlyName = oaParam.getFriendlyName();
String mandateReferenceValue = session.getMandateReferenceValue();
byte[] cert = session.getEncodedSignerCertificate();
- byte[] authBlock = session.getAuthBlock().getBytes();
+ byte[] authBlock = session.getAuthBlock().getBytes("UTF-8");
//TODO: check in case of SSO!!!
String targetType = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
index 2c8b44404..7113dcf70 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/stork/STORKResponseProcessor.java
@@ -26,28 +26,19 @@
package at.gv.egovernment.moa.id.auth.stork;
import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.util.List;
import java.util.Vector;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.xml.namespace.QName;
+import javax.activation.DataSource;
+import javax.xml.transform.Source;
+import javax.xml.transform.TransformerConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+import javax.xml.transform.stream.StreamSource;
-import org.opensaml.common.binding.BasicSAMLMessageContext;
-import org.opensaml.saml2.binding.decoding.HTTPPostDecoder;
-import org.opensaml.saml2.core.Assertion;
-import org.opensaml.saml2.metadata.RequestedAttribute;
-import org.opensaml.ws.transport.http.HTTPInTransport;
-import org.opensaml.ws.transport.http.HTTPOutTransport;
-import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
-import org.opensaml.ws.transport.http.HttpServletResponseAdapter;
-import org.opensaml.xml.XMLObject;
-import org.opensaml.xml.schema.XSAny;
-import org.opensaml.xml.schema.XSString;
-import org.opensaml.xml.util.Base64;
-import org.opensaml.xml.util.XMLHelper;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
+import org.apache.commons.io.IOUtils;
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttribute;
@@ -57,12 +48,16 @@ import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ParseException;
import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
import at.gv.egovernment.moa.id.client.SZRGWClientException;
-import at.gv.egovernment.moa.id.util.XMLUtil;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DateTimeUtils;
import at.gv.egovernment.moa.util.StringUtils;
import at.gv.util.xsd.srzgw.CreateIdentityLinkResponse;
+import eu.stork.oasisdss.api.ApiUtils;
+import eu.stork.oasisdss.api.LightweightSourceResolver;
+import eu.stork.oasisdss.api.exceptions.ApiUtilsException;
+import eu.stork.oasisdss.api.exceptions.UtilsException;
+import eu.stork.oasisdss.profile.SignResponse;
import eu.stork.peps.auth.commons.IPersonalAttributeList;
import eu.stork.peps.auth.commons.PersonalAttribute;
@@ -105,13 +100,19 @@ public class STORKResponseProcessor {
* @throws STORKException the sTORK exception
*/
private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList) throws STORKException {
+ return getAttributeValue(attributeName, attributeList, true);
+ }
+ private static String getAttributeValue(String attributeName, IPersonalAttributeList attributeList, boolean throwException) throws STORKException {
try {
String result = attributeList.get(attributeName).getValue().get(0);
Logger.trace(attributeName + " : " + result);
return result;
- } catch(NullPointerException e) {
+ } catch(Exception e) {
Logger.error(attributeName + " not found in response");
- throw new STORKException(attributeName + " not found in response");
+ if(throwException)
+ throw new STORKException(attributeName + " not found in response");
+ else
+ return null;
}
}
@@ -123,11 +124,12 @@ public class STORKResponseProcessor {
* @param targetType the target type
* @param targetValue the target value
* @param filters the filters
+ * @param citizenSignature2
* @return Identity Link
* @throws STORKException the sTORK exception
* @throws MOAIDException
*/
- public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters) throws STORKException, MOAIDException {
+ public static IdentityLink connectToSZRGateway(IPersonalAttributeList attributeList, String oaFriendlyName, String targetType, String targetValue, List<String> filters, String citizenSignature) throws STORKException, MOAIDException {
Logger.trace("Calling SZR Gateway with the following attributes:");
CreateIdentityLinkResponse identityLinkResponse = null;
@@ -136,30 +138,39 @@ public class STORKResponseProcessor {
Logger.trace("Starting call...");
// if there is no signedDoc attribute, we cannot go on
- String citizenSignature = getAttributeValue("signedDoc", attributeList);
- String fiscalNumber = getAttributeValue("fiscalNumber", attributeList);
+ if(citizenSignature==null || citizenSignature.length()==0)
+ {
+ String signResponseString = getAttributeValue("signedDoc", attributeList);
+
+ //Extract signature from SIgnResponse
+ Source response1 = new StreamSource(new java.io.StringReader(signResponseString));
+ SignResponse dssSignResponse = ApiUtils.unmarshal(response1, SignResponse.class);
+ citizenSignature = getCitizienSignatureFromSignResponse(dssSignResponse);
+ }
+
+ String fiscalNumber = getAttributeValue("fiscalNumber", attributeList, false);
// if we have a signedDoc we test for a representation case
// - according to stork samlengine and commons
if(hasAttribute("mandate", attributeList)) {
// we have a representation case
- String mandate = getAttributeValue("mandate", attributeList);
+ String mandate = getAttributeValue("mandate", attributeList, false);
if(!hasAttribute("dateOfBirth", attributeList)) {
// if we get here, we have a natural person representing a legal person
- String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList);
- String organizationType = getAttributeValue("translateableType", attributeList);
+ String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList, false);
+ String organizationType = getAttributeValue("translateableType", attributeList, false);
identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, null, null, mandate, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters, fiscalNumber);
} else {
// if we get here, we have a natural person representing another natural person
- String eIdentifier = getAttributeValue("eIdentifier", attributeList);
- String givenName = getAttributeValue("givenName", attributeList);
- String lastName = getAttributeValue("surname", attributeList);
- String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
+ String eIdentifier = getAttributeValue("eIdentifier", attributeList, false);
+ String givenName = getAttributeValue("givenName", attributeList, false);
+ String lastName = getAttributeValue("surname", attributeList, false);
+ String dateOfBirth = getAttributeValue("dateOfBirth", attributeList, false);
// gender attribute is mandatory here because of some legal stuff
- String gender = getAttributeValue("gender", attributeList);
+ String gender = getAttributeValue("gender", attributeList, false);
if (!StringUtils.isEmpty(dateOfBirth))
dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
@@ -172,25 +183,25 @@ public class STORKResponseProcessor {
// - according to stork spec
else if(hasAttribute("mandateContent", attributeList) || hasAttribute("representative", attributeList) || hasAttribute("represented", attributeList)) {
// we have a representation case
- String representative = getAttributeValue("representative", attributeList);
- String represented = getAttributeValue("represented", attributeList);
- String mandate = getAttributeValue("mandateContent", attributeList);
+ String representative = getAttributeValue("representative", attributeList, false);
+ String represented = getAttributeValue("represented", attributeList, false);
+ String mandate = getAttributeValue("mandateContent", attributeList, false);
if(!hasAttribute("dateOfBirth", attributeList)) {
// if we get here, we have a natural person representing a legal person
- String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList);
- String organizationType = getAttributeValue("translateableType", attributeList);
+ String organizationAddress = getAttributeValue("canonicalRegisteredAddress", attributeList, false);
+ String organizationType = getAttributeValue("translateableType", attributeList, false);
identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(citizenSignature, representative, represented, mandate, organizationAddress, organizationType, targetType, targetValue, oaFriendlyName, filters, fiscalNumber);
} else {
// if we get here, we have a natural person representing another natural person
- String eIdentifier = getAttributeValue("eIdentifier", attributeList);
- String givenName = getAttributeValue("givenName", attributeList);
- String lastName = getAttributeValue("surname", attributeList);
- String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
+ String eIdentifier = getAttributeValue("eIdentifier", attributeList, false);
+ String givenName = getAttributeValue("givenName", attributeList, false);
+ String lastName = getAttributeValue("surname", attributeList, false);
+ String dateOfBirth = getAttributeValue("dateOfBirth", attributeList, false);
// gender attribute is mandatory here because of some legal stuff
- String gender = getAttributeValue("gender", attributeList);
+ String gender = getAttributeValue("gender", attributeList, false);
if (!StringUtils.isEmpty(dateOfBirth))
dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
@@ -201,10 +212,10 @@ public class STORKResponseProcessor {
}
} else {
// we do not have a representation case
- String eIdentifier = getAttributeValue("eIdentifier", attributeList);
- String givenName = getAttributeValue("givenName", attributeList);
- String lastName = getAttributeValue("surname", attributeList);
- String dateOfBirth = getAttributeValue("dateOfBirth", attributeList);
+ String eIdentifier = getAttributeValue("eIdentifier", attributeList, false);
+ String givenName = getAttributeValue("givenName", attributeList, false);
+ String lastName = getAttributeValue("surname", attributeList, false);
+ String dateOfBirth = getAttributeValue("dateOfBirth", attributeList, false);
if (!StringUtils.isEmpty(dateOfBirth))
dateOfBirth = DateTimeUtils.formatPEPSDateToMOADate(dateOfBirth);
identityLinkResponse = AuthenticationServer.getInstance().getIdentityLink(eIdentifier, givenName, lastName, dateOfBirth, citizenSignature, fiscalNumber);
@@ -229,7 +240,27 @@ public class STORKResponseProcessor {
} catch (ParseException e) {
Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
throw new MOAIDException("auth.25", null, e);
-
+ } catch (ApiUtilsException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (IllegalArgumentException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (TransformerConfigurationException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (UtilsException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (TransformerException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (TransformerFactoryConfigurationError e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
+ } catch (IOException e) {
+ Logger.error("Error parsing IdentityLink received from SZR-Gateway: ", e);
+ throw new MOAIDException("auth.25", null, e);
}
return identityLink;
@@ -266,5 +297,20 @@ public class STORKResponseProcessor {
return moaExtendedSAMLAttributeList;
}
+
+ private static String getCitizienSignatureFromSignResponse(SignResponse dssSignResponse) throws IllegalArgumentException, TransformerConfigurationException, UtilsException, TransformerException, TransformerFactoryConfigurationError, IOException, ApiUtilsException
+ {
+ // fetch signed doc
+ DataSource ds = LightweightSourceResolver.getDataSource(dssSignResponse);
+ if(ds == null){
+ throw new ApiUtilsException("No datasource found in response");
+ }
+
+ InputStream incoming = ds.getInputStream();
+ String citizenSignature = IOUtils.toString(incoming);
+ incoming.close();
+
+ return citizenSignature;
+ }
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
index 32625ca03..5426f2008 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/AuthConfigurationProvider.java
@@ -961,6 +961,17 @@ public class AuthConfigurationProvider extends ConfigurationProvider {
return prop;
}
+ /**
+ * @return
+ */
+ public String getMOAConfigurationEncryptionKey() {
+ String prop = props.getProperty("configuration.moaconfig.key");
+ if (MiscUtil.isEmpty(prop))
+ return null;
+ else
+ return prop;
+ }
+
public boolean isIdentityLinkResigning() {
String prop = props.getProperty("configuration.resignidentitylink.active", "false");
return Boolean.valueOf(prop);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
index 6398de34f..4c6519b57 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/IOAAuthParameters.java
@@ -22,6 +22,7 @@
*/
package at.gv.egovernment.moa.id.config.auth;
+import java.security.PrivateKey;
import java.util.List;
import java.util.Map;
@@ -31,6 +32,7 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.OAPVP2;
import at.gv.egovernment.moa.id.commons.db.dao.config.OASAML1;
import at.gv.egovernment.moa.id.commons.db.dao.config.OAStorkAttribute;
import at.gv.egovernment.moa.id.commons.db.dao.config.TemplateType;
+import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters;
/**
* @author tlenz
@@ -149,4 +151,6 @@ public interface IOAAuthParameters {
List<String> getTestCredentialOIDs();
+ PrivateKey getBPKDecBpkDecryptionKey();
+
} \ No newline at end of file
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
index f58fe2495..673d23373 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java
@@ -46,11 +46,15 @@
package at.gv.egovernment.moa.id.config.auth;
+import java.security.PrivateKey;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
+import org.apache.commons.lang.SerializationUtils;
+
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
import at.gv.egovernment.moa.id.commons.db.dao.config.AttributeProviderPlugin;
import at.gv.egovernment.moa.id.commons.db.dao.config.AuthComponentOA;
import at.gv.egovernment.moa.id.commons.db.dao.config.BKUSelectionCustomizationType;
@@ -71,6 +75,9 @@ import at.gv.egovernment.moa.id.commons.db.dao.config.TestCredentials;
import at.gv.egovernment.moa.id.commons.db.dao.config.TransformsInfoType;
import at.gv.egovernment.moa.id.config.ConfigurationUtils;
import at.gv.egovernment.moa.id.config.OAParameter;
+import at.gv.egovernment.moa.id.config.auth.data.BPKDecryptionParameters;
+import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.id.util.ConfigurationEncrytionUtil;
import at.gv.egovernment.moa.id.util.FormBuildUtils;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -555,4 +562,33 @@ public List<String> getTestCredentialOIDs() {
return null;
}
+
+/* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters()
+ */
+@Override
+public PrivateKey getBPKDecBpkDecryptionKey() {
+
+ try {
+ EncryptedData encdata = new EncryptedData(
+ oa_auth.getEncBPKInformation().getBPKDecryption().getKeyInformation(),
+ oa_auth.getEncBPKInformation().getBPKDecryption().getIv());
+ byte[] serializedData = ConfigurationEncrytionUtil.getInstance().decrypt(encdata);
+ BPKDecryptionParameters data =
+ (BPKDecryptionParameters) SerializationUtils.deserialize(serializedData);
+
+ return data.getPrivateKey();
+
+ } catch (BuildException e) {
+ // TODO Auto-generated catch block
+ Logger.error("Can not decrypt key information for bPK decryption", e);
+
+ } catch (NullPointerException e) {
+ Logger.error("No keyInformation found for bPK decryption");
+
+ }
+ return null;
+
+}
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java
new file mode 100644
index 000000000..787a480f0
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/BPKDecryptionParameters.java
@@ -0,0 +1,127 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.Serializable;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.UnrecoverableKeyException;
+import java.security.cert.Certificate;
+
+import org.apache.commons.lang.SerializationUtils;
+
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Base64Utils;
+import at.gv.egovernment.moa.util.KeyStoreUtils;
+
+
+/**
+ * @author tlenz
+ *
+ */
+public class BPKDecryptionParameters implements Serializable{
+
+ private static final long serialVersionUID = 1L;
+
+ private byte[] keyStore = null;
+ private String keyStorePassword = null;
+ private String keyAlias = null;
+ private String keyPassword = null;
+
+ /**
+ * @return
+ */
+ public PrivateKey getPrivateKey() {
+ try {
+ InputStream in = new ByteArrayInputStream(keyStore);
+ KeyStore store = KeyStoreUtils.loadKeyStore(in , keyStorePassword);
+
+ char[] chPassword = " ".toCharArray();
+ if (keyPassword != null)
+ chPassword = keyPassword.toCharArray();
+
+// Certificate test = store.getCertificate(keyAlias);
+// Base64Utils.encode(test.getPublicKey().getEncoded());
+
+ return (PrivateKey) store.getKey(keyAlias, chPassword);
+
+
+ } catch (KeyStoreException e) {
+ Logger.error("Can not load private key from keystore.", e);
+
+ } catch (IOException e) {
+ Logger.error("Can not load private key from keystore.", e);
+
+ } catch (UnrecoverableKeyException e) {
+ Logger.error("Can not load private key from keystore.", e);
+
+ } catch (NoSuchAlgorithmException e) {
+ Logger.error("Can not load private key from keystore.", e);
+
+ }
+
+ return null;
+ }
+
+ public byte[] serialize() {
+ return SerializationUtils.serialize(this);
+
+ }
+
+ /**
+ * @param keyStore the keyStore to set
+ */
+ public void setKeyStore(byte[] keyStore) {
+ this.keyStore = keyStore;
+ }
+
+ /**
+ * @param keyStorePassword the keyStorePassword to set
+ */
+ public void setKeyStorePassword(String keyStorePassword) {
+ this.keyStorePassword = keyStorePassword;
+ }
+
+ /**
+ * @param keyAlias the keyAlias to set
+ */
+ public void setKeyAlias(String keyAlias) {
+ this.keyAlias = keyAlias;
+ }
+
+ /**
+ * @param keyPassword the keyPassword to set
+ */
+ public void setKeyPassword(String keyPassword) {
+ this.keyPassword = keyPassword;
+ }
+
+
+
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
index eddf605a6..7dbdcfa52 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java
@@ -22,6 +22,7 @@
*/
package at.gv.egovernment.moa.id.config.auth.data;
+import java.security.PrivateKey;
import java.util.List;
import java.util.Map;
@@ -399,6 +400,15 @@ public class DynamicOAAuthParameters implements IOAAuthParameters {
return null;
}
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.config.auth.IOAAuthParameters#getBPKDecBpkDecryptionParameters()
+ */
+ @Override
+ public PrivateKey getBPKDecBpkDecryptionKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
index 1240ed8f3..3d4b53f7c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/legacy/BuildFromLegacyConfig.java
@@ -157,6 +157,8 @@ public class BuildFromLegacyConfig {
if (genericConfiguration.containsKey(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY))
authGeneral.setCertStoreDirectory(
(String)genericConfiguration.get(ConfigurationProvider.DIRECTORY_CERTSTORE_PARAMETER_PROPERTY));
+ else
+ authGeneral.setTrustManagerRevocationChecking(true);
//Load Assertion and Session timeouts
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
index 6e67b4219..3f4be5093 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/CPEPS.java
@@ -45,6 +45,8 @@ public class CPEPS {
/** URL of C-PEPS */
private URL pepsURL;
+ private Boolean isXMLSignatureSupported;
+
/** Specific attributes to be requested for this C-PEPS */
private List<RequestedAttribute> countrySpecificRequestedAttributes = new ArrayList<RequestedAttribute>();
@@ -53,10 +55,11 @@ public class CPEPS {
* @param countryCode ISO Country Code of C-PEPS
* @param pepsURL URL of C-PEPS
*/
- public CPEPS(String countryCode, URL pepsURL) {
+ public CPEPS(String countryCode, URL pepsURL, Boolean isXMLSignatureSupported) {
super();
this.countryCode = countryCode;
this.pepsURL = pepsURL;
+ this.isXMLSignatureSupported = isXMLSignatureSupported;
}
/**
@@ -92,6 +95,21 @@ public class CPEPS {
}
/**
+ * Returns weather the C-PEPS supports XMl Signatures or not (important for ERnB)
+ */
+ public Boolean isXMLSignatureSupported() {
+ return isXMLSignatureSupported;
+ }
+
+ /**
+ * Sets weather the C-PEPS supports XMl Signatures or not (important for ERnB)
+ * @param isXMLSignatureSupported C-PEPS XML Signature support
+ */
+ public void setXMLSignatureSupported(boolean isXMLSignatureSupported) {
+ this.isXMLSignatureSupported = isXMLSignatureSupported;
+ }
+
+ /**
* Gets the country specific attributes of this C-PEPS
* @return List of country specific attributes
*/
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
index 2e243b3ae..136b40295 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/stork/STORKConfig.java
@@ -81,7 +81,7 @@ public class STORKConfig {
for(at.gv.egovernment.moa.id.commons.db.dao.config.CPEPS cpep : cpeps) {
try {
- CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()));
+ CPEPS moacpep = new CPEPS(cpep.getCountryCode(), new URL(cpep.getURL()), cpep.isSupportsXMLSignature());
cpepsMap.put(cpep.getCountryCode(), moacpep);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
index 5685977bc..6fd327add 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java
@@ -27,6 +27,7 @@ import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Date;
+import java.util.List;
import org.w3c.dom.Element;
@@ -126,7 +127,9 @@ public class AuthenticationData implements IAuthData, Serializable {
private byte[] signerCertificate = null;
private String authBlock = null;
-
+ private List<String> encbPKList = null;
+
+
private boolean useMandate = false;
private MISMandate mandate = null;
private String mandateReferenceValue = null;
@@ -672,6 +675,22 @@ public class AuthenticationData implements IAuthData, Serializable {
this.ssoSessionValidTo = ssoSessionValidTo;
}
+ /**
+ * @return the encbPKList
+ */
+ public List<String> getEncbPKList() {
+ return encbPKList;
+ }
+
+ /**
+ * @param encbPKList the encbPKList to set
+ */
+ public void setEncbPKList(List<String> encbPKList) {
+ this.encbPKList = encbPKList;
+ }
+
+
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedbPK.java
index 7509c51d8..da6840fd7 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/PVPProcessor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/EncryptedbPK.java
@@ -1,4 +1,4 @@
-/*******************************************************************************
+/*
* Copyright 2014 Federal Chancellery Austria
* MOA-ID has been developed in a cooperation between BRZ, the Federal
* Chancellery Austria - ICT staff unit, and Graz University of Technology.
@@ -19,16 +19,15 @@
* file for details on the various modules and licenses.
* The "NOTICE" text file is part of the distribution. Any derivative works
* that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-package at.gv.egovernment.moa.id.protocols.pvp2x;
-
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
-
-public class PVPProcessor extends AuthServlet {
-
- /**
- *
- */
- private static final long serialVersionUID = 4102075202310068260L;
+ */
+package at.gv.egovernment.moa.id.data;
+/**
+ * @author tlenz
+ *
+ */
+public class EncryptedbPK {
+ private String vkz = null;
+ private String target = null;
+ private String encbPK = null;
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
index 7e421da0f..8ce33021d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/IAuthData.java
@@ -23,6 +23,7 @@
package at.gv.egovernment.moa.id.data;
import java.util.Date;
+import java.util.List;
import org.w3c.dom.Element;
@@ -62,6 +63,8 @@ public interface IAuthData {
String getBkuURL();
+ List<String> getEncbPKList();
+
IdentityLink getIdentityLink();
byte[] getSignerCertificate();
String getAuthBlock();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 0d34fcb87..1e38bd4ff 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -269,7 +269,7 @@ public class DispatcherServlet extends AuthServlet{
info = ModulStorage.getModuleByPath(protocolRequest.requestedModule());
moduleAction = info.getAction(protocolRequest.requestedAction());
- //create interfederated mOASession
+ //create interfederated MOASession
String sessionID =
AuthenticationSessionStoreage.createInterfederatedSession(protocolRequest, true, ssoId);
req.getParameterMap().put(PARAM_SESSIONID, sessionID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index 8f9417096..daa70efce 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -49,6 +49,7 @@ import org.opensaml.saml2.core.NameID;
import org.opensaml.saml2.core.NameIDPolicy;
import org.opensaml.saml2.core.NameIDType;
import org.opensaml.saml2.core.RequestedAuthnContext;
+import org.opensaml.saml2.core.StatusCode;
import org.opensaml.saml2.core.Subject;
import org.opensaml.saml2.metadata.EntityDescriptor;
import org.opensaml.saml2.metadata.SingleLogoutService;
@@ -252,8 +253,8 @@ public class AuthenticationManager extends AuthServlet {
VelocityContext context = new VelocityContext();
context.put("redirectURLs", sloReqList);
- context.put("$timeoutURL", timeOutURL);
- context.put("$timeout", SLOTIMEOUT);
+ context.put("timeoutURL", timeOutURL);
+ context.put("timeout", SLOTIMEOUT);
ssomanager.printSingleLogOutInfo(context, httpResp);
@@ -284,7 +285,7 @@ public class AuthenticationManager extends AuthServlet {
Logger.error("MOA AssertionDatabase ERROR", e);
if (pvpReq != null) {
SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
- LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, inboundRelayState);
}else {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
index cb12bc5bd..ff294dc3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/SSOManager.java
@@ -31,6 +31,7 @@ import java.io.InputStreamReader;
import java.io.Reader;
import java.io.StringWriter;
import java.net.URI;
+import java.util.Date;
import java.util.List;
import javax.servlet.http.Cookie;
@@ -132,7 +133,7 @@ public class SSOManager {
}
- public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) {
+ public boolean isValidSSOSession(String ssoSessionID, IRequest protocolRequest) throws ConfigurationException {
// search SSO Session
if (ssoSessionID == null) {
@@ -144,8 +145,19 @@ public class SSOManager {
if (storedSession == null)
return false;
-
+
else {
+
+ //check if session is out of lifetime
+ Date now = new Date();
+ long maxSSOSessionTime = AuthConfigurationProvider.getInstance().getTimeOuts().getMOASessionCreated().longValue() * 1000;
+ Date ssoSessionValidTo = new Date(storedSession.getCreated().getTime() + maxSSOSessionTime);
+ if (now.after(ssoSessionValidTo)) {
+ Logger.info("Found outdated SSO session information. Start reauthentication process ... ");
+ return false;
+ }
+
+ //check if request starts an interfederated SSO session
if (protocolRequest != null &&
protocolRequest instanceof RequestImpl &&
storedSession.isInterfederatedSSOSession() &&
@@ -342,7 +354,7 @@ public class SSOManager {
httpResp.setContentType("text/html;charset=UTF-8");
- httpResp.getOutputStream().write(writer.toString().getBytes());
+ httpResp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
index 3b0d07ce1..583120a86 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java
@@ -115,6 +115,7 @@ public final class OAuth20AttributeBuilder {
buildersOpenId.add(new OpenIdExpirationTimeAttribute());
buildersOpenId.add(new OpenIdIssueInstantAttribute());
buildersOpenId.add(new OpenIdAuthenticationTimeAttribute());
+ buildersOpenId.add(new OpenIdAudiencesAttribute());
// profile
buildersProfile.add(new ProfileGivenNameAttribute());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
new file mode 100644
index 000000000..404eb1b44
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java
@@ -0,0 +1,47 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.oauth20.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeBuilder;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.IAttributeGenerator;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+
+public class OpenIdAudiencesAttribute implements IAttributeBuilder {
+
+ public String getName() {
+ return "aud";
+ }
+
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+ return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix());
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(this.getName(), "");
+ }
+
+}
+
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
index fec8e3b98..dbf54951f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/MetadataAction.java
@@ -165,7 +165,7 @@ public class MetadataAction implements IAction {
Logger.debug("METADATA: " + metadataXML);
httpResp.setContentType("text/xml");
- httpResp.getOutputStream().write(metadataXML.getBytes());
+ httpResp.getOutputStream().write(metadataXML.getBytes("UTF-8"));
httpResp.getOutputStream().close();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
index 46e02d048..b22941216 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/SingleLogOutAction.java
@@ -135,7 +135,7 @@ public class SingleLogOutAction implements IAction {
if (MiscUtil.isEmpty(ssoID)) {
Logger.warn("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
- LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
return null;
@@ -147,7 +147,7 @@ public class SingleLogOutAction implements IAction {
} catch (MOADatabaseException e) {
Logger.warn("Can not find active Session. Single LogOut not possible!");
SingleLogoutService sloService = SingleLogOutBuilder.getResponseSLODescriptor(pvpReq);
- LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq);
+ LogoutResponse message = SingleLogOutBuilder.buildSLOErrorResponse(sloService, pvpReq, StatusCode.RESPONDER_URI);
SingleLogOutBuilder.sendFrontChannelSLOMessage(sloService, message, httpReq, httpResp, samlReq.getRelayState());
return null;
@@ -162,7 +162,9 @@ public class SingleLogOutAction implements IAction {
((MOAResponse)pvpReq.getRequest()).getResponse() instanceof LogoutResponse) {
Logger.debug("Process Single LogOut response");
LogoutResponse logOutResp = (LogoutResponse) ((MOAResponse)pvpReq.getRequest()).getResponse();
-
+
+ Transaction tx = null;
+
try {
String relayState = pvpReq.getRequest().getRelayState();
if (MiscUtil.isEmpty(relayState)) {
@@ -179,7 +181,7 @@ public class SingleLogOutAction implements IAction {
//TODO: add counter to prevent deadlock
while (!storageSuccess) {
- Transaction tx = session.beginTransaction();
+ tx = session.beginTransaction();
List result;
Query query = session.getNamedQuery("getAssertionWithArtifact");
@@ -235,7 +237,7 @@ public class SingleLogOutAction implements IAction {
try {
session.delete(element);
tx.commit();
-
+
} catch(HibernateException e) {
tx.rollback();
Logger.error("SLOContainter could not deleted from database. ");
@@ -292,7 +294,14 @@ public class SingleLogOutAction implements IAction {
Logger.error("Finale SLO redirct not possible.", e);
throw new AuthenticationException("pvp2.13", new Object[]{});
+ } finally {
+ if (tx != null && !tx.wasCommitted()) {
+ tx.commit();
+
+ }
}
+
+
} else {
Logger.error("Process SingleLogOutAction but request is NOT of type LogoutRequest or LogoutResponse.");
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
index 7f73b1ed7..1a268c812 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/PostBinding.java
@@ -147,20 +147,22 @@ public class PostBinding implements IDecoder, IEncoder {
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(req));
try {
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService()));
-
+ //set metadata descriptor type
+ if (isSPEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSOPostService()));
+
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSOPostService()));
+ }
+
} catch (ConfigurationException e) {
throw new SecurityException(e);
}
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
-
- //set metadata descriptor type
- if (isSPEndPoint)
- messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
- else
- messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
-
+
decode.decode(messageContext);
InboundMessage msg = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
index 26f6f3a62..587d8e935 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/RedirectBinding.java
@@ -135,18 +135,26 @@ public class RedirectBinding implements IDecoder, IEncoder {
HTTPRedirectDeflateDecoder decode = new HTTPRedirectDeflateDecoder(
new BasicParserPool());
+ BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
+ messageContext
+ .setInboundMessageTransport(new HttpServletRequestAdapter(req));
+
try {
- decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService()));
+ //set metadata descriptor type
+ if (isSPEndPoint) {
+ messageContext.setPeerEntityRole(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getSPSSORedirectService()));
+
+ } else {
+ messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ decode.setURIComparator(new MOAURICompare(PVPConfiguration.getInstance().getIDPSSORedirectService()));
+ }
} catch (ConfigurationException e) {
throw new SecurityException(e);
}
-
- BasicSAMLMessageContext<SAMLObject, ?, ?> messageContext = new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
- messageContext
- .setInboundMessageTransport(new HttpServletRequestAdapter(req));
-
+
messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
SAML2HTTPRedirectDeflateSignatureRule signatureRule = new SAML2HTTPRedirectDeflateSignatureRule(
@@ -198,8 +206,8 @@ public class RedirectBinding implements IDecoder, IEncoder {
}
public boolean handleDecode(String action, HttpServletRequest req) {
- return (action.equals(PVP2XProtocol.REDIRECT) && req.getMethod()
- .equals("GET"));
+ return ((action.equals(PVP2XProtocol.REDIRECT) || action.equals(PVP2XProtocol.SINGLELOGOUT))
+ && req.getMethod().equals("GET"));
}
public String getSAML2BindingName() {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
index f0eafe272..a2583c706 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/binding/SoapBinding.java
@@ -33,6 +33,7 @@ import org.opensaml.common.xml.SAMLConstants;
import org.opensaml.saml2.binding.encoding.HTTPSOAP11Encoder;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
+import org.opensaml.saml2.metadata.SPSSODescriptor;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.message.encoder.MessageEncodingException;
import org.opensaml.ws.soap.client.BasicSOAPMessageContext;
@@ -52,9 +53,11 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.BindingNotSupportedEx
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessageInterface;
import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOARequest;
+import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialProvider;
import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException;
import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
public class SoapBinding implements IDecoder, IEncoder {
@@ -66,8 +69,10 @@ public class SoapBinding implements IDecoder, IEncoder {
new BasicSAMLMessageContext<SAMLObject, SAMLObject, SAMLObject>();
messageContext
.setInboundMessageTransport(new HttpServletRequestAdapter(
- req));
-
+ req));
+ //messageContext.setPeerEntityRole(SPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ messageContext.setMetadataProvider(MOAMetadataProvider.getInstance());
+
soapDecoder.decode(messageContext);
Envelope inboundMessage = (Envelope) messageContext
@@ -78,8 +83,25 @@ public class SoapBinding implements IDecoder, IEncoder {
if (!xmlElemList.isEmpty()) {
SignableXMLObject attrReq = (SignableXMLObject) xmlElemList.get(0);
- MOARequest request = new MOARequest(attrReq, getSAML2BindingName());
- request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+ MOARequest request = new MOARequest(attrReq, getSAML2BindingName());
+
+ if (messageContext.getPeerEntityMetadata() != null)
+ request.setEntityID(messageContext.getPeerEntityMetadata().getEntityID());
+
+ else if (attrReq instanceof RequestAbstractType) {
+ RequestAbstractType attributeRequest = (RequestAbstractType) attrReq;
+ try {
+ if (MiscUtil.isNotEmpty(attributeRequest.getIssuer().getValue()) &&
+ MOAMetadataProvider.getInstance().getRole(
+ attributeRequest.getIssuer().getValue(),
+ SPSSODescriptor.DEFAULT_ELEMENT_NAME) != null)
+ request.setEntityID(attributeRequest.getIssuer().getValue());
+
+ } catch (Exception e) {
+ Logger.warn("No Metadata found with EntityID " + attributeRequest.getIssuer().getValue());
+ }
+ }
+
request.setVerified(false);
return request;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
index eeb1dd104..01139d95c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/SingleLogOutBuilder.java
@@ -213,12 +213,13 @@ public class SingleLogOutBuilder {
}
-
+ DateTime now = new DateTime();
Issuer issuer = SAML2Utils.createSAMLObject(Issuer.class);
issuer.setValue(PVPConfiguration.getInstance().getIDPPublicPath());
issuer.setFormat(NameID.ENTITY);
sloReq.setIssuer(issuer);
- sloReq.setIssueInstant(new DateTime());
+ sloReq.setIssueInstant(now);
+ sloReq.setNotOnOrAfter(now.plusMinutes(5));
sloReq.setDestination(sloInfo.getServiceURL());
@@ -230,14 +231,17 @@ public class SingleLogOutBuilder {
return sloReq;
}
- public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest) throws ConfigurationException, MOAIDException {
+ public static LogoutResponse buildSLOErrorResponse(SingleLogoutService sloService, PVPTargetConfiguration spRequest, String firstLevelStatusCode) throws ConfigurationException, MOAIDException {
LogoutResponse sloResp = buildBasicResponse(sloService, spRequest);
Status status = SAML2Utils.createSAMLObject(Status.class);
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
- statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusCode.setValue(firstLevelStatusCode);
statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ StatusCode secondLevelCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ secondLevelCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusCode.setStatusCode(secondLevelCode);
status.setStatusCode(statusCode);
status.setStatusMessage(statusMessage);
sloResp.setStatus(status);
@@ -255,8 +259,11 @@ public class SingleLogOutBuilder {
status = SAML2Utils.createSAMLObject(Status.class);
StatusCode statusCode = SAML2Utils.createSAMLObject(StatusCode.class);
StatusMessage statusMessage = SAML2Utils.createSAMLObject(StatusMessage.class);
- statusCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusCode.setValue(StatusCode.SUCCESS_URI);
statusMessage.setMessage(MOAIDMessageProvider.getInstance().getMessage("pvp2.18", null));
+ StatusCode secondLevelCode = SAML2Utils.createSAMLObject(StatusCode.class);
+ secondLevelCode.setValue(StatusCode.PARTIAL_LOGOUT_URI);
+ statusCode.setStatusCode(secondLevelCode);
status.setStatusCode(statusCode);
status.setStatusMessage(statusMessage);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
index 3dd1dd064..a38446826 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/BPKAttributeBuilder.java
@@ -25,8 +25,10 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.MiscUtil;
public class BPKAttributeBuilder implements IPVPAttributeBuilder {
@@ -39,9 +41,14 @@ public class BPKAttributeBuilder implements IPVPAttributeBuilder {
String bpk = authData.getBPK();
String type = authData.getBPKType();
+ if (MiscUtil.isEmpty(bpk))
+ throw new UnavailableAttributeException(BPK_NAME);
+
if (type.startsWith(Constants.URN_PREFIX_WBPK))
type = type.substring((Constants.URN_PREFIX_WBPK + "+").length());
- else if (type.startsWith(Constants.URN_PREFIX_CDID)) type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
+
+ else if (type.startsWith(Constants.URN_PREFIX_CDID))
+ type = type.substring((Constants.URN_PREFIX_CDID + "+").length());
if (bpk.length() > BPK_MAX_LENGTH) {
bpk = bpk.substring(0, BPK_MAX_LENGTH);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
index ded9e7166..61840ea21 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDAuthBlock.java
@@ -22,14 +22,13 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import iaik.util.logging.Log;
-
import java.io.IOException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -46,12 +45,12 @@ public class EIDAuthBlock implements IPVPAttributeBuilder {
String authblock = authData.getAuthBlock();
if (MiscUtil.isNotEmpty(authblock)) {
return g.buildStringAttribute(EID_AUTH_BLOCK_FRIENDLY_NAME, EID_AUTH_BLOCK_NAME,
- Base64Utils.encode(authblock.getBytes()));
+ Base64Utils.encode(authblock.getBytes("UTF-8")));
}
}
catch (IOException e) {
- Log.info("Encode AuthBlock BASE64 failed.");
+ Logger.info("Encode AuthBlock BASE64 failed.");
}
throw new UnavailableAttributeException(EID_AUTH_BLOCK_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
index 531369e9a..29d6df040 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDIdentityLinkBuilder.java
@@ -27,6 +27,7 @@ import java.io.IOException;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
@@ -40,10 +41,14 @@ public class EIDIdentityLinkBuilder implements IPVPAttributeBuilder {
IAttributeGenerator<ATT> g) throws AttributeException {
try {
String ilAssertion = null;
+
+ if (authData.getIdentityLink() == null)
+ throw new UnavailableAttributeException(EID_IDENTITY_LINK_NAME);
+
ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
return g.buildStringAttribute(EID_IDENTITY_LINK_FRIENDLY_NAME,
- EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes()));
+ EID_IDENTITY_LINK_NAME, Base64Utils.encode(ilAssertion.getBytes("UTF-8")));
} catch (IOException e) {
Logger.warn("IdentityLink serialization error.", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
index 04cc59b10..5e723baab 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSTORKTOKEN.java
@@ -54,7 +54,7 @@ public class EIDSTORKTOKEN implements IPVPAttributeBuilder {
} else {
try {
return g.buildStringAttribute(EID_STORK_TOKEN_FRIENDLY_NAME, EID_STORK_TOKEN_NAME,
- Base64Utils.encode(storkResponse.getBytes()));
+ Base64Utils.encode(storkResponse.getBytes("UTF-8")));
} catch (IOException e) {
Logger.warn("Encode AuthBlock BASE64 failed.", e);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
index 7f52e1d47..463658a3d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSectorForIDAttributeBuilder.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.util.MiscUtil;
public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
@@ -33,8 +35,12 @@ public class EIDSectorForIDAttributeBuilder implements IPVPAttributeBuilder {
}
public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
- IAttributeGenerator<ATT> g) throws AttributeException {
+ IAttributeGenerator<ATT> g) throws AttributeException {
String bpktype = authData.getBPKType();
+
+ if (MiscUtil.isEmpty(authData.getBPKType()))
+ throw new UnavailableAttributeException(EID_SECTOR_FOR_IDENTIFIER_NAME);
+
return g.buildStringAttribute(EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME,
EID_SECTOR_FOR_IDENTIFIER_NAME, bpktype);
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
index df1bc1860..8a603f53a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSignerCertificate.java
@@ -22,7 +22,6 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
-import iaik.util.logging.Log;
import java.io.IOException;
@@ -30,6 +29,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
public class EIDSignerCertificate implements IPVPAttributeBuilder {
@@ -49,7 +49,7 @@ public class EIDSignerCertificate implements IPVPAttributeBuilder {
}
}catch (IOException e) {
- Log.info("Signer certificate BASE64 encoding error");
+ Logger.info("Signer certificate BASE64 encoding error");
}
throw new UnavailableAttributeException(EID_SIGNER_CERTIFICATE_NAME);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
index a8b703fc2..16de43e11 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EIDSourcePIN.java
@@ -27,6 +27,7 @@ import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributePolicyException;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.util.MiscUtil;
public class EIDSourcePIN implements IPVPAttributeBuilder {
@@ -41,6 +42,9 @@ public class EIDSourcePIN implements IPVPAttributeBuilder {
throw new AttributePolicyException(EID_SOURCE_PIN_NAME);
else {
+ if (MiscUtil.isEmpty(authData.getIdentificationValue()))
+ throw new UnavailableAttributeException(EID_SOURCE_PIN_NAME);
+
return g.buildStringAttribute(EID_SOURCE_PIN_FRIENDLY_NAME, EID_SOURCE_PIN_NAME, authData.getIdentificationValue());
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EncryptedBPKAttributeBuilder.java
new file mode 100644
index 000000000..b3256ac9a
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/EncryptedBPKAttributeBuilder.java
@@ -0,0 +1,70 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes;
+
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.IAuthData;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.Constants;
+
+public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder {
+
+ public String getName() {
+ return ENC_BPK_LIST_NAME;
+ }
+
+ public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
+ IAttributeGenerator<ATT> g) throws AttributeException {
+
+ if (authData.getEncbPKList() != null &&
+ authData.getEncbPKList().size() > 0) {
+ String value = authData.getEncbPKList().get(0);
+ for (int i=1; i<authData.getEncbPKList().size(); i++)
+ value += ";"+authData.getEncbPKList().get(i);
+
+ return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
+ value);
+
+ }
+
+ throw new UnavailableAttributeException(ENC_BPK_LIST_NAME);
+
+// String encbpk = "XXX01234567890XXX";
+// String type = "Bereich";
+// String vkz = "Verfahrenskennzeichen";
+//
+// //TODO: implement encrypted bPK support
+//
+// Logger.trace("Authenticate user with encrypted bPK " + vkz + "+" + type + "|" + encbpk);
+//
+// return g.buildStringAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME,
+// vkz + "+" + type + "|" + encbpk);
+ }
+
+ public <ATT> ATT buildEmpty(IAttributeGenerator<ATT> g) {
+ return g.buildEmptyAttribute(ENC_BPK_LIST_FRIENDLY_NAME, ENC_BPK_LIST_NAME);
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
index 670398ff6..790c1e8ca 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/builder/attributes/MandateFullMandateAttributeBuilder.java
@@ -31,6 +31,7 @@ import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
import at.gv.egovernment.moa.id.data.AuthenticationData;
import at.gv.egovernment.moa.id.data.IAuthData;
import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.NoMandateDataAttributeException;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.DOMUtils;
@@ -44,7 +45,9 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
public <ATT> ATT build(OAAuthParameter oaParam, IAuthData authData,
IAttributeGenerator<ATT> g) throws AttributeException {
if (authData.isUseMandate()) {
- if (authData.getMandate() != null) {
+ //only provide full mandate if it is included.
+ //In case of federation only a short mandate could be include
+ if (authData.getMandate() != null && authData.getMISMandate().isFullMandateIncluded()) {
String fullMandate;
try {
fullMandate = DOMUtils.serializeNode(authData
@@ -57,6 +60,8 @@ public class MandateFullMandateAttributeBuilder implements IPVPAttributeBuilder
Logger.error("Failed to generate Full Mandate", e);
}
}
+ throw new NoMandateDataAttributeException();
+
}
return null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
index a57fb5717..cba64e080 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/MOAMetadataProvider.java
@@ -261,6 +261,10 @@ public class MOAMetadataProvider implements MetadataProvider {
List<OnlineApplication> oaList = ConfigurationDBRead
.getAllActiveOnlineApplications();
+
+ if (oaList.size() == 0)
+ Logger.info("No Online-Application configuration found. PVP 2.1 metadata provider initialization failed!");
+
Iterator<OnlineApplication> oaIt = oaList.iterator();
while (oaIt.hasNext()) {
HTTPMetadataProvider httpProvider = null;
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
index ee0088576..a16fed9cd 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java
@@ -22,15 +22,25 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.utils;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.HashMap;
import java.util.List;
+import java.util.Map;
import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.saml2.core.Subject;
+import eu.stork.peps.auth.commons.PersonalAttribute;
+import eu.stork.peps.auth.commons.PersonalAttributeList;
+
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption;
import at.gv.egovernment.moa.logging.Logger;
import at.gv.egovernment.moa.util.MiscUtil;
@@ -38,6 +48,14 @@ import at.gv.egovernment.moa.util.MiscUtil;
public class AssertionAttributeExtractor {
private Assertion assertion = null;
+ private Map<String, String> attributs = new HashMap<String, String>();
+ private PersonalAttributeList storkAttributes = new PersonalAttributeList();
+
+ private final List<String> minimalAttributeNameList = Arrays.asList(
+ PVPConstants.PRINCIPAL_NAME_NAME,
+ PVPConstants.GIVEN_NAME_NAME,
+ PVPConstants.BIRTHDATE_NAME);
+
public AssertionAttributeExtractor(StatusResponseType samlResponse) throws AssertionAttributeExtractorExeption {
if (samlResponse != null && samlResponse instanceof Response) {
@@ -48,12 +66,79 @@ public class AssertionAttributeExtractor {
else if (assertions.size() > 1)
Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used.");
- assertion = assertions.get(0);
-
+ assertion = assertions.get(0);
+
+ if (assertion.getAttributeStatements() != null &&
+ assertion.getAttributeStatements().size() > 0) {
+ AttributeStatement attrStat = assertion.getAttributeStatements().get(0);
+ for (Attribute attr : attrStat.getAttributes()) {
+ if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) {
+ List<String> storkAttrValues = new ArrayList<String>();
+ storkAttrValues.add(attr.getAttributeValues().get(0).getDOM().getTextContent());
+ PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(),
+ false, storkAttrValues , "Available");
+ storkAttributes.put(attr.getName(), storkAttr );
+
+ } else
+ attributs.put(attr.getName(), attr.getAttributeValues().get(0).getDOM().getTextContent());
+ }
+
+ }
+
} else
throw new AssertionAttributeExtractorExeption();
}
+ /**
+ * check attributes from assertion with minimal required attribute list
+ * @return
+ */
+ public boolean containsAllRequiredAttributes() {
+ return containsAllRequiredAttributes(minimalAttributeNameList);
+
+ }
+
+ /**
+ * check attributes from assertion with attributeNameList
+ * bPK or enc_bPK is always needed
+ *
+ * @param List of attributes which are required
+ *
+ * @return
+ */
+ public boolean containsAllRequiredAttributes(List<String> attributeNameList) {
+
+ //first check if a bPK or an encrypted bPK is available
+ if (attributs.containsKey(PVPConstants.ENC_BPK_LIST_NAME) ||
+ (attributs.containsKey(PVPConstants.BPK_NAME) && attributs.containsKey(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME))) {
+ boolean flag = true;
+ for (String attr : attributeNameList) {
+ if (!attributs.containsKey(attr))
+ flag = false;
+ }
+
+ return flag;
+
+ }
+ return false;
+
+ }
+
+ public boolean containsAttribute(String attributeName) {
+ return attributs.containsKey(attributeName);
+
+ }
+
+ public String getAttribute(String attributeName) {
+ return attributs.get(attributeName);
+
+ }
+
+ public PersonalAttributeList getSTORKAttributes() {
+ return storkAttributes;
+ }
+
+
public String getNameID() throws AssertionAttributeExtractorExeption {
if (assertion.getSubject() != null) {
Subject subject = assertion.getSubject();
@@ -99,6 +184,10 @@ public class AssertionAttributeExtractor {
throw new AssertionAttributeExtractorExeption("AuthnContextClassRef");
}
+ public Assertion getFullAssertion() {
+ return assertion;
+ }
+
private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption {
List<AuthnStatement> authnList = assertion.getAuthnStatements();
if (authnList.size() == 0)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
index 8dfebc06c..885de6805 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/SAMLVerifierMOASP.java
@@ -22,6 +22,8 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.pvp2x.verification;
+import java.io.UnsupportedEncodingException;
+
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.security.SAMLSignatureProfileValidator;
import org.opensaml.xml.validation.ValidationException;
@@ -70,7 +72,7 @@ public class SAMLVerifierMOASP implements ISAMLVerifier {
// builds a <VerifyXMLSignatureRequest> for a call of MOA-SP
Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder()
- .build(XMLUtil.printXML(request.getDOM()).getBytes(),
+ .build(XMLUtil.printXML(request.getDOM()).getBytes("UTF-8"),
trustProfileID);
Logger.trace("VerifyXMLSignatureRequest for MOA-SP succesfully built");
@@ -123,6 +125,10 @@ public class SAMLVerifierMOASP implements ISAMLVerifier {
String msg = "Unable to invoke MOA-SP.";
Logger.error(msg, e);
throw new SecurityException(msg, e);
+ } catch (UnsupportedEncodingException e) {
+ String msg = "Unsupported Encoding.";
+ Logger.error(msg, e);
+ throw new SecurityException(msg, e);
}
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 08f40f888..7d3c72630 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -22,15 +22,22 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.protocols.saml1;
+import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.List;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Marshaller;
+import javax.xml.namespace.QName;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.TransformerException;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;
+import com.sun.xml.bind.marshaller.NamespacePrefixMapper;
+
import at.gv.egovernment.moa.id.auth.AuthenticationServer;
import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
import at.gv.egovernment.moa.id.auth.builder.BPKBuilder;
@@ -60,6 +67,11 @@ import at.gv.egovernment.moa.util.Base64Utils;
import at.gv.egovernment.moa.util.Constants;
import at.gv.egovernment.moa.util.DOMUtils;
import at.gv.egovernment.moa.util.StringUtils;
+import at.gv.util.xsd.persondata.IdentificationType;
+import at.gv.util.xsd.persondata.IdentificationType.Value;
+import at.gv.util.xsd.persondata.PersonNameType;
+import at.gv.util.xsd.persondata.PersonNameType.FamilyName;
+import at.gv.util.xsd.persondata.PhysicalPersonType;
public class SAML1AuthenticationServer extends AuthenticationServer {
@@ -185,30 +197,82 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
//set prPersion
boolean provideStammzahl = saml1parameter.isProvideStammzahl()
|| oaParam.getBusinessService();
- String prPerson = new PersonDataBuilder().build(authData.getIdentityLink(),
- provideStammzahl);
- //set Authblock
- String authBlock = saml1parameter.isProvideAUTHBlock() ? authData
- .getAuthBlock() : "";
-
- //set IdentityLink for assortion
+ String prPerson = "";
String ilAssertion = "";
- if (saml1parameter.isProvideIdentityLink()) {
- ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
-
- if (!provideStammzahl)
- ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
- .getIdentificationValue(), "");
- }
-
+ if (authData.getIdentityLink() != null) {
+ prPerson = new PersonDataBuilder().build(authData.getIdentityLink(),
+ provideStammzahl);
- String samlAssertion;
+ //set IdentityLink for assortion
+ if (saml1parameter.isProvideIdentityLink()) {
+ ilAssertion = authData.getIdentityLink().getSerializedSamlAssertion();
+
+ if (!provideStammzahl)
+ ilAssertion = StringUtils.replaceAll(ilAssertion, authData.getIdentityLink()
+ .getIdentificationValue(), "");
+ }
+ } else {
+ Logger.info("No IdentityLink available! Build attribute 'PersonDate' from givenname, familyname and dateofbirth. ");
+ PhysicalPersonType person = new PhysicalPersonType();
+ PersonNameType name = new PersonNameType();
+ person.setName(name);
+ FamilyName familyName = new FamilyName();
+ name.getFamilyName().add(familyName );
+ IdentificationType id = new IdentificationType();
+ person.getIdentification().add(id );
+ Value value = new Value();
+ id.setValue(value );
+
+ id.setType(Constants.URN_PREFIX_BASEID);
+ value.setValue("");
+ familyName.setValue(authData.getFamilyName());
+ familyName.setPrimary("undefined");
+ name.getGivenName().add(authData.getGivenName());
+ person.setDateOfBirth(authData.getFormatedDateOfBirth());
+
+ JAXBContext jc = JAXBContext.newInstance("at.gv.util.xsd.persondata");
+ Marshaller m = jc.createMarshaller();
+ m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE);
+
+ m.setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapper() {
+ public String getPreferredPrefix(String arg0, String arg1, boolean arg2) {
+ if (Constants.PD_NS_URI.equals(arg0))
+ return Constants.PD_PREFIX;
+ else
+ return arg1;
+ }
+ });
+
+ ByteArrayOutputStream stream = new ByteArrayOutputStream();
+ m.marshal(
+ new JAXBElement<PhysicalPersonType>(new QName(Constants.PD_NS_URI,"Person"), PhysicalPersonType.class, person),
+ stream);
+ prPerson = StringUtils.removeXMLDeclaration(new String(stream.toByteArray(), "UTF-8"));
+ stream.close();
+
+
+
+ }
+
+ //set Authblock
+ String authBlock = "";
+ if (authData.getAuthBlock() != null) {
+ authBlock = saml1parameter.isProvideAUTHBlock() ? authData.getAuthBlock() : "";
+
+ } else {
+ Logger.info("\"provideAuthBlock\" is \"true\", but no authblock available");
+
+ }
+ String samlAssertion;
if (authData.isUseMandate()) {
List<ExtendedSAMLAttribute> oaAttributes = authData.getExtendedSAMLAttributesOA();
- if (saml1parameter.isProvideFullMandatorData()) {
+ //only provide full mandate if it is included.
+ //In case of federation only a short mandate could be include
+ if (saml1parameter.isProvideFullMandatorData()
+ && authData.getMISMandate().isFullMandateIncluded()) {
try {
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 9c8c52e87..8f7f17e2e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -33,6 +33,7 @@ import org.apache.commons.lang.StringEscapeUtils;
import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException;
import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException;
import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
@@ -102,7 +103,7 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
if (!AuthConfigurationProvider.getInstance().getAllowedProtocols().isSAML1Active()) {
Logger.info("SAML1 is deaktivated!");
- throw new ProtocolNotActiveException("auth.22", new Object[] { NAME });
+ throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" });
}
@@ -145,14 +146,14 @@ public class SAML1Protocol implements IModulInfo, MOAIDAuthConstants {
.getOnlineApplicationParameter(oaURL);
if (oaParam == null)
- throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
OASAML1 saml1 = oaParam.getSAML1Parameter();
if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) {
Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication.");
- throw new AuthenticationException("auth.00",
- new Object[] { oaURL });
+ throw new InvalidProtocolRequestException("auth.00",
+ new Object[] { null });
}
config.setSourceID(sourceID);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
index a5690a883..3bd827667 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/AuthenticationRequest.java
@@ -75,7 +75,7 @@ public class AuthenticationRequest implements IAction {
this.authData = authData;
- if ((req instanceof MOASTORKRequest) && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) {
+ if ((req instanceof MOASTORKRequest)) { // && ( ((MOASTORKRequest) req).getCitizenCountryCode() == null || ((MOASTORKRequest) req).getCitizenCountryCode().equals("AT") )) {
this.moaStorkRequest = (MOASTORKRequest) req;
@@ -134,10 +134,10 @@ public class AuthenticationRequest implements IAction {
return (new AttributeCollector()).processRequest(container, httpReq, httpResp, authData, oaParam);
}
- // check if we are getting request for citizen of some other country
- else if (req instanceof MOASTORKRequest) {
- return handleMOAStorkRequest("VIDP", (MOASTORKRequest) req, httpReq.getRemoteAddr(), httpResp);
- }
+// // check if we are getting request for citizen of some other country
+// else if (req instanceof MOASTORKRequest) {
+// return handleMOAStorkRequest("VIDP", (MOASTORKRequest) req, httpReq.getRemoteAddr(), httpResp);
+// }
// Check if we got the response from PEPS
// If so then process it and forward to SP
@@ -318,7 +318,7 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Sending html content: " + writer.getBuffer().toString());
Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
- httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
} catch (IOException e) {
Logger.error("Velocity IO error: " + e.getMessage());
@@ -380,7 +380,7 @@ public class AuthenticationRequest implements IAction {
Logger.debug("Sending html content: " + writer.getBuffer().toString());
Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
- httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
} catch (Exception e) {
Logger.error("Velocity error: " + e.getMessage());
@@ -390,24 +390,24 @@ public class AuthenticationRequest implements IAction {
public boolean needAuthentication(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp) {
- // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country
- if (req instanceof MOASTORKRequest) {
- MOASTORKRequest moastorkRequest = (MOASTORKRequest) req;
- if (moastorkRequest.getStorkAuthnRequest() != null) {
- String citizenCountryCode = moastorkRequest.getStorkAuthnRequest().getCitizenCountryCode();
- // check if citizen country is configured in the system
- try {
- if (AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode)) {
- return false;
- }
- } catch (MOAIDException e) {
- Logger.error("Could not initialize AuthConfigurationProvider");
- }
- }
- // authentication is not required if received authentication response
- } else if (req instanceof MOASTORKResponse) {
- return false;
- }
+// // authentication is not needed if we have authentication request from SP for citizen of configured PEPS country
+// if (req instanceof MOASTORKRequest) {
+// MOASTORKRequest moastorkRequest = (MOASTORKRequest) req;
+// if (moastorkRequest.getStorkAuthnRequest() != null) {
+// String citizenCountryCode = moastorkRequest.getStorkAuthnRequest().getCitizenCountryCode();
+// // check if citizen country is configured in the system
+// try {
+// if (AuthConfigurationProvider.getInstance().getStorkConfig().getCpepsMap().containsKey(citizenCountryCode)) {
+// return false;
+// }
+// } catch (MOAIDException e) {
+// Logger.error("Could not initialize AuthConfigurationProvider");
+// }
+// }
+// // authentication is not required if received authentication response
+// } else if (req instanceof MOASTORKResponse) {
+// return false;
+// }
return true;
}
@@ -455,8 +455,12 @@ public class AuthenticationRequest implements IAction {
try {
for (PersonalAttribute personalAttribute : attrLst) {
+ try {
Logger.debug("Personal attribute found in request: " + personalAttribute.getName() + " isRequired: " + personalAttribute.isRequired());
moaAttributeProvider.populateAttribute(attributeList, personalAttribute);
+ } catch (Exception e) {
+ Logger.error("Exception, attributes: " + e.getMessage());
+ }
}
} catch (Exception e) {
Logger.error("Exception, attributes: " + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
index 2b00f15e2..3159574fe 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/ConsentEvaluator.java
@@ -142,7 +142,7 @@ public class ConsentEvaluator implements IAction {
StringWriter writer = new StringWriter();
template.merge(context, writer);
- response.getOutputStream().write(writer.getBuffer().toString().getBytes());
+ response.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
} catch (Exception e) {
Logger.error("Velocity error: " + e.getMessage());
@@ -209,7 +209,7 @@ public class ConsentEvaluator implements IAction {
Logger.debug("Sending html content: " + writer.getBuffer().toString());
Logger.debug("Sending html content2 : " + new String(writer.getBuffer()));
- httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes());
+ httpResp.getOutputStream().write(writer.getBuffer().toString().getBytes("UTF-8"));
} catch (Exception e) {
Logger.error("Velocity error: " + e.getMessage());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
index 139c438f9..baa91a854 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/MandateRetrievalRequest.java
@@ -71,6 +71,7 @@ public class MandateRetrievalRequest implements IAction {
httpResp.reset();
this.representingIdentityLink = authData.getIdentityLink();
+
OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(req.getOAURL());
if (oaParam == null)
throw new AuthenticationException("stork.12", new Object[]{req.getOAURL()});
@@ -449,7 +450,8 @@ public class MandateRetrievalRequest implements IAction {
}
if (!mandateContainer.getPhysicalRepresentativeIdentificationType().equals(Constants.URN_PREFIX_BASEID)) {
- Logger.error("Incorrect identity link (MIS): identification type is not correct! Got: " + this.representingIdentityLink.getIdentificationType());
+ Logger.error("Incorrect identity link (MIS): identification type is not correct! Got: " + this.representingIdentityLink.getIdentificationType() + " (representingIdentityLink) and " + mandateContainer.getPhysicalRepresentativeIdentificationType() + " (mandateContainer.phyRepresentative)");
+ Logger.debug("mandatecontainervalue: " + mandateContainer.getPhysicalRepresentativeIdentificationValue() + ", representingidentitylinkvalue: " + this.representingIdentityLink.getIdentificationValue());
throw new MOAIDException("stork.20", new Object[]{}); // TODO
}
@@ -491,7 +493,7 @@ public class MandateRetrievalRequest implements IAction {
represented.setType(getCompanyType(corporateBodyMandateContainer.corpMandatorFullName, corporateBodyMandateContainer.corpMandatorIdentificationType, sourceAttribute));
} else if (mandateContainer instanceof PhyPersonMandateContainer) {
PhyPersonMandateContainer phyPersonMandateContainer = (PhyPersonMandateContainer) mandateContainer;
- represented.setEIdentifier(getRepresentedStorkeIdentifier(mandateContainer)); // TODO CALCULATE
+ represented.setEIdentifier(getRepresentedStorkeIdentifier(mandateContainer));
represented.setGivenName(phyPersonMandateContainer.getPhyPersMandatorGivenName());
represented.setSurname(phyPersonMandateContainer.getPhyPersMandatorFamilyName());
represented.setDateOfBirth(phyPersonMandateContainer.getPhyPersMandatorBirthDate());
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java
index 8df3c00aa..07e5b70ba 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/MandateAttributeRequestProvider.java
@@ -192,7 +192,7 @@ public class MandateAttributeRequestProvider extends AttributeProvider {
StringWriter writer = new StringWriter();
template.merge(context, writer);
- resp.getOutputStream().write(writer.toString().getBytes());
+ resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
} catch (Exception e) {
Logger.error("Error sending STORK SAML AttrRequest.", e);
throw new MOAIDException("stork.11", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java
index 72274bada..13b14b0be 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/SignedDocAttributeRequestProvider.java
@@ -104,8 +104,7 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider {
public SignedDocAttributeRequestProvider(String oasisDssWebFormURL, String attributes) {
super(attributes);
this.oasisDssWebFormURL = oasisDssWebFormURL;
- //TODO load dtlUrl from config
-
+
Properties props = new Properties();
try {
props.load(DatabaseConnectorMySQLImpl.class.getResourceAsStream("docservice.properties"));
@@ -132,6 +131,14 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider {
}
requestedAttribute = attribute;
+ try
+ {
+ String tmp = requestedAttribute.getValue().get(0);
+ }catch(Exception e)
+ {
+ Logger.info("SignedDocAttributeProvide failed:"+e.toString());
+ throw new UnsupportedAttributeException();
+ }
throw new ExternalAttributeRequestRequiredException(this);
}
@@ -144,11 +151,10 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider {
* .servlet.http.HttpServletRequest)
*/
public IPersonalAttributeList parse(HttpServletRequest httpReq) throws MOAIDException, UnsupportedAttributeException {
- Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request2");
+ Logger.debug("Beginning to extract OASIS-DSS response out of HTTP Request");
try {
- String base64 = httpReq.
- getParameter("signresponse");
+ String base64 = httpReq.getParameter("signresponse");
Logger.debug("signresponse url: " + httpReq.getRequestURI().toString());
Logger.debug("signresponse querystring: " + httpReq.getQueryString());
Logger.debug("signresponse method: " + httpReq.getMethod());
@@ -219,6 +225,49 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider {
{
//No document service used?
// do nothing....
+ //TODO temporary fix because document is deleted after fetching => SP can't download Doc
+ //Add doc to Signresponse
+
+ DocumentWithSignature documentWithSignature = new DocumentWithSignature();
+ DocumentType value = new DocumentType();
+ if(signResponse.getProfile().toLowerCase().contains("xades"))
+ {
+ value.setBase64XML(data);
+ }
+ else
+ {
+ Base64Data base64data = new Base64Data();
+ base64data.setValue(data);
+ base64data.setMimeType(dataSource.getContentType());
+ value.setBase64Data(base64data);
+ }
+ documentWithSignature.setDocument(value);
+ if(signResponse.getOptionalOutputs()!=null)
+ {
+ //signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
+ for(Object o :signResponse.getOptionalOutputs().getAny())
+ {
+ if(o instanceof DocumentWithSignature)
+ {
+ signResponse.getOptionalOutputs().getAny().remove(o);
+ signResponse.getOptionalOutputs().getAny().add(documentWithSignature);
+ break;
+ }
+ }
+ }
+ else
+ {
+ AnyType anytype = new AnyType();
+ anytype.getAny().add(documentWithSignature);
+ signResponse.setOptionalOutputs(anytype );
+ }
+
+// System.out.println("overwriting:"+signResponse.getResult().getResultMessage()+" with DTL url:"+dtlUrl);
+ InputStream istr = ApiUtils.marshalToInputStream(signResponse);
+ StringWriter writer = new StringWriter();
+ IOUtils.copy(istr, writer, "UTF-8");
+ signResponseString = writer.toString();
+ Logger.info("SignResponse overwritten:"+signResponseString);
}
}
else
@@ -337,7 +386,7 @@ public class SignedDocAttributeRequestProvider extends AttributeProvider {
StringWriter writer = new StringWriter();
template.merge(context, writer);
- resp.getOutputStream().write(writer.toString().getBytes());
+ resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
} catch (Exception e) {
Logger.error("Error sending DSS signrequest.", e);
throw new MOAIDException("stork.11", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java
index d7e2cdf58..cb3a33c69 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/stork2/attributeproviders/StorkAttributeRequestProvider.java
@@ -172,7 +172,7 @@ public class StorkAttributeRequestProvider extends AttributeProvider {
StringWriter writer = new StringWriter();
template.merge(context, writer);
- resp.getOutputStream().write(writer.toString().getBytes());
+ resp.getOutputStream().write(writer.toString().getBytes("UTF-8"));
} catch (Exception e) {
Logger.error("Error sending STORK SAML AttrRequest.", e);
throw new MOAIDException("stork.11", null);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
index 350c4e9da..a9f5ed60a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/storage/AuthenticationSessionStoreage.java
@@ -898,7 +898,7 @@ public class AuthenticationSessionStoreage {
private static void encryptSession(AuthenticationSession session, AuthenticatedSessionStore dbsession) throws BuildException {
byte[] serialized = SerializationUtils.serialize(session);
- EncryptedData encdata = SessionEncrytionUtil.encrypt(serialized);
+ EncryptedData encdata = SessionEncrytionUtil.getInstance().encrypt(serialized);
dbsession.setSession(encdata.getEncData());
dbsession.setIv(encdata.getIv());
}
@@ -906,7 +906,7 @@ public class AuthenticationSessionStoreage {
private static AuthenticationSession decryptSession(AuthenticatedSessionStore dbsession) throws BuildException {
EncryptedData encdata = new EncryptedData(dbsession.getSession(),
dbsession.getIv());
- byte[] decrypted = SessionEncrytionUtil.decrypt(encdata);
+ byte[] decrypted = SessionEncrytionUtil.getInstance().decrypt(encdata);
return (AuthenticationSession) SerializationUtils.deserialize(decrypted);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
new file mode 100644
index 000000000..f246c55e1
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/AbstractEncrytionUtil.java
@@ -0,0 +1,157 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.util;
+
+import iaik.security.cipher.PBEKey;
+import iaik.security.spec.PBEKeyAndParameterSpec;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.security.SecureRandom;
+import java.security.spec.InvalidKeySpecException;
+
+import javax.crypto.Cipher;
+import javax.crypto.KeyGenerator;
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+
+
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.data.EncryptedData;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public abstract class AbstractEncrytionUtil {
+ protected static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";
+ protected static final String KEYNAME = "AES";
+
+ private SecretKey secret = null;
+
+ public AbstractEncrytionUtil() throws DatabaseEncryptionException {
+ initialize(getKey(), getSalt());
+ }
+
+ protected abstract String getSalt();
+ protected abstract String getKey();
+
+ protected void initialize(String key, String salt) throws DatabaseEncryptionException {
+ try {
+ if (MiscUtil.isNotEmpty(key)) {
+ if (MiscUtil.isEmpty(salt))
+ salt = "TestSalt";
+
+ PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray());
+ SecretKeyFactory factory = SecretKeyFactory.getInstance("PKCS#5", "IAIK");
+ PBEKey pbeKey = (PBEKey)factory.generateSecret(keySpec);
+
+ SecureRandom random = new SecureRandom();
+ KeyGenerator pbkdf2 = KeyGenerator.getInstance("PBKDF2", "IAIK");
+
+ PBEKeyAndParameterSpec parameterSpec =
+ new PBEKeyAndParameterSpec(pbeKey.getEncoded(),
+ salt.getBytes(),
+ 2000,
+ 16);
+
+ pbkdf2.init(parameterSpec, random);
+ SecretKey derivedKey = pbkdf2.generateKey();
+
+ SecretKeySpec spec = new SecretKeySpec(derivedKey.getEncoded(), KEYNAME);
+ SecretKeyFactory kf = SecretKeyFactory.getInstance(KEYNAME, "IAIK");
+ secret = kf.generateSecret(spec);
+
+ } else {
+ Logger.error("Database encryption can not initialized. No key found!");
+
+ }
+
+ } catch (NoSuchAlgorithmException e) {
+ Logger.error("Database encryption can not initialized", e);
+ throw new DatabaseEncryptionException("Database encryption can not initialized", null, e);
+
+ } catch (NoSuchProviderException e) {
+ Logger.error("Database encryption can not initialized", e);
+ throw new DatabaseEncryptionException("Database encryption can not initialized", null, e);
+
+ } catch (InvalidKeySpecException e) {
+ Logger.error("Database encryption can not initialized", e);
+ throw new DatabaseEncryptionException("Database encryption can not initialized", null, e);
+
+ } catch (InvalidAlgorithmParameterException e) {
+ Logger.error("Database encryption can not initialized", e);
+ throw new DatabaseEncryptionException("Database encryption can not initialized", null, e);
+
+ }
+ }
+
+ public EncryptedData encrypt(byte[] data) throws BuildException {
+ Cipher cipher;
+
+ if (secret != null) {
+ try {
+ cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
+ cipher.init(Cipher.ENCRYPT_MODE, secret);
+
+ Logger.debug("Encrypt MOASession");
+
+ byte[] encdata = cipher.doFinal(data);
+ byte[] iv = cipher.getIV();
+
+ return new EncryptedData(encdata, iv);
+
+ } catch (Exception e) {
+ Logger.warn("MOASession is not encrypted",e);
+ throw new BuildException("MOASession is not encrypted", new Object[]{}, e);
+ }
+ } else
+ return new EncryptedData(data, null);
+ }
+
+ public byte[] decrypt(EncryptedData data) throws BuildException {
+ Cipher cipher;
+
+ if (secret != null) {
+ try {
+ IvParameterSpec iv = new IvParameterSpec(data.getIv());
+
+ cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
+ cipher.init(Cipher.DECRYPT_MODE, secret, iv);
+
+ Logger.debug("Decrypt MOASession");
+ return cipher.doFinal(data.getEncData());
+
+ } catch (Exception e) {
+ Logger.warn("MOASession is not decrypted",e);
+ throw new BuildException("MOASession is not decrypted", new Object[]{}, e);
+ }
+ } else
+ return data.getEncData();
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java
new file mode 100644
index 000000000..10221604c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/ConfigurationEncrytionUtil.java
@@ -0,0 +1,71 @@
+/*******************************************************************************
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ *******************************************************************************/
+package at.gv.egovernment.moa.id.util;
+
+import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class ConfigurationEncrytionUtil extends AbstractEncrytionUtil {
+
+ private static ConfigurationEncrytionUtil instance = null;
+ private static String key = null;
+
+ public static ConfigurationEncrytionUtil getInstance() {
+ if (instance == null) {
+ try {
+ key = AuthConfigurationProvider.getInstance().getMOAConfigurationEncryptionKey();
+ instance = new ConfigurationEncrytionUtil();
+
+ } catch (Exception e) {
+ Logger.warn("MOAConfiguration encryption initialization FAILED.", e);
+
+ }
+ }
+ return instance;
+ }
+
+ /**
+ * @throws DatabaseEncryptionException
+ */
+ private ConfigurationEncrytionUtil() throws DatabaseEncryptionException {
+ super();
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt()
+ */
+ @Override
+ protected String getSalt() {
+ return "Configuration-Salt";
+ }
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey()
+ */
+ @Override
+ protected String getKey() {
+ return key;
+ }
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
index acc2a7273..8660f7c09 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/SessionEncrytionUtil.java
@@ -22,110 +22,50 @@
*******************************************************************************/
package at.gv.egovernment.moa.id.util;
-import iaik.security.cipher.PBEKey;
-import iaik.security.spec.PBEKeyAndParameterSpec;
-
-import java.security.SecureRandom;
-import java.security.spec.KeySpec;
-
-import javax.crypto.Cipher;
-import javax.crypto.KeyGenerator;
-import javax.crypto.SecretKey;
-import javax.crypto.SecretKeyFactory;
-import javax.crypto.spec.IvParameterSpec;
-import javax.crypto.spec.PBEKeySpec;
-import javax.crypto.spec.SecretKeySpec;
-
-import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.exception.DatabaseEncryptionException;
import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
-import at.gv.egovernment.moa.id.data.EncryptedData;
import at.gv.egovernment.moa.logging.Logger;
-public class SessionEncrytionUtil {
-
- private static final String CIPHER_MODE = "AES/CBC/PKCS5Padding";
- private static final String KEYNAME = "AES";
-
- static private SecretKey secret = null;
+public class SessionEncrytionUtil extends AbstractEncrytionUtil {
- static {
- try {
- String key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey();
-
- if (key != null) {
-
- PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray());
- SecretKeyFactory factory = SecretKeyFactory.getInstance("PKCS#5", "IAIK");
- PBEKey pbeKey = (PBEKey)factory.generateSecret(keySpec);
-
-
- SecureRandom random = new SecureRandom();
- KeyGenerator pbkdf2 = KeyGenerator.getInstance("PBKDF2", "IAIK");
-
- PBEKeyAndParameterSpec parameterSpec =
- new PBEKeyAndParameterSpec(pbeKey.getEncoded(),
- "TestSALT".getBytes(),
- 2000,
- 16);
-
- pbkdf2.init(parameterSpec, random);
- SecretKey derivedKey = pbkdf2.generateKey();
-
- SecretKeySpec spec = new SecretKeySpec(derivedKey.getEncoded(), KEYNAME);
- SecretKeyFactory kf = SecretKeyFactory.getInstance(KEYNAME, "IAIK");
- secret = kf.generateSecret(spec);
-
- } else {
- Logger.warn("MOASession encryption is deaktivated.");
- }
-
- } catch (Exception e) {
- Logger.warn("MOASession encryption can not be inizialized.", e);
- }
-
- }
+ private static SessionEncrytionUtil instance = null;
+ private static String key = null;
- public static EncryptedData encrypt(byte[] data) throws BuildException {
- Cipher cipher;
-
- if (secret != null) {
+ public static SessionEncrytionUtil getInstance() {
+ if (instance == null) {
try {
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.ENCRYPT_MODE, secret);
-
- Logger.debug("Encrypt MOASession");
-
- byte[] encdata = cipher.doFinal(data);
- byte[] iv = cipher.getIV();
-
- return new EncryptedData(encdata, iv);
-
+ key = AuthConfigurationProvider.getInstance().getMOASessionEncryptionKey();
+ instance = new SessionEncrytionUtil();
+
} catch (Exception e) {
- Logger.warn("MOASession is not encrypted",e);
- throw new BuildException("MOASession is not encrypted", new Object[]{}, e);
- }
- } else
- return new EncryptedData(data, null);
+ Logger.warn("MOASession encryption can not be inizialized.", e);
+
+ }
+ }
+ return instance;
+ }
+
+ /**
+ * @throws DatabaseEncryptionException
+ */
+ private SessionEncrytionUtil() throws DatabaseEncryptionException {
+ super();
}
- public static byte[] decrypt(EncryptedData data) throws BuildException {
- Cipher cipher;
-
- if (secret != null) {
- try {
- IvParameterSpec iv = new IvParameterSpec(data.getIv());
-
- cipher = Cipher.getInstance(CIPHER_MODE, "IAIK");
- cipher.init(Cipher.DECRYPT_MODE, secret, iv);
-
- Logger.debug("Decrypt MOASession");
- return cipher.doFinal(data.getEncData());
-
- } catch (Exception e) {
- Logger.warn("MOASession is not decrypted",e);
- throw new BuildException("MOASession is not decrypted", new Object[]{}, e);
- }
- } else
- return data.getEncData();
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getSalt()
+ */
+ @Override
+ protected String getSalt() {
+ return "Session-Salt";
}
+
+ /* (non-Javadoc)
+ * @see at.gv.egovernment.moa.id.util.AbstractEncrytionUtil#getKey()
+ */
+ @Override
+ protected String getKey() {
+ return key;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
index f7785d2c2..20cabaf4d 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISMandate.java
@@ -70,6 +70,7 @@ public class MISMandate implements Serializable{
private String oid = null;
private byte[] mandate = null;
private String owBPK = null;
+ private boolean isFullMandateIncluded = false;
public String getProfRep() {
return oid;
@@ -109,5 +110,18 @@ public class MISMandate implements Serializable{
}
}
+ /**
+ * @return the isFullMandateIncluded
+ */
+ public boolean isFullMandateIncluded() {
+ return isFullMandateIncluded;
+ }
+ /**
+ * @param isFullMandateIncluded the isFullMandateIncluded to set
+ */
+ public void setFullMandateIncluded(boolean isFullMandateIncluded) {
+ this.isFullMandateIncluded = isFullMandateIncluded;
+ }
+
}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
index aaf793987..15b2a89b5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java
@@ -145,6 +145,8 @@ public class MISSimpleClient {
//misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate)));
misMandate.setMandate(Base64.decodeBase64(DOMUtils.getText(mandate).getBytes()));
+ misMandate.setFullMandateIncluded(true);
+
foundMandates.add(misMandate);
}
return foundMandates;
diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
index 0536cfae1..9bfa14a7c 100644
--- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
+++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties
@@ -252,7 +252,7 @@ pvp2.21=Die Signature des Requests konnte nicht g\u00FCltig validiert werden.
pvp2.22=Der Request konnte nicht g\u00FCltig validiert werden (Fehler\={0}).
oauth20.01=Fehlerhafte redirect url
-oauth20.02=Fehlender Parameter "{0}"
+oauth20.02=Fehlender oder ung\u00FCltiger Parameter "{0}"
oauth20.03=Angeforderter response_type ist nicht erlaubt
oauth20.04=Die Art der Anmeldung wird nicht unterstuetzt
oauth20.05=Der angegebene Benutzer ist nicht berechtigt
diff --git a/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html
index f655caee0..f901351a2 100644
--- a/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html
+++ b/id/server/idserverlib/src/main/resources/resources/templates/stork2_postbinding_template.html
@@ -23,7 +23,7 @@
-->
</style>
- <form action="${action}" method="post" target="_parent">
+ <form action="${action}" method="post" target="_self">
<div>
#if($RelayState)<input type="hidden" name="RelayState"
value="${RelayState}" />#end #if($SAMLRequest)<input type="hidden"
diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
index 3acf20a41..3b4beb7b7 100644
--- a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
@@ -215,7 +215,7 @@ public class SAMLResponseParserTest extends UnitTestCase {
assertEquals(0, authData.getMinorVersion());
assertEquals("-4633313027464114584", authData.getAssertionID());
assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer());
- assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstant());
+ assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstantString());
assertEquals("123456789012", authData.getIdentificationValue());
assertEquals("MTk2OC0xMC0yMmdi", authData.getBPK());
assertEquals("Hermann", authData.getGivenName());
diff --git a/id/server/moa-id-commons/pom.xml b/id/server/moa-id-commons/pom.xml
index 0a3351edb..e6d708eca 100644
--- a/id/server/moa-id-commons/pom.xml
+++ b/id/server/moa-id-commons/pom.xml
@@ -46,23 +46,23 @@
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
- <version>4.3.4.Final</version>
+ <version>4.3.6.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-c3p0</artifactId>
- <version>4.3.4.Final</version>
+ <version>4.3.6.Final</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-entitymanager</artifactId>
- <version>4.3.4.Final</version>
+ <version>4.3.6.Final</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
- <version>3.3.1</version>
+ <version>3.3.2</version>
</dependency>
<dependency>
<groupId>commons-httpclient</groupId>
@@ -118,7 +118,7 @@
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
- <version>5.1.29</version>
+ <version>5.1.32</version>
</dependency>
</dependencies>
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
index 88220cded..46d3ca558 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBRead.java
@@ -31,6 +31,8 @@ import org.apache.commons.lang.StringEscapeUtils;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceException;
+
+import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -65,7 +67,7 @@ public class ConfigurationDBRead {
List result;
EntityManager session = ConfigurationDBUtils.getCurrentSession();
-
+
javax.persistence.Query query = session.createQuery(QUERIES.get("getActiveOnlineApplicationWithID"));
//query.setParameter("id", id+"%");
query.setParameter("id", StringEscapeUtils.escapeHtml(id));
@@ -147,8 +149,8 @@ public class ConfigurationDBRead {
Logger.trace("Found entries: " + result.size());
if (result.size() == 0) {
- Logger.trace("No entries found.");
- return null;
+ Logger.trace("No entries found. Create fresh instance.");
+ return new MOAIDConfiguration();
}
return (MOAIDConfiguration) result.get(0);
@@ -221,7 +223,8 @@ public class ConfigurationDBRead {
if (result.size() == 0) {
Logger.trace("No entries found.");
- return null;
+ result = new ArrayList<OnlineApplication>();
+
}
return result;
}
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
index 6bd987f96..cdb19340d 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/ConfigurationDBUtils.java
@@ -154,7 +154,7 @@ public final class ConfigurationDBUtils {
synchronized (session) {
tx.begin();
- session.persist(dbo);
+ session.merge(dbo);
tx.commit();
//session.clear();
diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
index c83bb20ca..97f26812f 100644
--- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
+++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/statistic/StatisticLog.java
@@ -40,7 +40,7 @@ import org.hibernate.annotations.DynamicUpdate;
@Entity
@DynamicUpdate(value=true)
-@Table(name = "statisiclog")
+@Table(name = "statisticlog")
@NamedQueries({
@NamedQuery(name="getAllEntriesNotBeforeTimeStamp", query = "select statisiclog from StatisticLog statisiclog where statisiclog.timestamp > :timeout")
})
diff --git a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
index cf04319c8..21714849b 100644
--- a/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
+++ b/id/server/moa-id-commons/src/main/resources/config/bindings.xjb
@@ -2,6 +2,8 @@
xmlns:jaxb="http://java.sun.com/xml/ns/jaxb"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xjc="http://java.sun.com/xml/ns/jaxb/xjc"
+ xmlns:hj="http://hyperjaxb3.jvnet.org/ejb/schemas/customizations"
+ xmlns:orm="http://java.sun.com/xml/ns/persistence/orm"
jaxb:extensionBindingPrefixes="hj">
<jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema">
@@ -12,4 +14,22 @@
adapter="com.sun.tools.xjc.runtime.ZeroOneBooleanAdapter"/>
</jaxb:globalBindings>
</jaxb:bindings>
+
+ <jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema/xsd:element[@name='C-PEPS']//xsd:element[@ref='OA_STORK']">
+ <hj:many-to-many name="OA_STORK">
+ <orm:join-table name="OA_CPEPS">
+ <orm:join-column name="aid" referenced-column-name="hjid" />
+ <orm:inverse-join-column name="bid" referenced-column-name="hjid" />
+ </orm:join-table>
+ </hj:many-to-many>
+ </jaxb:bindings>
+
+ <jaxb:bindings schemaLocation="moaid_config_2.0.xsd" node="/xsd:schema/xsd:element[@name='OA_STORK']//xsd:element[@ref='C-PEPS']">
+ <hj:many-to-many name="CPEPS" mappedBy="OA_STORK">
+ <hj:cascade>
+ <hj:cascade-persist/>
+ </hj:cascade>
+ </hj:many-to-many>
+ </jaxb:bindings>
+
</jaxb:bindings> \ No newline at end of file
diff --git a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
index 8bc532236..f2f1949cc 100644
--- a/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
+++ b/id/server/moa-id-commons/src/main/resources/config/moaid_config_2.0.xsd
@@ -551,6 +551,7 @@
<xsd:element ref="OA_SAML1" minOccurs="0"/>
<xsd:element ref="OA_PVP2" minOccurs="0"/>
<xsd:element ref="OA_OAUTH20" minOccurs="0"/>
+ <xsd:element ref="EncBPKInformation" minOccurs="0" maxOccurs="1"/>
</xsd:sequence>
<!--xsd:element ref="pr:AbstractSimpleIdentification" minOccurs="0"
maxOccurs="1"/ -->
@@ -558,6 +559,31 @@
</xsd:element>
</xsd:sequence>
</xsd:complexType>
+ <xsd:element name="EncBPKInformation">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="bPKDecryption" minOccurs="0" maxOccurs="1">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="keyInformation" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="iv" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="keyStoreFileName" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ <xsd:element name="keyAlias" type="xsd:string" minOccurs="0" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ <xsd:element name="bPKEncryption" minOccurs="0" maxOccurs="unbounded">
+ <xsd:complexType>
+ <xsd:sequence>
+ <xsd:element name="publicKey" type="xsd:base64Binary" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="target" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ <xsd:element name="vkz" type="xsd:string" minOccurs="1" maxOccurs="1"/>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
+ </xsd:sequence>
+ </xsd:complexType>
+ </xsd:element>
<xsd:complexType name="ConnectionParameterServerAuthType">
<xsd:sequence>
<xsd:element name="AcceptedServerCertificates" type="xsd:anyURI" minOccurs="0">
@@ -803,6 +829,7 @@
<xsd:annotation>
<xsd:documentation>Name zum Key eines KeyStores, der den privaten
Schlüssel zum Erstellen einer Signatur darstellt
+
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
@@ -822,9 +849,11 @@
<xsd:complexType>
<xsd:sequence>
<xsd:element name="AttributeValue" type="xsd:string" minOccurs="0" maxOccurs="unbounded"/>
+ <xsd:element ref="OA_STORK" minOccurs="0" maxOccurs="unbounded"/>
</xsd:sequence>
<xsd:attribute name="countryCode" type="CountryCodeType" use="required"/>
<xsd:attribute name="URL" type="xsd:anyURI" use="required"/>
+ <xsd:attribute name="supportsXMLSignature" type="xsd:boolean" default="true"/>
</xsd:complexType>
</xsd:element>
<xsd:element name="STORK">
diff --git a/id/server/stork2-commons/pom.xml b/id/server/stork2-commons/pom.xml
index c6d15b51b..d0fd5a1ad 100644
--- a/id/server/stork2-commons/pom.xml
+++ b/id/server/stork2-commons/pom.xml
@@ -13,7 +13,7 @@
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<stork.version>1.4.0</stork.version>
- <opensaml.version>2.6.0</opensaml.version>
+ <opensaml.version>2.6.2</opensaml.version>
</properties>
<version>${stork.version}</version>
<description>
@@ -57,7 +57,6 @@
<dependency>
<groupId>org.opensaml</groupId>
<artifactId>opensaml</artifactId>
- <version>${opensaml.version}</version>
<exclusions>
<exclusion>
<groupId>org.slf4j</groupId>
diff --git a/id/server/stork2-saml-engine/pom.xml b/id/server/stork2-saml-engine/pom.xml
index ed5dfa973..89ddab22a 100644
--- a/id/server/stork2-saml-engine/pom.xml
+++ b/id/server/stork2-saml-engine/pom.xml
@@ -17,7 +17,7 @@
<samlspec.version>0.5.2</samlspec.version>
<samlspecacept.version>0.5.1</samlspecacept.version>
<commons.version>1.4.0</commons.version>
- <opensaml.version>2.6.1</opensaml.version>
+ <opensaml.version>2.6.2</opensaml.version>
<timestamp>${maven.build.timestamp}</timestamp>
<repositoryPath>${basedir}/../../../repository</repositoryPath>
</properties>
@@ -88,7 +88,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-api</artifactId>
- <version>1.7.6</version>
+ <version>1.7.7</version>
</dependency>
<!-- <dependency>
<groupId>org.slf4j</groupId>
@@ -98,7 +98,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
- <version>1.7.6</version>
+ <version>1.7.7</version>
</dependency>
<!-- <dependency>
<groupId>org.slf4j</groupId>
@@ -108,7 +108,7 @@
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jul-to-slf4j</artifactId>
- <version>1.7.6</version>
+ <version>1.7.7</version>
</dependency>
<dependency>