Signatur der Anmeldedaten

From a30826d08c748daaf3d6cdc2329f985852822f54 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 12 Mar 2018 11:20:38 +0100 Subject: remove some warning in pom structure --- id/server/modules/moa-id-module-openID/pom.xml | 3 --- id/server/modules/moa-id-modules-saml1/pom.xml | 1 - 2 files changed, 4 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-openID/pom.xml b/id/server/modules/moa-id-module-openID/pom.xml index 971751e9e..9a8dbb236 100644 --- a/id/server/modules/moa-id-module-openID/pom.xml +++ b/id/server/modules/moa-id-module-openID/pom.xml @@ -6,9 +6,7 @@ ${moa-id-version} - MOA.id.server.modules moa-id-module-openID - ${moa-id-version} jar MOA ID-Module OpenID Connect @@ -34,7 +32,6 @@ junit junit - ${junit.version} test diff --git a/id/server/modules/moa-id-modules-saml1/pom.xml b/id/server/modules/moa-id-modules-saml1/pom.xml index 0463bf8d9..8b232cf29 100644 --- a/id/server/modules/moa-id-modules-saml1/pom.xml +++ b/id/server/modules/moa-id-modules-saml1/pom.xml @@ -6,7 +6,6 @@ ${moa-id-version} - MOA.id.server.modules moa-id-module-saml1 jar -- cgit v1.2.3 From b4c009b6d64cc17974e5917c10f92dbe987d826e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 12 Mar 2018 13:35:46 +0100 Subject: add specific AuthBlock validation logging --- .../moa/id/auth/AuthenticationServer.java | 8 + .../CreateXMLSignatureResponseValidator.java | 997 +++++++++++---------- 2 files changed, 516 insertions(+), 489 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f7c3db8d1..7c435d0b0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -66,6 +66,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -445,6 +446,12 @@ public class AuthenticationServer extends BaseAuthenticationServer { String createXMLSignatureRequest = new CreateXMLSignatureRequestBuilder() .build(authBlock, oaParam.getKeyBoxIdentifier(), transformsInfos); + + SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest); + SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); + SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); + SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); + return createXMLSignatureRequest; } @@ -949,6 +956,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new ParseException("parser.04", new Object[]{ REQ_VERIFY_AUTH_BLOCK, PARAM_XMLRESPONSE}, e); } + // validates if (pendingReq.needSingleSignOnFunctionality()) new CreateXMLSignatureResponseValidator().validateSSO(csresp, session, pendingReq); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 827690ebd..8e3ccb01b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -72,6 +72,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.logging.SpecificTraceLogger; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.MiscUtil; @@ -136,7 +137,6 @@ public class CreateXMLSignatureResponseValidator { */ public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) throws ValidateException, BuildException, ConfigurationException { - // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); String oaURL = oaParam.getPublicURLPrefix(); @@ -148,283 +148,294 @@ public class CreateXMLSignatureResponseValidator { @Deprecated String saml1RequestedFriendlyName = pendingReq.getGenericData( MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class); - - - Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); - - //validate issuer - String issuer = samlAssertion.getAttribute("Issuer"); - if (issuer == null) { - // should not happen, because parser would dedect this - throw new ValidateException("validator.32", null); - } - // replace ' in name with ' - issuer = issuer.replaceAll("'", "'"); - if (!issuer.equals(identityLink.getName())) - throw new ValidateException("validator.33", new Object[] {issuer, identityLink.getName()}); - - - //validate issuerInstant - String issueInstant = samlAssertion.getAttribute("IssueInstant"); - if (!issueInstant.equals(session.getIssueInstant())) - throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); - - - //validate extended attributes - SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); - - boolean foundOA = false; - boolean foundGB = false; - boolean foundWBPK = false; - int offset = 0; - - // check number of SAML attributes - List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - int extendedSAMLAttributesNum = 0; - if (extendedSAMLAttributes != null) { - extendedSAMLAttributesNum = extendedSAMLAttributes.size(); - } - int expectedSAMLAttributeNumber = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + extendedSAMLAttributesNum; - - //remove one attribute from expected attributes if public SP target or wbPK is not part of AuthBlock - if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--; - - //check number of attributes in AuthBlock response against expected number of attributes - int actualSAMLAttributeNumber = samlAttributes.length; - if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) { - Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + - expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber); - throw new ValidateException("validator.36", - new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)}); - - } - - //now check every single attribute - SAMLAttribute samlAttribute = null; - Pair userSectorId = null; - if (session.getSAMLAttributeGebeORwbpk()) { - //check the first attribute ("Geschaeftsbereich" or "wbPK") - samlAttribute = samlAttributes[0]; - - //calculate bPK or wbPK as reference value for validation - if (MiscUtil.isNotEmpty(saml1RequestedTarget)) - userSectorId = new BPKBuilder().generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), identityLink.getIdentificationType(), - saml1RequestedTarget); - else - userSectorId = new BPKBuilder().generateAreaSpecificPersonIdentifier( - identityLink.getIdentificationValue(), identityLink.getIdentificationType(), - oaParam.getAreaSpecificTargetIdentifier()); - - //every sector specific identifier that has not 'urn:publicid:gv.at:cdid+' as prefix - // is internally handled as an AuthBlock with wbPK - if (!userSectorId.getSecond().startsWith(MOAIDAuthConstants.PREFIX_CDID)) { - if (!samlAttribute.getName().equals("wbPK")) { - if (samlAttribute.getName().equals("Geschaeftsbereich")) { - throw new ValidateException("validator.26", null); - - } else { - throw new ValidateException("validator.37", - new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)}); - } - } - - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - foundWBPK = true; - try { - Element attrValue = (Element)samlAttribute.getValue(); - String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue(); - String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue(); - if (!value.equals(userSectorId.getFirst())) - throw new ValidateException("validator.28", null); - - if (!type.equals(userSectorId.getSecond())) - throw new ValidateException("validator.28", null); - - } catch (Exception ex) { - throw new ValidateException("validator.29", null); - } - - } else - throw new ValidateException("validator.30", null); - - } else { - if (!samlAttribute.getName().equals("Geschaeftsbereich")) { - if (samlAttribute.getName().equals("wbPK")) - throw new ValidateException("validator.26", null); - - else - throw new ValidateException("validator.37", - new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)}); - } - - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - foundGB = true; - - String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(userSectorId.getSecond()); - if (StringUtils.isEmpty(sectorName)) { - if (saml1RequestedFriendlyName != null) - sectorName = saml1RequestedFriendlyName; - else - sectorName = oaParam.getAreaSpecificTargetIdentifierFriendlyName(); - } - - String refValueSector = userSectorId.getSecond().substring(MOAIDAuthConstants.PREFIX_CDID.length()) + " (" + sectorName + ")"; - if (!refValueSector.equals((String)samlAttribute.getValue())) - throw new ValidateException("validator.13", null); - - } else - throw new ValidateException("validator.12", null); - - } - - } else - //check nothing if wbPK or public SP target is not part of AuthBlock - offset--; - - // check the second attribute (must be "OA") - samlAttribute = samlAttributes[1 + offset]; - if (!samlAttribute.getName().equals("OA")) - throw new ValidateException("validator.37", - new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)}); - - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - foundOA = true; - if (!oaURL.equals((String)samlAttribute.getValue())) - throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); - - } else - throw new ValidateException("validator.15", null); - - - // check the third attribute (must be "Geburtsdatum") - samlAttribute = samlAttributes[2 + offset]; - if (!samlAttribute.getName().equals("Geburtsdatum")) - throw new ValidateException("validator.37", - new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)}); - - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - String samlDateOfBirth = (String)samlAttribute.getValue(); - String dateOfBirth = identityLink.getDateOfBirth(); - if (!samlDateOfBirth.equals(dateOfBirth)) - throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); - - } else - throw new ValidateException("validator.35", null); - - // check four attribute could be a special text - samlAttribute = samlAttributes[3 + offset]; - if (!samlAttribute.getName().equals("SpecialText")) - throw new ValidateException("validator.37", - new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(4)}); - - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - String samlSpecialText = (String)samlAttribute.getValue(); - samlSpecialText = samlSpecialText.replaceAll("'", "'"); - - String text = ""; - if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) { - Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix()); - text = oaParam.getAditionalAuthBlockText(); - - } - - String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, - AuthenticationBlockAssertionBuilder.generateSpezialAuthBlockPatternMap( - pendingReq, issuer, identityLink.getDateOfBirth(), issueInstant)); - if (!samlSpecialText.equals(specialText)) - throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); - - } else - throw new ValidateException("validator.35", null); - - - //check unique AuthBlock tokken - samlAttribute = samlAttributes[4 + offset]; - if (!samlAttribute.getName().equals("UniqueTokken")) - throw new ValidateException("validator.37", - new Object[] {samlAttribute.getName(), "UniqueTokken", String.valueOf(5)}); - - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - String uniquetokken = (String)samlAttribute.getValue(); - - if (!uniquetokken.equals(session.getAuthBlockTokken())) - throw new ValidateException("validator.70", new Object[] {uniquetokken, session.getAuthBlockTokken()}); - } else - throw new ValidateException("validator.35", null); - - - // now check the extended SAML attributes - int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; - if (extendedSAMLAttributes != null) { - Iterator it = extendedSAMLAttributes.iterator(); - while (it.hasNext()) { - ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); - samlAttribute = samlAttributes[i]; - String actualName = samlAttribute.getName(); - String expectedName = extendedSAMLAttribute.getName(); - if (!actualName.equals(expectedName)) - throw new ValidateException("validator.38", - new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName }); - - String actualNamespace = samlAttribute.getNamespace(); - String expectedNamespace = extendedSAMLAttribute.getNameSpace(); - if (!actualNamespace.equals(expectedNamespace)) - throw new ValidateException("validator.38", - new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, }); - - Object expectedValue = extendedSAMLAttribute.getValue(); - Object actualValue = samlAttribute.getValue(); - try { - if (expectedValue instanceof String) { - // replace \r\n because text might be base64-encoded - String expValue = StringUtils.replaceAll((String)expectedValue,"\r",""); - expValue = StringUtils.replaceAll(expValue,"\n",""); - String actValue = StringUtils.replaceAll((String)actualValue,"\r",""); - actValue = StringUtils.replaceAll(actValue,"\n",""); - if (!expValue.equals(actValue)) - throw new ValidateException("validator.38", - new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue }); - - } else if (expectedValue instanceof Element) { - // only check the name of the element - String actualElementName = ((Element)actualValue).getNodeName(); - String expectedElementName = ((Element)expectedValue).getNodeName(); - if (!(expectedElementName.equals(actualElementName))) - throw new ValidateException("validator.38", - new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName}); - - } else - // should not happen - throw new ValidateException("validator.38", - new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()}); - - } catch (ClassCastException e) { - throw new ValidateException("validator.38", - new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()}); - } - - i++; - } - } - - if (!foundOA) - throw new ValidateException("validator.14", null); - - if (userSectorId != null && !userSectorId.getSecond().startsWith(MOAIDAuthConstants.PREFIX_CDID)) { - if (session.getSAMLAttributeGebeORwbpk() && !foundWBPK) - throw new ValidateException("validator.31", null); - - } else { - if (!foundGB && session.getSAMLAttributeGebeORwbpk()) - throw new ValidateException("validator.11", null); - } - - //Check if dsig:Signature exists - Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH); - if (dsigSignature == null) - throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; - + + try { + Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); + + //validate issuer + String issuer = samlAssertion.getAttribute("Issuer"); + if (issuer == null) { + // should not happen, because parser would dedect this + throw new ValidateException("validator.32", null); + } + // replace ' in name with ' + issuer = issuer.replaceAll("'", "'"); + if (!issuer.equals(identityLink.getName())) + throw new ValidateException("validator.33", new Object[] {issuer, identityLink.getName()}); + + + //validate issuerInstant + String issueInstant = samlAssertion.getAttribute("IssueInstant"); + if (!issueInstant.equals(session.getIssueInstant())) + throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); + + + //validate extended attributes + SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); + + boolean foundOA = false; + boolean foundGB = false; + boolean foundWBPK = false; + int offset = 0; + + // check number of SAML attributes + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + int extendedSAMLAttributesNum = 0; + if (extendedSAMLAttributes != null) { + extendedSAMLAttributesNum = extendedSAMLAttributes.size(); + } + int expectedSAMLAttributeNumber = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + extendedSAMLAttributesNum; + + //remove one attribute from expected attributes if public SP target or wbPK is not part of AuthBlock + if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--; + + //check number of attributes in AuthBlock response against expected number of attributes + int actualSAMLAttributeNumber = samlAttributes.length; + if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) { + Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + + expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber); + throw new ValidateException("validator.36", + new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)}); + + } + + //now check every single attribute + SAMLAttribute samlAttribute = null; + Pair userSectorId = null; + if (session.getSAMLAttributeGebeORwbpk()) { + //check the first attribute ("Geschaeftsbereich" or "wbPK") + samlAttribute = samlAttributes[0]; + + //calculate bPK or wbPK as reference value for validation + if (MiscUtil.isNotEmpty(saml1RequestedTarget)) + userSectorId = new BPKBuilder().generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), identityLink.getIdentificationType(), + saml1RequestedTarget); + else + userSectorId = new BPKBuilder().generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), identityLink.getIdentificationType(), + oaParam.getAreaSpecificTargetIdentifier()); + + //every sector specific identifier that has not 'urn:publicid:gv.at:cdid+' as prefix + // is internally handled as an AuthBlock with wbPK + if (!userSectorId.getSecond().startsWith(MOAIDAuthConstants.PREFIX_CDID)) { + if (!samlAttribute.getName().equals("wbPK")) { + if (samlAttribute.getName().equals("Geschaeftsbereich")) { + throw new ValidateException("validator.26", null); + + } else { + throw new ValidateException("validator.37", + new Object[] {samlAttribute.getName(), "wbPK", String.valueOf(1)}); + } + } + + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundWBPK = true; + try { + Element attrValue = (Element)samlAttribute.getValue(); + String value = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Value").item(0)).getFirstChild().getNodeValue(); + String type = ((Element)attrValue.getElementsByTagNameNS(Constants.PD_NS_URI, "Type").item(0)).getFirstChild().getNodeValue(); + if (!value.equals(userSectorId.getFirst())) + throw new ValidateException("validator.28", + new Object[] {value, userSectorId.getFirst()}); + + if (!type.equals(userSectorId.getSecond())) + throw new ValidateException("validator.28", + new Object[] {type, userSectorId.getSecond()}); + + } catch (Exception ex) { + throw new ValidateException("validator.29", null); + } + + } else + throw new ValidateException("validator.30", null); + + } else { + if (!samlAttribute.getName().equals("Geschaeftsbereich")) { + if (samlAttribute.getName().equals("wbPK")) + throw new ValidateException("validator.26", null); + + else + throw new ValidateException("validator.37", + new Object[] {samlAttribute.getName(), "Geschaeftsbereich", String.valueOf(1)}); + } + + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundGB = true; + + String sectorName = TargetToSectorNameMapper.getSectorNameViaTarget(userSectorId.getSecond()); + if (StringUtils.isEmpty(sectorName)) { + if (saml1RequestedFriendlyName != null) + sectorName = saml1RequestedFriendlyName; + else + sectorName = oaParam.getAreaSpecificTargetIdentifierFriendlyName(); + } + + String refValueSector = userSectorId.getSecond().substring(MOAIDAuthConstants.PREFIX_CDID.length()) + " (" + sectorName + ")"; + if (!refValueSector.equals((String)samlAttribute.getValue())) + throw new ValidateException("validator.13", new Object[] {(String)samlAttribute.getValue(), refValueSector}); + + } else + throw new ValidateException("validator.12", null); + + } + + } else + //check nothing if wbPK or public SP target is not part of AuthBlock + offset--; + + // check the second attribute (must be "OA") + samlAttribute = samlAttributes[1 + offset]; + if (!samlAttribute.getName().equals("OA")) + throw new ValidateException("validator.37", + new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)}); + + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundOA = true; + if (!oaURL.equals((String)samlAttribute.getValue())) + throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); + + } else + throw new ValidateException("validator.15", null); + + + // check the third attribute (must be "Geburtsdatum") + samlAttribute = samlAttributes[2 + offset]; + if (!samlAttribute.getName().equals("Geburtsdatum")) + throw new ValidateException("validator.37", + new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)}); + + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlDateOfBirth = (String)samlAttribute.getValue(); + String dateOfBirth = identityLink.getDateOfBirth(); + if (!samlDateOfBirth.equals(dateOfBirth)) + throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); + + } else + throw new ValidateException("validator.35", null); + + // check four attribute could be a special text + samlAttribute = samlAttributes[3 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) + throw new ValidateException("validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(4)}); + + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + samlSpecialText = samlSpecialText.replaceAll("'", "'"); + + String text = ""; + if (MiscUtil.isNotEmpty(oaParam.getAditionalAuthBlockText())) { + Logger.debug("Use addional AuthBlock Text from OA=" + oaParam.getPublicURLPrefix()); + text = oaParam.getAditionalAuthBlockText(); + + } + + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, + AuthenticationBlockAssertionBuilder.generateSpezialAuthBlockPatternMap( + pendingReq, issuer, identityLink.getDateOfBirth(), issueInstant)); + if (!samlSpecialText.equals(specialText)) + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + + } else + throw new ValidateException("validator.35", null); + + + //check unique AuthBlock tokken + samlAttribute = samlAttributes[4 + offset]; + if (!samlAttribute.getName().equals("UniqueTokken")) + throw new ValidateException("validator.37", + new Object[] {samlAttribute.getName(), "UniqueTokken", String.valueOf(5)}); + + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String uniquetokken = (String)samlAttribute.getValue(); + + if (!uniquetokken.equals(session.getAuthBlockTokken())) + throw new ValidateException("validator.70", new Object[] {uniquetokken, session.getAuthBlockTokken()}); + } else + throw new ValidateException("validator.35", null); + + + // now check the extended SAML attributes + int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES + offset; + if (extendedSAMLAttributes != null) { + Iterator it = extendedSAMLAttributes.iterator(); + while (it.hasNext()) { + ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); + samlAttribute = samlAttributes[i]; + String actualName = samlAttribute.getName(); + String expectedName = extendedSAMLAttribute.getName(); + if (!actualName.equals(expectedName)) + throw new ValidateException("validator.38", + new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName }); + + String actualNamespace = samlAttribute.getNamespace(); + String expectedNamespace = extendedSAMLAttribute.getNameSpace(); + if (!actualNamespace.equals(expectedNamespace)) + throw new ValidateException("validator.38", + new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, }); + + Object expectedValue = extendedSAMLAttribute.getValue(); + Object actualValue = samlAttribute.getValue(); + try { + if (expectedValue instanceof String) { + // replace \r\n because text might be base64-encoded + String expValue = StringUtils.replaceAll((String)expectedValue,"\r",""); + expValue = StringUtils.replaceAll(expValue,"\n",""); + String actValue = StringUtils.replaceAll((String)actualValue,"\r",""); + actValue = StringUtils.replaceAll(actValue,"\n",""); + if (!expValue.equals(actValue)) + throw new ValidateException("validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue }); + + } else if (expectedValue instanceof Element) { + // only check the name of the element + String actualElementName = ((Element)actualValue).getNodeName(); + String expectedElementName = ((Element)expectedValue).getNodeName(); + if (!(expectedElementName.equals(actualElementName))) + throw new ValidateException("validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName}); + + } else + // should not happen + throw new ValidateException("validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()}); + + } catch (ClassCastException e) { + throw new ValidateException("validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()}); + } + + i++; + } + } + + if (!foundOA) + throw new ValidateException("validator.14", null); + + if (userSectorId != null && !userSectorId.getSecond().startsWith(MOAIDAuthConstants.PREFIX_CDID)) { + if (session.getSAMLAttributeGebeORwbpk() && !foundWBPK) + throw new ValidateException("validator.31", null); + + } else { + if (!foundGB && session.getSAMLAttributeGebeORwbpk()) + throw new ValidateException("validator.11", null); + } + + //Check if dsig:Signature exists + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH); + if (dsigSignature == null) + throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; + + } catch (Exception e) { + SpecificTraceLogger.trace("Validate AuthBlock without SSO"); + SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); + SpecificTraceLogger.trace("OA config: " + oaParam.toString()); + SpecificTraceLogger.trace("saml1RequestedTarget: " + saml1RequestedTarget); + SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + saml1RequestedFriendlyName); + throw e; + + } } /** @@ -436,219 +447,227 @@ public class CreateXMLSignatureResponseValidator { */ public void validateSSO(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) throws ValidateException { - - // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - String oaURL = pendingReq.getAuthURL(); - - IIdentityLink identityLink = session.getIdentityLink(); - - Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); - String issuer = samlAssertion.getAttribute("Issuer"); - if (issuer == null) { - // should not happen, because parser would dedect this - throw new ValidateException("validator.32", null); - } - // replace ' in name with ' - issuer = issuer.replaceAll("'", "'"); - - String issueInstant = samlAssertion.getAttribute("IssueInstant"); - if (!issueInstant.equals(session.getIssueInstant())) { - throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); - } - - String name = identityLink.getName(); - - if (!issuer.equals(name)) { - throw new ValidateException("validator.33", new Object[] {issuer, name}); - } - - SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); - - boolean foundOA = false; -// boolean foundGB = false; -// boolean foundWBPK = false; - int offset = 0; - - // check number of SAML aatributes - List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); - int extendedSAMLAttributesNum = 0; - if (extendedSAMLAttributes != null) { - extendedSAMLAttributesNum = extendedSAMLAttributes.size(); - } - int expectedSAMLAttributeNumber = - AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + extendedSAMLAttributesNum; - if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--; - int actualSAMLAttributeNumber = samlAttributes.length; - if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) { - Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + - expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber); - throw new ValidateException( - "validator.36", - new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)}); - } - - SAMLAttribute samlAttribute; - if (!session.getSAMLAttributeGebeORwbpk()) { - offset--; - } - - // check the first attribute (must be "OA") - samlAttribute = samlAttributes[0 + offset]; - if (!samlAttribute.getName().equals("OA")) { - throw new ValidateException( - "validator.37", - new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)}); - } - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - foundOA = true; - if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch - throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); - } - } else { - throw new ValidateException("validator.15", null); - } - - // check the third attribute (must be "Geburtsdatum") - samlAttribute = samlAttributes[1 + offset]; - if (!samlAttribute.getName().equals("Geburtsdatum")) { - throw new ValidateException( - "validator.37", - new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)}); - } - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - String samlDateOfBirth = (String)samlAttribute.getValue(); - String dateOfBirth = identityLink.getDateOfBirth(); - if (!samlDateOfBirth.equals(dateOfBirth)) { - throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); - } - } else { - throw new ValidateException("validator.35", null); - } - - // check four attribute could be a special text - samlAttribute = samlAttributes[2 + offset]; - if (!samlAttribute.getName().equals("SpecialText")) { - throw new ValidateException( - "validator.37", - new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(4)}); - } - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - String samlSpecialText = (String)samlAttribute.getValue(); - samlSpecialText = samlSpecialText.replaceAll("'", "'"); - - String text = ""; - try { - if (MiscUtil.isNotEmpty(AuthConfigurationProviderFactory.getInstance().getSSOSpecialText())) { - text = AuthConfigurationProviderFactory.getInstance().getSSOSpecialText(); - Logger.debug("Use addional AuthBlock Text from SSO=" +text); - - } - else - text = new String(); - } catch (ConfigurationException e) { - Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e); - } - - - String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, - AuthenticationBlockAssertionBuilder.generateSpezialAuthBlockPatternMap( - pendingReq, issuer, identityLink.getDateOfBirth(), issueInstant)); - if (!samlSpecialText.equals(specialText)) { - throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); - } - } else { - throw new ValidateException("validator.35", null); - } - - //check unique AuthBlock tokken - samlAttribute = samlAttributes[3 + offset]; - if (!samlAttribute.getName().equals("UniqueTokken")) { - throw new ValidateException( - "validator.37", - new Object[] {samlAttribute.getName(), "UniqueTokken", String.valueOf(5)}); - } - if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { - String uniquetokken = (String)samlAttribute.getValue(); - - if (!uniquetokken.equals(session.getAuthBlockTokken())) { - throw new ValidateException("validator.70", new Object[] {uniquetokken, session.getAuthBlockTokken()}); - } - } else { - throw new ValidateException("validator.35", null); - } - - - // now check the extended SAML attributes - int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + offset; - if (extendedSAMLAttributes != null) { - Iterator it = extendedSAMLAttributes.iterator(); - while (it.hasNext()) { - ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); - samlAttribute = samlAttributes[i]; - String actualName = samlAttribute.getName(); - String expectedName = extendedSAMLAttribute.getName(); - if (!actualName.equals(expectedName)) { - throw new ValidateException( - "validator.38", - new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName }); - } - String actualNamespace = samlAttribute.getNamespace(); - String expectedNamespace = extendedSAMLAttribute.getNameSpace(); - if (!actualNamespace.equals(expectedNamespace)) { - throw new ValidateException( - "validator.38", - new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, }); - } - Object expectedValue = extendedSAMLAttribute.getValue(); - Object actualValue = samlAttribute.getValue(); - try { - if (expectedValue instanceof String) { - // replace \r\n because text might be base64-encoded - String expValue = StringUtils.replaceAll((String)expectedValue,"\r",""); - expValue = StringUtils.replaceAll(expValue,"\n",""); - String actValue = StringUtils.replaceAll((String)actualValue,"\r",""); - actValue = StringUtils.replaceAll(actValue,"\n",""); - if (!expValue.equals(actValue)) { - throw new ValidateException( - "validator.38", - new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue }); - } - } else if (expectedValue instanceof Element) { - // only check the name of the element - String actualElementName = ((Element)actualValue).getNodeName(); - String expectedElementName = ((Element)expectedValue).getNodeName(); - if (!(expectedElementName.equals(actualElementName))){ - throw new ValidateException( - "validator.38", - new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName}); - } - } else { - // should not happen - throw new ValidateException( - "validator.38", - new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()}); - } - } catch (ClassCastException e) { - throw new ValidateException( - "validator.38", - new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()}); - } - i++; - } - } + try { + // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier + String oaURL = pendingReq.getAuthURL(); + IIdentityLink identityLink = session.getIdentityLink(); + + Element samlAssertion = createXMLSignatureResponse.getSamlAssertion(); + String issuer = samlAssertion.getAttribute("Issuer"); + if (issuer == null) { + // should not happen, because parser would dedect this + throw new ValidateException("validator.32", null); + } + // replace ' in name with ' + issuer = issuer.replaceAll("'", "'"); + + String issueInstant = samlAssertion.getAttribute("IssueInstant"); + if (!issueInstant.equals(session.getIssueInstant())) { + throw new ValidateException("validator.39", new Object[] {issueInstant, session.getIssueInstant()}); + } + + String name = identityLink.getName(); + + if (!issuer.equals(name)) { + throw new ValidateException("validator.33", new Object[] {issuer, name}); + } + + SAMLAttribute[] samlAttributes = createXMLSignatureResponse.getSamlAttributes(); + + boolean foundOA = false; + // boolean foundGB = false; + // boolean foundWBPK = false; + int offset = 0; + + // check number of SAML aatributes + List extendedSAMLAttributes = session.getExtendedSAMLAttributesAUTH(); + int extendedSAMLAttributesNum = 0; + if (extendedSAMLAttributes != null) { + extendedSAMLAttributesNum = extendedSAMLAttributes.size(); + } + int expectedSAMLAttributeNumber = + AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + extendedSAMLAttributesNum; + if (!session.getSAMLAttributeGebeORwbpk()) expectedSAMLAttributeNumber--; + int actualSAMLAttributeNumber = samlAttributes.length; + if (actualSAMLAttributeNumber != expectedSAMLAttributeNumber) { + Logger.error("Wrong number of SAML attributes in CreateXMLSignatureResponse: expected " + + expectedSAMLAttributeNumber + ", but was " + actualSAMLAttributeNumber); + throw new ValidateException( + "validator.36", + new Object[] {String.valueOf(actualSAMLAttributeNumber), String.valueOf(expectedSAMLAttributeNumber)}); + } + + SAMLAttribute samlAttribute; + if (!session.getSAMLAttributeGebeORwbpk()) { + offset--; + } + + // check the first attribute (must be "OA") + samlAttribute = samlAttributes[0 + offset]; + if (!samlAttribute.getName().equals("OA")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "OA", String.valueOf(2)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + foundOA = true; + if (!oaURL.equals((String)samlAttribute.getValue())) { // CHECKS für die AttributeVALUES fehlen noch + throw new ValidateException("validator.16", new Object[] {":gefunden wurde '" + oaURL + "', erwartet wurde '" + samlAttribute.getValue()}); + } + } else { + throw new ValidateException("validator.15", null); + } + + // check the third attribute (must be "Geburtsdatum") + samlAttribute = samlAttributes[1 + offset]; + if (!samlAttribute.getName().equals("Geburtsdatum")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "Geburtsdatum", String.valueOf(3)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlDateOfBirth = (String)samlAttribute.getValue(); + String dateOfBirth = identityLink.getDateOfBirth(); + if (!samlDateOfBirth.equals(dateOfBirth)) { + throw new ValidateException("validator.34", new Object[] {samlDateOfBirth, dateOfBirth}); + } + } else { + throw new ValidateException("validator.35", null); + } + + // check four attribute could be a special text + samlAttribute = samlAttributes[2 + offset]; + if (!samlAttribute.getName().equals("SpecialText")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "SpecialText", String.valueOf(4)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String samlSpecialText = (String)samlAttribute.getValue(); + samlSpecialText = samlSpecialText.replaceAll("'", "'"); + + String text = ""; + try { + if (MiscUtil.isNotEmpty(AuthConfigurationProviderFactory.getInstance().getSSOSpecialText())) { + text = AuthConfigurationProviderFactory.getInstance().getSSOSpecialText(); + Logger.debug("Use addional AuthBlock Text from SSO=" +text); + + } + else + text = new String(); + } catch (ConfigurationException e) { + Logger.warn("Addional AuthBlock Text can not loaded from SSO!", e); + } + + + String specialText = AuthenticationBlockAssertionBuilder.generateSpecialText(text, + AuthenticationBlockAssertionBuilder.generateSpezialAuthBlockPatternMap( + pendingReq, issuer, identityLink.getDateOfBirth(), issueInstant)); + if (!samlSpecialText.equals(specialText)) { + throw new ValidateException("validator.67", new Object[] {samlSpecialText, specialText}); + } + } else { + throw new ValidateException("validator.35", null); + } + + //check unique AuthBlock tokken + samlAttribute = samlAttributes[3 + offset]; + if (!samlAttribute.getName().equals("UniqueTokken")) { + throw new ValidateException( + "validator.37", + new Object[] {samlAttribute.getName(), "UniqueTokken", String.valueOf(5)}); + } + if (samlAttribute.getNamespace().equals("http://reference.e-government.gv.at/namespace/moa/20020822#")) { + String uniquetokken = (String)samlAttribute.getValue(); + + if (!uniquetokken.equals(session.getAuthBlockTokken())) { + throw new ValidateException("validator.70", new Object[] {uniquetokken, session.getAuthBlockTokken()}); + } + } else { + throw new ValidateException("validator.35", null); + } + + + // now check the extended SAML attributes + int i = AuthenticationBlockAssertionBuilder.NUM_OF_SAML_ATTRIBUTES_SSO + offset; + if (extendedSAMLAttributes != null) { + Iterator it = extendedSAMLAttributes.iterator(); + while (it.hasNext()) { + ExtendedSAMLAttribute extendedSAMLAttribute = (ExtendedSAMLAttribute)it.next(); + samlAttribute = samlAttributes[i]; + String actualName = samlAttribute.getName(); + String expectedName = extendedSAMLAttribute.getName(); + if (!actualName.equals(expectedName)) { + throw new ValidateException( + "validator.38", + new Object[] {"Name", String.valueOf((i+1)), actualName, actualName, expectedName }); + } + String actualNamespace = samlAttribute.getNamespace(); + String expectedNamespace = extendedSAMLAttribute.getNameSpace(); + if (!actualNamespace.equals(expectedNamespace)) { + throw new ValidateException( + "validator.38", + new Object[] {"Namespace", String.valueOf((i+1)), actualName, actualNamespace, expectedNamespace, }); + } + Object expectedValue = extendedSAMLAttribute.getValue(); + Object actualValue = samlAttribute.getValue(); + try { + if (expectedValue instanceof String) { + // replace \r\n because text might be base64-encoded + String expValue = StringUtils.replaceAll((String)expectedValue,"\r",""); + expValue = StringUtils.replaceAll(expValue,"\n",""); + String actValue = StringUtils.replaceAll((String)actualValue,"\r",""); + actValue = StringUtils.replaceAll(actValue,"\n",""); + if (!expValue.equals(actValue)) { + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualValue, expectedValue }); + } + } else if (expectedValue instanceof Element) { + // only check the name of the element + String actualElementName = ((Element)actualValue).getNodeName(); + String expectedElementName = ((Element)expectedValue).getNodeName(); + if (!(expectedElementName.equals(actualElementName))){ + throw new ValidateException( + "validator.38", + new Object[] {"Wert", String.valueOf((i+1)), actualName, actualElementName, expectedElementName}); + } + } else { + // should not happen + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, "java.lang.String oder org.wrc.dom.Element", expectedValue.getClass().getName()}); + } + } catch (ClassCastException e) { + throw new ValidateException( + "validator.38", + new Object[] {"Typ", String.valueOf((i+1)), expectedName, expectedValue.getClass().getName(), actualValue.getClass().getName()}); + } + i++; + } + } + + + if (!foundOA) throw new ValidateException("validator.14", null); + + //Check if dsig:Signature exists + // NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); + // if (nl.getLength() != 1) { + // throw new ValidateException("validator.05", null); + // } + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH); + if (dsigSignature == null) { + throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; + } + } catch (Exception e) { + SpecificTraceLogger.trace("Validate AuthBlock with SSO"); + SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); + SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); + throw e; + + } - if (!foundOA) throw new ValidateException("validator.14", null); - - //Check if dsig:Signature exists -// NodeList nl = createXMLSignatureResponse.getSamlAssertion().getElementsByTagNameNS(Constants.DSIG_NS_URI, "Signature"); -// if (nl.getLength() != 1) { -// throw new ValidateException("validator.05", null); -// } - Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion, SIGNATURE_XPATH); - if (dsigSignature == null) { - throw new ValidateException("validator.05", new Object[] {"im AUTHBlock"}) ; - } } public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { -- cgit v1.2.3 From 44bce0049b598604cc1a30f419e936c6b5fc59cf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 25 Apr 2018 09:40:52 +0200 Subject: first test codes for eIDAS Ref. Impl. v2 integration --- id/server/modules/moa-id-module-eIDAS-v2/pom.xml | 82 +++++ .../moa/id/auth/modules/eidas_v2/Constants.java | 44 +++ .../eidas_v2/eIDASAuthenticationModulImpl.java | 72 +++++ .../eIDASAuthenticationSpringResourceProvider.java | 28 ++ .../auth/modules/eidas_v2/eIDASSignalServlet.java | 88 ++++++ .../eidas_v2/tasks/CreateIdentityLinkTask.java | 180 +++++++++++ .../eidas_v2/tasks/GenerateAuthnRequestTask.java | 333 +++++++++++++++++++++ .../eidas_v2/tasks/ReceiveAuthnResponseTask.java | 141 +++++++++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../eidas_v2/eIDAS.Authentication.process.xml | 18 ++ .../modules/eidas_v2/eIDAS.authmodule.beans.xml | 14 + .../main/resources/moaid_eidas_v2_auth.beans.xml | 36 +++ id/server/modules/pom.xml | 3 +- 13 files changed, 1039 insertions(+), 1 deletion(-) create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/pom.xml create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml create mode 100644 id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-eIDAS-v2/pom.xml b/id/server/modules/moa-id-module-eIDAS-v2/pom.xml new file mode 100644 index 000000000..2ad14a24f --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/pom.xml @@ -0,0 +1,82 @@ + + 4.0.0 + + MOA.id.server.modules + moa-id-modules + ${moa-id-version} + + moa-id-module-eIDAS-v2 + MOA-ID eIDAS module v2 + eIDAS module based on eIDAS node reference implementation v2.x + + + ${basedir}/../../../../repository + + 2.0.0 + 2.0.0 + 2.0.0 + + + + + default + + true + + + + local + local + file:${basedir}/../../../../repository + + + egiz-commons + https://demo.egiz.gv.at/int-repo/ + + true + + + + + + + + + MOA.id.server + moa-id-lib + + + + + + + eu.eidas + eidas-commons + ${eidas-commons.version} + + + + log4j + log4j + + + log4j-over-slf4j + org.slf4j + + + + + + eu.eidas + eidas-light-commons + ${eidas-light-commons.version} + + + + eu.eidas + eidas-specific-communication-definition + ${eidas-specific-communication-definition.version} + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java new file mode 100644 index 000000000..ca62319f3 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/Constants.java @@ -0,0 +1,44 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import java.net.URI; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +public class Constants { + //TODO: update endpoints + + //configuration properties + public static final String CONIG_PROPS_EIDAS_PREFIX="moa.id.protocols.eIDAS"; + public static final String CONIG_PROPS_EIDAS_NODE= CONIG_PROPS_EIDAS_PREFIX + ".node_v2"; + public static final String CONIG_PROPS_EIDAS_NODE_COUNTRYCODE = CONIG_PROPS_EIDAS_NODE + ".countrycode"; + + + //http endpoint descriptions + public static final String eIDAS_HTTP_ENDPOINT_SP_POST = "/eidas/light/sp/post"; + public static final String eIDAS_HTTP_ENDPOINT_SP_REDIRECT = "/eidas/light/sp/redirect"; + public static final String eIDAS_HTTP_ENDPOINT_IDP_COLLEAGUEREQUEST = "/eidas/light/ColleagueRequest"; + public static final String eIDAS_HTTP_ENDPOINT_METADATA = "/eidas/light/metadata"; + + //eIDAS request parameters + public static final String eIDAS_REQ_NAMEID_FORMAT = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; + + //eIDAS attribute names + public static final String eIDAS_ATTR_PERSONALIDENTIFIER = "PersonIdentifier"; + public static final String eIDAS_ATTR_DATEOFBIRTH = "DateOfBirth"; + public static final String eIDAS_ATTR_CURRENTGIVENNAME = "FirstName"; + public static final String eIDAS_ATTR_CURRENTFAMILYNAME = "FamilyName"; + public static final String eIDAS_ATTR_LEGALPERSONIDENTIFIER = "LegalPersonIdentifier"; + public static final String eIDAS_ATTR_LEGALNAME = "LegalName"; + + public static final List NATURALPERSONMINIMUMDATASETLIST = Collections.unmodifiableList(new ArrayList() { + private static final long serialVersionUID = 1L; + { + //TODO: find correct location of attribute definitions +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri()); +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_GIVEN_NAME.getNameUri()); +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri()); +// add(eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.PERSON_IDENTIFIER.getNameUri()); + } + }); +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java new file mode 100644 index 000000000..6e3170534 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java @@ -0,0 +1,72 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; + +/** + * @author tlenz + * + */ +public class eIDASAuthenticationModulImpl implements AuthModule { + + private int priority = 1; + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + if (StringUtils.isNotBlank((String) context.get("ccc")) || + StringUtils.isNotBlank((String) context.get("CCC"))) + return "eIDASAuthentication_v2"; + else + return null; + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..fb3b7fc24 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationSpringResourceProvider.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class eIDASAuthenticationSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "MOA-ID eIDAS-Authentication SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource eIDASAuthConfig = new ClassPathResource("/moaid_eidas_v2_auth.beans", eIDASAuthenticationSpringResourceProvider.class); + + return new Resource[] {eIDASAuthConfig}; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java new file mode 100644 index 000000000..3198d04a3 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java @@ -0,0 +1,88 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang.StringEscapeUtils; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class eIDASSignalServlet extends AbstractProcessEngineSignalController { + + public eIDASSignalServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_POST + + "' and '"+ Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + "'."); + + } + + @RequestMapping(value = { Constants.eIDAS_HTTP_ENDPOINT_SP_POST, + Constants.eIDAS_HTTP_ENDPOINT_SP_REDIRECT + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } + + @Override + /** + * Protocol specific implementation to get the pending-requestID + * from http request object + * + * @param request The http Servlet-Request object + * @return The Pending-request id + * + */ + public String getPendingRequestId(HttpServletRequest request) { + String sessionId = super.getPendingRequestId(request); + + try { + + // use SAML2 relayState + if (sessionId == null) { + sessionId = StringEscapeUtils.escapeHtml(request.getParameter("RelayState")); + } else + Logger.warn("No parameter 'SAMLResponse'. Unable to retrieve MOA session id."); + + } catch (Exception e) { + Logger.warn("Unable to retrieve moa session id.", e); + } + + return sessionId; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java new file mode 100644 index 000000000..dec4f6a89 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java @@ -0,0 +1,180 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks; + +import java.io.InputStream; +import java.text.SimpleDateFormat; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; + +/** + * @author tlenz + * + */ +@Component("CreateIdentityLinkTask") +public class CreateIdentityLinkTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try{ + defaultTaskInitialization(request, executionContext); + + //get eIDAS attributes from MOA-Session + ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession( + AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, + ImmutableAttributeMap.class); + + IIdentityLink identityLink = null; + + //connect SZR-Gateway + //TODO: implement SZR-Gateway communication!!!! + if(true) { + + // create fake IdL + // - fetch IdL template from resources + InputStream s = CreateIdentityLinkTask.class.getResourceAsStream("/resources/xmldata/fakeIdL_IdL_template.xml"); + Element idlTemplate = DOMUtils.parseXmlValidating(s); + + identityLink = new IdentityLinkAssertionParser(idlTemplate).parseIdentityLink(); + + // replace data + Element idlassertion = identityLink.getSamlAssertion(); + + // - set fake baseID; + Node prIdentification = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_IDENT_VALUE_XPATH); + + + Object eIdentifier = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_PERSONALIDENTIFIER)); + if (eIdentifier == null || !(eIdentifier instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); + prIdentification.getFirstChild().setNodeValue((String) eIdentifier); + + //build personal identifier which looks like a baseID +// String fakeBaseID = new BPKBuilder().buildBPK(eIdentifier, "baseID"); +// Logger.info("Map eIDAS eIdentifier:" + eIdentifier + " to fake baseID:" + fakeBaseID); +// prIdentification.getFirstChild().setNodeValue(fakeBaseID); + + // - set last name + Node prFamilyName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_FAMILY_NAME_XPATH); + Object familyName = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_CURRENTFAMILYNAME)); + if (familyName == null || !(familyName instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTFAMILYNAME); + prFamilyName.getFirstChild().setNodeValue((String) familyName); + + // - set first name + Node prGivenName = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_GIVEN_NAME_XPATH); + Object givenName = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_CURRENTGIVENNAME)); + if (givenName == null || !(givenName instanceof String)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_CURRENTGIVENNAME); + prGivenName.getFirstChild().setNodeValue((String) givenName); + + // - set date of birth + Node prDateOfBirth = XPathUtils.selectSingleNode(idlassertion, IdentityLinkAssertionParser.PERSON_DATE_OF_BIRTH_XPATH); + Object dateOfBirth = eIDASAttributes.getFirstValue( + SAMLEngineUtils.getMapOfAllAvailableAttributes().get( + Constants.eIDAS_ATTR_DATEOFBIRTH)); + if (dateOfBirth == null || !(dateOfBirth instanceof DateTime)) + throw new eIDASAttributeException(Constants.eIDAS_ATTR_DATEOFBIRTH); + + String formatedDateOfBirth = new SimpleDateFormat("yyyy-MM-dd").format(((DateTime)dateOfBirth).toDate()); + prDateOfBirth.getFirstChild().setNodeValue(formatedDateOfBirth); + + identityLink = new IdentityLinkAssertionParser(idlassertion).parseIdentityLink(); + + //resign IDL + IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); + identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); + + } else { + //contact SZR Gateway + Logger.debug("Starting connecting SZR Gateway"); + + //TODO:!!!!!! + + } + + Logger.debug("SZR communication was successfull"); + + if (identityLink == null) { + Logger.error("SZR Gateway did not return an identity link."); + throw new MOAIDException("stork.10", null); + } + + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + moasession.setForeigner(true); + moasession.setIdentityLink(identityLink); + moasession.setBkuURL("Not applicable (eIDASAuthentication)"); + + //store MOA-session to database + requestStoreage.storePendingRequest(pendingReq); + + } catch (eIDASAttributeException e) { + throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e); + + } catch (MOAIDException | MOADatabaseException e) { + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } catch (Exception e) { + Logger.error("IdentityLink generation for foreign person FAILED.", e); + throw new TaskExecutionException(pendingReq, "IdentityLink generation for foreign person FAILED.", e); + + } + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java new file mode 100644 index 000000000..3085d0e70 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java @@ -0,0 +1,333 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks; + +import java.io.StringWriter; +import java.util.ArrayList; +import java.util.Collection; +import java.util.List; +import java.util.UUID; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.BooleanUtils; +import org.apache.velocity.Template; +import org.apache.velocity.VelocityContext; +import org.apache.velocity.app.VelocityEngine; +import org.opensaml.common.xml.SAMLConstants; +import org.opensaml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml2.metadata.SingleSignOnService; +import org.opensaml.saml2.metadata.provider.MetadataProviderException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import org.springframework.util.StringUtils; + +import com.google.common.net.MediaType; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.eidas_v2.Constants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.EidasStringUtil; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeDefinition.Builder; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.protocol.IRequestMessage; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssurance; +import eu.eidas.auth.commons.protocol.eidas.LevelOfAssuranceComparison; +import eu.eidas.auth.commons.protocol.eidas.SpType; +import eu.eidas.auth.commons.protocol.eidas.impl.EidasAuthenticationRequest; + +/** + * @author tlenz + * + */ +@Component("GenerateAuthnRequestTask") +public class GenerateAuthnRequestTask extends AbstractAuthServletTask { + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, + HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + try{ + //get service-provider configuration + IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + + // get target and validate citizen countryCode + String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); + + if (StringUtils.isEmpty(citizenCountryCode)) { + // illegal state; task should not have been executed without a selected country + throw new AuthenticationException("eIDAS.03", new Object[] { "" }); + + } + CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); + if(null == cpeps) { + Logger.error("PEPS unknown for country: " + citizenCountryCode); + throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); + } + Logger.debug("Found eIDaS Node/C-PEPS configuration for citizen of country: " + citizenCountryCode); + + + //TODO: load authnReq End-Point URL from configuration + SingleSignOnService authnReqEndpoint = null; + + + //TODO: switch to entityID and set new status codes +// revisionsLogger.logEvent(oaConfig, pendingReq, +// MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, +// metadataUrl); + + // assemble requested attributes + Collection attributesFromConfig = oaConfig.getRequestedSTORKAttributes(); + + // - prepare attribute list + + // - fill container + List> reqAttrList = new ArrayList>(); + //TODO: update requested attribute builder +// for (StorkAttribute current : attributesFromConfig) { +// AttributeDefinition newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(current.getName()); +// +// if (newAttribute == null) { +// Logger.warn("eIDAS attribute with friendlyName:" + current.getName() + " is not supported."); +// +// } else { +// boolean globallyMandatory = false; +// for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) +// if (current.getName().equals(currentGlobalAttribute.getName())) { +// globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); +// break; +// } +// +// Builder attrBuilder = AttributeDefinition.builder(newAttribute).required(current.getMandatory() || globallyMandatory); +// reqAttrList.add(attrBuilder.build()); +// +// } +// } + + //request +// if (reqAttrList.isEmpty()) { +// Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() +// + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default"); +// AttributeDefinition newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); +// Builder attrBuilder = AttributeDefinition.builder(newAttribute).required(true); +// reqAttrList.add(attrBuilder.build()); +// +// } + + //build requested attribute set + ImmutableAttributeMap reqAttrMap = new ImmutableAttributeMap.Builder().putAll(reqAttrList).build(); + + //build eIDAS AuthnRequest + LightRequest.Builder authnRequestBuilder = LightRequest.builder(); + + authnRequestBuilder.id(UUID.randomUUID().toString()); + authnRequestBuilder.providerName(pendingReq.getAuthURL()); + String issur = pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA; + authnRequestBuilder.issuer(issur); + + //TODO: + //authnRequestBuilder.destination(authnReqEndpoint.getLocation()); + + + authnRequestBuilder.nameIdFormat(Constants.eIDAS_REQ_NAMEID_FORMAT); + + //set minimum required eIDAS LoA from OA config + String LoA = oaConfig.getQaaLevel(); + //TODO: +// if (MiscUtil.isNotEmpty(LoA)) +// authnRequestBuilder.levelOfAssurance(LevelOfAssurance.fromString(oaConfig.getQaaLevel())); +// else + authnRequestBuilder.levelOfAssurance(LevelOfAssurance.HIGH.getValue()); + + //TODO: check if required + //authnRequestBuilder.levelOfAssuranceComparison(LevelOfAssuranceComparison.MINIMUM); + + + //set correct SPType for this online application + if (oaConfig.hasBaseIdTransferRestriction()) + authnRequestBuilder.spType(SpType.PRIVATE.getValue()); + else + authnRequestBuilder.spType(SpType.PUBLIC.getValue()); + + + //TODO + //set service provider (eIDAS node) countryCode +// authnRequestBuilder.serviceProviderCountryCode( +// authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); + + //set citizen country code for foreign uses + authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); + + //add requested attributes + authnRequestBuilder.requestedAttributes(reqAttrMap); + + + LightRequest lightAuthnReq = authnRequestBuilder.build(); + + + + //IRequestMessage authnRequest = engine.generateRequestMessage(authnRequestBuilder.build(), issur); + + //encode AuthnRequest +// byte[] token = authnRequest.getMessageBytes(); +// String SAMLRequest = EidasStringUtil.encodeToBase64(token); + + +// if (SAMLConstants.SAML2_POST_BINDING_URI.equals(authnReqEndpoint.getBinding())) +// buildPostBindingRequest(pendingReq, authnReqEndpoint, SAMLRequest, authnRequest, response); +// +// //TODO: redirect Binding is not completely implemented +// //else if (SAMLConstants.SAML2_REDIRECT_BINDING_URI.equals(authnReqEndpoint.getBinding())) +// //buildRedirecttBindingRequest(pendingReq, authnReqEndpoint, token, authnRequest, response); +// +// else { +// Logger.error("eIDAS-node use an unsupported binding (" +// + authnReqEndpoint.getBinding() + "). Request eIDAS node not possible."); +// throw new MOAIDException("eIDAS.02", new Object[]{"eIDAS-node use an unsupported binding"}); +// +// } + + + +// }catch (EIDASSAMLEngineException e){ +// throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", +// new EIDASEngineException("eIDAS.00", new Object[]{e.getMessage()}, e)); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, "eIDAS AuthnRequest generation FAILED.", e); + + } catch (Exception e) { + Logger.error("eIDAS AuthnRequest generation FAILED.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + /** + * Encode the eIDAS request with POST binding + * + * @param pendingReq + * @param authnReqEndpoint + * @param SAMLRequest + * @param authnRequest + * @param response + * @throws MOAIDException + */ + private void buildPostBindingRequest(IRequest pendingReq, SingleSignOnService authnReqEndpoint, + String SAMLRequest, IRequestMessage authnRequest, HttpServletResponse response) + throws MOAIDException { + //send + try { + VelocityEngine velocityEngine = VelocityProvider.getClassPathVelocityEngine(); + Template template = velocityEngine.getTemplate("/resources/templates/eidas_postbinding_template.vm"); + VelocityContext context = new VelocityContext(); + + String actionType = "SAMLRequest"; + context.put(actionType, SAMLRequest); + context.put("RelayState", pendingReq.getRequestID()); + context.put("action", authnReqEndpoint.getLocation()); + + Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); + Logger.debug("Encoded " + actionType + " original: " + SAMLRequest); + + Logger.trace("Starting template merge"); + StringWriter writer = new StringWriter(); + + Logger.trace("Doing template merge"); + template.merge(context, writer); + + Logger.trace("Template merge done"); + Logger.trace("Sending html content: " + writer.getBuffer().toString()); + + + byte[] content = writer.getBuffer().toString().getBytes("UTF-8"); + response.setContentType(MediaType.HTML_UTF_8.toString()); + response.setContentLength(content.length); + response.getOutputStream().write(content); + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, + authnRequest.getRequest().getId()); + + } catch (Exception e) { + Logger.error("Velocity general error: " + e.getMessage()); + throw new MOAIDException("eIDAS.02", new Object[]{e.getMessage()}, e); + + } + + } + + /** + * Select a SingleSignOnService endPoint from eIDAS node metadata. + * This endPoint receives the Authn. request + * + * @param idpEntity + * @return + */ + private SingleSignOnService selectSingleSignOnServiceFromMetadata(EntityDescriptor idpEntity) { + //select SingleSignOn Service endpoint from IDP metadata + SingleSignOnService endpoint = null; + if (idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS) == null) { + return null; + + } + + for (SingleSignOnService sss : + idpEntity.getIDPSSODescriptor(SAMLConstants.SAML20P_NS).getSingleSignOnServices()) { + + // use POST binding as default if it exists + if (sss.getBinding().equals(SAMLConstants.SAML2_POST_BINDING_URI)) + endpoint = sss; + + //TODO: redirect Binding is not completely implemented + // use Redirect binding as backup +// else if ( sss.getBinding().equals(SAMLConstants.SAML2_REDIRECT_BINDING_URI) +// && endpoint == null ) +// endpoint = sss; + + } + + return endpoint; + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java new file mode 100644 index 000000000..9ead5e4fe --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java @@ -0,0 +1,141 @@ +package at.gv.egovernment.moa.id.auth.modules.eidas_v2.tasks; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.saml2.core.StatusCode; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; +import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; +import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; +import eu.eidas.auth.commons.EidasStringUtil; +import eu.eidas.auth.commons.protocol.IAuthenticationResponse; +import eu.eidas.auth.engine.ProtocolEngineI; +import eu.eidas.engine.exceptions.EIDASSAMLEngineException; + +@Component("ReceiveAuthnResponseTask") +public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { + + @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { + + try{ + //get SAML Response + String base64SamlToken = request.getParameter("SAMLResponse"); + if (MiscUtil.isEmpty(base64SamlToken)) { + Logger.warn("No eIDAS SAMLReponse found in http request."); + throw new MOAIDException("HTTP request includes no eIDAS SAML-Response element.", null); + + } + + //get MOASession + defaultTaskInitialization(request, executionContext); + + //decode SAML response + byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); + + //get eIDAS SAML-engine + ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); + + //validate SAML token + IAuthenticationResponse samlResp = engine.unmarshallResponseAndValidate(decSamlToken, + request.getRemoteHost(), + Constants.CONFIG_PROPS_SKEWTIME_BEFORE, + Constants.CONFIG_PROPS_SKEWTIME_AFTER, + pendingReq.getAuthURL() + Constants.eIDAS_HTTP_ENDPOINT_METADATA); + + if (samlResp.isEncrypted()) { + Logger.info("Received encrypted eIDAS SAML-Response."); + //TODO: check if additional decryption operation is required + + } + + + //check response StatusCode + if (!samlResp.getStatusCode().equals(StatusCode.SUCCESS_URI)) { + Logger.info("Receice eIDAS Response with StatusCode:" + samlResp.getStatusCode() + + " Subcode:" + samlResp.getSubStatusCode() + " Msg:" + samlResp.getStatusMessage()); + throw new EIDASResponseNotSuccessException("eIDAS.11", new Object[]{samlResp.getStatusMessage()}); + + } + + // ********************************************************** + // ******* MOA-ID specific response validation ********** + // ********************************************************** + String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); + + + // ********************************************************** + // ******* Store resonse infos into session object ********** + // ********************************************************** + + //update MOA-Session data with received information + Logger.debug("Store eIDAS response information into MOA-session."); + + moasession.setQAALevel(samlResp.getLevelOfAssurance()); + + moasession.setGenericDataToSession( + AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, + samlResp.getAttributes()); + + moasession.setGenericDataToSession( + AuthenticationSessionStorageConstants.eIDAS_RESPONSE, + decSamlToken); + + //set issuer nation as PVP attribute into MOASession + moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + + //store MOA-session to database + requestStoreage.storePendingRequest(pendingReq); + + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, + samlResp.getId()); + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", e); + + }catch (EIDASSAMLEngineException e) { + Logger.warn("eIDAS Response validation FAILED.", e); + Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", + new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); + + } catch (MOADatabaseException e) { + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", + new MOAIDException("init.04", new Object[]{""}, e)); + + } catch (Exception e) { + Logger.warn("eIDAS Response processing FAILED.", e); + revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); + throw new TaskExecutionException(pendingReq, e.getMessage(), + new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); + + } + + } + +} diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..8b97063bd --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.eidas_v2.eIDASAuthenticationSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml new file mode 100644 index 000000000..94b23314a --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.Authentication.process.xml @@ -0,0 +1,18 @@ + + + + + + + + + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml new file mode 100644 index 000000000..9cf22eae9 --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDAS.authmodule.beans.xml @@ -0,0 +1,14 @@ + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml new file mode 100644 index 000000000..1d851614e --- /dev/null +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/resources/moaid_eidas_v2_auth.beans.xml @@ -0,0 +1,36 @@ + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index 000851a5f..f0779b26c 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -27,7 +27,8 @@ moa-id-modules-saml1 moa-id-module-openID - moa-id-module-eIDAS + moa-id-module-eIDAS + moa-id-module-eIDAS-v2 moa-id-modules-federated_authentication moa-id-module-elga_mandate_service -- cgit v1.2.3 From c61850c5607d066a3c322794c1220f26b31103a0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 16 May 2018 09:29:09 +0200 Subject: add initial version of Security-Layer 2.0 Authentication module --- .../moa-id-module-sl20_authentication/pom.xml | 68 +++ .../moa/id/auth/modules/sl20_auth/Constants.java | 44 ++ .../sl20_auth/SL20AuthenticationModulImpl.java | 95 ++++ .../SL20AuthenticationSpringResourceProvider.java | 28 + .../auth/modules/sl20_auth/SL20SignalServlet.java | 58 ++ .../modules/sl20_auth/data/VerificationResult.java | 39 ++ .../sl20_auth/exceptions/SL20Exception.java | 19 + .../exceptions/SL20SecurityException.java | 20 + .../exceptions/SLCommandoBuildException.java | 17 + .../exceptions/SLCommandoParserException.java | 17 + .../id/auth/modules/sl20_auth/sl20/IJOSETools.java | 37 ++ .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 221 ++++++++ .../auth/modules/sl20_auth/sl20/SL20Constants.java | 180 ++++++ .../sl20_auth/sl20/SL20HttpBindingUtils.java | 42 ++ .../sl20_auth/sl20/SL20JSONBuilderUtils.java | 606 +++++++++++++++++++++ .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 259 +++++++++ .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 176 ++++++ .../sl20_auth/tasks/ReceiveQualeIDTask.java | 228 ++++++++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../src/main/resources/moaid_sl20_auth.beans.xml | 33 ++ .../main/resources/sl20.Authentication.process.xml | 20 + id/server/modules/pom.xml | 12 +- 22 files changed, 2215 insertions(+), 5 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/pom.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml new file mode 100644 index 000000000..d08e0f0ec --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -0,0 +1,68 @@ + + + 4.0.0 + + MOA.id.server.modules + moa-id-modules + ${moa-id-version} + + moa-id-module-sl20_authentication + moa-id-module-sl20_authentication + http://maven.apache.org + + + UTF-8 + ${basedir}/../../../../repository + + + + + default + + true + + + + local + local + file:${basedir}/../../../../repository + + + egiz-commons + https://demo.egiz.gv.at/int-repo/ + + true + + + + + + + + + + MOA.id.server + moa-id-lib + + + + com.google.code.gson + gson + 2.8.2 + + + org.bitbucket.b_c + jose4j + 0.6.3 + + + + + junit + junit + test + + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java new file mode 100644 index 000000000..7a58648cc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -0,0 +1,44 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +public class Constants { + + public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl"; + + public static final String CONFIG_PROP_PREFIX = "modules.sl20"; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; + + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.keystore.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD = CONFIG_PROP_PREFIX + ".security.sign.password"; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";; + public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password"; + + + public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_"; + + /** + * Only dummy data for development!!!!!! + */ + public static final String DUMMY_SIGNING_CERT = + "MIIC9zCCAd8CBFretWcwDQYJKoZIhvcNAQEOBQAwQDELMAkGA1UEBhMCQVQxDTAL\n" + + "BgNVBAoMBEVHSVoxIjAgBgNVBAMMGW93biBkdW1teSBtZXRhZGF0YSBzaWduZXIw\n" + + "HhcNMTgwNDI0MDQ0MTExWhcNMjEwMTE3MDQ0MTExWjBAMQswCQYDVQQGEwJBVDEN\n" + + "MAsGA1UECgwERUdJWjEiMCAGA1UEAwwZb3duIGR1bW15IG1ldGFkYXRhIHNpZ25l\n" + + "cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW5trHH\n" + + "Rb1s60QtGNp2v1nfMg1R6h7SzygtmO869v5bqrVBBVGmujslr7W8cZ2DLmJoQx1N\n" + + "WwhccjXTHpNPw0B70qHGch2uRNkqkizSOlwth0Ll2DJtzxTolbajYdg+xppXScUq\n" + + "WNlNZndauPSnB2CESgNkaUou4x4YVSDInugAtLvdLx8rf2YcuidI6UIXxeSZr3VO\n" + + "Z12YtddzcJ+lwh7OX8B0UvLsdYjKjefjEudyuNBmVwLv4K2LsFhSqgE1CAzk3oCb\n" + + "V2A84klaWVPiXoBiOucyouvX781WVp1aCBp0QA8gpJH7/2wRsdPQ90tjMzM7dcgY\n" + + "LDkCAwEAATANBgkqhkiG9w0BAQ4FAAOCAQEAQuYRQcCNLDYU1ItliYz9f28+KDyU\n" + + "8WjF3NDZrlJbGSKQ4n7wkBfxdK3zprmpHadWDB+aZaPt/+voE2FduzPiLUDlpazN\n" + + "60JJ5/YHZ3q9MZvdoNg6rjkpioWatoj/smUkT6oUWL/gp8tH12fOd2oJygBqXMve\n" + + "3y3qVCghnjRaMYuXcScTZcjH9yebkTLygirtw34oGVb7t+HwbtcN65fUIBly6Rcl\n" + + "8NV3pwOKhXFKDAqXUpvhebL4+tWOqPdqfIfGaE6rELfTf3icGY3CQCzDz5Gp0Ptc\n" + + "TfQqm64xnhtAruXNJXWg2ptg+GuQgWnJUgQ8wLNMxw9XdeEwlQo5dL6xmg=="; + + public static final String DUMMY_SIGNING_CERT_FINGERPRINT = "IwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJvN3l1pjzlnmoW"; + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java new file mode 100644 index 000000000..a4044ce21 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -0,0 +1,95 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class SL20AuthenticationModulImpl implements AuthModule { + + private int priority = 3; + + @Autowired(required=true) protected AuthConfiguration authConfig; + @Autowired(required=true) private AuthenticationManager authManager; + + @Override + public int getPriority() { + return priority; + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + } + + @PostConstruct + protected void initalSL20Authentication() { + //parameter to whiteList + authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE); + + } + + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context) { + if (StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase())) || + StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE))) { + Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); + return "SL20Authentication"; + + } else { + Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); + return null; + + } + + } + + /* (non-Javadoc) + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:sl20.Authentication.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java new file mode 100644 index 000000000..2658a363d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationSpringResourceProvider.java @@ -0,0 +1,28 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +public class SL20AuthenticationSpringResourceProvider implements SpringResourceProvider { + + @Override + public String getName() { + return "MOA-ID Security-Layer 2.0 Authentication SpringResourceProvider"; + } + + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource sl20AuthConfig = new ClassPathResource("/moaid_sl20_auth.beans.xml", SL20AuthenticationSpringResourceProvider.class); + + return new Resource[] {sl20AuthConfig}; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java new file mode 100644 index 000000000..87d306822 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -0,0 +1,58 @@ +/* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Controller +public class SL20SignalServlet extends AbstractProcessEngineSignalController { + + public SL20SignalServlet() { + super(); + Logger.debug("Registering servlet " + getClass().getName() + + " with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + "'."); + + } + + @RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL + }, + method = {RequestMethod.POST, RequestMethod.GET}) + public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { + signalProcessManagement(req, resp); + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java new file mode 100644 index 000000000..2a24096f9 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/data/VerificationResult.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.data; + +import java.security.cert.X509Certificate; +import java.util.List; + +import com.google.gson.JsonObject; + +public class VerificationResult { + + private Boolean validSigned = null; + private List certs = null; + private JsonObject payload = null; + + public VerificationResult(JsonObject payload) { + this.payload = payload; + + } + + public VerificationResult(JsonObject string, List certs, boolean wasValidSigned) { + this.payload = string; + this.certs = certs; + this.validSigned = wasValidSigned; + + } + + public Boolean isValidSigned() { + return validSigned; + } + public List getCertChain() { + return certs; + } + public JsonObject getPayload() { + return payload; + } + + + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java new file mode 100644 index 000000000..898bd7097 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20Exception.java @@ -0,0 +1,19 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; + +public class SL20Exception extends MOAIDException { + + private static final long serialVersionUID = 1L; + + public SL20Exception(String messageId, Object[] parameters) { + super(messageId, parameters); + + } + + public SL20Exception(String messageId, Object[] parameters, Throwable wrapped) { + super(messageId, parameters, wrapped); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java new file mode 100644 index 000000000..3bea12cb1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20SecurityException.java @@ -0,0 +1,20 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SL20SecurityException extends SL20Exception { + + private static final long serialVersionUID = 3281385988027147449L; + + public SL20SecurityException(Object[] parameters) { + super("sl20.05", parameters); + } + + public SL20SecurityException(String parameter) { + super("sl20.05", new Object[] {parameter}); + } + + public SL20SecurityException(Object[] parameters, Throwable wrapped) { + super("sl20.05", parameters, wrapped); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java new file mode 100644 index 000000000..35cf728f6 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoBuildException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SLCommandoBuildException extends SL20Exception { + + private static final long serialVersionUID = 1L; + + + public SLCommandoBuildException(String msg) { + super("sl20.01", new Object[]{msg}); + + } + + public SLCommandoBuildException(String msg, Throwable e) { + super("sl20.01", new Object[]{msg}, e); + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java new file mode 100644 index 000000000..f36e8ad82 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SLCommandoParserException.java @@ -0,0 +1,17 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SLCommandoParserException extends SL20Exception { + + private static final long serialVersionUID = 1L; + + + public SLCommandoParserException(String msg) { + super("sl20.02", new Object[]{msg}); + + } + + public SLCommandoParserException(String msg, Throwable e) { + super("sl20.02", new Object[]{msg}, e); + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java new file mode 100644 index 000000000..bcbda3faf --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java @@ -0,0 +1,37 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.security.cert.X509Certificate; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; + +public interface IJOSETools { + + /** + * Create a JWS signature + * + * @param payLoad Payload to sign + * @throws SLCommandoBuildException + */ + public String createSignature(String payLoad) throws SLCommandoBuildException; + + /** + * Validates a JWS signature + * + * @param serializedContent + * @return + * @throws SLCommandoParserException + * @throws SL20Exception + */ + public VerificationResult validateSignature(String serializedContent) throws SL20Exception; + + /** + * Get the encryption certificate for SL2.0 End-to-End encryption + * + * @return + */ + public X509Certificate getEncryptionCertificate(); + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java new file mode 100644 index 000000000..7dd5c39ab --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -0,0 +1,221 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.security.Key; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.security.cert.X509Certificate; +import java.util.List; + +import javax.annotation.PostConstruct; + +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.jose4j.jws.JsonWebSignature; +import org.jose4j.lang.JoseException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import com.google.gson.JsonElement; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.utils.X509Utils; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.KeyStoreUtils; + +@Service +public class JsonSecurityUtils implements IJOSETools{ + + @Autowired(required=true) AuthConfiguration authConfig; + private Key signPrivKey = null; + private X509Certificate[] signCertChain = null; + + private Key encPrivKey = null; + private X509Certificate[] encCertChain = null; + + @PostConstruct + protected void initalize() { + Logger.info("Initialize SL2.0 authentication security constrains ... "); + try { + KeyStore keyStore = KeyStoreUtils.loadKeyStore(getKeyStoreFilePath(), + getKeyStorePassword()); + + //load signing key + signPrivKey = keyStore.getKey(getSigningKeyAlias(), getSigningKeyPassword().toCharArray()); + Certificate[] certChainSigning = keyStore.getCertificateChain(getSigningKeyAlias()); + signCertChain = new X509Certificate[certChainSigning.length]; + for (int i=0; i x5cCerts = jws.getCertificateChainHeaderValue(); + List sortedX5cCerts = null; + if (x5cCerts == null || x5cCerts.size() < 1) { + Logger.info("Signed SL2.0 response contains NO signature certificate"); + throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate"); + + } + Logger.trace("Sorting received X509 certificates ... "); + sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + //set verification key + jws.setKey(sortedX5cCerts.get(0).getPublicKey()); + + //validate signature + boolean valid = jws.verifySignature(); + if (!valid) { + Logger.info("JWS signature invalide. Stopping authentication process ..."); + Logger.debug("Received JWS msg: " + serializedContent); + throw new SL20SecurityException("JWS signature invalide."); + + } + + //load payLoad + JsonElement sl20Req = new JsonParser().parse(jws.getPayload()); + + return new VerificationResult(sl20Req.getAsJsonObject(), sortedX5cCerts, valid) ; + + } catch (JoseException e) { + Logger.warn("SL2.0 commando signature validation FAILED", e); + throw new SL20SecurityException(new Object[]{e.getMessage()}, e); + + } + + } + + + @Override + public X509Certificate getEncryptionCertificate() { + //TODO: maybe update after SL2.0 update on encryption certificate parts + if (encCertChain !=null && encCertChain.length > 0) + return encCertChain[0]; + else + return null; + } + + private String getKeyStoreFilePath() { + return FileUtils.makeAbsoluteURL( + authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), + authConfig.getRootConfigFileDir()); + } + + private String getKeyStorePassword() { + return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim(); + + } + + private String getSigningKeyAlias() { + return authConfig.getBasicMOAIDConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); + } + + private String getSigningKeyPassword() { + return authConfig.getBasicMOAIDConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); + } + + private String getEncryptionKeyAlias() { + return authConfig.getBasicMOAIDConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); + } + + private String getEncryptionKeyPassword() { + return authConfig.getBasicMOAIDConfiguration( + Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim(); + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java new file mode 100644 index 000000000..e84dacc23 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java @@ -0,0 +1,180 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.util.Arrays; +import java.util.List; + +import org.jose4j.jws.AlgorithmIdentifiers; + +public class SL20Constants { + public static final String CURRENT_SL20_VERSION = "10"; + + //http binding parameters + public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; + public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl"; + public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; + + public static final String HTTP_HEADER_SL20_CLIENT_TYPE = "SL2ClientType"; + public static final String HTTP_HEADER_VALUE_NATIVE = "nativeApp"; + + + //******************************************************************************************* + //JSON signing and encryption headers + public static final String JSON_ALGORITHM = "alg"; + public static final String JSON_CONTENTTYPE = "cty"; + public static final String JSON_X509_CERTIFICATE = "x5c"; + public static final String JSON_X509_FINGERPRINT = "x5t#S256"; + public static final String JSON_ENCRYPTION_PAYLOAD = "enc"; + + public static final String JSON_ALGORITHM_SIGNING_RS256 = AlgorithmIdentifiers.RSA_USING_SHA256; + public static final String JSON_ALGORITHM_SIGNING_RS512 = AlgorithmIdentifiers.RSA_USING_SHA512; + public static final String JSON_ALGORITHM_SIGNING_ES256 = AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256; + public static final String JSON_ALGORITHM_SIGNING_ES512 = AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512; + public static final String JSON_ALGORITHM_SIGNING_PS256 = AlgorithmIdentifiers.RSA_PSS_USING_SHA256; + public static final String JSON_ALGORITHM_SIGNING_PS512 = AlgorithmIdentifiers.RSA_PSS_USING_SHA512; + + public static final List SL20_ALGORITHM_WHITELIST_SIGNING = Arrays.asList( + JSON_ALGORITHM_SIGNING_RS256, + JSON_ALGORITHM_SIGNING_RS512, + JSON_ALGORITHM_SIGNING_ES256, + JSON_ALGORITHM_SIGNING_ES512, + JSON_ALGORITHM_SIGNING_PS256, + JSON_ALGORITHM_SIGNING_PS512 + ); + + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = "RSA-OAEP"; + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 = "RSA-OAEP-256"; + + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = "A128CBC-HS256"; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512 = "A256CBC-HS512"; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128GCM = "A128GCM"; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = "A256GCM"; + + + + //********************************************************************************************* + //Object identifier for generic transport container + public static final String SL20_CONTENTTYPE_SIGNED_COMMAND ="application/sl2.0;command"; + public static final String SL20_CONTENTTYPE_ENCRYPTED_RESULT ="application/sl2.0;result"; + + public static final String SL20_VERSION = "v"; + public static final String SL20_REQID = "reqID"; + public static final String SL20_RESPID = "respID"; + public static final String SL20_INRESPTO = "inResponseTo"; + public static final String SL20_TRANSACTIONID = "transactionID"; + public static final String SL20_PAYLOAD = "payload"; + public static final String SL20_SIGNEDPAYLOAD = "signedPayload"; + + //Generic Object identifier for commands + public static final String SL20_COMMAND_CONTAINER_NAME = "name"; + public static final String SL20_COMMAND_CONTAINER_PARAMS = "params"; + public static final String SL20_COMMAND_CONTAINER_RESULT = "result"; + public static final String SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT = "encryptedResult"; + + //COMMAND Object identifier + public static final String SL20_COMMAND_IDENTIFIER_REDIRECT = "redirect"; + public static final String SL20_COMMAND_IDENTIFIER_CALL = "call"; + public static final String SL20_COMMAND_IDENTIFIER_ERROR = "error"; + public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID"; + public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig"; + + public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey"; + public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert"; + + public static final String SL20_COMMAND_IDENTIFIER_AUTH_IDANDPASSWORD = "idAndPassword"; + public static final String SL20_COMMAND_IDENTIFIER_AUTH_JWSTOKENFACTOR = "jwsTokenAuth"; + public static final String SL20_COMMAND_IDENTIFIER_AUTH_QRCODEFACTOR = "qrCodeFactor"; + + //*****COMMAND parameter identifier****** + //general Identifier + public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE = "value"; + public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY = "key"; + public static final String SL20_COMMAND_PARAM_GENERAL_DATAURL = "dataUrl"; + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE = "x5cEnc"; + + //Redirect command + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL = "url"; + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND = "command"; + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND = "signedCommand"; + public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT = "IPCRedirect"; + + //Call command + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_URL = SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD = "method"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET = "get"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_POST = "post"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID = "includeTransactionID"; + public static final String SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER = "reqParams"; + + //error command + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE = "errorCode"; + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE = "errorMessage"; + + //qualified eID command + public static final String SL20_COMMAND_PARAM_EID_AUTHBLOCKID = "authBlockTemplateID"; + public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-FRIENDLYNAME"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-UNIQUEID"; + public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK"; + public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK"; + public static final String SL20_COMMAND_PARAM_EID_RESULT_CCSURL = "EID-CCS-URL"; + public static final String SL20_COMMAND_PARAM_EID_RESULT_LOA = "EID-CITIZEN-QAA-LEVEL"; + + //qualified Signature comamnd + public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + + //create binding key command + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_SN = "SN"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH = "keyLength"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG = "keyAlg"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES = "policies"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST = "x5cVdaTrust"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD = "reqUserPassword"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_RSA = "RSA"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG_SECPR256R1 = "secp256r1"; + + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_LIFETIME = "lifeTime"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_USESECUREELEMENT = "useSecureElement"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_KEYTIMEOUT = "keyTimeout"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES_NEEDUSERAUTH = "needUserAuth"; + + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID = "appID"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR = "csr"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE = "attCert"; + public static final String SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD = "encodedPass"; + + + //store binding certificate command + public static final String SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE = "x5c"; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS = "success"; + public static final String SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE = "OK"; + + // Username and password authentication + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG = "keyAlg"; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG_VALUE_PLAIN = "plain"; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG_VALUE_PBKDF2 = "PBKDF2"; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID = SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID; + public static final String SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD = SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD; + + //JWS Token authentication + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE = "nonce"; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA = "displayData"; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL = "displayUrl"; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE = SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE; + + //QR-Code authentication + public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_QRCODE = "qrCode"; + public static final String SL20_COMMAND_PARAM_AUTH_QRCODE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java new file mode 100644 index 000000000..cfffed881 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.io.IOException; +import java.io.StringWriter; +import java.io.UnsupportedEncodingException; +import java.net.URISyntaxException; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.ContentType; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moaspss.logging.Logger; + +public class SL20HttpBindingUtils { + + public static void writeIntoResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20Forward, String redirectURL) throws IOException, URISyntaxException { + //forward SL2.0 command + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + Logger.debug("Client request containts 'native client' header ... "); + StringWriter writer = new StringWriter(); + writer.write(sl20Forward.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + } else { + Logger.debug("Client request containts is no native client ... "); + URIBuilder clientRedirectURI = new URIBuilder(redirectURL); + clientRedirectURI.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Forward.toString()); + response.sendRedirect(clientRedirectURI.build().toString()); + + } + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java new file mode 100644 index 000000000..52d7e1e67 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java @@ -0,0 +1,606 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.security.cert.CertificateEncodingException; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Base64; +import java.util.List; +import java.util.Map; +import java.util.Map.Entry; + +import com.google.gson.JsonArray; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; + +public class SL20JSONBuilderUtils { + + /** + * Create command request + * @param name + * @param params + * @throws SLCommandoBuildException + * @return + */ + public static JsonObject createCommand(String name, JsonElement params) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); + return command; + + } + + /** + * Create signed command request + * + * @param name + * @param params + * @param signer + * @return + * @throws SLCommandoBuildException + */ + public static String createSignedCommand(String name, JsonElement params, IJOSETools signer) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addSingleJSONElement(command, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, params, true); + return signer.createSignature(command.toString()); + + } + + + /** + * Create encrypted command result + * + * @param result + * @param encrypter + * @return + * @throws SLCommandoBuildException + */ + public static String createEncryptedCommandoResult(JsonObject result, JsonSecurityUtils encrypter) throws SLCommandoBuildException { + //TODO: add real implementation + //create header and footer + String dummyHeader = createJsonEncryptionHeader(encrypter).toString(); + String payLoad = result.toString(); + String dummyFooter = createJsonSignedFooter(encrypter); + + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(payLoad.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); + + } + + + /** + * Create command result + * + * @param name + * @param result + * @param encryptedResult + * @throws SLCommandoBuildException + * @return + */ + public static JsonObject createCommandResponse(String name, JsonElement result, String encryptedResult) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addOnlyOnceOfTwo(command, + SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, + result, encryptedResult); + return command; + + } + + /** + * Create command result + * + * @param name + * @param result + * @param encryptedResult + * @throws SLCommandoBuildException + * @return + */ + public static String createSignedCommandResponse(String name, JsonElement result, String encryptedResult, JsonSecurityUtils signer) throws SLCommandoBuildException { + JsonObject command = new JsonObject(); + addSingleStringElement(command, SL20Constants.SL20_COMMAND_CONTAINER_NAME, name, true); + addOnlyOnceOfTwo(command, + SL20Constants.SL20_COMMAND_CONTAINER_RESULT, SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT, + result, encryptedResult); + String encodedCommand = command.toString(); + + //TODO: add real implementation + //create header and footer + String dummyHeader = createJsonSignedHeader(signer).toString(); + String dummyFooter = createJsonSignedFooter(signer); + + return Base64.getUrlEncoder().encodeToString(dummyHeader.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(encodedCommand.getBytes()) + "." + + Base64.getUrlEncoder().encodeToString(dummyFooter.getBytes()); + + } + + /** + * Create parameters for Redirect command + * + * @param url + * @param command + * @param signedCommand + * @param ipcRedirect + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createRedirectCommandParameters(String url, JsonElement command, JsonElement signedCommand, Boolean ipcRedirect) throws SLCommandoBuildException{ + JsonObject redirectReqParams = new JsonObject(); + addOnlyOnceOfTwo(redirectReqParams, + SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, + command, signedCommand); + addSingleStringElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, url, false); + addSingleBooleanElement(redirectReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_IPCREDIRECT, ipcRedirect, false); + return redirectReqParams; + + } + + /** + * Create parameters for Call command + * + * @param url + * @param method + * @param includeTransactionId + * @param reqParameters + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createCallCommandParameters(String url, String method, Boolean includeTransactionId, Map reqParameters) throws SLCommandoBuildException { + JsonObject callReqParams = new JsonObject(); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_URL, url, true); + addSingleStringElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD, method, true); + addSingleBooleanElement(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_INCLUDETRANSACTIONID, includeTransactionId, false); + addArrayOfStringElements(callReqParams, SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_REQPARAMETER, reqParameters); + return callReqParams; + + } + + /** + * Create result for Error command + * + * @param errorCode + * @param errorMsg + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createErrorCommandResult(String errorCode, String errorMsg) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, errorCode, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, errorMsg, true); + return result; + + } + + + /** + * Create parameters for qualifiedeID command + * + * @param authBlockId + * @param dataUrl + * @param additionalReqParameters + * @param x5cEnc + * @return + * @throws CertificateEncodingException + * @throws SLCommandoBuildException + */ + public static JsonObject createQualifiedeIDCommandParameters(String authBlockId, String dataUrl, + Map additionalReqParameters, X509Certificate x5cEnc) throws CertificateEncodingException, SLCommandoBuildException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_AUTHBLOCKID, authBlockId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_DATAURL, dataUrl, true); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES, additionalReqParameters); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_EID_X5CENC, x5cEnc, false); + return params; + + } + + /** + * Create result for qualifiedeID command + * + * @param idl + * @param authBlock + * @param ccsURL + * @param LoA + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createQualifiedeIDCommandResult(byte[] idl, byte[] authBlock, String ccsURL, String LoA) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, idl, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, authBlock, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, ccsURL, true); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, LoA, true); + return result; + + } + + + /** + * Create Binding-Key command parameters + * + * @param kontoId + * @param subjectName + * @param keySize + * @param keyAlg + * @param policies + * @param dataUrl + * @param x5cVdaTrust + * @param reqUserPassword + * @param x5cEnc + * @return + * @throws SLCommandoBuildException + * @throws CertificateEncodingException + */ + public static JsonObject createBindingKeyCommandParams(String kontoId, String subjectName, int keySize, String keyAlg, + Map policies, String dataUrl, X509Certificate x5cVdaTrust, Boolean reqUserPassword, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID, kontoId, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_SN, subjectName, true); + addSingleNumberElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYLENGTH, keySize, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_KEYALG, keyAlg, true); + addArrayOfStringElements(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_POLICIES, policies); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CVDATRUST, x5cVdaTrust, false); + addSingleBooleanElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_REQUESTUSERPASSWORD, reqUserPassword, false); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_X5CENC, x5cEnc, false); + return params; + + } + + /** + * Create Binding-Key command result + * + * @param appId + * @param csr + * @param attCert + * @param password + * @return + * @throws SLCommandoBuildException + * @throws CertificateEncodingException + */ + public static JsonObject createBindingKeyCommandResult(String appId, byte[] csr, X509Certificate attCert, byte[] password) throws SLCommandoBuildException, CertificateEncodingException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_APPID, appId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_CSR, csr, true); + addSingleCertificateElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_KEYATTESTATIONZERTIFICATE, attCert, false); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_CREATE_RESULT_USERPASSWORD, password, false); + return result; + + } + + /** + * Create Store Binding-Certificate command parameters + * + * @param cert + * @param dataUrl + * @return + * @throws CertificateEncodingException + * @throws SLCommandoBuildException + */ + public static JsonObject createStoreBindingCertCommandParams(X509Certificate cert, String dataUrl) throws CertificateEncodingException, SLCommandoBuildException { + JsonObject params = new JsonObject(); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_CERTIFICATE, cert, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_DATAURL, dataUrl, true); + return params; + + } + + /** + * Create Store Binding-Certificate command result + * + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createStoreBindingCertCommandSuccessResult() throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS, + SL20Constants.SL20_COMMAND_PARAM_BINDING_STORE_RESULT_SUCESS_VALUE, true); + return result; + + } + + + /** + * Create idAndPassword command parameters + * + * @param keyAlg + * @param dataUrl + * @param x5cEnc + * @return + * @throws SLCommandoBuildException + * @throws CertificateEncodingException + */ + public static JsonObject createIdAndPasswordCommandParameters(String keyAlg, String dataUrl, X509Certificate x5cEnc) throws SLCommandoBuildException, CertificateEncodingException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_KEYALG, keyAlg, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_DATAURL, dataUrl, true); + addSingleCertificateElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_X5CENC, x5cEnc, false); + return params; + + } + + /** + * Create idAndPassword command result + * + * @param kontoId + * @param password + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createIdAndPasswordCommandResult(String kontoId, byte[] password) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_KONTOID, kontoId, true); + addSingleByteElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_IDANDPASSWORD_RESULT_USERPASSWORD, password, true); + return result; + + } + + /** + * Create JWS Token Authentication command + * + * @param nonce + * @param dataUrl + * @param displayData + * @param displayUrl + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createJwsTokenAuthCommandParams(String nonce, String dataUrl, List displayData, List displayUrl) throws SLCommandoBuildException { + JsonObject params = new JsonObject(); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_NONCE, nonce, true); + addSingleStringElement(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DATAURL, dataUrl, true); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYDATA, displayData); + addArrayOfStrings(params, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_DISPLAYURL, displayUrl); + return params; + + } + + /** + * Create JWS Token Authentication command result + * + * @param nonce + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createJwsTokenAuthCommandResult(String nonce) throws SLCommandoBuildException { + JsonObject result = new JsonObject(); + addSingleStringElement(result, SL20Constants.SL20_COMMAND_PARAM_AUTH_JWSTOKEN_RESULT_NONCE, nonce, true); + return result; + + } + + + /** + * Create Generic Request Container + * + * @param reqId + * @param transactionId + * @param payLoad + * @param signedPayload + * @return + * @throws SLCommandoBuildException + */ + public static JsonObject createGenericRequest(String reqId, String transactionId, JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { + JsonObject req = new JsonObject(); + addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true); + addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + payLoad, signedPayload); + return req; + + } + + /** + * Create Generic Response Container + * + * @param respId + * @param inResponseTo + * @param transactionId + * @param payLoad + * @param signedPayload + * @return + * @throws SLCommandoBuildException + */ + public static final JsonObject createGenericResponse(String respId, String inResponseTo, String transactionId, + JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { + + JsonObject req = new JsonObject(); + addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true); + addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true); + addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); + addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + payLoad, signedPayload); + return req; + + } + + /** + * Add one element of two possible elements
+ * This method adds either the first element or the second element to parent JSON, but never both. + * + * @param parent Parent JSON element + * @param firstKeyId first element Id + * @param secondKeyId second element Id + * @param first first element + * @param second second element + * @throws SLCommandoBuildException + */ + public static void addOnlyOnceOfTwo(JsonObject parent, String firstKeyId, String secondKeyId, JsonElement first, String second) throws SLCommandoBuildException { + if (first == null && (second == null || second.isEmpty())) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); + + else if (first != null && second != null) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " can not SET TWICE"); + + else if (first != null) + parent.add(firstKeyId, first); + + else if (second != null && !second.isEmpty()) + parent.addProperty(secondKeyId, second); + + else + throw new SLCommandoBuildException("Internal build error"); + } + + + + //TODO!!!! + private static JsonObject createJsonSignedHeader(JsonSecurityUtils signer) throws SLCommandoBuildException { + JsonObject header = new JsonObject(); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_SIGNING_RS256, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_SIGNED_COMMAND, true); + addArrayOfStrings(header, SL20Constants.JSON_X509_CERTIFICATE, Arrays.asList(Constants.DUMMY_SIGNING_CERT)); + + return header; + } + + //TODO!!!! + private static JsonObject createJsonEncryptionHeader(JsonSecurityUtils signer) throws SLCommandoBuildException { + JsonObject header = new JsonObject(); + addSingleStringElement(header, SL20Constants.JSON_ALGORITHM, SL20Constants.JSON_ALGORITHM_ENC_KEY_RSAOAEP, true); + addSingleStringElement(header, SL20Constants.JSON_ENCRYPTION_PAYLOAD, SL20Constants.JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, true); + addSingleStringElement(header, SL20Constants.JSON_CONTENTTYPE, SL20Constants.SL20_CONTENTTYPE_ENCRYPTED_RESULT, true); + addSingleStringElement(header, SL20Constants.JSON_X509_FINGERPRINT, Constants.DUMMY_SIGNING_CERT_FINGERPRINT, true); + + return header; + } + + //TODO!!!! + private static String createJsonSignedFooter(JsonSecurityUtils signer) { + return "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7\n" + + " AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4\n" + + " BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K\n" + + " 0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv\n" + + " hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB\n" + + " p0igcN_IoypGlUPQGe77Rw"; + } + + + + private static void addArrayOfStrings(JsonObject parent, String keyId, List values) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + if (values != null) { + JsonArray callReqParamsArray = new JsonArray(); + parent.add(keyId, callReqParamsArray ); + for(String el : values) + callReqParamsArray.add(el); + + } + } + + + private static void addArrayOfStringElements(JsonObject parent, String keyId, Map keyValuePairs) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + if (keyValuePairs != null) { + JsonArray callReqParamsArray = new JsonArray(); + parent.add(keyId, callReqParamsArray ); + + for(Entry el : keyValuePairs.entrySet()) { + JsonObject callReqParams = new JsonObject(); + //callReqParams.addProperty(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY, el.getKey()); + //callReqParams.addProperty(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE, el.getValue()); + callReqParams.addProperty(el.getKey(), el.getValue()); + callReqParamsArray.add(callReqParams); + + } + } + } + + private static void addSingleCertificateElement(JsonObject parent, String keyId, X509Certificate cert, boolean isRequired) throws CertificateEncodingException, SLCommandoBuildException { + if (cert != null) + addSingleByteElement(parent, keyId, cert.getEncoded(), isRequired); + + else if (isRequired) + throw new SLCommandoBuildException(keyId + " is marked as REQUIRED"); + + } + + + + private static void addSingleByteElement(JsonObject parent, String keyId, byte[] value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has NULL value"); + + else if (value != null) + parent.addProperty(keyId, Base64.getEncoder().encodeToString(value)); + + } + + private static void addSingleBooleanElement(JsonObject parent, String keyId, Boolean value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has a NULL value"); + + else if (value != null) + parent.addProperty(keyId, value); + + } + + private static void addSingleNumberElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has a NULL value"); + + else if (value != null) + parent.addProperty(keyId, value);; + + } + + private static void addSingleStringElement(JsonObject parent, String keyId, String value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && (value == null || value.isEmpty())) + throw new SLCommandoBuildException(keyId + " has an empty value"); + + else if (value != null && !value.isEmpty()) + parent.addProperty(keyId, value); + + } + + private static void addSingleJSONElement(JsonObject parent, String keyId, JsonElement element, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && element == null) + throw new SLCommandoBuildException("No commando name included"); + + else if (element != null) + parent.add(keyId, element); + + } + + private static void addOnlyOnceOfTwo(JsonObject parent, String firstKeyId, String secondKeyId, JsonElement first, JsonElement second) throws SLCommandoBuildException { + if (first == null && second == null) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " is NULL"); + + else if (first != null && second != null) + throw new SLCommandoBuildException(firstKeyId + " and " + secondKeyId + " can not SET TWICE"); + + else if (first != null) + parent.add(firstKeyId, first); + + else if (second != null) + parent.add(secondKeyId, second); + + else + throw new SLCommandoBuildException("Internal build error"); + } + + private static void validateParentAndKey(JsonObject parent, String keyId) throws SLCommandoBuildException { + if (parent == null) + throw new SLCommandoBuildException("NO parent JSON element"); + + if (keyId == null || keyId.isEmpty()) + throw new SLCommandoBuildException("NO JSON element identifier"); + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java new file mode 100644 index 000000000..e1444c95f --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -0,0 +1,259 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; + +import java.io.InputStreamReader; +import java.net.URLDecoder; +import java.util.Base64; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Map; +import java.util.Map.Entry; + +import org.apache.http.Header; +import org.apache.http.HttpResponse; +import org.apache.http.client.utils.URIBuilder; +import org.apache.log4j.Logger; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; + +public class SL20JSONExtractorUtils { + private static final Logger log = Logger.getLogger(SL20JSONExtractorUtils.class); + + /** + * Extract String value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static String getStringValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + try { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) + return internal.getAsString(); + else + return null; + + } catch (SLCommandoParserException e) { + throw e; + + } catch (Exception e) { + throw new SLCommandoParserException("Can not extract String value with keyId: " + keyID, e); + + } + } + + /** + * Extract Boolean value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static boolean getBooleanValue(JsonObject input, String keyID, boolean isRequired, boolean defaultValue) throws SLCommandoParserException { + try { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) + return internal.getAsBoolean(); + else + return defaultValue; + + } catch (SLCommandoParserException e) { + throw e; + + } catch (Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract JSONObject value from JSON + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getJSONObjectValue(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + try { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + if (internal != null) + return internal.getAsJsonObject(); + else + return null; + + } catch (SLCommandoParserException e) { + throw e; + + } catch (Exception e) { + throw new SLCommandoParserException("Can not extract Boolean value with keyId: " + keyID, e); + + } + } + + /** + * Extract Map of Key/Value pairs from a JSON Array + * + * @param input + * @param keyID + * @param isRequired + * @return + * @throws SLCommandoParserException + */ + public static Map getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + JsonElement internal = getAndCheck(input, keyID, isRequired); + + Map result = new HashMap(); + + if (internal != null) { + if (!internal.isJsonArray()) + throw new SLCommandoParserException("JSON Element IS NOT a JSON array"); + + Iterator arrayIterator = internal.getAsJsonArray().iterator(); + while(arrayIterator.hasNext()) { + //JsonObject next = arrayIterator.next().getAsJsonObject(); + //result.put( + // next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY).getAsString(), + // next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE).getAsString()); + JsonElement next = arrayIterator.next(); + Iterator> entry = next.getAsJsonObject().entrySet().iterator(); + while (entry.hasNext()) { + Entry el = entry.next(); + if (result.containsKey(el.getKey())) + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); + + result.put(el.getKey(), el.getValue().getAsString()); + + } + } + } + + return result; + } + + + public static JsonElement extractSL20Result(JsonObject command, JsonSecurityUtils encrypter, boolean mustBeEncrypted) throws SLCommandoParserException { + JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); + JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); + + if (result == null && encryptedResult == null) + throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); + + else if (result == null && encryptedResult == null) + throw new SLCommandoParserException("result AND encryptedResultFOUND. Can not used twice"); + + else if (encryptedResult == null && mustBeEncrypted) + throw new SLCommandoParserException("result MUST be signed."); + + else if (result != null) + return result; + + else if (encryptedResult != null) { + //TODO: Add correct signature validation + String[] signedPayload = encryptedResult.toString().split("\\."); + JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); + return payLoad; + + } else + throw new SLCommandoParserException("Internal build error"); + + + } + + /** + * Extract payLoad from generic transport container + * + * @param container + * @param joseTools + * @return + * @throws SLCommandoParserException + */ + public static VerificationResult extractSL20PayLoad(JsonObject container, IJOSETools joseTools, boolean mustBeSigned) throws SL20Exception { + + JsonElement sl20Payload = container.get(SL20Constants.SL20_PAYLOAD); + JsonElement sl20SignedPayload = container.get(SL20Constants.SL20_SIGNEDPAYLOAD); + + if (mustBeSigned && joseTools == null) + throw new SLCommandoParserException("'joseTools' MUST be set if 'mustBeSigned' is 'true'"); + + if (sl20Payload == null && sl20SignedPayload == null) + throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); + + else if (sl20Payload == null && sl20SignedPayload == null) + throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice"); + + else if (sl20SignedPayload == null && mustBeSigned) + throw new SLCommandoParserException("payLoad MUST be signed."); + + else if (sl20Payload != null) + return new VerificationResult(sl20Payload.getAsJsonObject()); + + else if (sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) + return joseTools.validateSignature(sl20SignedPayload.getAsString()); + + else + throw new SLCommandoParserException("Internal build error"); + + + } + + + /** + * Extract generic transport container from httpResponse + * + * @param httpResp + * @return + * @throws SLCommandoParserException + */ + public static JsonObject getSL20ContainerFromResponse(HttpResponse httpResp) throws SLCommandoParserException { + try { + JsonObject sl20Resp = null; + if (httpResp.getStatusLine().getStatusCode() == 307) { + Header[] locationHeader = httpResp.getHeaders("Location"); + if (locationHeader == null) + throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); + + String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); + sl20Resp = new JsonParser().parse(URLDecoder.decode(sl20RespString)).getAsJsonObject(); + + } else if (httpResp.getStatusLine().getStatusCode() == 200) { + if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8")) + throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); + + sl20Resp = new JsonParser().parse(new InputStreamReader(httpResp.getEntity().getContent())).getAsJsonObject(); + + } else + throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); + + return sl20Resp; + + } catch (Exception e) { + throw new SLCommandoParserException("SL20 response parsing FAILED! Reason: " + e.getMessage(), e); + + } + } + + private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { + JsonElement internal = input.get(keyID); + + if (internal == null && isRequired) + throw new SLCommandoParserException("REQUIRED Element with keyId: " + keyID + " does not exist"); + + return internal; + + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java new file mode 100644 index 000000000..1e15e893e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -0,0 +1,176 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.io.StringWriter; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; + +import javax.net.ssl.SSLSocketFactory; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.HttpResponse; +import org.apache.http.NameValuePair; +import org.apache.http.client.entity.UrlEncodedFormEntity; +import org.apache.http.client.methods.HttpPost; +import org.apache.http.client.utils.URIBuilder; +import org.apache.http.entity.ContentType; +import org.apache.http.impl.client.CloseableHttpClient; +import org.apache.http.message.BasicNameValuePair; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonObject; + +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; + +@Component("CreateQualeIDRequestTask") +public class CreateQualeIDRequestTask extends AbstractAuthServletTask { + + @Autowired(required=true) private IJOSETools joseTools; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Starting SL2.0 authentication process .... "); + + try { + //get service-provider configuration + IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + + //get basic configuration parameters + String vdaQualeIDUrl = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID); + if (MiscUtil.isEmpty(vdaQualeIDUrl)) { + Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + ")"); + throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); + + } + + String authBlockId = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID); + if (MiscUtil.isEmpty(authBlockId)) { + Logger.error("NO AuthBlock Template identifier for qualified eID (" + Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID + ")"); + throw new SL20Exception("sl20.03", new Object[]{"NO AuthBlock Template identifier for qualified eID"}); + + } + + //build DataURL for qualified eID response + String dataURL = new DataURLBuilder().buildDataURL( + pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getRequestID()); +// String dataURL = new DataURLBuilder().buildDataURL( +// "http://labda.iaik.tugraz.at:8080/moa-id-auth/", Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getRequestID()); + + //build qualifiedeID command + Map qualifiedeIDParams = new HashMap(); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getPublicURLPrefix()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName()); + //qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString()); + + JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters( + authBlockId, + dataURL, + qualifiedeIDParams, + joseTools.getEncryptionCertificate()); + + String qualeIDReqId = UUID.randomUUID().toString(); + String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools); + JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); + + //open http client + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( + authConfig, + vdaQualeIDUrl); + CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( + sslFactory, + authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + + //build post request + HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); + httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); + List parameters = new ArrayList();; + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Req.toString())); + httpReq.setEntity(new UrlEncodedFormEntity(parameters )); + + //request VDA + HttpResponse httpResp = httpClient.execute(httpReq); + + //parse response + Logger.info("Receive response from VDA ... "); + JsonObject sl20Resp = SL20JSONExtractorUtils.getSL20ContainerFromResponse(httpResp); + VerificationResult respPayloadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20Resp, null, false); + + if (respPayloadContainer.isValidSigned() == null) { + Logger.debug("Receive unsigned payLoad from VDA"); + + } + + JsonObject respPayload = respPayloadContainer.getPayload(); + if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT)) { + Logger.debug("Find 'redirect' command in VDA response ... "); + JsonObject params = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, true); + String redirectURL = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL, true); + JsonObject command = SL20JSONExtractorUtils.getJSONObjectValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_COMMAND, false); + String signedCommand = SL20JSONExtractorUtils.getStringValue(params, SL20Constants.SL20_COMMAND_PARAM_GENERAL_REDIRECT_SIGNEDCOMMAND, false); + + //create forward SL2.0 command + JsonObject sl20Forward = sl20Resp.deepCopy().getAsJsonObject(); + SL20JSONBuilderUtils.addOnlyOnceOfTwo(sl20Forward, + SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, + command, signedCommand); + + //store pending request + pendingReq.setGenericDataToSession(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + qualeIDReqId); + requestStoreage.storePendingRequest(pendingReq); + + //forward SL2.0 command + SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL); + + } else { + //TODO: update to add error handling + Logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()); + + } + + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + + + + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java new file mode 100644 index 000000000..6d2163ff1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -0,0 +1,228 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.io.ByteArrayInputStream; +import java.io.StringWriter; +import java.security.cert.X509Certificate; +import java.util.Calendar; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.http.entity.ContentType; +import org.jose4j.keys.X509Util; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; + +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; +import iaik.esi.sva.util.X509Utils; +import iaik.utils.Util; + +@Component("ReceiveQualeIDTask") +public class ReceiveQualeIDTask extends AbstractAuthServletTask { + + @Autowired(required=true) private IJOSETools joseTools; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Receiving SL2.0 response process .... "); + try { + //get SL2.0 command or result from HTTP request + Map reqParams = getParameters(request); + String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + if (MiscUtil.isEmpty(sl20Result)) { + Logger.info("NO SL2.0 commando or result FOUND."); + throw new SL20Exception("sl20.04", null); + + } + + + //parse SL2.0 command/result into JSON + JsonObject sl20ReqObj = null; + try { + JsonParser jsonParser = new JsonParser(); + JsonElement sl20Req = jsonParser.parse(sl20Result); + sl20ReqObj = sl20Req.getAsJsonObject(); + + } catch (JsonSyntaxException e) { + Logger.warn("SL2.0 command or result is NOT valid JSON.", e); + Logger.debug("SL2.0 msg: " + sl20Result); + throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); + + } + + //validate reqId with inResponseTo + String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); + if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { + Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + } + + + //validate signature + //TODO: + VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true); + if (payLoadContainer.isValidSigned() == null || + !payLoadContainer.isValidSigned()) { + Logger.info("SL20 result from VDA was not valid signed"); + throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); + + } + + //TODO validate certificate + List sigCertChain = payLoadContainer.getCertChain(); + + //extract payloaf + JsonObject payLoad = payLoadContainer.getPayload(); + + //check response type + if (SL20JSONExtractorUtils.getStringValue( + payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) { + Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... "); + + + //TODO: add decryption + JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(payLoad, null, false); + + + //extract attributes from result + String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true); + String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true); + String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true); + String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true); + + + //TODO: validate results + + + //add into session + defaultTaskInitialization(request, executionContext); + moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink()); + moasession.setBkuURL(ccsURL); + //TODO: from AuthBlock + moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); + moasession.setQAALevel(LoA); + + //mark as authenticated + moasession.setAuthenticated(true); + pendingReq.setAuthenticated(true); + + //store pending request + requestStoreage.storePendingRequest(pendingReq); + + //create response + Map reqParameters = new HashMap(); + reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); + JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), + SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, + false, + reqParameters); + JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + + //build first redirect command for app + JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true); + JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + + //build second redirect command for IDP + JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), + redirectOneCommand, null, true); + JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + + //build generic SL2.0 response container + String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + transactionId, + redirectTwoCommand, + null); + + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + Logger.debug("Client request containts 'native client' header ... "); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + + } else { + Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + throw new SL20Exception("sl20.06", + new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); + + } + + } else { + Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + } + + + } catch (MOAIDException e) { + Logger.warn("ERROR:", e); + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("ERROR:", e); + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + } + + + private JsonObject createRedirectCommand() { + + + return null; + + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..48a3d2450 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.sl20_auth.SL20AuthenticationSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml new file mode 100644 index 000000000..37551b3f5 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml @@ -0,0 +1,33 @@ + + + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml new file mode 100644 index 000000000..bcd74f84c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + + + + diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml index f0779b26c..a9aed2d24 100644 --- a/id/server/modules/pom.xml +++ b/id/server/modules/pom.xml @@ -1,5 +1,5 @@ - + + 4.0.0 @@ -28,13 +28,15 @@ moa-id-module-openID moa-id-module-eIDAS - moa-id-module-eIDAS-v2 + moa-id-modules-federated_authentication moa-id-module-elga_mandate_service moa-id-module-ssoTransfer moa-id-module-bkaMobilaAuthSAML2Test - + + moa-id-module-sl20_authentication + @@ -62,4 +64,4 @@ - + \ No newline at end of file -- cgit v1.2.3 From 5fe7b654e6526b34ab917411424faf93586df85f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 17 May 2018 08:37:48 +0200 Subject: add result decryption for SL2.0 authentication module --- .../id/auth/modules/sl20_auth/sl20/IJOSETools.java | 12 +++++++ .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 39 ++++++++++++++++++++++ .../auth/modules/sl20_auth/sl20/SL20Constants.java | 25 ++++++++++---- .../sl20_auth/sl20/SL20HttpBindingUtils.java | 3 +- .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 21 ++++++++---- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 5 +-- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 12 +++---- 7 files changed, 93 insertions(+), 24 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java index bcbda3faf..6fd1c3c4d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/IJOSETools.java @@ -2,8 +2,11 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; import java.security.cert.X509Certificate; +import com.google.gson.JsonElement; + import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; @@ -33,5 +36,14 @@ public interface IJOSETools { * @return */ public X509Certificate getEncryptionCertificate(); + + /** + * Decrypt a serialized JWE token + * + * @param compactSerialization Serialized JWE token + * @return decrypted payload + * @throws SL20Exception + */ + public JsonElement decryptPayload(String compactSerialization) throws SL20Exception; } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index 7dd5c39ab..e0965c712 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -11,6 +11,7 @@ import javax.annotation.PostConstruct; import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jwe.JsonWebEncryption; import org.jose4j.jws.AlgorithmIdentifiers; import org.jose4j.jws.JsonWebSignature; import org.jose4j.lang.JoseException; @@ -19,6 +20,7 @@ import org.springframework.stereotype.Service; import com.google.gson.JsonElement; import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; @@ -177,6 +179,43 @@ public class JsonSecurityUtils implements IJOSETools{ } + + @Override + public JsonElement decryptPayload(String compactSerialization) throws SL20Exception { + try { + JsonWebEncryption receiverJwe = new JsonWebEncryption(); + + //set security constrains + receiverJwe.setAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_KEYENCRYPTION.size()]))); + receiverJwe.setContentEncryptionAlgorithmConstraints( + new AlgorithmConstraints(ConstraintType.WHITELIST, + SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_ENCRYPTION.size()]))); + + //set payload + receiverJwe.setCompactSerialization(compactSerialization); + + //TODO: validate key from header against key from config + + //decrypt payload + receiverJwe.setKey(encPrivKey); + + return new JsonParser().parse(receiverJwe.getPlaintextString()); + + } catch (JoseException e) { + Logger.warn("SL2.0 result decryption FAILED", e); + throw new SL20SecurityException(new Object[]{e.getMessage()}, e); + + } catch ( JsonSyntaxException e) { + Logger.warn("Decrypted SL2.0 result is NOT a valid JSON.", e); + throw new SLCommandoParserException("Decrypted SL2.0 result is NOT a valid JSON.", e); + + } + + } + + @Override public X509Certificate getEncryptionCertificate() { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java index e84dacc23..b855c3cac 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java @@ -3,6 +3,8 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; import java.util.Arrays; import java.util.List; +import org.jose4j.jwe.ContentEncryptionAlgorithmIdentifiers; +import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; import org.jose4j.jws.AlgorithmIdentifiers; public class SL20Constants { @@ -41,14 +43,25 @@ public class SL20Constants { JSON_ALGORITHM_SIGNING_PS512 ); - public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = "RSA-OAEP"; - public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 = "RSA-OAEP-256"; + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP = KeyManagementAlgorithmIdentifiers.RSA_OAEP; + public static final String JSON_ALGORITHM_ENC_KEY_RSAOAEP256 = KeyManagementAlgorithmIdentifiers.RSA_OAEP_256; - public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = "A128CBC-HS256"; - public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512 = "A256CBC-HS512"; - public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128GCM = "A128GCM"; - public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = "A256GCM"; + public static final List SL20_ALGORITHM_WHITELIST_KEYENCRYPTION = Arrays.asList( + JSON_ALGORITHM_ENC_KEY_RSAOAEP, + JSON_ALGORITHM_ENC_KEY_RSAOAEP256 + ); + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256 = ContentEncryptionAlgorithmIdentifiers.AES_128_CBC_HMAC_SHA_256; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512 = ContentEncryptionAlgorithmIdentifiers.AES_256_CBC_HMAC_SHA_512; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A128GCM = ContentEncryptionAlgorithmIdentifiers.AES_128_GCM; + public static final String JSON_ALGORITHM_ENC_PAYLOAD_A256GCM = ContentEncryptionAlgorithmIdentifiers.AES_256_GCM; + + public static final List SL20_ALGORITHM_WHITELIST_ENCRYPTION = Arrays.asList( + JSON_ALGORITHM_ENC_PAYLOAD_A128CBCHS256, + JSON_ALGORITHM_ENC_PAYLOAD_A256CBCHS512, + JSON_ALGORITHM_ENC_PAYLOAD_A128GCM, + JSON_ALGORITHM_ENC_PAYLOAD_A256GCM + ); //********************************************************************************************* diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java index cfffed881..cc7137a0f 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java @@ -34,7 +34,8 @@ public class SL20HttpBindingUtils { Logger.debug("Client request containts is no native client ... "); URIBuilder clientRedirectURI = new URIBuilder(redirectURL); clientRedirectURI.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Forward.toString()); - response.sendRedirect(clientRedirectURI.build().toString()); + response.setStatus(307); + response.setHeader("Location", clientRedirectURI.build().toString()); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index e1444c95f..e01945df0 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -146,7 +146,7 @@ public class SL20JSONExtractorUtils { } - public static JsonElement extractSL20Result(JsonObject command, JsonSecurityUtils encrypter, boolean mustBeEncrypted) throws SLCommandoParserException { + public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); JsonElement encryptedResult = command.get(SL20Constants.SL20_COMMAND_CONTAINER_ENCRYPTEDRESULT); @@ -162,12 +162,21 @@ public class SL20JSONExtractorUtils { else if (result != null) return result; - else if (encryptedResult != null) { - //TODO: Add correct signature validation + else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { + /*TODO: + * + * Remove dummy code and test real decryption!!!!! + * + */ + + //return decrypter.decryptPayload(encryptedResult.getAsString()); + + //dummy code String[] signedPayload = encryptedResult.toString().split("\\."); JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); return payLoad; + } else throw new SLCommandoParserException("Internal build error"); @@ -202,10 +211,10 @@ public class SL20JSONExtractorUtils { else if (sl20Payload != null) return new VerificationResult(sl20Payload.getAsJsonObject()); - else if (sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) + else if (sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { return joseTools.validateSignature(sl20SignedPayload.getAsString()); - - else + + } else throw new SLCommandoParserException("Internal build error"); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index 1e15e893e..b1dfa9b0d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -1,6 +1,5 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; -import java.io.StringWriter; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -16,7 +15,6 @@ import org.apache.http.NameValuePair; import org.apache.http.client.entity.UrlEncodedFormEntity; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.utils.URIBuilder; -import org.apache.http.entity.ContentType; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.message.BasicNameValuePair; import org.springframework.beans.factory.annotation.Autowired; @@ -78,8 +76,6 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { //build DataURL for qualified eID response String dataURL = new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getRequestID()); -// String dataURL = new DataURLBuilder().buildDataURL( -// "http://labda.iaik.tugraz.at:8080/moa-id-auth/", Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getRequestID()); //build qualifiedeID command Map qualifiedeIDParams = new HashMap(); @@ -146,6 +142,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { requestStoreage.storePendingRequest(pendingReq); //forward SL2.0 command + //TODO: maybe add SL2ClientType Header from execution context SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL); } else { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 6d2163ff1..698546a4f 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -92,7 +92,6 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //validate signature - //TODO: VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true); if (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned()) { @@ -104,6 +103,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //TODO validate certificate List sigCertChain = payLoadContainer.getCertChain(); + //extract payloaf JsonObject payLoad = payLoadContainer.getPayload(); @@ -112,12 +112,10 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) { Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... "); - - - //TODO: add decryption - JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(payLoad, null, false); - - + + //TODO: activate decryption in 'SL20JSONExtractorUtils.extractSL20Result' + JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(payLoad, joseTools, false); + //extract attributes from result String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true); -- cgit v1.2.3 From cbc72b4eb01828e56e3244bcfe121d729e7e852a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 17 May 2018 17:14:41 +0200 Subject: add some work-arounds into federated authentication module to make it usable with MOA-ID 3.2.0 to 3.2.2 --- .../config/FederatedAuthMetadataConfiguration.java | 41 +++++++++++++++++++++- .../tasks/ReceiveAuthnResponseTask.java | 38 +++++++++++++++++--- 2 files changed, 73 insertions(+), 6 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java index c3d5e8032..1fff56f8d 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthMetadataConfiguration.java @@ -22,7 +22,10 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth.config; +import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; +import java.util.Iterator; import java.util.List; import org.opensaml.saml2.core.Attribute; @@ -35,6 +38,10 @@ import org.opensaml.xml.security.credential.Credential; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.data.Trible; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; @@ -263,7 +270,39 @@ public class FederatedAuthMetadataConfiguration implements IPVPMetadataBuilderCo */ @Override public List getSPRequiredAttributes() { - return null; + /*TODO: + * Work for bug in AttributeQuery Client that includes a wrong EntityID for SP + */ + final List> REQUIRED_PVP_ATTRIBUTES = + Collections.unmodifiableList(new ArrayList>() { + private static final long serialVersionUID = 1L; + { + //add PVP Version attribute + add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, true)); + + //request entity information + add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_CCS_URL_NAME, PVPConstants.EID_CCS_URL_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_QAA_LEVEL_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_IDENTITY_LINK_NAME, PVPConstants.EID_IDENTITY_LINK_FRIENDLY_NAME, true)); + add(Trible.newInstance(PVPConstants.EID_SOURCE_PIN_NAME, PVPConstants.EID_SOURCE_PIN_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_SOURCE_PIN_TYPE_NAME, PVPConstants.EID_SOURCE_PIN_TYPE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_AUTH_BLOCK_NAME, PVPConstants.EID_AUTH_BLOCK_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.EID_SIGNER_CERTIFICATE_NAME, PVPConstants.EID_SIGNER_CERTIFICATE_FRIENDLY_NAME, false)); + add(Trible.newInstance(PVPConstants.MANDATE_FULL_MANDATE_NAME, PVPConstants.MANDATE_FULL_MANDATE_FRIENDLY_NAME, false)); + + + + } + }); + + List requestedAttributes = new ArrayList(); + for (Trible el : REQUIRED_PVP_ATTRIBUTES) + requestedAttributes.add(PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird())); + + return requestedAttributes; } /* (non-Javadoc) diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index 8f5a231ee..dea5e4894 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -23,6 +23,7 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks; import java.io.IOException; +import java.util.Arrays; import java.util.Collection; import java.util.List; import java.util.Set; @@ -57,6 +58,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; @@ -244,12 +246,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig, IOAAuthParameters idpConfig) throws BuildException, ConfigurationException{ + /*TODO: + * only workaround for oe.gv.at project + */ + final List minimalIDLAttributeNamesList = Arrays.asList( + PVPConstants.EID_IDENTITY_LINK_NAME, + PVPConstants.EID_SOURCE_PIN_NAME, + PVPConstants.EID_SOURCE_PIN_TYPE_NAME); + try { Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... "); Collection requestedAttr = pendingReq.getRequestedAttributes(metadataProvider); //check if SAML2 Assertion contains a minimal set of attributes - if (!extractor.containsAllRequiredAttributes()) { + + //TODO: switch back to correct attribute query + if (!extractor.containsAllRequiredAttributes() + && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) { Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ..."); //build attributQuery request @@ -257,16 +270,19 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator()); //request IDP to get additional attributes - extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), idpConfig); + extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), + idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA); } else { Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. "); } + //TODO: switch back to correct attribute query //check if all attributes are include - if (!extractor.containsAllRequiredAttributes( - pendingReq.getRequestedAttributes(metadataProvider))) { + //if (!extractor.containsAllRequiredAttributes(requestedAttr)) { + if (!extractor.containsAllRequiredAttributes() + && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) { Logger.warn("PVP Response from federated IDP contains not all requested attributes."); throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); @@ -275,7 +291,19 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //copy attributes into MOASession Set includedAttrNames = extractor.getAllIncludeAttributeNames(); for (String el : includedAttrNames) { - moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + String value = extractor.getSingleAttributeValue(el); + + //TODO: check in future version + //update PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME to prefixed version + if (el.equals(PVPConstants.EID_CITIZEN_QAA_LEVEL_NAME)) { + Logger.trace("Find PVP-attribute " + el + ". Start mapping if neccessary ... "); + if (!value.startsWith(PVPConstants.STORK_QAA_PREFIX)) { + value = PVPConstants.STORK_QAA_PREFIX + value; + Logger.debug("Prefix '" + el + "' with: "+ PVPConstants.STORK_QAA_PREFIX); + } + } + + moasession.setGenericDataToSession(el, value); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } -- cgit v1.2.3 From ebd93e9389e630450e5b052a18a6a6fc8d05f611 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 28 May 2018 16:40:30 +0200 Subject: refactore code to use EAAF core components --- .../egovernment/moa/id/auth/AuthenticationServer.java | 6 +++--- .../builder/AuthenticationBlockAssertionBuilder.java | 6 +++--- .../id/auth/builder/GetIdentityLinkFormBuilder.java | 2 +- .../internal/DefaultCitizenCardAuthModuleImpl.java | 2 +- .../internal/tasks/CertificateReadRequestTask.java | 6 +++--- .../internal/tasks/CreateIdentityLinkFormTask.java | 6 +++--- .../auth/modules/internal/tasks/GetForeignIDTask.java | 4 ++-- .../modules/internal/tasks/GetMISSessionIDTask.java | 4 ++-- .../tasks/InitializeBKUAuthenticationTask.java | 6 +++--- .../internal/tasks/PrepareAuthBlockSignatureTask.java | 4 ++-- .../internal/tasks/PrepareGetMISMandateTask.java | 8 ++++---- .../internal/tasks/VerifyAuthenticationBlockTask.java | 4 ++-- .../modules/internal/tasks/VerifyCertificateTask.java | 6 +++--- .../modules/internal/tasks/VerifyIdentityLinkTask.java | 4 ++-- .../validator/CreateXMLSignatureResponseValidator.java | 4 ++-- .../validator/VerifyXMLSignatureResponseValidator.java | 4 ++-- .../moa/id/util/CitizenCardServletUtils.java | 5 +++-- .../bkamobileauthtests/BKAMobileAuthModule.java | 6 +++--- .../tasks/FirstBKAMobileAuthTask.java | 6 +++--- .../tasks/SecondBKAMobileAuthTask.java | 6 +++--- .../modules/eidas_v2/eIDASAuthenticationModulImpl.java | 2 +- .../modules/eidas_v2/tasks/CreateIdentityLinkTask.java | 4 ++-- .../eidas_v2/tasks/GenerateAuthnRequestTask.java | 8 ++++---- .../eidas_v2/tasks/ReceiveAuthnResponseTask.java | 4 ++-- .../modules/eidas/eIDASAuthenticationModulImpl.java | 2 +- .../modules/eidas/tasks/CreateIdentityLinkTask.java | 4 ++-- .../modules/eidas/tasks/GenerateAuthnRequestTask.java | 8 ++++---- .../modules/eidas/tasks/ReceiveAuthnResponseTask.java | 4 ++-- .../modules/eidas/utils/MOAWhiteListConfigurator.java | 2 +- .../modules/eidas/utils/eIDASAttributeBuilder.java | 4 ++-- .../egovernment/moa/id/protocols/eidas/EIDASData.java | 2 +- .../moa/id/protocols/eidas/EIDASProtocol.java | 10 +++++----- .../moa/id/protocols/eidas/EidasMetaDataRequest.java | 8 ++++---- .../eidas/attributes/builder/eIDASAttrFamilyName.java | 4 ++-- .../eidas/attributes/builder/eIDASAttrGivenName.java | 4 ++-- .../builder/eIDASAttrLegalPersonIdentifier.java | 4 ++-- .../builder/eIDASAttrNaturalPersonalIdentifier.java | 6 +++--- .../eIDASAttrRepresentativeLegalPersonIdentifier.java | 4 ++-- ...DASAttrRepresentativeNaturalPersonalIdentifier.java | 6 +++--- .../id/protocols/eidas/eIDASAuthenticationRequest.java | 12 ++++++------ .../eidas/validator/eIDASResponseValidator.java | 2 +- .../controller/ELGAMandateMetadataController.java | 4 ++-- .../elgamandates/tasks/EvaluateMandateServiceTask.java | 4 ++-- .../tasks/ReceiveElgaMandateResponseTask.java | 6 +++--- .../tasks/RedirectToMandateSelectionTask.java | 6 +++--- .../elgamandates/tasks/RequestELGAMandateTask.java | 6 +++--- .../elgamandates/tasks/SelectMandateServiceTask.java | 10 +++++----- .../modules/elgamandates/utils/ELGAMandateUtils.java | 4 ++-- .../oauth20/attributes/OAuth20AttributeBuilder.java | 4 ++-- .../oauth20/attributes/OpenIdAudiencesAttribute.java | 4 ++-- .../attributes/OpenIdAuthenticationTimeAttribute.java | 4 ++-- .../attributes/OpenIdExpirationTimeAttribute.java | 4 ++-- .../attributes/OpenIdIssueInstantAttribute.java | 4 ++-- .../oauth20/attributes/OpenIdIssuerAttribute.java | 4 ++-- .../oauth20/attributes/OpenIdNonceAttribute.java | 4 ++-- .../attributes/OpenIdSubjectIdentifierAttribute.java | 4 ++-- .../attributes/ProfileDateOfBirthAttribute.java | 4 ++-- .../oauth20/attributes/ProfileFamilyNameAttribute.java | 4 ++-- .../oauth20/attributes/ProfileGivenNameAttribute.java | 4 ++-- .../protocols/oauth20/protocol/OAuth20AuthAction.java | 18 +++++++++--------- .../protocols/oauth20/protocol/OAuth20AuthRequest.java | 2 +- .../protocols/oauth20/protocol/OAuth20BaseRequest.java | 4 ++-- .../id/protocols/oauth20/protocol/OAuth20Protocol.java | 10 +++++----- .../protocols/oauth20/protocol/OAuth20TokenAction.java | 14 +++++++------- .../oauth20/protocol/OAuth20TokenRequest.java | 2 +- .../modules/sl20_auth/SL20AuthenticationModulImpl.java | 4 ++-- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 10 +++++----- .../modules/sl20_auth/tasks/ReceiveQualeIDTask.java | 10 +++++----- .../modules/ssotransfer/SSOTransferAuthModuleImpl.java | 2 +- .../data/SSOTransferAuthenticationData.java | 2 +- .../ssotransfer/data/SSOTransferOnlineApplication.java | 2 +- .../ssotransfer/servlet/SSOTransferServlet.java | 8 ++++---- .../ssotransfer/servlet/SSOTransferSignalServlet.java | 4 ++-- .../task/InitializeRestoreSSOSessionTask.java | 10 +++++----- .../ssotransfer/task/RestoreSSOSessionTask.java | 8 ++++---- .../id/auth/modules/ssotransfer/utils/GUIUtils.java | 4 ++-- .../modules/ssotransfer/utils/SSOContainerUtils.java | 8 ++++---- .../FederatedAuthenticationModuleImpl.java | 2 +- .../controller/FederatedAuthMetadataController.java | 4 ++-- .../federatedauth/tasks/CreateAuthnRequestTask.java | 8 ++++---- .../federatedauth/tasks/ReceiveAuthnResponseTask.java | 10 +++++----- .../moa/id/monitoring/DatabaseTestModule.java | 4 ++-- .../gv/egovernment/moa/id/monitoring/TestManager.java | 4 ++-- 83 files changed, 221 insertions(+), 220 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 7c435d0b0..f12ef1994 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -25,12 +25,14 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; @@ -56,8 +58,6 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index bc28d4f0e..1c5fe0c5b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -47,18 +47,18 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.TargetToSectorNameMapper; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index f7aba5e53..8c3147af2 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -50,9 +50,9 @@ import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java index 7caf2f5a1..c6faad2bb 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -3,7 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.internal; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.process.api.ExecutionContext; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index 000a47438..3e2ebdc3c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -10,12 +10,12 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index e1495f254..fbb900cf6 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -10,12 +10,12 @@ import org.springframework.stereotype.Component; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index ba778002d..1f20ee389 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -18,13 +18,13 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.client.SZRGWClientException; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index 3383cf201..a56c8f6ac 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -15,11 +15,11 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index 88a235978..ceaf4ca38 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -30,14 +30,14 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index f7a816c74..2fac58e44 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -7,9 +7,9 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index d2fd4d1de..703d72f00 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -33,14 +33,14 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index ddd52c337..c16eec30c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -13,11 +13,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index 6aefb75a1..e7a66b5a9 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -13,12 +13,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index 4408f3852..b9fed684c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -10,11 +10,11 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 8e3ccb01b..21de37603 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -56,6 +56,8 @@ import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; @@ -63,8 +65,6 @@ import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index c4ea80df9..a8d0f2236 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -54,15 +54,15 @@ import java.util.Iterator; import java.util.List; import java.util.Set; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import iaik.asn1.structures.Name; import iaik.security.ec.common.ECPublicKey; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index d093cc7f0..3eb1114ea 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -56,9 +56,10 @@ import javax.servlet.http.HttpServletResponse; import com.google.common.net.MediaType; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.ServletUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 0cef4cb41..2e09bf55c 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -29,12 +29,12 @@ import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index 43043ddd6..37ee3f201 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -53,12 +53,12 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParseException; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java index 4b18e7112..5c70b2628 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java @@ -31,11 +31,11 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java index 6e3170534..6883e0cb5 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASAuthenticationModulImpl.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas_v2; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java index dec4f6a89..b0add27ba 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/CreateIdentityLinkTask.java @@ -33,10 +33,10 @@ import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java index 3085d0e70..08496afcc 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/GenerateAuthnRequestTask.java @@ -45,15 +45,15 @@ import org.springframework.util.StringUtils; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas_v2.Constants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java index 9ead5e4fe..03e345b43 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/tasks/ReceiveAuthnResponseTask.java @@ -7,10 +7,10 @@ import org.opensaml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java index 7b044522c..90dbb7342 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java @@ -24,7 +24,7 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; import org.apache.commons.lang3.StringUtils; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index cf3a13e32..4045e1ad6 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -33,10 +33,10 @@ import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index d21334faf..4ad5194a9 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -44,18 +44,18 @@ import org.springframework.util.StringUtils; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 5e83f0a3f..5f6f01f01 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -7,10 +7,10 @@ import org.opensaml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java index a2c6a3ad9..9d1ec6d98 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/MOAWhiteListConfigurator.java @@ -29,7 +29,7 @@ import org.apache.commons.lang.StringUtils; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java index f148421bd..37eca73e5 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java @@ -30,8 +30,8 @@ import java.util.ServiceLoader; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 694efab80..7d25af05a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -7,7 +7,7 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.moduls.RequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.protocol.IAuthenticationRequest; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 2948c0d53..019a61b7c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -43,6 +43,11 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; @@ -54,12 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import eu.eidas.auth.commons.EidasStringUtil; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index cc9b09107..5df905d31 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -28,6 +28,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IAction; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; @@ -35,12 +39,8 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.utils.NewMoaEidasMetadata; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.engine.ProtocolEngineI; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java index 4195eeeef..6fde4696a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java index 2a654ac44..812e9f83a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index 4d89aec3d..028be9096 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java index cb659c2b1..f36f9298c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java @@ -24,14 +24,14 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java index 47cc71e01..692896842 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index 52396ae90..98915a562 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -24,16 +24,16 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index ee0f72f34..509d4b71a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -36,19 +36,19 @@ import org.springframework.stereotype.Service; import com.google.common.collect.ImmutableSet; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; +import at.gv.egiz.eaaf.core.api.IAction; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.logging.Logger; import eu.eidas.auth.commons.EidasStringUtil; import eu.eidas.auth.commons.attribute.AttributeDefinition; @@ -73,7 +73,7 @@ import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils; @Service("eIDASAuthenticationRequest") public class eIDASAuthenticationRequest implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java index f0527bc5e..48b438b09 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java @@ -22,10 +22,10 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.validator; +import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java index ca7401ab7..aaed6655b 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateMetadataController.java @@ -34,14 +34,14 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java index f05446771..7a8c0c9e0 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java @@ -28,9 +28,9 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 81c3322c9..015a40507 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -37,11 +37,11 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java index 76108cafe..6eff5e574 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java @@ -28,9 +28,9 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index 299eb442e..abe23f0a4 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -35,10 +35,11 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException; @@ -47,7 +48,6 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCred import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java index 52970e240..978f9db9d 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java @@ -28,12 +28,12 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.frontend.builder.SPSpecificGUIBuilderConfigurationWithFileSystemLoad; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java index 03f8fa195..90eb7b0fb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java @@ -24,10 +24,10 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import java.util.List; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; /** * @author tlenz diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 9b19e0a4d..6afc68161 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -30,9 +30,9 @@ import org.apache.commons.lang.StringUtils; import com.google.gson.JsonObject; import com.google.gson.JsonPrimitive; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java index a43c8fce9..076ded75a 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index c6775b692..0e99a18c3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index 5f32e32a2..05638c907 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index 04f38faf6..b40d752eb 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,9 +24,9 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index ff19a618a..d212feb12 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index eda276df2..99465bf95 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -22,8 +22,8 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index 7de90e98e..4b1219c9d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index 3ebadba52..f1b0bd108 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index 89209b062..0ea6ba643 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index 895037b2e..e6c7fd18d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,9 +22,9 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index b7c54203f..0189bc97d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -33,16 +33,18 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IAction; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; @@ -53,14 +55,12 @@ import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorE import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuth20SignatureUtil; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthJsonToken; import at.gv.egovernment.moa.id.protocols.oauth20.json.OAuthSigner; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20AuthAction") class OAuth20AuthAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 258b77b98..67c0aafce 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -33,7 +33,7 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index 3ab283db5..d3136b43e 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -31,11 +31,11 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index d72fe9686..55348b5f8 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -17,14 +17,14 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 2117e2ab8..239665801 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -31,25 +31,25 @@ import org.springframework.stereotype.Service; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IAction; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.IAuthData; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20SessionObject; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ServerErrorException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20UnauthorizedClientException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; @Service("OAuth20TokenAction") class OAuth20TokenAction implements IAction { - @Autowired protected MOAReversionLogger revisionsLogger; + @Autowired protected IRevisionLogger revisionsLogger; @Autowired protected ITransactionStorage transactionStorage; public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index 50638ebf8..cada39a3a 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -31,7 +31,7 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java index a4044ce21..1b49c3969 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -27,10 +27,10 @@ import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index b1dfa9b0d..85ec1e213 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -22,10 +22,11 @@ import org.springframework.stereotype.Component; import com.google.gson.JsonObject; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; @@ -35,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; import at.gv.egovernment.moa.id.process.api.ExecutionContext; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 698546a4f..add6d78e4 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -22,10 +22,11 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import com.google.gson.JsonSyntaxException; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; +import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; @@ -39,7 +40,6 @@ import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java index 2a2b7bf80..f65694703 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 4ce77d861..1a1d06479 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,6 +28,7 @@ import java.util.List; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; @@ -35,7 +36,6 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c2132c1f9..8656c1224 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -27,7 +27,7 @@ import java.util.Collection; import java.util.List; import java.util.Map; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index af64e745e..055a49bd2 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -72,11 +72,14 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -92,9 +95,6 @@ import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.CredentialsNotAvailableException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.FileUtils; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index e92925dfb..694f26b65 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -32,9 +32,9 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index be27de9a1..2b53a1e75 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -33,9 +33,11 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; @@ -44,8 +46,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 1a216f0df..72ed9c7be 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -43,9 +43,10 @@ import com.google.common.net.MediaType; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; @@ -56,7 +57,6 @@ import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index 9cfe12791..fac59ed4e 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -30,9 +30,9 @@ import javax.servlet.http.HttpServletResponse; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; -import at.gv.egovernment.moa.id.auth.frontend.builder.IGUIFormBuilder; -import at.gv.egovernment.moa.id.auth.frontend.exception.GUIBuildException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 568ffb330..5c85fd8b0 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,6 +97,10 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.Pair; @@ -104,14 +108,11 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthent import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; @@ -126,7 +127,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.signer.IDPCredentialProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java index 49275c6eb..6bf6652c8 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth; -import at.gv.egovernment.moa.id.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.process.api.ExecutionContext; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java index e86d31708..399845643 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthMetadataController.java @@ -34,14 +34,14 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthMetadataConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPMetadataBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration; -import at.gv.egovernment.moa.id.util.HTTPUtils; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index f5896bc25..4c829f6ca 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -35,15 +35,15 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index dea5e4894..2fc1ec053 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -41,21 +41,21 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; -import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; -import at.gv.egovernment.moa.id.moduls.RequestImpl; import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java index b21c5e93f..a616e80ad 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/DatabaseTestModule.java @@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.monitoring; import java.util.ArrayList; import java.util.List; -import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java index 9f0083fb8..60d64a3ac 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -29,10 +29,10 @@ import java.util.Map; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egovernment.moa.id.advancedlogging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; -- cgit v1.2.3 From dc2fb6695f44e3e01088e8a986ae1ac98b1743b1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 29 May 2018 07:42:26 +0200 Subject: update SL2.0 module to support more than one VDA backend --- .../moa/id/auth/modules/sl20_auth/Constants.java | 7 +++--- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 29 +++++++++++++++++++--- 2 files changed, 30 insertions(+), 6 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java index 7a58648cc..920187bfb 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -5,9 +5,8 @@ public class Constants { public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl"; public static final String CONFIG_PROP_PREFIX = "modules.sl20"; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint"; - public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; - + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.keystore.password"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias"; @@ -15,6 +14,8 @@ public class Constants { public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";; public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password"; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + "."; + public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index b1dfa9b0d..d9ff9d93c 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -4,6 +4,7 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.UUID; import javax.net.ssl.SSLSocketFactory; @@ -38,6 +39,7 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -59,9 +61,9 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); //get basic configuration parameters - String vdaQualeIDUrl = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID); + String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig); if (MiscUtil.isEmpty(vdaQualeIDUrl)) { - Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + ")"); + Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); } @@ -165,8 +167,29 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { } + } + + private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig) { + Map listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + Map listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST); + + for (Entry el : listOfSPs.entrySet()) { + List spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue()); + if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) { + Logger.trace("Select VDA endPoint with Id: " + el.getKey()); + if (listOfVDAs.containsKey(el.getKey())) + return listOfVDAs.get(el.getKey()); + + else + Logger.info("No VDA endPoint with Id: " + el.getKey()); + + } else + Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix()); - + } + + Logger.debug("NO SP specific VDA endpoint found. Use default VDA"); + return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT); } -- cgit v1.2.3 From 52ad604e54cb91073503d708cd0c50ff0121174a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 30 May 2018 06:29:29 +0200 Subject: add additional validation to SL20 module --- .../moa/id/auth/AuthenticationServer.java | 2 +- .../builder/VerifyXMLSignatureRequestBuilder.java | 408 --------------------- .../id/auth/validator/IdentityLinkValidator.java | 210 ----------- .../VerifyXMLSignatureResponseValidator.java | 302 --------------- .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 67 +++- .../sl20/verifier/QualifiedeIDVerifier.java | 132 +++++++ .../sl20_auth/tasks/ReceiveQualeIDTask.java | 5 +- 7 files changed, 194 insertions(+), 932 deletions(-) delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 7c435d0b0..a67b27315 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -33,7 +33,6 @@ import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; @@ -51,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java deleted file mode 100644 index e6adcf159..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,408 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.builder; - -import java.util.List; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the <VerifyXMLSignatureRequestBuilder> structure - * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureRequestBuilder { - - /** shortcut for XMLNS namespace URI */ - private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; - /** shortcut for MOA namespace URI */ - private static final String MOA_NS_URI = Constants.MOA_NS_URI; - /** The DSIG-Prefix */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - - /** The document containing the VerifyXMLsignatureRequest */ - private Document requestDoc_; - /** the VerifyXMLsignatureRequest root element */ - private Element requestElem_; - - - /** - * Builds the body for a VerifyXMLsignatureRequest including the root - * element and namespace declarations. - * - * @throws BuildException If an error occurs on building the document. - */ - public VerifyXMLSignatureRequestBuilder() throws BuildException { - try { - DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - requestDoc_ = docBuilder.newDocument(); - requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); - requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); - requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); - requestDoc_.appendChild(requestElem_); - } catch (Throwable t) { - throw new BuildException( - "builder.00", - new Object[] {"VerifyXMLSignatureRequest", t.toString()}, - t); - } - } - - - /** - * Builds a <VerifyXMLSignatureRequest> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param identityLink - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * - * @return Element - The complete request as Dom-Element - * - * @throws ParseException - */ - public Element build(IIdentityLink identityLink, String trustProfileID) - throws ParseException - { - try { - // build the request - Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); - requestElem_.appendChild(dateTimeElem); - Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); - dateTimeElem.appendChild(dateTime); - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); - verifySignatureEnvironmentElem.appendChild(base64ContentElem); - // insert the base64 encoded identity link SAML assertion - String serializedAssertion = identityLink.getSerializedSamlAssertion(); - String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8")); - //replace all '\r' characters by no char. - StringBuffer replaced = new StringBuffer(); - for (int i = 0; i < base64EncodedAssertion.length(); i ++) { - char c = base64EncodedAssertion.charAt(i); - if (c != '\r') { - replaced.append(c); - } - } - base64EncodedAssertion = replaced.toString(); - Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); - base64ContentElem.appendChild(base64Content); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); - // add the transforms - Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); - - for (int i = 0; i < dsigTransforms.length; i++) { - Element verifyTransformsInfoProfileElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); - verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); - } - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - } catch (Throwable t) { - throw new ParseException("builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); - } - - return requestElem_; - } - - /** - * Builds a <VerifyXMLSignatureRequest> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param identityLink - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * - * @return Element - The complete request as Dom-Element - * - * @throws ParseException - */ - public Element build(byte[]mandate, String trustProfileID) - throws ParseException - { - try { - // build the request -// Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); -// requestElem_.appendChild(dateTimeElem); -// Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); -// dateTimeElem.appendChild(dateTime); - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); - verifySignatureEnvironmentElem.appendChild(base64ContentElem); - // insert the base64 encoded identity link SAML assertion - //String serializedAssertion = identityLink.getSerializedSamlAssertion(); - //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8")); - String base64EncodedAssertion = Base64Utils.encode(mandate); - //replace all '\r' characters by no char. - StringBuffer replaced = new StringBuffer(); - for (int i = 0; i < base64EncodedAssertion.length(); i ++) { - char c = base64EncodedAssertion.charAt(i); - if (c != '\r') { - replaced.append(c); - } - } - base64EncodedAssertion = replaced.toString(); - Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); - base64ContentElem.appendChild(base64Content); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); -// // add the transforms -// Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); -// signatureManifestCheckParamsElem.appendChild(referenceInfoElem); -// Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); -// -// for (int i = 0; i < dsigTransforms.length; i++) { -// Element verifyTransformsInfoProfileElem = -// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); -// referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); -// verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); -// } - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - } catch (Throwable t) { - throw new ParseException("builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); - } - - return requestElem_; - } - - - /** - * Builds a <VerifyXMLSignatureRequest> - * from the signed AUTH-Block with a known trustProfileID which - * has to exist in MOA-SP - * @param csr - signed AUTH-Block - * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element build( - CreateXMLSignatureResponse csr, - List verifyTransformsInfoProfileID, - String trustProfileID) - throws BuildException { //samlAssertionObject - - try { - // build the request -// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" -// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); - verifySignatureEnvironmentElem.appendChild(xmlContentElem); - xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); - // insert the SAML assertion - xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true)); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); - // add the transform profile IDs - Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - -// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { -// -// Element verifyTransformsInfoProfileIDElem = -// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); -// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); -// verifyTransformsInfoProfileIDElem.appendChild( -// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); -// } - - for (String element : verifyTransformsInfoProfileID) { - - Element verifyTransformsInfoProfileIDElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); - verifyTransformsInfoProfileIDElem.appendChild( - requestDoc_.createTextNode(element)); - } - - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - - } catch (Throwable t) { - throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); - } - - return requestElem_; - } - - /** - * Builds a <VerifyXMLSignatureRequest> - * from the signed data with a known trustProfileID which - * has to exist in MOA-SP - * @param csr - signed AUTH-Block - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element buildDsig( - CreateXMLSignatureResponse csr, - String trustProfileID) - throws BuildException { //samlAssertionObject - - try { - // build the request -// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" -// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); - - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - - Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); - verifySignatureEnvironmentElem.appendChild(xmlContentElem); - xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); - - // insert the dsig:Signature - xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true)); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); - // add the transform profile IDs - Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - - } catch (Throwable t) { - throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); - } - - return requestElem_; - } - -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java deleted file mode 100644 index f3ce6888b..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ /dev/null @@ -1,210 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.validator; - -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * This class is used to validate an {@link IdentityLink} - * returned by the security layer - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class IdentityLinkValidator implements Constants { - - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching PersonData Namespaces */ - private static final String PDATA = PD_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = DSIG_PREFIX + ":"; - /** Xpath prefix for reaching ECDSA Namespaces */ - private static final String ECDSA = ECDSA_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = ""; - /** Xpath expression to the SAML:SubjectConfirmationData element */ - private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Subject/" - + SAML - + "SubjectConfirmation/" - + SAML - + "SubjectConfirmationData"; -/** Xpath expression to the PersonData:Person element */ - private static final String PERSON_XPATH = - SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; - /** Xpath expression to the SAML:Attribute element */ - private static final String ATTRIBUTE_XPATH = - ROOT + SAML + "AttributeStatement/" + SAML + "Attribute"; -// /** Xpath expression to the SAML:AttributeName attribute */ -// private static final String ATTRIBUTE_NAME_XPATH = -// ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName"; -// /** Xpath expression to the SAML:AttributeNamespace attribute */ -// private static final String ATTRIBUTE_NAMESPACE_XPATH = -// ROOT -// + SAML -// + "AttributeStatement/" -// + SAML -// + "Attribute/@AttributeNamespace"; -// /** Xpath expression to the SAML:AttributeValue element */ -// private static final String ATTRIBUTE_VALUE_XPATH = -// ROOT -// + SAML -// + "AttributeStatement/" -// + SAML -// + "Attribute/" -// + SAML -// + "AttributeValue"; - - /** Singleton instance. null, if none has been created. */ - private static IdentityLinkValidator instance; - - /** - * Constructor for a singleton IdentityLinkValidator. - * @return a new IdentityLinkValidator instance - * @throws ValidateException if no instance can be created - */ - public static synchronized IdentityLinkValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new IdentityLinkValidator(); - } - return instance; - } - - /** - * Method validate. Validates the {@link IdentityLink} - * @param identityLink The identityLink to validate - * @throws ValidateException on any validation error - */ - public void validate(IIdentityLink identityLink) throws ValidateException { - - Element samlAssertion = identityLink.getSamlAssertion(); - //Search the SAML:ASSERTION Object (A2.054) - if (samlAssertion == null) { - throw new ValidateException("validator.00", null); - } - - // Check how many saml:Assertion/saml:AttributeStatement/ - // saml:Subject/ saml:SubjectConfirmation/ - // saml:SubjectConfirmationData/pr:Person of type - // PhysicalPersonType exist (A2.056) - NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH); - // If we have just one Person-Element we don't need to check the attributes - int counterPhysicalPersonType = 0; - if (nl.getLength() > 1) - for (int i = 0; i < nl.getLength(); i++) { - String xsiType = - ((Element) nl.item(i)) - .getAttributeNodeNS( - "http://www.w3.org/2001/XMLSchema-instance", - "type") - .getNodeValue(); - // We have to check if xsiType contains "PhysicalPersonType" - // An equal-check will fail because of the Namespace-prefix of the attribute value - if (xsiType.indexOf("PhysicalPersonType") > -1) - counterPhysicalPersonType++; - } - if (counterPhysicalPersonType > 1) - throw new ValidateException("validator.01", null); - - //Check the SAML:ATTRIBUTES - nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH); - for (int i = 0; i < nl.getLength(); i++) { - String attributeName = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeName", - null); - String attributeNS = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeNamespace", - null); - if (attributeName.equals("CitizenPublicKey")) { - - if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") || - attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) { - Element attributeValue = - (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue"); - if (attributeValue==null) - attributeValue = - (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); - if (attributeValue==null) - attributeValue = - (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue"); - if (attributeValue == null) - throw new ValidateException("validator.02", null); - - } - else - throw new ValidateException("validator.03", new Object [] {attributeNS} ); - } - else - throw new ValidateException("validator.04", new Object [] {attributeName} ); - } - - //Check if dsig:Signature exists - Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature"); - if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"}); - } - -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java deleted file mode 100644 index c4ea80df9..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ /dev/null @@ -1,302 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.validator; - -import java.security.InvalidKeyException; -import java.security.PublicKey; -import java.security.interfaces.RSAPublicKey; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.logging.Logger; -import iaik.asn1.structures.Name; -import iaik.security.ec.common.ECPublicKey; -import iaik.utils.RFC2253NameParserException; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - -/** - * This class is used to validate an {@link VerifyXMLSignatureResponse} - * returned by MOA-SPSS - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureResponseValidator { - - /** Identification string for checking identity link */ - public static final String CHECK_IDENTITY_LINK = "IdentityLink"; - /** Identification string for checking authentication block */ - public static final String CHECK_AUTH_BLOCK = "AuthBlock"; - - /** Singleton instance. null, if none has been created. */ - private static VerifyXMLSignatureResponseValidator instance; - - /** - * Constructor for a singleton VerifyXMLSignatureResponseValidator. - */ - public static synchronized VerifyXMLSignatureResponseValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new VerifyXMLSignatureResponseValidator(); - } - return instance; - } - - /** - * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. - * - * @param verifyXMLSignatureResponse the <VerifyXMLSignatureResponse> - * @param identityLinkSignersSubjectDNNames subject names configured - * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated - * @param oaParam specifies whether the validation result of the - * manifest has to be ignored (identityLink validation if - * the OA is a business service) or not - * @throws ValidateException on any validation error - * @throws ConfigurationException - */ - public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, - List identityLinkSignersSubjectDNNames, - String whatToCheck, - IOAAuthParameters oaParam) - throws ValidateException, ConfigurationException { - - if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) - throw new ValidateException("validator.06", null); - - if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { - String checkFailedReason =""; - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); - -// TEST CARDS - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); - else - throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); - } - - //check QC - if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() && - !whatToCheck.equals(CHECK_IDENTITY_LINK) && - !verifyXMLSignatureResponse.isQualifiedCertificate()) { - - //check if testcards are active and certificate has an extension for test credentials - if (oaParam.isTestCredentialEnabled()) { - boolean foundTestCredentialOID = false; - try { - X509Certificate signerCert = verifyXMLSignatureResponse.getX509certificate(); - - List validOIDs = new ArrayList(); - if (oaParam.getTestCredentialOIDs() != null) - validOIDs.addAll(oaParam.getTestCredentialOIDs()); - else - validOIDs.add(MOAIDAuthConstants.TESTCREDENTIALROOTOID); - - Set extentsions = signerCert.getCriticalExtensionOIDs(); - extentsions.addAll(signerCert.getNonCriticalExtensionOIDs()); - Iterator extit = extentsions.iterator(); - while(extit.hasNext()) { - String certOID = extit.next(); - for (String el : validOIDs) { - if (certOID.startsWith(el)) - foundTestCredentialOID = true; - } - } - - } catch (Exception e) { - Logger.warn("Test credential OID extraction FAILED.", e); - - } - //throw Exception if not TestCredentialOID is found - if (!foundTestCredentialOID) - throw new ValidateException("validator.72", null); - - } else - throw new ValidateException("validator.71", null); - } - - // if OA is type is business service the manifest validation result has - // to be ignored - boolean ignoreManifestValidationResult = false; - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - ignoreManifestValidationResult = (oaParam.hasBaseIdInternalProcessingRestriction()) ? true - : false; - - if (ignoreManifestValidationResult) { - Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); - } else { - if (verifyXMLSignatureResponse.isXmlDSIGManigest()) - if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) - throw new ValidateException("validator.08", null); - } - - - // Check the signature manifest only when verifying the signed AUTHBlock - if (whatToCheck.equals(CHECK_AUTH_BLOCK)) { - if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) { - throw new ValidateException("validator.50", null); - } - } - - //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not - if (identityLinkSignersSubjectDNNames != null) { - String subjectDN = ""; - X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); - try { - subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); - } - catch (RFC2253NameParserException e) { - throw new ValidateException("validator.17", null); - } - //System.out.println("subjectDN: " + subjectDN); - // check the authorisation to sign the identity link - if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { - // subject DN check failed, try OID check: - try { - if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) { - throw new ValidateException("validator.18", new Object[] { subjectDN }); - } else { - Logger.debug("Identity link signer cert accepted for signing identity link: " + - "subjectDN check failed, but OID check successfully passed."); - } - } catch (X509ExtensionInitException e) { - throw new ValidateException("validator.49", null); - } - } else { - Logger.debug("Identity link signer cert accepted for signing identity link: " + - "subjectDN check successfully passed."); - } - - } - } - - /** - * Method validateCertificate. - * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse - * @param idl The Identitylink - * @throws ValidateException - */ - public void validateCertificate( - IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, - IIdentityLink idl) - throws ValidateException { - - X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); - PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); - - PublicKey pubKeySignature = x509Response.getPublicKey(); - - boolean found = false; - for (int i = 0; i < pubKeysIdentityLink.length; i++) { - - //compare RSAPublicKeys - if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) && - (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) { - - RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature; - RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; - - if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus()) - && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent())) - found = true; - } - - //compare ECDSAPublicKeys - if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) || - (idl.getPublicKey()[i] instanceof ECPublicKey)) && - ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || - (pubKeySignature instanceof ECPublicKey) ) ) { - - try { - ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded()); - ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded()); - - if(ecdsakey.equals(ecdsaPubKeySignature)) - found = true; - - } catch (InvalidKeyException e) { - Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e); - throw new ValidateException("validator.09", null); - } - - - - } - -// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName() -// + " Resp-Pubkey=" + pubKeySignature.getClass().getName()); - - } - - if (!found) { - - throw new ValidateException("validator.09", null); - - } - } - -} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index e0965c712..d00ef8a04 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -5,6 +5,9 @@ import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.Certificate; import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Enumeration; import java.util.List; import javax.annotation.PostConstruct; @@ -14,6 +17,8 @@ import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; import org.jose4j.jwe.JsonWebEncryption; import org.jose4j.jws.AlgorithmIdentifiers; import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.keys.resolvers.X509VerificationKeyResolver; import org.jose4j.lang.JoseException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -33,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.utils.X509Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.KeyStoreUtils; +import at.gv.egovernment.moa.util.MiscUtil; @Service public class JsonSecurityUtils implements IJOSETools{ @@ -44,6 +50,8 @@ public class JsonSecurityUtils implements IJOSETools{ private Key encPrivKey = null; private X509Certificate[] encCertChain = null; + private List trustedCerts = new ArrayList(); + @PostConstruct protected void initalize() { Logger.info("Initialize SL2.0 authentication security constrains ... "); @@ -83,6 +91,21 @@ public class JsonSecurityUtils implements IJOSETools{ } + //load trusted certificates + Enumeration aliases = keyStore.aliases(); + while(aliases.hasMoreElements()) { + String el = aliases.nextElement(); + Logger.trace("Process TrustStoreEntry: " + el); + if (keyStore.isCertificateEntry(el)) { + Certificate cert = keyStore.getCertificate(el); + if (cert != null && cert instanceof X509Certificate) + trustedCerts.add((X509Certificate) cert); + else + Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + + } + } + //some short validation if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); @@ -144,18 +167,42 @@ public class JsonSecurityUtils implements IJOSETools{ SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()]))); //load signinc certs + Key selectedKey = null; List x5cCerts = jws.getCertificateChainHeaderValue(); - List sortedX5cCerts = null; - if (x5cCerts == null || x5cCerts.size() < 1) { - Logger.info("Signed SL2.0 response contains NO signature certificate"); - throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate"); + String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + Logger.debug("Found x509 certificate in JOSE header ... "); + Logger.trace("Sorting received X509 certificates ... "); + List sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (trustedCerts.contains(sortedX5cCerts.get(0))) { + selectedKey = sortedX5cCerts.get(0).getPublicKey(); + + } else { + Logger.info("Can NOT find JOSE certificate in truststore."); + Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); + + } - } - Logger.trace("Sorting received X509 certificates ... "); - sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); - + } else if (MiscUtil.isNotEmpty(x5t256)) { + Logger.debug("Found x5t256 fingerprint in JOSE header .... "); + X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.emptyList()); + + } else { + Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + + } + + if (selectedKey == null) { + Logger.info("Can NOT select verification key for JWS. Signature verification FAILED."); + throw new SLCommandoParserException("Can NOT select verification key for JWS. Signature verification FAILED"); + + } + //set verification key - jws.setKey(sortedX5cCerts.get(0).getPublicKey()); + jws.setKey(selectedKey); //validate signature boolean valid = jws.verifySignature(); @@ -169,7 +216,7 @@ public class JsonSecurityUtils implements IJOSETools{ //load payLoad JsonElement sl20Req = new JsonParser().parse(jws.getPayload()); - return new VerificationResult(sl20Req.getAsJsonObject(), sortedX5cCerts, valid) ; + return new VerificationResult(sl20Req.getAsJsonObject(), null, valid) ; } catch (JoseException e) { Logger.warn("SL2.0 commando signature validation FAILED", e); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java new file mode 100644 index 000000000..7d03a43ac --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -0,0 +1,132 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier; + +import java.io.IOException; +import java.util.Calendar; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.List; + +import javax.xml.bind.DatatypeConverter; +import javax.xml.transform.TransformerException; + +import org.jaxen.SimpleNamespaceContext; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.exception.ServiceException; +import at.gv.egovernment.moa.id.auth.exception.ValidateException; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.api.impl.VerifyXMLSignatureRequestImpl; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + + +public class QualifiedeIDVerifier { + + /** Xpath expression to the dsig:Signature element */ + private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; + + private static final String XADES_1_1_1_SIGNINGTIME_PATH = "//" + Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; + private static final String XADES_1_3_2_SIGNINGTIME_PATH = "//" + Constants.XADES_1_3_2_NS_PREFIX + ":SigningTime"; + + + private static final long MAX_DIFFERENCE_IN_MILLISECONDS = 600000; // 10min + + + private static SimpleNamespaceContext NS_CONTEXT; + static { + NS_CONTEXT = new SimpleNamespaceContext(); + NS_CONTEXT.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI); + NS_CONTEXT.addNamespace(Constants.XADES_1_2_2_NS_PREFIX, Constants.XADES_1_2_2_NS_URI); + NS_CONTEXT.addNamespace(Constants.XADES_1_3_2_NS_PREFIX, Constants.XADES_1_3_2_NS_URI); + NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI); + } + + public static boolean verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + // validates the identity link + IdentityLinkValidator.getInstance().validate(idl); + + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(idl, authConfig.getMoaSpIdentityLinkTrustProfileID(oaParam.isUseIDLTestTrustStore())); + + // invokes the call + Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConfig.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + oaParam); + + + return false; + + } + + public static IVerifiyXMLSignatureResponse verifyAuthBlock(byte[] authblock, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); + List verifyTransformsInfoProfileID = null; + + SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); + IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(authblock, trustProfileId , verifyTransformsInfoProfileID); + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult, + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam); + + return sigVerifyResult; + + } + + public static boolean checkIDLAgainstAuthblock(IVerifiyXMLSignatureResponse sigVerifyResult, IIdentityLink idl, byte[] authBlock) throws ValidateException { + + try { + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(sigVerifyResult, idl); + + + // Compare AuthBlock Data with information stored in session, especially + // date and time + validateSigningDateTime(sigVerifyResult); + + } catch ( ValidateException e) { + Logger.error("Signature verification error. ", e); + throw e; + + } + + + return false; + + } + + private static boolean validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult) throws ValidateException { + Date signingDate = sigVerifyResult.getSigningDateTime(); + + + + return false; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 698546a4f..90e19326e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; @@ -128,11 +129,13 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //TODO: validate results + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + //add into session defaultTaskInitialization(request, executionContext); - moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink()); + moasession.setIdentityLink(idl); moasession.setBkuURL(ccsURL); //TODO: from AuthBlock moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); -- cgit v1.2.3 From ecf9de84e76dde785ced8c1632c7909d1d57f94a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 30 May 2018 14:36:39 +0200 Subject: add error handling and some more validation to SL2.0 module --- .../moa/id/auth/modules/sl20_auth/Constants.java | 4 + .../auth/modules/sl20_auth/SL20SignalServlet.java | 7 +- .../exceptions/SL20eIDDataValidationException.java | 16 + .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 2 +- .../auth/modules/sl20_auth/sl20/SL20Constants.java | 2 + .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 61 +++- .../sl20/verifier/QualifiedeIDVerifier.java | 99 +++++-- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 29 +- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 327 +++++++++++---------- .../sl20_auth/tasks/VerifyQualifiedeIDTask.java | 180 ++++++++++++ .../src/main/resources/moaid_sl20_auth.beans.xml | 4 + .../main/resources/sl20.Authentication.process.xml | 14 +- .../moa/id/monitoring/IdentityLinkTestModule.java | 2 +- 13 files changed, 540 insertions(+), 207 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java index 920187bfb..a3648220d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth; public class Constants { public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl"; + public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume"; public static final String CONFIG_PROP_PREFIX = "modules.sl20"; public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint"; @@ -17,6 +18,9 @@ public class Constants { public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + "."; public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; + public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable"; + public static final String CONFIG_PROP_DISABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled"; + public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_"; /** diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java index 87d306822..4f8ef0a76 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -44,11 +44,14 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController { public SL20SignalServlet() { super(); Logger.debug("Registering servlet " + getClass().getName() + - " with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + "'."); + " with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + + " and " + Constants.HTTP_ENDPOINT_RESUME + + "'."); } - @RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL + @RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL, + Constants.HTTP_ENDPOINT_RESUME }, method = {RequestMethod.POST, RequestMethod.GET}) public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java new file mode 100644 index 000000000..957ace0fb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SL20eIDDataValidationException extends SL20Exception { + private static final long serialVersionUID = 1L; + + public SL20eIDDataValidationException(Object[] parameters) { + super("sl20.07", parameters); + + } + + public SL20eIDDataValidationException(Object[] parameters, Throwable e) { + super("sl20.07", parameters, e); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index d00ef8a04..2563c7f7d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -105,7 +105,7 @@ public class JsonSecurityUtils implements IJOSETools{ } } - + //some short validation if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java index b855c3cac..33bb4fe36 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java @@ -12,6 +12,8 @@ public class SL20Constants { //http binding parameters public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; + public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; + public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl"; public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index e01945df0..6949b7a18 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -9,6 +9,7 @@ import java.util.Map; import java.util.Map.Entry; import org.apache.http.Header; +import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.utils.URIBuilder; import org.apache.log4j.Logger; @@ -163,19 +164,23 @@ public class SL20JSONExtractorUtils { return result; else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { - /*TODO: - * - * Remove dummy code and test real decryption!!!!! - * - */ - - //return decrypter.decryptPayload(encryptedResult.getAsString()); + try { + return decrypter.decryptPayload(encryptedResult.getAsString()); + + } catch (Exception e) { + log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); + if (!mustBeEncrypted) { + log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); - //dummy code - String[] signedPayload = encryptedResult.toString().split("\\."); - JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); - return payLoad; - + //dummy code + String[] signedPayload = encryptedResult.toString().split("\\."); + JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); + return payLoad; + + } else + throw e; + + } } else throw new SLCommandoParserException("Internal build error"); @@ -241,13 +246,21 @@ public class SL20JSONExtractorUtils { } else if (httpResp.getStatusLine().getStatusCode() == 200) { if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8")) - throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); - - sl20Resp = new JsonParser().parse(new InputStreamReader(httpResp.getEntity().getContent())).getAsJsonObject(); + throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + } else if ( (httpResp.getStatusLine().getStatusCode() == 500) || + (httpResp.getStatusLine().getStatusCode() == 401) || + (httpResp.getStatusLine().getStatusCode() == 400) ) { + log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + + ". Search for error message"); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); - + + log.info("Find JSON object in http response"); return sl20Resp; } catch (Exception e) { @@ -256,6 +269,22 @@ public class SL20JSONExtractorUtils { } } + private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { + if (resp != null && resp.getContent() != null) { + JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); + if (sl20Resp != null && sl20Resp.isJsonObject()) { + return sl20Resp.getAsJsonObject(); + + } else + throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); + + + } else + throw new SLCommandoParserException("Can NOT find content in http response"); + + } + + private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { JsonElement internal = input.get(keyID); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index 7d03a43ac..d07d7a78a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -1,24 +1,17 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier; import java.io.IOException; -import java.util.Calendar; import java.util.Date; -import java.util.GregorianCalendar; import java.util.List; -import javax.xml.bind.DatatypeConverter; -import javax.xml.transform.TransformerException; - import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; @@ -27,13 +20,12 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.api.impl.VerifyXMLSignatureRequestImpl; +import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; public class QualifiedeIDVerifier { @@ -57,7 +49,7 @@ public class QualifiedeIDVerifier { NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI); } - public static boolean verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + public static void verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { // validates the identity link IdentityLinkValidator.getInstance().validate(idl); @@ -79,17 +71,15 @@ public class QualifiedeIDVerifier { VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, oaParam); - - return false; - + } - public static IVerifiyXMLSignatureResponse verifyAuthBlock(byte[] authblock, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException { String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); List verifyTransformsInfoProfileID = null; SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); - IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(authblock, trustProfileId , verifyTransformsInfoProfileID); + IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID); // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult, @@ -99,20 +89,43 @@ public class QualifiedeIDVerifier { } - public static boolean checkIDLAgainstAuthblock(IVerifiyXMLSignatureResponse sigVerifyResult, IIdentityLink idl, byte[] authBlock) throws ValidateException { + public static boolean checkConsistencyOfeIDData(String sl20ReqId, IIdentityLink idl, AssertionAttributeExtractor authBlockExtractor, IVerifiyXMLSignatureResponse sigVerifyResult) throws SL20eIDDataValidationException { try { // compares the public keys from the identityLink with the AuthBlock VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(sigVerifyResult, idl); + //compare requestId from SL20 qualifiedeID command to ID from SAML2 assertion + String authBlockId = authBlockExtractor.getAssertionID(); + if (MiscUtil.isEmpty(authBlockId)) { + Logger.info("AuthBlock containts no ID, but ID MUST be included"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock containts no ID, but ID MUST be included" + }); + } + if (!authBlockId.equals(sl20ReqId)) { + Logger.info("SL20 'requestId' does NOT match to AuthBlock Id." + + " Expected : " + sl20ReqId + + " Authblock: " + authBlockId); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "SL20 'requestId' does NOT match to AuthBlock Id." + }); + } + + // Compare AuthBlock Data with information stored in session, especially // date and time - validateSigningDateTime(sigVerifyResult); + validateSigningDateTime(sigVerifyResult, authBlockExtractor); } catch ( ValidateException e) { - Logger.error("Signature verification error. ", e); - throw e; + Logger.warn("Validation of eID information FAILED. ", e); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + e.getMessage() + }); } @@ -121,12 +134,46 @@ public class QualifiedeIDVerifier { } - private static boolean validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult) throws ValidateException { + private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException { Date signingDate = sigVerifyResult.getSigningDateTime(); + Date notBefore = authBlockExtractor.getAssertionNotBefore(); + Date notOrNotAfter = authBlockExtractor.getAssertionNotOnOrAfter(); + if (signingDate == null) { + Logger.info("AuthBlock signature contains NO signing data"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock signature contains NO signing data" + }); + + } - - return false; + Logger.debug("AuthBlock signing data: " + signingDate.toString()); + + if (notBefore == null || notOrNotAfter == null) { + Logger.info("AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates" + }); + + } + + Logger.debug("AuthBlock valid period." + + " NotBefore:" + notBefore.toString() + + " NotOrNotAfter:" + notOrNotAfter.toString()); + + if (signingDate.after(notBefore) || signingDate.before(notOrNotAfter)) + Logger.debug("Signing date validation successfull"); + + else { + Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock signing date does NOT match to AuthBlock constrains" + }); + + } } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index d9ff9d93c..763454639 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -5,7 +5,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.UUID; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; @@ -30,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils; @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; @@ -91,7 +92,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { qualifiedeIDParams, joseTools.getEncryptionCertificate()); - String qualeIDReqId = UUID.randomUUID().toString(); + //String qualeIDReqId = UUID.randomUUID().toString(); + String qualeIDReqId = SAML2Utils.getSecureIdentifier(); String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools); JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); @@ -107,9 +109,16 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); List parameters = new ArrayList();; - parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Req.toString())); + + //correct one + //parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()))); + + //A-Trust current version + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM_OLD, sl20Req.toString())); httpReq.setEntity(new UrlEncodedFormEntity(parameters )); + + //request VDA HttpResponse httpResp = httpClient.execute(httpReq); @@ -147,10 +156,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { //TODO: maybe add SL2ClientType Header from execution context SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL); + } else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false); + if (result == null) + result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); + + String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); + String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); + + Logger.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg); + throw new SL20Exception("sl20.08", new Object[]{errorCode, errorMsg}); + } else { //TODO: update to add error handling Logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()); - + throw new SLCommandoParserException("Received an unrecognized command: \" + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()"); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 90e19326e..b7fe579a3 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -1,9 +1,8 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; -import java.io.ByteArrayInputStream; +import java.io.IOException; import java.io.StringWriter; import java.security.cert.X509Certificate; -import java.util.Calendar; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -13,7 +12,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.http.entity.ContentType; -import org.jose4j.keys.X509Util; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -35,18 +33,12 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; -import iaik.esi.sva.util.X509Utils; -import iaik.utils.Util; + @Component("ReceiveQualeIDTask") public class ReceiveQualeIDTask extends AbstractAuthServletTask { @@ -57,173 +49,210 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - Logger.debug("Receiving SL2.0 response process .... "); try { - //get SL2.0 command or result from HTTP request - Map reqParams = getParameters(request); - String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); - if (MiscUtil.isEmpty(sl20Result)) { - Logger.info("NO SL2.0 commando or result FOUND."); - throw new SL20Exception("sl20.04", null); - - } - - - //parse SL2.0 command/result into JSON + Logger.debug("Receiving SL2.0 response process .... "); JsonObject sl20ReqObj = null; try { - JsonParser jsonParser = new JsonParser(); - JsonElement sl20Req = jsonParser.parse(sl20Result); - sl20ReqObj = sl20Req.getAsJsonObject(); + //get SL2.0 command or result from HTTP request + Map reqParams = getParameters(request); + String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + if (MiscUtil.isEmpty(sl20Result)) { + Logger.info("NO SL2.0 commando or result FOUND."); + throw new SL20Exception("sl20.04", null); + + } + + //parse SL2.0 command/result into JSON + try { + JsonParser jsonParser = new JsonParser(); + JsonElement sl20Req = jsonParser.parse(sl20Result); + sl20ReqObj = sl20Req.getAsJsonObject(); + + } catch (JsonSyntaxException e) { + Logger.warn("SL2.0 command or result is NOT valid JSON.", e); + Logger.debug("SL2.0 msg: " + sl20Result); + throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); + + } - } catch (JsonSyntaxException e) { - Logger.warn("SL2.0 command or result is NOT valid JSON.", e); - Logger.debug("SL2.0 msg: " + sl20Result); - throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); + //validate reqId with inResponseTo + String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); + if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { + Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + } - } - - //validate reqId with inResponseTo - String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); - String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); - if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { - Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); - throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); - } - - - //validate signature - VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true); - if (payLoadContainer.isValidSigned() == null || - !payLoadContainer.isValidSigned()) { - Logger.info("SL20 result from VDA was not valid signed"); - throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); - } - - //TODO validate certificate - List sigCertChain = payLoadContainer.getCertChain(); - - - //extract payloaf - JsonObject payLoad = payLoadContainer.getPayload(); - - //check response type - if (SL20JSONExtractorUtils.getStringValue( - payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) - .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) { - Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... "); - - //TODO: activate decryption in 'SL20JSONExtractorUtils.extractSL20Result' - JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(payLoad, joseTools, false); - - //extract attributes from result - String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true); - String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true); - String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true); - String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true); + //validate signature + VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true); + if (payLoadContainer.isValidSigned() == null || + !payLoadContainer.isValidSigned()) { + Logger.info("SL20 result from VDA was not valid signed"); + throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); + + } + /*TODO validate certificate by using MOA-SPSS + * currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore + */ + List sigCertChain = payLoadContainer.getCertChain(); - //TODO: validate results - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + //extract payloaf + JsonObject payLoad = payLoadContainer.getPayload(); + //check response type + if (SL20JSONExtractorUtils.getStringValue( + payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) { + Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... "); + + JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( + payLoad, joseTools, + authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_ENCRYPTION, true)); + + //extract attributes from result + String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true); + String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true); + String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true); + String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true); + + //cache qualified eID data into pending request + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + idlB64); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + authBlockB64); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, + ccsURL); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, + LoA); + + } else { + Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + } - //add into session - defaultTaskInitialization(request, executionContext); - moasession.setIdentityLink(idl); - moasession.setBkuURL(ccsURL); - //TODO: from AuthBlock - moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); - moasession.setQAALevel(LoA); - //mark as authenticated - moasession.setAuthenticated(true); - pendingReq.setAuthenticated(true); - - //store pending request - requestStoreage.storePendingRequest(pendingReq); - - //create response - Map reqParameters = new HashMap(); - reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); - JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), - SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, - false, - reqParameters); - JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + } catch (MOAIDException e) { + Logger.warn("SL2.0 processing error:", e); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); - //build first redirect command for app - JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true); - JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); - - //build second redirect command for IDP - JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), - redirectOneCommand, null, true); - JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + } catch (Exception e) { + Logger.warn("ERROR:", e); + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + new TaskExecutionException(pendingReq, e.getMessage(), e)); - //build generic SL2.0 response container - String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); - JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( - UUID.randomUUID().toString(), - transactionId, - redirectTwoCommand, - null); + } finally { + //store pending request + requestStoreage.storePendingRequest(pendingReq); - if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && - request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { - Logger.debug("Client request containts 'native client' header ... "); - StringWriter writer = new StringWriter(); - writer.write(respContainer.toString()); - final byte[] content = writer.toString().getBytes("UTF-8"); - response.setStatus(HttpServletResponse.SC_OK); - response.setContentLength(content.length); - response.setContentType(ContentType.APPLICATION_JSON.toString()); - response.getOutputStream().write(content); + //write SL2.0 response + if (sl20ReqObj != null) + buildResponse(request, response, sl20ReqObj); + else + buildErrorResponse(request, response, "2000", "General transport Binding error"); - - } else { - Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); - throw new SL20Exception("sl20.06", - new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); - - } - - } else { - Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); - throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); } - - - } catch (MOAIDException e) { - Logger.warn("ERROR:", e); - throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); - + } catch (Exception e) { - Logger.warn("ERROR:", e); - Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); + //write internal server errror 500 according to SL2.0 specification, chapter https transport binding + Logger.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e); + try { + response.sendError(500, "Internal Server Error."); + + } catch (IOException e1) { + Logger.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e); + + } - } finally { + } finally { TransactionIDUtils.removeTransactionId(); TransactionIDUtils.removeSessionId(); } } - - private JsonObject createRedirectCommand() { - + private void buildErrorResponse(HttpServletRequest request, HttpServletResponse response, String errorCode, String errorMsg) throws Exception { + JsonObject error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + null, + error , + null); + + Logger.debug("Client request containts 'native client' header ... "); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + } + + private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20ReqObj) throws IOException, SL20Exception { + //create response + Map reqParameters = new HashMap(); + reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); + JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), + SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, + false, + reqParameters); + JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); - return null; + //build first redirect command for app + JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true); + JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + + //build second redirect command for IDP + JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), + redirectOneCommand, null, true); + JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + //build generic SL2.0 response container + String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + transactionId, + redirectTwoCommand, + null); + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + Logger.debug("Client request containts 'native client' header ... "); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + + } else { + Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + throw new SL20Exception("sl20.06", + new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); + + } } + + } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java new file mode 100644 index 000000000..b5c84d315 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -0,0 +1,180 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.io.ByteArrayInputStream; +import java.util.Calendar; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.Configuration; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moaspss.logging.Logger; + + +@Component("VerifyQualifiedeIDTask") +public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Verify qualified eID data from SL20 response .... "); + try { + //check if there was an error + TaskExecutionException sl20Error = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + TaskExecutionException.class); + if (sl20Error != null) { + Logger.info("Found SL2.0 error after redirect ... "); + throw sl20Error; + + } + + //get data from pending request + String sl20ReqId = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + String.class); + String idlB64 = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + String.class); + String authBlockB64 = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + String.class); + String ccsURL = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, + String.class); + String LoA = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, + String.class); + + //parse eID data + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + IVerifiyXMLSignatureResponse authBlockVerificationResult = null; + try { + Assertion authBlock = parseAuthBlockToSaml2Assertion(authBlockB64); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + + + //validate eID data + QualifiedeIDVerifier.verifyIdentityLink(idl, pendingReq.getOnlineApplicationConfiguration(), authConfig); + authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock( + authBlockB64, pendingReq.getOnlineApplicationConfiguration(), authConfig); + QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult); + + //TODO: add LoA verification + + } catch (SL20eIDDataValidationException e) { + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { + Logger.warn("SL20 eID data validation IS DISABLED!!"); + Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e); + + } else + throw e; + + } + + //add into session + defaultTaskInitialization(request, executionContext); + moasession.setIdentityLink(idl); + moasession.setBkuURL(ccsURL); + //TODO: from AuthBlock + if (authBlockVerificationResult != null) + moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime())); + else + moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); + + moasession.setQAALevel(LoA); + + //store pending request + requestStoreage.storePendingRequest(pendingReq); + + } catch (MOAIDException e) { + Logger.warn("ERROR:", e); + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("ERROR:", e); + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + } + + private Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException { + try { + //parse authBlock into SAML2 Assertion + byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); + Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); + XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); + + //validate SAML2 Assertion + SAML2Utils.schemeValidation(samlAssertion); + + if (samlAssertion instanceof Assertion) + return (Assertion) samlAssertion; + else + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock is NOT of type SAML2 Assertion" + }); + + } catch (SL20eIDDataValidationException e) { + throw e; + + } catch (SAXException e) { + Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage()); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } catch (Exception e) { + Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage()); + Logger.trace("FullAuthBlock: " + authblockB64); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } + + } + + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml index 37551b3f5..a9c9bac8e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml @@ -29,5 +29,9 @@ + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml index bcd74f84c..4975dc2d7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml @@ -3,17 +3,15 @@ - - + + - - - - - + + + + diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index a56be1f46..fa4a50992 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -28,12 +28,12 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -- cgit v1.2.3 From 709197ce12c5502f86e16da1167b97ca318f47fa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 10:44:40 +0200 Subject: implement user restriction based on whitelisting --- .../auth/modules/internal/DefaultAuthentication.process.xml | 11 +++++++---- .../elgamandates/DefaultAuth_with_ELGA_mandates.process.xml | 13 ++++++++----- .../src/main/resources/sl20.Authentication.process.xml | 8 ++++++-- 3 files changed, 21 insertions(+), 11 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml index 74792ed72..48c7b6a07 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/resources/at/gv/egovernment/moa/id/auth/modules/internal/DefaultAuthentication.process.xml @@ -15,7 +15,8 @@ - + + @@ -39,13 +40,15 @@ - + - - + + + + diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml index d41e8a017..60fd120d0 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml @@ -17,6 +17,8 @@ + + @@ -47,7 +49,7 @@ - + @@ -60,13 +62,14 @@ - + - - - + + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml index 4975dc2d7..673144b06 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml @@ -3,16 +3,20 @@ - + + - + + + + -- cgit v1.2.3 From cd5cef47db73c85cbb2defdec3b283655fdc859b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 10:46:41 +0200 Subject: update SL20 implementation --- .../moa/id/auth/AuthenticationServer.java | 6 +- .../bkamobileauthtests/BKAMobileAuthModule.java | 19 +- .../tasks/FirstBKAMobileAuthTask.java | 2 +- .../src/main/resources/BKAMobileAuth.process.xml | 14 +- .../main/resources/moaid_bka_mobileauth.beans.xml | 2 +- .../moa-id-module-sl20_authentication/pom.xml | 5 + .../sl20_auth/SL20AuthenticationModulImpl.java | 26 +- .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 15 +- .../auth/modules/sl20_auth/sl20/SL20Constants.java | 8 +- .../sl20_auth/sl20/SL20HttpBindingUtils.java | 6 +- .../sl20_auth/sl20/SL20JSONBuilderUtils.java | 15 +- .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 89 +++-- .../sl20/verifier/QualifiedeIDVerifier.java | 76 ++++- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 79 +++-- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 41 ++- .../sl20_auth/tasks/VerifyQualifiedeIDTask.java | 62 +--- .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 42 +++ .../modules/sl20_auth/EIDDataVerifier_OwnTest.java | 41 +++ .../sl20_auth/dummydata/DummyAuthConfig.java | 376 +++++++++++++++++++++ .../auth/modules/sl20_auth/dummydata/DummyOA.java | 264 +++++++++++++++ .../modules/sl20_auth/eIDDataVerifierTest.java | 105 ++++++ .../src/test/resources/SpringTest-context.xml | 13 + .../src/test/resources/tests/eIDdata_atrust.json | 14 + .../src/test/resources/tests/eIDdata_own_test.json | 8 + 24 files changed, 1152 insertions(+), 176 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a67b27315..7ea4ee436 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -311,7 +311,8 @@ public class AuthenticationServer extends BaseAuthenticationServer { verifyXMLSignatureResponse, authConfig.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - oaParam); + oaParam, + authConfig); session.setIdentityLink(identityLink); // now validate the extended infoboxes @@ -1001,7 +1002,8 @@ public class AuthenticationServer extends BaseAuthenticationServer { // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, - oaParam); + oaParam, + authConfig); // Compare AuthBlock Data with information stored in session, especially // date and time diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 0cef4cb41..853d1b6a4 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class BKAMobileAuthModule implements AuthModule { - private int priority = 1; + private int priority = 2; @Autowired(required=true) protected AuthConfiguration authConfig; @Autowired(required=true) private AuthenticationManager authManager; @@ -67,7 +67,6 @@ public class BKAMobileAuthModule implements AuthModule { public void setPriority(int priority) { this.priority = priority; } - @PostConstruct public void initialDummyAuthWhiteList() { @@ -84,6 +83,8 @@ public class BKAMobileAuthModule implements AuthModule { //parameter to whiteList authManager.addParameterNameToWhiteList(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); +// authManager.addHeaderNameToWhiteList("SL2ClientType"); +// authManager.addHeaderNameToWhiteList("X-MOA-VDA"); } /* (non-Javadoc) @@ -92,12 +93,22 @@ public class BKAMobileAuthModule implements AuthModule { @Override public String selectProcess(ExecutionContext context) { String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER); - if (MiscUtil.isNotEmpty(spEntityID)) { - if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) { + String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase()); + String sl20VDATypeHeader = (String) context.get("X-MOA-VDA".toLowerCase()); + if (MiscUtil.isNotEmpty(spEntityID)) { + Logger.trace("Check dummy-auth for SP: " + spEntityID); + + + if ( (uniqueIDsDummyAuthEnabled.contains(spEntityID))) { String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); if (eIDBlob != null && MiscUtil.isNotEmpty(eIDBlob.trim())) { return "BKAMobileAuthentication"; + } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) + && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) { + Logger.info("Find dummy-auth request for oe.gv.at demos ... "); + return "BKAMobileAuthentication"; + } else { Logger.debug("Dummy-auth are enabled for " + spEntityID + " but no '" + FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW + "' req. parameter available."); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index 43043ddd6..15cf298f1 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -112,7 +112,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64); - + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml index 6f41f347a..07faeae88 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml @@ -5,17 +5,17 @@ STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures. --> - - + + - - - - + + + + + diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml index ef13b0348..79f29e08c 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml @@ -10,7 +10,7 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - + diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index d08e0f0ec..5b682538c 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -58,6 +58,11 @@ + + org.springframework + spring-test + test + junit junit diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java index a4044ce21..367e7b604 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -22,6 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules.sl20_auth; +import java.util.Arrays; +import java.util.List; + import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; @@ -38,10 +41,10 @@ import at.gv.egovernment.moa.logging.Logger; * @author tlenz * */ -public class SL20AuthenticationModulImpl implements AuthModule { - +public class SL20AuthenticationModulImpl implements AuthModule { private int priority = 3; - + public static final List VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4"); + @Autowired(required=true) protected AuthConfiguration authConfig; @Autowired(required=true) private AuthenticationManager authManager; @@ -62,6 +65,7 @@ public class SL20AuthenticationModulImpl implements AuthModule { protected void initalSL20Authentication() { //parameter to whiteList authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE); + authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE); } @@ -71,17 +75,23 @@ public class SL20AuthenticationModulImpl implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - if (StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase())) || - StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE))) { - Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); + String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); + String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + + if ( StringUtils.isNotBlank(sl20ClientTypeHeader) +// && ( +// StringUtils.isNotBlank(sl20VDATypeHeader) +// //&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim()) +// ) + ) { + Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); return "SL20Authentication"; } else { Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); return null; - } - + } } /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index 2563c7f7d..c95e0b731 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -1,9 +1,11 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; +import java.io.IOException; import java.security.Key; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; @@ -36,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoPars import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.utils.X509Utils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.KeyStoreUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -143,8 +146,11 @@ public class JsonSecurityUtils implements IJOSETools{ //set signing information jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); jws.setKey(signPrivKey); - jws.setCertificateChainHeaderValue(signCertChain); - + + //TODO: + //jws.setCertificateChainHeaderValue(signCertChain); + jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]); + return jws.getCompactSerialization(); } catch (JoseException e) { @@ -181,6 +187,11 @@ public class JsonSecurityUtils implements IJOSETools{ } else { Logger.info("Can NOT find JOSE certificate in truststore."); Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); + try { + Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); + } catch (CertificateEncodingException | IOException e) { + e.printStackTrace(); + } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java index 33bb4fe36..658384578 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java @@ -8,7 +8,7 @@ import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; import org.jose4j.jws.AlgorithmIdentifiers; public class SL20Constants { - public static final String CURRENT_SL20_VERSION = "10"; + public static final int CURRENT_SL20_VERSION = 10; //http binding parameters public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; @@ -18,6 +18,7 @@ public class SL20Constants { public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; public static final String HTTP_HEADER_SL20_CLIENT_TYPE = "SL2ClientType"; + public static final String HTTP_HEADER_SL20_VDA_TYPE = "X-MOA-VDA"; public static final String HTTP_HEADER_VALUE_NATIVE = "nativeApp"; @@ -129,8 +130,9 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-FRIENDLYNAME"; - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-UNIQUEID"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE"; public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK"; public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java index cc7137a0f..169cb8e73 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; import java.io.IOException; import java.io.StringWriter; -import java.io.UnsupportedEncodingException; import java.net.URISyntaxException; import javax.servlet.http.HttpServletRequest; @@ -10,6 +9,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.http.client.utils.URIBuilder; import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; import com.google.gson.JsonObject; @@ -33,7 +33,9 @@ public class SL20HttpBindingUtils { } else { Logger.debug("Client request containts is no native client ... "); URIBuilder clientRedirectURI = new URIBuilder(redirectURL); - clientRedirectURI.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Forward.toString()); + clientRedirectURI.addParameter( + SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, + Base64Url.encode(sl20Forward.toString().getBytes())); response.setStatus(307); response.setHeader("Location", clientRedirectURI.build().toString()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java index 52d7e1e67..d5dec1fe1 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java @@ -387,7 +387,7 @@ public class SL20JSONBuilderUtils { */ public static JsonObject createGenericRequest(String reqId, String transactionId, JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { JsonObject req = new JsonObject(); - addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, @@ -411,7 +411,7 @@ public class SL20JSONBuilderUtils { JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { JsonObject req = new JsonObject(); - addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true); addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); @@ -568,6 +568,17 @@ public class SL20JSONBuilderUtils { } + private static void addSingleIntegerElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has an empty value"); + + else if (value != null) + parent.addProperty(keyId, value); + + } + private static void addSingleJSONElement(JsonObject parent, String keyId, JsonElement element, boolean isRequired) throws SLCommandoBuildException { validateParentAndKey(parent, keyId); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index 6949b7a18..2e81d9c64 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -1,7 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; import java.io.InputStreamReader; -import java.net.URLDecoder; import java.util.Base64; import java.util.HashMap; import java.util.Iterator; @@ -13,6 +12,7 @@ import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.utils.URIBuilder; import org.apache.log4j.Logger; +import org.jose4j.base64url.Base64Url; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -107,45 +107,64 @@ public class SL20JSONExtractorUtils { } /** - * Extract Map of Key/Value pairs from a JSON Array + * Extract Map of Key/Value pairs from a JSON Element * - * @param input - * @param keyID + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed * @param isRequired * @return * @throws SLCommandoParserException */ public static Map getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { JsonElement internal = getAndCheck(input, keyID, isRequired); + return getMapOfStringElements(internal); + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static Map getMapOfStringElements(JsonElement input) throws SLCommandoParserException { Map result = new HashMap(); - if (internal != null) { - if (!internal.isJsonArray()) - throw new SLCommandoParserException("JSON Element IS NOT a JSON array"); - - Iterator arrayIterator = internal.getAsJsonArray().iterator(); - while(arrayIterator.hasNext()) { - //JsonObject next = arrayIterator.next().getAsJsonObject(); - //result.put( - // next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY).getAsString(), - // next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE).getAsString()); - JsonElement next = arrayIterator.next(); - Iterator> entry = next.getAsJsonObject().entrySet().iterator(); - while (entry.hasNext()) { - Entry el = entry.next(); - if (result.containsKey(el.getKey())) - log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); - - result.put(el.getKey(), el.getValue().getAsString()); + if (input != null) { + if (input.isJsonArray()) { + Iterator arrayIterator = input.getAsJsonArray().iterator(); + while(arrayIterator.hasNext()) { + JsonElement next = arrayIterator.next(); + Iterator> entry = next.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, entry); - } - } + } + + } else if (input.isJsonObject()) { + Iterator> objectKeys = input.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, objectKeys); + + } else + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); + } return result; } + private static void entitySetToMap(Map result, Iterator> entry) { + while (entry.hasNext()) { + Entry el = entry.next(); + if (result.containsKey(el.getKey())) + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); + + result.put(el.getKey(), el.getValue().getAsString()); + + } + + } + public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); @@ -207,19 +226,21 @@ public class SL20JSONExtractorUtils { if (sl20Payload == null && sl20SignedPayload == null) throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); - else if (sl20Payload == null && sl20SignedPayload == null) - throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice"); - + //TODO: + //else if (sl20Payload != null && sl20SignedPayload != null) { + //log.warn("Find 'signed' AND 'unsigned' SL2.0 payload"); + //throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice"); + //} else if (sl20SignedPayload == null && mustBeSigned) throw new SLCommandoParserException("payLoad MUST be signed."); + + else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { + return joseTools.validateSignature(sl20SignedPayload.getAsString()); - else if (sl20Payload != null) + } else if (sl20Payload != null) return new VerificationResult(sl20Payload.getAsJsonObject()); - else if (sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { - return joseTools.validateSignature(sl20SignedPayload.getAsString()); - - } else + else throw new SLCommandoParserException("Internal build error"); @@ -242,10 +263,10 @@ public class SL20JSONExtractorUtils { throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); - sl20Resp = new JsonParser().parse(URLDecoder.decode(sl20RespString)).getAsJsonObject(); + sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject(); } else if (httpResp.getStatusLine().getStatusCode() == 200) { - if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8")) + if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index d07d7a78a..a7253c2c6 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -1,14 +1,22 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier; +import java.io.ByteArrayInputStream; import java.io.IOException; +import java.util.Arrays; import java.util.Date; import java.util.List; import org.jaxen.SimpleNamespaceContext; +import org.opensaml.Configuration; +import org.opensaml.DefaultBootstrap; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; import org.w3c.dom.Element; +import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; @@ -22,10 +30,12 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; public class QualifiedeIDVerifier { @@ -69,21 +79,22 @@ public class QualifiedeIDVerifier { verifyXMLSignatureResponse, authConfig.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - oaParam); + oaParam, + authConfig); } public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException { String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); - List verifyTransformsInfoProfileID = null; + List verifyTransformsInfoProfileID = Arrays.asList("SL20Authblock_v1.0"); SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID); // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult, - null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam); + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam, authConfig); return sigVerifyResult; @@ -120,7 +131,7 @@ public class QualifiedeIDVerifier { // date and time validateSigningDateTime(sigVerifyResult, authBlockExtractor); - } catch ( ValidateException e) { + } catch ( Exception e) { Logger.warn("Validation of eID information FAILED. ", e); throw new SL20eIDDataValidationException(new Object[] { SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, @@ -134,6 +145,59 @@ public class QualifiedeIDVerifier { } + public static Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException { + try { + //parse authBlock into SAML2 Assertion + byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); + Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); + + //A-Trust workarounda +// Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authblockB64.getBytes())); +// Element authBlockDOM = DOMUtils.parseXmlNonValidating(new ByteArrayInputStream(authblockB64.getBytes())); + + DefaultBootstrap.bootstrap(); + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); + XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); + + //validate SAML2 Assertion + SAML2Utils.schemeValidation(samlAssertion); + + if (samlAssertion instanceof Assertion) + return (Assertion) samlAssertion; + else + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock is NOT of type SAML2 Assertion" + }); + + } catch (SL20eIDDataValidationException e) { + throw e; + + } catch (SAXException e) { + Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage()); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } catch (Exception e) { + Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage()); + Logger.trace("FullAuthBlock: " + authblockB64); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } + + } + private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException { Date signingDate = sigVerifyResult.getSigningDateTime(); Date notBefore = authBlockExtractor.getAssertionNotBefore(); @@ -163,7 +227,7 @@ public class QualifiedeIDVerifier { + " NotBefore:" + notBefore.toString() + " NotOrNotAfter:" + notOrNotAfter.toString()); - if (signingDate.after(notBefore) || signingDate.before(notOrNotAfter)) + if (signingDate.after(notBefore) && signingDate.before(notOrNotAfter)) Logger.debug("Signing date validation successfull"); else { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index 763454639..26283cab2 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -4,7 +4,6 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; @@ -17,6 +16,7 @@ import org.apache.http.client.methods.HttpPost; import org.apache.http.client.utils.URIBuilder; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.message.BasicNameValuePair; +import org.jose4j.base64url.Base64Url; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -39,7 +39,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -62,7 +61,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); //get basic configuration parameters - String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig); + String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext); if (MiscUtil.isEmpty(vdaQualeIDUrl)) { Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); @@ -83,17 +82,21 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { //build qualifiedeID command Map qualifiedeIDParams = new HashMap(); qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getPublicURLPrefix()); - qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT"); //qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString()); + //TODO: JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters( authBlockId, dataURL, qualifiedeIDParams, - joseTools.getEncryptionCertificate()); + //joseTools.getEncryptionCertificate()); + null); //String qualeIDReqId = UUID.randomUUID().toString(); - String qualeIDReqId = SAML2Utils.getSecureIdentifier(); + //TODO: work-Around for A-trust + String qualeIDReqId = SAML2Utils.getSecureIdentifier().substring(0, 12); String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools); JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); @@ -105,19 +108,21 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { sslFactory, authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); - //build post request + //build http POST request HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); - httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); List parameters = new ArrayList();; - - //correct one - //parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()))); - - //A-Trust current version - parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM_OLD, sl20Req.toString())); + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()))); httpReq.setEntity(new UrlEncodedFormEntity(parameters )); + //build http GET request +// URIBuilder sl20ReqUri = new URIBuilder(vdaQualeIDUrl); +// sl20ReqUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())); +// HttpGet httpReq = new HttpGet(sl20ReqUri.build()); + //set native client header + httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); + + Logger.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes())); //request VDA HttpResponse httpResp = httpClient.execute(httpReq); @@ -190,26 +195,40 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { } - private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig) { - Map listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); - Map listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST); + private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig, ExecutionContext executionContext) { - for (Entry el : listOfSPs.entrySet()) { - List spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue()); - if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) { - Logger.trace("Select VDA endPoint with Id: " + el.getKey()); - if (listOfVDAs.containsKey(el.getKey())) - return listOfVDAs.get(el.getKey()); - - else - Logger.info("No VDA endPoint with Id: " + el.getKey()); - - } else - Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix()); + //selection based on EntityID +// Map listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); +// Map listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST); +// +// for (Entry el : listOfSPs.entrySet()) { +// List spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue()); +// if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) { +// Logger.trace("Select VDA endPoint with Id: " + el.getKey()); +// if (listOfVDAs.containsKey(el.getKey())) +// return listOfVDAs.get(el.getKey()); +// +// else +// Logger.info("No VDA endPoint with Id: " + el.getKey()); +// +// } else +// Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix()); +// +// } + + //selection based on request Header + String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) { + String vdaURL = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST + sl20VDATypeHeader); + if (MiscUtil.isNotEmpty(vdaURL)) + return vdaURL.trim(); + else + Logger.info("Can NOT find VDA with Id: " + sl20VDATypeHeader + ". Use default VDA"); + } - Logger.debug("NO SP specific VDA endpoint found. Use default VDA"); + Logger.info("NO SP specific VDA endpoint found. Use default VDA"); return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index b7fe579a3..357ecb6ec 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.StreamUtils; import at.gv.egovernment.moaspss.logging.Logger; @@ -55,17 +57,30 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { try { //get SL2.0 command or result from HTTP request Map reqParams = getParameters(request); - String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + if (MiscUtil.isEmpty(sl20Result)) { - Logger.info("NO SL2.0 commando or result FOUND."); - throw new SL20Exception("sl20.04", null); + + //TODO: remove + //Workaround for SIC Handy-Signature, because it sends result in InputStream + String test = StreamUtils.readStream(request.getInputStream(), "UTF-8"); + if (MiscUtil.isNotEmpty(test)) { + Logger.info("Use SIC Handy-Signature work-around!"); + sl20Result = test.substring("slcommand=".length()); + + } else { + Logger.info("NO SL2.0 commando or result FOUND."); + throw new SL20Exception("sl20.04", null); + } } - + + Logger.trace("Received SL2.0 result: " + sl20Result); + //parse SL2.0 command/result into JSON try { JsonParser jsonParser = new JsonParser(); - JsonElement sl20Req = jsonParser.parse(sl20Result); + JsonElement sl20Req = jsonParser.parse(Base64Url.decodeToUtf8String(sl20Result)); sl20ReqObj = sl20Req.getAsJsonObject(); } catch (JsonSyntaxException e) { @@ -111,16 +126,13 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( payLoad, joseTools, authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_ENCRYPTION, true)); - + //extract attributes from result - String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true); - String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true); - String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true); - String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true); + Map eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult); + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + String ccsURL = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL); + String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA); //cache qualified eID data into pending request pendingReq.setGenericDataToSession( @@ -233,6 +245,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { redirectTwoCommand, null); + //workaround for SIC VDA if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { Logger.debug("Client request containts 'native client' header ... "); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index b5c84d315..cc74bb11a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -6,14 +6,8 @@ import java.util.Calendar; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.opensaml.Configuration; import org.opensaml.saml2.core.Assertion; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.io.Unmarshaller; -import org.opensaml.xml.io.UnmarshallerFactory; import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -28,9 +22,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moaspss.logging.Logger; @@ -75,7 +67,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); IVerifiyXMLSignatureResponse authBlockVerificationResult = null; try { - Assertion authBlock = parseAuthBlockToSaml2Assertion(authBlockB64); + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); @@ -126,55 +118,5 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { TransactionIDUtils.removeSessionId(); } - } - - private Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException { - try { - //parse authBlock into SAML2 Assertion - byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); - Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); - UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); - Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); - XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); - - //validate SAML2 Assertion - SAML2Utils.schemeValidation(samlAssertion); - - if (samlAssertion instanceof Assertion) - return (Assertion) samlAssertion; - else - throw new SL20eIDDataValidationException( - new Object[] { - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, - "AuthBlock is NOT of type SAML2 Assertion" - }); - - } catch (SL20eIDDataValidationException e) { - throw e; - - } catch (SAXException e) { - Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage()); - throw new SL20eIDDataValidationException( - new Object[] { - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, - e.getMessage() - }, - e); - - } catch (Exception e) { - Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage()); - Logger.trace("FullAuthBlock: " + authblockB64); - throw new SL20eIDDataValidationException( - new Object[] { - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, - e.getMessage() - }, - e); - - } - - } - - - + } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java new file mode 100644 index 000000000..49c11ea05 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context.xml") +public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { + + @Before + public void init() throws SLCommandoParserException, IOException { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); + JsonParser jsonParser = new JsonParser(); + JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); + + JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad, "result", true); + + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_28ab8536d068a153e1a"; + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java new file mode 100644 index 000000000..65460439e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/SpringTest-context.xml" }) +public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { + + @Before + public void init() throws SLCommandoParserException, IOException { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json"))); + JsonParser jsonParser = new JsonParser(); + JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject(); + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getAsJsonObject(), "result", true); + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_57010b7fcc93cc4cf3f2b764389137c2"; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java new file mode 100644 index 000000000..93e046797 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -0,0 +1,376 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; + +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IStorkConfig; +import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + +public class DummyAuthConfig implements AuthConfiguration { + + @Override + public String getRootConfigFileDir() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultChainingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getTrustedCACertificates() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isTrustmanagerrevoationchecking() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getActiveProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralPVP2ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralOAuth20ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ProtocolAllowed getAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map getConfigurationWithPrefix(String Prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationWithKey(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBasicMOAIDConfiguration(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBasicMOAIDConfiguration(String key, String defaultValue) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getTransactionTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOCreatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOUpdatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getAlternativeSourceID() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getLegacyAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public IOAAuthParameters getOnlineApplicationParameter(String oaURL) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten"; + else + return "MOAIDBuergerkarteAuthentisierungsDaten"; + } + + @Override + public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkartePersonenbindungMitTestkarten"; + else + return "MOAIDBuergerkartePersonenbindung"; + } + + @Override + public List getTransformsInfos() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getIdentityLinkX509SubjectNames() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getSLRequestTemplates() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSLRequestTemplates(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getDefaultBKUURLs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultBKUURL(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOTagetIdentifier() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOSpecialText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOASessionEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOAConfigurationEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIdentityLinkResigning() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getIdentityLinkResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isMonitoringActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getMonitoringTestIdentityLinkURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMonitoringMessageSuccess() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isAdvancedLoggingActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getPublicURLPrefix() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isVirtualIDPsEnabled() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPVP2AssertionEncryptionActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isCertifiacteQCActive() { + return true; + } + + @Override + public IStorkConfig getStorkConfig() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDocumentServiceUrl() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isStorkFakeIdLActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getStorkFakeIdLCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getStorkNoSignatureCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getStorkFakeIdLResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPVPSchemaValidationActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Map getConfigurationWithWildCard(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getDefaultRevisionsLogEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isHTTPAuthAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getRevocationMethodOrder() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java new file mode 100644 index 000000000..2df20edb4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -0,0 +1,264 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; + +import java.security.PrivateKey; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +public class DummyOA implements IOAAuthParameters { + + @Override + public Map getFullConfiguration() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationValue(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPublicURLPrefix() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + return false; + } + + @Override + public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInderfederationIDP() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isSTORKPVPGateway() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRemovePBKFromAuthBlock() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public SAML1ConfigurationParameters getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean useSSO() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection getRequestedSTORKAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Collection getPepsList() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIDPAttributQueryServiceURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isTestCredentialEnabled() { + return true; + } + + @Override + public List getTestCredentialOIDs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isUseIDLTestTrustStore() { + return true; + } + + @Override + public boolean isUseAuthBlockTestTestStore() { + return true; + } + + @Override + public PrivateKey getBPKDecBpkDecryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java new file mode 100644 index 000000000..52743c9da --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -0,0 +1,105 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.ByteArrayInputStream; +import java.util.Map; + +import org.junit.Test; +import org.opensaml.saml2.core.Assertion; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +public abstract class eIDDataVerifierTest { + + protected Map eIDData = null; + + @Test + public void dummyTest() throws Exception { + + + } + + @Test + public void parseIdl() throws Exception { + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + + if (idl == null) + throw new Exception("IDL parsing FAILED"); + + } + + @Test + public void parseAuthBlock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + new AssertionAttributeExtractor(authBlock); + + } + + @Test + public void checkIDLAgainstAuthblock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + + IOAAuthParameters dummyOA = new DummyOA(); + AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); + + Logger.info("Loading Java security providers."); + System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); + + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + Logger.debug("Starting MOA-SPSS initialization process ... "); + Configurator.getInstance().init(); + Logger.info("MOA-SPSS initialization complete "); + + } catch (MOAException e) { + Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new ConfigurationException("config.10", new Object[] { e + .toString() }, e); + } + + QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig); + IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); + QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult); + + } + + protected abstract String getSl20ReqId(); +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml new file mode 100644 index 000000000..011d1ed64 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml @@ -0,0 +1,13 @@ + + + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json new file mode 100644 index 000000000..09190574d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -0,0 +1,14 @@ +{ + "v": 10, + "respID": "Cl6uQjZlOWFjUEbtyXb0", + "inResponseTo": "_28ab8536d068a153e1a", + "payload": { + "name": "qualifiedeID", + "result": { + "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", + "EID-CITIZEN-QAA-LEVEL": "substantial", + "EID-CCS-URL": "https://www.a-trust.at/todo", + "EID-AUTH-BLOCK": "https://www.a-trust.at/todohttps://demo.egiz.gv.at/demoportal_moaid-2.0/sl20/dataUrl?pendingid=862482318004000902Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
\n\t\t\t\t\t\t\t\t\t\t\tVollmachten-Referenz:
DataURL:
AuthBlockValidTo:

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
\n\t\t\t\t\t\t\t\t\t\t\tVollmachten-Referenz:
DataURL:
AuthBlockValidTo:

9YAYcxkIWv1Zzdhli5Mjk6Nz8ZJjVQTxU/u71fF5StA=F7ye8qqVpognWOY8JAZVHk7X+AzH/5OStZWYSSbKgH4=WVqZ8I9HaPIerCh1DIh6FnNQODSmWkxSecxTrcSL79ooWPYRB8DPbNoMT39rT+eRgYPjcAxjiNegbo0+lE51ZauWNr3jq2USaVY3nBpnmVDfBlnkFMdovaVVJPyegtGTYMMeN3+EQaZRSy13bvJS1U36bFUgv2i8KeXdftFzxeNheJqyXvrGzvmVuJV4dB8fOUm2VXgKepvelpRQZ+U6Jpyq1yVE9gz4frqVLetdUSGQhKJ0VRgYVVqa4FQ+YpyFgWwJQF/lOuUWli0jZ73HC7rIuVZ5Y0LEqaB+GUwthQk4qM3BsIfxPAxeh7a1Z915h0Ilzjkbk9kwt5Z2yZ8qXQ==MIIF1jCCBL6gAwIBAgIEfgS3/TANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBgwCQVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVByZW1pdW0tVGVzdC1TaWctMDIxIzAhBgNVBAMMGmEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyMB4XDTE4MDUzMDA4MzIyOVoXDTIzMDUzMDA4MzIyOVowYDELMAkGA1UEBgwCQVQxFzAVBgNVBAMMDk1heCBNdXN0ZXJtYW5uMRMwEQYDVQQEDApNdXN0ZXJtYW5uMQwwCgYDVQQqDANNYXgxFTATBgNVBAUMDDUxNzY2MDcxODk5MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNGYXRmvAx9CJmzVO4uKreJhpwTwHi/fQhnX3QfB1VzQeYMMHi3GfVzEmAaD6hrVI84cyqLBQstyo5RxJM9Lf6z84TU3ZVdkOwBVxXjoe98Do+Oxj7zolO+6Qde2a2fMjZpiDNdkEPdUrQ2lRRPpBqjyHBHb23zsZ1PIXIpMl6nmsVVFs9ZlljbaMi9l56ZFOARVAbueYfSpF0wD66U5QC3/fw9SY31aDZo5aSmMcwqwCWvCc/Ef5evuEhO2sO7X55N2EMtaVH+X382Hcrzyn6lNEzBCf+4vZjQ6gX1KalwBI9LniaBJOD/4pHfUb51CJUhLu9Rt/rkyJyKWYu7z6MCAwEAAaOCAlQwggJQMIGDBggrBgEFBQcBAQR3MHUwRQYIKwYBBQUHMAKGOWh0dHA6Ly93d3cuYS10cnVzdC5hdC9jZXJ0cy9hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDNhLmNydDAsBggrBgEFBQcwAYYgaHR0cDovL29jc3AtdGVzdC5hLXRydXN0LmF0L29jc3AwEwYDVR0jBAwwCoAIRgafjkGOFb0wcgYIKwYBBQUHAQMEZjBkMAoGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwLQYGBACORgEFMCMwIRYbaHR0cHM6Ly93d3cuYS10cnVzdC5hdC9wZHMvEwJFTjARBgNVHQ4ECgQIQWyS5dXk/tYwDgYDVR0PAQH/BAQDAgbAMAkGA1UdEwQCMAAwYAYDVR0gBFkwVzAIBgYEAIswAQEwSwYGKigAEQEUMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1wcmVtaXVtLW1vYmlsZTCBrgYDVR0fBIGmMIGjMIGgoIGdoIGahoGXbGRhcDovL2xkYXAtdGVzdC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyIChTSEEtMjU2KSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAyEmgODt02xaxHb4E+O9XgImEC0AoH4Q97Pq7Bd4v+Pqqd6i5RodvwfTgIaW1J+fvH8KUTzI0XX9wpUWwImVEGMH63VAJcXVH0y9ifEWIHdhOLtRYVif0SQK9YRachvJDmF5hLwAQREeGsX2iNmP7dYe4xiNKAtQn0phvlPqgha6oKDGMQ8FNAfRz3kAtXJwPbFg6QE4kIhkTgd32uOiAJW7G2TaJZXWfK9TpV5LQ13+11FJ2S3KQc8ub/+1GdgirKSW4J1zhsfT+WCr/OayU2MzQXKv8OWb0SxWIJHiMTexH7r9muGk/ZLkaQQV2CtSOYqTAN8AweCiJ11uVFHeLpQ==2018-06-04T15:20:13Z6aTkha/Y9xYS4bQMZbwIX8TFsD2CezdhuqHpTtCI3f0=CN=a-sign-Premium-Test-Sig-02,OU=a-sign-Premium-Test-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT2114238461application/xhtml+xml2.1MustermannMax1940-01-01labda - Developmenthttps://labda.iaik.tugraz.at:5553/demologin/AT" + "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il9hZTBmMGNiZjI5OTcxMjU4MzJlODBiM2EwMDgyODQ4YSIgSXNzdWVJbnN0YW50PSIyMDE4LTA2LTA2VDA5OjIzOjQzKzAyOjAwIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvPC9zYW1sMjpJc3N1ZXI+PHNhbWwyOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE4LTA2LTA2VDA5OjIzOjQzKzAyOjAwIiBOb3RPbk9yQWZ0ZXI9IjIwMTgtMDYtMDZUMDk6Mzg6NDMrMDI6MDAiPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwczovL2VpZC5ndi5hdC9tb2EtaWQtYXV0aC9zbDIwL2RhdGFVcmw/cGVuZGluZ2lkPTU3NTg5NzU3OTA5MTc5NjMyMjU8L3NhbWwyOkF1ZGllbmNlPjwvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWwyOkNvbmRpdGlvbnM+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiIC8+PHhzbDp0ZW1wbGF0ZSBtYXRjaD0iLyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48aGVhZD48dGl0bGU+U2lnbmF0dXIgZGVyIEFubWVsZGVkYXRlbjwvdGl0bGU+PHN0eWxlIG1lZGlhPSJzY3JlZW4iIHR5cGU9InRleHQvY3NzIj4KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IAogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQoJCQkJCQkJCS50aXRsZXN0eWxlIHsgdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTsgZm9udC13ZWlnaHQ6Ym9sZDsgZm9udC1zaXplOiBtZWRpdW07IH0gCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IAogICAgICAgICAgICAgIAkJCQk8L3N0eWxlPjwvaGVhZD48Ym9keT48aDQgY2xhc3M9Img0c3R5bGUiPkFubWVsZGVkYXRlbjo8L2g0PjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgUGVyc29uPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9ybmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiIC8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvbGxtYWNodDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnRleHQ+SWNoIG1lbGRlIG1pY2ggaW4gVmVydHJldHVuZyBhbi4gSW0gbsOkY2hzdGVuIFNjaHJpdHQgd2lyZCBtaXIgZWluZSBMaXN0ZSBkZXIgZsO8ciBtaWNoIHZlcmbDvGdiYXJlbiBWZXJ0cmV0dW5nc3ZlcmjDpGx0bmlzc2UgYW5nZXplaWd0LCBhdXMgZGVuZW4gaWNoIGVpbmVzIGF1c3fDpGhsZW4gd2VyZGUuPC94c2w6dGV4dD48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIEFud2VuZHVuZzwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5JZGVudGlmaWthdG9yOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5UZWNobmlzY2hlIFBhcmFtZXRlcjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXR1bTo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDksMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiIC8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5VaHJ6ZWl0OjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMTIsMikiIC8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIiAvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIgLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlRyYW5zYWt0aW9uc1Rva2tlbjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9ASUQiIC8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIiAvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiIC8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpzdHlsZXNoZWV0PjwvZHNpZzpUcmFuc2Zvcm0+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIiAvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48ZHNpZzpEaWdlc3RWYWx1ZT4vdExReXEvU2dkTGZEUEk4MG9yRytxbEJWQTQ1c1JQZTZySnZHY0x0NWxnPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjZXRzaS1zaWduZWRwcm9wZXJ0aWVzLTEtMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjA2cUtPVkJqRWdVTk1XV3RTMis2WG1VWXBGV3NUT0o0V3pkMDNISlpTeW89PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWUgSWQ9InNpZ25hdHVyZXZhbHVlLTEtMSI+WW5zV01EY01wWExMR3dCb0tpYW45WHpZUWdiamordVVtSkNIRjZWVVZybGpNejlUeC9yeWpnNkNVaklMNjVGb0JQNHU0Zmc3a1JPRDFEeWlGYUtwMUVhaWxLQWtpWlE4WWJtRlNnZW1mNkdENUl6QklZblI1VlMxM1J4ZVMxRDdVUXhEU3c1TkpKaHdXelpFZFFRMnFyaUdsUW5sdUpBNlpuRmk2WFpHUXpUYmd1SFd3b3ZwT05UZ1BYaEJkcG9rb2VnZUkvS3dDNU9WTWt2dnNrVXRXSDZTaUlDRWVGclBpY054dGh3Ym4wZHA0ak1DNEI5TE5aZGRnQ0picUNkelIvNlF6YXBqWmQwYUVKNThWVncvQW5xa2dUL1krRmUwNkVUQXMwZ3FuL3M5dWJ3N0RmMGJqS3NrUE5xU3ZKc0EvWDN2Szk3U3FPeStNNWhvL25KTHpnPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRjFqQ0NCTDZnQXdJQkFnSUVmZ1MzL1RBTkJna3Foa2lHOXcwQkFRc0ZBRENCb1RFTE1Ba0dBMVVFQmd3Q1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVqTUNFR0ExVUVDd3dhWVMxemFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNREl4SXpBaEJnTlZCQU1NR21FdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TUI0WERURTRNRFV6TURBNE16SXlPVm9YRFRJek1EVXpNREE0TXpJeU9Wb3dZREVMTUFrR0ExVUVCZ3dDUVZReEZ6QVZCZ05WQkFNTURrMWhlQ0JOZFhOMFpYSnRZVzV1TVJNd0VRWURWUVFFREFwTmRYTjBaWEp0WVc1dU1Rd3dDZ1lEVlFRcURBTk5ZWGd4RlRBVEJnTlZCQVVNRERVeE56WTJNRGN4T0RrNU16Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxOR1lYUm12QXg5Q0ptelZPNHVLcmVKaHB3VHdIaS9mUWhuWDNRZkIxVnpRZVlNTUhpM0dmVnpFbUFhRDZoclZJODRjeXFMQlFzdHlvNVJ4Sk05TGY2ejg0VFUzWlZka093QlZ4WGpvZTk4RG8rT3hqN3pvbE8rNlFkZTJhMmZNalpwaUROZGtFUGRVclEybFJSUHBCcWp5SEJIYjIzenNaMVBJWElwTWw2bm1zVlZGczlabGxqYmFNaTlsNTZaRk9BUlZBYnVlWWZTcEYwd0Q2NlU1UUMzL2Z3OVNZMzFhRFpvNWFTbU1jd3F3Q1d2Q2MvRWY1ZXZ1RWhPMnNPN1g1NU4yRU10YVZIK1gzODJIY3J6eW42bE5FekJDZis0dlpqUTZnWDFLYWx3Qkk5TG5pYUJKT0QvNHBIZlViNTFDSlVoTHU5UnQvcmt5SnlLV1l1N3o2TUNBd0VBQWFPQ0FsUXdnZ0pRTUlHREJnZ3JCZ0VGQlFjQkFRUjNNSFV3UlFZSUt3WUJCUVVITUFLR09XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlqWlhKMGN5OWhMWE5wWjI0dGNISmxiV2wxYlMxdGIySnBiR1V0TUROaExtTnlkREFzQmdnckJnRUZCUWN3QVlZZ2FIUjBjRG92TDI5amMzQXRkR1Z6ZEM1aExYUnlkWE4wTG1GMEwyOWpjM0F3RXdZRFZSMGpCQXd3Q29BSVJnYWZqa0dPRmIwd2NnWUlLd1lCQlFVSEFRTUVaakJrTUFvR0NDc0dBUVVGQndzQ01BZ0dCZ1FBamtZQkFUQUlCZ1lFQUk1R0FRUXdFd1lHQkFDT1JnRUdNQWtHQndRQWprWUJCZ0V3TFFZR0JBQ09SZ0VGTUNNd0lSWWJhSFIwY0hNNkx5OTNkM2N1WVMxMGNuVnpkQzVoZEM5d1pITXZFd0pGVGpBUkJnTlZIUTRFQ2dRSVFXeVM1ZFhrL3RZd0RnWURWUjBQQVFIL0JBUURBZ2JBTUFrR0ExVWRFd1FDTUFBd1lBWURWUjBnQkZrd1Z6QUlCZ1lFQUlzd0FRRXdTd1lHS2lnQUVRRVVNRUV3UHdZSUt3WUJCUVVIQWdFV00yaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrYjJOekwyTndMMkV0YzJsbmJpMXdjbVZ0YVhWdExXMXZZbWxzWlRDQnJnWURWUjBmQklHbU1JR2pNSUdnb0lHZG9JR2Fob0dYYkdSaGNEb3ZMMnhrWVhBdGRHVnpkQzVoTFhSeWRYTjBMbUYwTDI5MVBXRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXRVMmxuTFRBeUlDaFRTRUV0TWpVMktTeHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wUDJKaGMyVS9iMkpxWldOMFkyeGhjM005Wldsa1EyVnlkR2xtYVdOaGRHbHZia0YxZEdodmNtbDBlVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBeUVtZ09EdDAyeGF4SGI0RStPOVhnSW1FQzBBb0g0UTk3UHE3QmQ0ditQcXFkNmk1Um9kdndmVGdJYVcxSitmdkg4S1VUekkwWFg5d3BVV3dJbVZFR01INjNWQUpjWFZIMHk5aWZFV0lIZGhPTHRSWVZpZjBTUUs5WVJhY2h2SkRtRjVoTHdBUVJFZUdzWDJpTm1QN2RZZTR4aU5LQXRRbjBwaHZsUHFnaGE2b0tER01ROEZOQWZSejNrQXRYSndQYkZnNlFFNGtJaGtUZ2QzMnVPaUFKVzdHMlRhSlpYV2ZLOVRwVjVMUTEzKzExRkoyUzNLUWM4dWIvKzFHZGdpcktTVzRKMXpoc2ZUK1dDci9PYXlVMk16UVhLdjhPV2IwU3hXSUpIaU1UZXhIN3I5bXVHay9aTGthUVFWMkN0U09ZcVRBTjhBd2VDaUoxMXVWRkhlTHBRPT08L2RzaWc6WDUwOUNlcnRpZmljYXRlPjwvZHNpZzpYNTA5RGF0YT48L2RzaWc6S2V5SW5mbz48ZHNpZzpPYmplY3QgSWQ9ImV0c2ktc2lnbmVkLTEtMSI+PGV0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMgeG1sbnM6ZXRzaT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNzaWduYXR1cmUtMS0xIj48ZXRzaTpTaWduZWRQcm9wZXJ0aWVzIElkPSJldHNpLXNpZ25lZHByb3BlcnRpZXMtMS0xIj48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDZUMDc6MjM6NDNaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjZhVGtoYS9ZOXhZUzRiUU1aYndJWDhURnNEMkNlemRodXFIcFR0Q0kzZjA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPVT1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPPUEtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSCxDPUFUPC9kc2lnOlg1MDlJc3N1ZXJOYW1lPjxkc2lnOlg1MDlTZXJpYWxOdW1iZXI+MjExNDIzODQ2MTwvZHNpZzpYNTA5U2VyaWFsTnVtYmVyPjwvZXRzaTpJc3N1ZXJTZXJpYWw+PC9ldHNpOkNlcnQ+PC9ldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjxldHNpOlNpZ25hdHVyZVBvbGljeUltcGxpZWQgLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT48c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQVlAtVkVSU0lPTiIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Mi4xPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iUFJJTkNJUEFMLU5BTUUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjIwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPk11c3Rlcm1hbm48L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIuNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPk1heDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkJJUlRIREFURSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4xOTQwLTAxLTAxPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLVVuaXF1ZUlkIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlclVuaXF1ZUlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vbGFiZGEuaWFpay50dWdyYXouYXQ6NTU1My9kZW1vbG9naW4vPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUZyaWVuZGx5TmFtZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+bGFiZGEgLSBEZXZlbG9wbWVudDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5BVDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+" } } } \ No newline at end of file -- cgit v1.2.3 From ad02267b4f5c7e21cc929dd3d322771da087b0db Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Jun 2018 14:13:38 +0200 Subject: return checkcode false if no whitelist was loaded --- .../77B99BB2BD7522E17EC099EA7177516F27787CAD | Bin 0 -> 1279 bytes .../3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 | Bin 0 -> 914 bytes .../BD78039E45BA4E4B13ADECC58124520ACE83B6A7 | Bin 0 -> 1614 bytes .../9766A5ED03482991DA91BB763ECDCD9417394100 | Bin 0 -> 1169 bytes .../BB97947C31BBF3364A2909F9876DBD3B87B5B62A | Bin 0 -> 1169 bytes .../B1D0BC027906A3B7E7518C93ACB26D978233ED27 | Bin 0 -> 1171 bytes .../65EF37033859C2F709A64086D3A5BD1B8F1A85A4 | Bin 0 -> 1045 bytes .../7AC3EFA52DE27A930EC8754DB5E061476948E914 | Bin 0 -> 1028 bytes .../F306AACF386136CD5683F89B31904295F89313DE | Bin 0 -> 1029 bytes .../D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D | Bin 0 -> 914 bytes .../F5F2456D79490C268569970E900C68FD1C7DC8E5 | Bin 0 -> 1264 bytes .../07976A2A16EC182670161B46886B05E1FEAC16B1 | Bin 0 -> 1209 bytes .../23E594945195F2414803B4D564D2A3A3F5D88B8C | Bin 0 -> 791 bytes .../59AF82799186C7B47507CBCF035746EB04DDB716 | Bin 0 -> 1486 bytes .../2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | Bin 0 -> 1506 bytes .../EAB040689A0D805B5D6FD654FC168CFF00B78BE3 | Bin 0 -> 1403 bytes .../42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA | Bin 0 -> 975 bytes .../51C01567BCB22968EF5A297B7EA84E195594E0E8 | Bin 0 -> 975 bytes .../02A0E6456442E35198532ACFFB6FEE3B606D9FA3 | Bin 0 -> 1366 bytes .../51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 | Bin 0 -> 1130 bytes .../CABD2A79A1076A31F21D253635CB039D4329A5E8 | Bin 0 -> 1391 bytes .../8AB0A3519AFA7F3C04074522678BAA1CB3DC734F | Bin 0 -> 930 bytes .../DF47B3040E7632614464BD2EC4ECD1B8030F53E3 | Bin 0 -> 933 bytes .../E117479B4A41D7F3223FCAE50560B0D57B22217D | Bin 0 -> 997 bytes .../14815586D6258BCE1E908346C9186146C812358E | Bin 0 -> 1465 bytes .../5F06F65C714047E3B282AEC427C35AB703E49D8E | Bin 0 -> 1169 bytes .../D45360060761812D33DE294EAC1573F6DE12A208 | Bin 0 -> 1169 bytes .../9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C | Bin 0 -> 997 bytes .../9F0E0FBB25F66FF88C8E033EFF358923C84A2926 | Bin 0 -> 930 bytes .../C87D1855227D995C332C4C9072A2E2053F2CC623 | Bin 0 -> 1028 bytes .../9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 | Bin 0 -> 1151 bytes .../474BC41135FB88BF58B5A8D976A1D5583378D85E | Bin 0 -> 1133 bytes .../6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 | Bin 0 -> 1171 bytes .../2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 | Bin 0 -> 1485 bytes .../1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 | Bin 0 -> 1176 bytes .../341EA32E448659125A67DD04177FD17468FCFCB1 | Bin 0 -> 1366 bytes .../38525C7140D285040E02DD2A7F3C7DBA21042E01 | Bin 0 -> 1533 bytes .../35202B14F69409EAA51CD8AB547AC0CD5E993F3F | Bin 0 -> 1053 bytes .../620127A8E5886A4805403977C3EF7D5EAF881526 | Bin 0 -> 870 bytes .../FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 | Bin 0 -> 1141 bytes .../0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 | Bin 0 -> 1058 bytes .../20CAECDCA766243AAD6FA1327618FC81BA65DC0F | Bin 0 -> 1057 bytes .../96D5D179016A5A6546973BA63733617EE1F1540D | Bin 0 -> 1058 bytes .../CF236CF66379EA506F967D21F0E25E87529D9687 | Bin 0 -> 1058 bytes .../FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 | Bin 0 -> 1057 bytes .../2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA | Bin 0 -> 1103 bytes .../A9D28607928FA8615E2615CC9D71B535C5D0D419 | Bin 0 -> 734 bytes .../5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | Bin 0 -> 969 bytes .../7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E | Bin 0 -> 1159 bytes .../A79681CBDD69EC741214136F128923A574E26F03 | Bin 0 -> 1159 bytes .../A78AABDE7F5B771540D333B505874C8204AAD206 | Bin 0 -> 1252 bytes .../FDC348410699803DE7D8276813BC2232EA99A878 | Bin 0 -> 835 bytes .../6DCD5118D1542E6C205C580775C5420B7509506B | Bin 0 -> 1076 bytes .../84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E | Bin 0 -> 1747 bytes .../C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E | Bin 0 -> 1298 bytes .../35A40EF932B1F23980E2C672FC939E91EEBD0317 | Bin 0 -> 1262 bytes .../9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 | Bin 0 -> 1049 bytes .../60B7181FD8BCA00B84961BF31DB08C50376CCF44 | Bin 0 -> 1068 bytes .../74801529B4E8E5764FFC4D8E6577E1F84E8101CE | Bin 0 -> 1067 bytes .../7B7B60B748C82B34EE71A3CEA729C477083F0BDA | Bin 0 -> 1068 bytes .../EBB80BE34C78814AE659BBA3A2394E4D9857123D | Bin 0 -> 1068 bytes .../D4D1370FD1D9EAA46412008FF3E59E114BCF724A | Bin 0 -> 1111 bytes .../DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A | Bin 0 -> 1110 bytes .../E619D25B380B7B13FDA33E8A58CD82D8A88E0515 | Bin 0 -> 1111 bytes .../F825578F8F5484DFB40F81867C392D6CB0012B92 | Bin 0 -> 1110 bytes .../0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F | Bin 0 -> 861 bytes .../51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE | Bin 0 -> 865 bytes .../7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 | Bin 0 -> 864 bytes .../9E0512DD61DA5949D1D8631C3F19D75F496C3733 | Bin 0 -> 864 bytes .../E6E6FC88719177C9B7421825757C5E47BCAC85F6 | Bin 0 -> 860 bytes .../53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 | Bin 0 -> 1546 bytes .../7F95509243C231A6B1ABCFC661B6B818DB33622C | Bin 0 -> 893 bytes .../F3AE9FEA4DECEE5330770A2520BD86909929E7BE | Bin 0 -> 758 bytes .../4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 | Bin 0 -> 984 bytes .../7A2CFA69FCA284D4627012A7A55662594C803B2A | Bin 0 -> 901 bytes .../ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B | Bin 0 -> 901 bytes .../0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 | Bin 0 -> 704 bytes .../2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D | Bin 0 -> 820 bytes .../A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 | Bin 0 -> 1199 bytes .../D1474E7D99512D05B98DD37B3FE86496A03D088D | Bin 0 -> 922 bytes .../3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F | Bin 0 -> 1997 bytes .../A3F1333FE242BFCFC5D14E8F394298406810D1A0 | Bin 0 -> 1931 bytes .../6814C7316CEA7191C9CB3BE58199B4A957210D9C | Bin 0 -> 704 bytes .../5AD9C840579905D085AAB60F9F5341463C5379A9 | Bin 0 -> 1959 bytes .../A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 | Bin 0 -> 1416 bytes .../C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 | Bin 0 -> 1385 bytes .../EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 | Bin 0 -> 1867 bytes .../3B8484BF1370941BF03F206B5C4958DA4E1559BB | Bin 0 -> 1065 bytes .../6DD653FB8FE2614249924274043E834664EBE980 | Bin 0 -> 1065 bytes .../C0EF3E7A54B4C501295F77974B1995E36B25C92B | Bin 0 -> 1066 bytes .../D29172D3F501A2D7A47F702633044F519A3A5F0B | Bin 0 -> 1066 bytes .../698563ECEE29232C5304487D972310F86650C3A6 | Bin 0 -> 1185 bytes .../1B23675354FCAD90119D88075015EA17ADD527D8 | Bin 0 -> 1425 bytes .../E6A3B45B062D509B3382282D196EFE97D5956CCB | Bin 0 -> 1174 bytes .../66AB66128A44574873E54E6584E450C4EB3B9A1E | Bin 0 -> 1170 bytes .../844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA | Bin 0 -> 1159 bytes .../B38C775A18C1195D01658D75FBDA3258B6DF018B | Bin 0 -> 1159 bytes .../FF406B3E55758E87A206FE2A1EE0C4D5A4575799 | Bin 0 -> 1505 bytes .../1382793A9F360E06D39CA9914912348C63F86357 | Bin 0 -> 1127 bytes .../28C0A6867A1E09715D9F502861B9911F054A0918 | Bin 0 -> 1127 bytes .../4AAE02BB85EB8CED9617662436A47AA2197B01D6 | Bin 0 -> 1127 bytes .../576F2022AF817412D8425AC8AAFF3CA033A422F1 | Bin 0 -> 1127 bytes .../5DD2591009E008D8E5507F2E297E81B501D5D120 | Bin 0 -> 1127 bytes .../82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 | Bin 0 -> 1127 bytes .../87215C2D5EF094F894DFBD418D4D311608DEB3CE | Bin 0 -> 1127 bytes .../95A0D456DABFA76AD295723C03582EF63B6F6D0A | Bin 0 -> 1127 bytes .../CBEEDBBC939A98E4742D7BC8749538C51C0672D1 | Bin 0 -> 1127 bytes .../D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD | Bin 0 -> 1127 bytes .../F3D8DAC954B27BE3065512A709EC0C28FE7E4099 | Bin 0 -> 1127 bytes .../E1201A308CC10323C27D9084B048996E44B8F710 | Bin 0 -> 806 bytes .../C23FC1895966021249B35412C0C8C56D107732DE | Bin 0 -> 1563 bytes .../0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 | Bin 0 -> 1501 bytes .../A536E6A90420437E645CBFC56AD2D79D758FB112 | Bin 0 -> 1605 bytes .../386C1663C6390BC288DC171522439210AF361958 | Bin 0 -> 1000 bytes .../6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B | Bin 0 -> 1159 bytes .../18585FC53A283488E4BA84867980E9B1F2B28ADA | Bin 0 -> 1313 bytes .../27337257493B86B9BFF78D569F938D692A430EAE | Bin 0 -> 1218 bytes .../4832F0A28C3724A92F6CB3314F747D0E74FC7344 | Bin 0 -> 1217 bytes .../6352302A5072DBFB769D4FF4C70C86432C4C1683 | Bin 0 -> 1218 bytes .../EE886B907E31667D622677F665F25C54AF9A7F65 | Bin 0 -> 1218 bytes .../F86591A6D86718886A0234B8E54E21AAEA63E24B | Bin 0 -> 1586 bytes .../BECE82B2F908174E2379652769C6942AF1F0CC5E | Bin 0 -> 982 bytes .../342CD9D3062DA48C346965297F081EBC2EF68FDC | Bin 0 -> 2050 bytes .../ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 | Bin 0 -> 1067 bytes .../0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | Bin 0 -> 955 bytes .../69E7A6D2A78341041BF6816438CA9605A0FA356C | Bin 0 -> 1337 bytes .../B4B77C83465979E3679E3A33F972F48EE3730A18 | Bin 0 -> 924 bytes .../CAF84A42305615AC2C582F6412BDA3E36DAC3D25 | Bin 0 -> 786 bytes .../75F792DE2CF544007F470F1B924961C2BD2EF517 | Bin 0 -> 802 bytes .../88D6151358A5E3C81D7AE1A536121DC03011BC03 | Bin 0 -> 1205 bytes .../0B289953453127C40B22FA953D11F79E052C0580 | Bin 0 -> 1594 bytes .../30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 | Bin 0 -> 1546 bytes .../679A4F81FC705DDEC419778DD2EBD875F4C242C6 | Bin 0 -> 975 bytes .../82096E6D9B1248321625323D52858642CB0B748E | Bin 0 -> 975 bytes .../41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA | Bin 0 -> 1165 bytes .../79B21E2743A879AFF5403ECEA09EAC2084EF4799 | Bin 0 -> 1014 bytes .../4D523730501ADB80A76B0B473A4D21C7D86F8374 | Bin 0 -> 1167 bytes .../A21B7566A582DF7A1A85D7B799983C3C35551C14 | Bin 0 -> 1167 bytes .../C6658C25AFB8A9D738F2BC591775D167549FFD3A | Bin 0 -> 1264 bytes .../09B5043D20EE62D83E3FA151AA878ADED25923D7 | Bin 0 -> 1943 bytes .../08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 | Bin 0 -> 991 bytes .../A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 | Bin 0 -> 991 bytes .../BF648929E7DAABD8D97B3202F48D6C4A19C78F6C | Bin 0 -> 990 bytes .../A149EE01A250491C07D5A279D3B58A646288DA22 | Bin 0 -> 1185 bytes .../AD8ECBB67B9DC59406F92A296A38192297A4F169 | Bin 0 -> 1191 bytes .../6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A | Bin 0 -> 1256 bytes .../DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | Bin 0 -> 846 bytes .../16D8270DE51B034E77B7CDAF1DEE623916243DDC | Bin 0 -> 1068 bytes .../3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 | Bin 0 -> 1068 bytes .../40B51EEF4E709FBD47935DDD83A1F640D0CC378A | Bin 0 -> 1067 bytes .../D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 | Bin 0 -> 1068 bytes .../1BB6C5E44421EBF317B9F3D9049C1E137716B186 | Bin 0 -> 1442 bytes .../8784ED81F5A22779EB0B081945FD151992557FBE | Bin 0 -> 1159 bytes .../88583DB03975127CB488CA7DDE303A1646CEA97B | Bin 0 -> 1159 bytes .../93AE07BC15B1AB17BB09E3C400387CE69DADDFCC | Bin 0 -> 1159 bytes .../45B43346251FDF9E95DCB7F36928785D46D63913 | Bin 0 -> 1136 bytes .../E33619C88426E4FE956041E6751ADDEC9C10F0BC | Bin 0 -> 1136 bytes .../7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 | Bin 0 -> 700 bytes 158 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD new file mode 100644 index 000000000..61bfd22bc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 new file mode 100644 index 000000000..55707d69f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 new file mode 100644 index 000000000..815f53d95 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 new file mode 100644 index 000000000..882753986 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A new file mode 100644 index 000000000..f28aa4b8e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 new file mode 100644 index 000000000..5171276f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 new file mode 100644 index 000000000..6e17b9db5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 new file mode 100644 index 000000000..911640d0e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE new file mode 100644 index 000000000..1bb449441 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D new file mode 100644 index 000000000..807fa786c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 new file mode 100644 index 000000000..b2a1e145f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 new file mode 100644 index 000000000..22d64fb5f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C new file mode 100644 index 000000000..8588ce58a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 new file mode 100644 index 000000000..7bbf658e9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E new file mode 100644 index 000000000..2fa45b280 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 new file mode 100644 index 000000000..c79d3e6b0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA new file mode 100644 index 000000000..ab9e0cd7d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 new file mode 100644 index 000000000..01965769d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 new file mode 100644 index 000000000..5026d395f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 new file mode 100644 index 000000000..9b2ee0fc6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 new file mode 100644 index 000000000..9d2132e7f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F new file mode 100644 index 000000000..c34d0f380 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 new file mode 100644 index 000000000..d894e92ca Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D new file mode 100644 index 000000000..380486f65 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E new file mode 100644 index 000000000..0f0db03b3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E new file mode 100644 index 000000000..39e377edf Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 new file mode 100644 index 000000000..0a1fcff85 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C new file mode 100644 index 000000000..61d346a8f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 new file mode 100644 index 000000000..9ae7ffa0c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 new file mode 100644 index 000000000..a68ae2db7 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 new file mode 100644 index 000000000..28cb48bb0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E new file mode 100644 index 000000000..c9da41583 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 new file mode 100644 index 000000000..28fbdf42f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 new file mode 100644 index 000000000..b9a0e5a61 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 new file mode 100644 index 000000000..24d1795f5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 new file mode 100644 index 000000000..6da18c620 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 new file mode 100644 index 000000000..3a274af3c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F new file mode 100644 index 000000000..3beb4529a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 new file mode 100644 index 000000000..da38ce028 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 new file mode 100644 index 000000000..7e9fd5b0b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 new file mode 100644 index 000000000..41dc7c553 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F new file mode 100644 index 000000000..b596d82e3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D new file mode 100644 index 000000000..4adc3b7ec Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 new file mode 100644 index 000000000..1e4f22777 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 new file mode 100644 index 000000000..fe561ad6a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA new file mode 100644 index 000000000..5205ec519 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 new file mode 100644 index 000000000..10a1f7141 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 new file mode 100644 index 000000000..dae019650 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E new file mode 100644 index 000000000..b9fe1280c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 new file mode 100644 index 000000000..ea1585a6e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 new file mode 100644 index 000000000..0c2494a4b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 new file mode 100644 index 000000000..424f849a1 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B new file mode 100644 index 000000000..06b40aa67 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E new file mode 100644 index 000000000..3be7b6a06 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E new file mode 100644 index 000000000..b2beddaa5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 new file mode 100644 index 000000000..73553b996 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 new file mode 100644 index 000000000..6368a6cc6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 new file mode 100644 index 000000000..08d7b28e2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE new file mode 100644 index 000000000..e47d2b8ba Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA new file mode 100644 index 000000000..5168e1af0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D new file mode 100644 index 000000000..c5bcc42e2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A new file mode 100644 index 000000000..3c7775b6e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A new file mode 100644 index 000000000..b6f39e354 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 new file mode 100644 index 000000000..f9fef65fc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 new file mode 100644 index 000000000..f9f27442b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F new file mode 100644 index 000000000..69de75609 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE new file mode 100644 index 000000000..efa28178e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 new file mode 100644 index 000000000..8c434777e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 new file mode 100644 index 000000000..b7d4b08a6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 new file mode 100644 index 000000000..89cfe44fd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C new file mode 100644 index 000000000..d9d633e32 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE new file mode 100644 index 000000000..c3fc91352 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 new file mode 100644 index 000000000..640918641 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A new file mode 100644 index 000000000..ad13d7b28 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B new file mode 100644 index 000000000..d361d919f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 new file mode 100644 index 000000000..69a8e4872 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D new file mode 100644 index 000000000..1a3106742 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 new file mode 100644 index 000000000..558ce15e3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D new file mode 100644 index 000000000..0bab77032 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F new file mode 100644 index 000000000..b60dea248 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 new file mode 100644 index 000000000..ac2e3c2b4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C new file mode 100644 index 000000000..4dd2c49bf Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 new file mode 100644 index 000000000..1bfd4d661 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 new file mode 100644 index 000000000..09bd4626c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 new file mode 100644 index 000000000..592c96230 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 new file mode 100644 index 000000000..c171b6d31 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB new file mode 100644 index 000000000..6f97837a2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 new file mode 100644 index 000000000..d7799119f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B new file mode 100644 index 000000000..508f7f076 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B new file mode 100644 index 000000000..c0feb0d0e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 new file mode 100644 index 000000000..ebfbce9a0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 new file mode 100644 index 000000000..5c75689fb Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB new file mode 100644 index 000000000..e08466c5a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E new file mode 100644 index 000000000..ed5ba194c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA new file mode 100644 index 000000000..bc5ed1e62 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B new file mode 100644 index 000000000..cb519b7eb Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 new file mode 100644 index 000000000..f2bbe24c8 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 new file mode 100644 index 000000000..a592bd280 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 new file mode 100644 index 000000000..6114ab414 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 new file mode 100644 index 000000000..beff53663 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 new file mode 100644 index 000000000..60405d6be Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 new file mode 100644 index 000000000..4132c67c9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 new file mode 100644 index 000000000..36c381da7 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE new file mode 100644 index 000000000..e20156afc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A new file mode 100644 index 000000000..6f92cf716 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 new file mode 100644 index 000000000..0cba97eec Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD new file mode 100644 index 000000000..1de8f2cdf Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 new file mode 100644 index 000000000..23d9533dc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 new file mode 100644 index 000000000..a7948e488 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE new file mode 100644 index 000000000..c4d97cda3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 new file mode 100644 index 000000000..a63cd9ad4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 new file mode 100644 index 000000000..f5e70ea0f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 new file mode 100644 index 000000000..a5e651f86 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B new file mode 100644 index 000000000..b15880c29 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA new file mode 100644 index 000000000..d53dce92b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE new file mode 100644 index 000000000..5375c57c3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 new file mode 100644 index 000000000..7085c5ac9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 new file mode 100644 index 000000000..97dc187db Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 new file mode 100644 index 000000000..ad5d7dea1 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B new file mode 100644 index 000000000..2bf4ad712 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E new file mode 100644 index 000000000..c3363a922 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC new file mode 100644 index 000000000..750c08573 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 new file mode 100644 index 000000000..069640ffc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 new file mode 100644 index 000000000..391ffc14d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C new file mode 100644 index 000000000..255c513af Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 new file mode 100644 index 000000000..6225c0ca7 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 new file mode 100644 index 000000000..83aeb1fce Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 new file mode 100644 index 000000000..f8a8957ac Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 new file mode 100644 index 000000000..376d0753f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 new file mode 100644 index 000000000..6bbb4b5a3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 new file mode 100644 index 000000000..3536bd3cd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 new file mode 100644 index 000000000..36a442b89 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E new file mode 100644 index 000000000..54f809962 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA new file mode 100644 index 000000000..8ddc7d79b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 new file mode 100644 index 000000000..c9fd41f7f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 new file mode 100644 index 000000000..61a7ccb15 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 new file mode 100644 index 000000000..e4bd48dac Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A new file mode 100644 index 000000000..f6df0f4fd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 new file mode 100644 index 000000000..0668256a9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 new file mode 100644 index 000000000..cac44093a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 new file mode 100644 index 000000000..46d4477ab Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C new file mode 100644 index 000000000..4989f3e73 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 new file mode 100644 index 000000000..7c6adedf5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 new file mode 100644 index 000000000..70f5b7c91 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A new file mode 100644 index 000000000..141b05ef4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 new file mode 100644 index 000000000..95500f6bd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC new file mode 100644 index 000000000..87d8b52d4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 new file mode 100644 index 000000000..91acd396a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A new file mode 100644 index 000000000..b5f5fa6ca Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 new file mode 100644 index 000000000..abeb964dd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 new file mode 100644 index 000000000..34c8cf8a5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE new file mode 100644 index 000000000..cc35ba691 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B new file mode 100644 index 000000000..783dd271a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC new file mode 100644 index 000000000..74c4ce3b8 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 new file mode 100644 index 000000000..f3cf5e676 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC new file mode 100644 index 000000000..fc5bd433b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 new file mode 100644 index 000000000..0a8de4bb9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 differ -- cgit v1.2.3 From 010649c11c8308a1e6f23f6e40faac051aee976e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Jun 2018 14:16:05 +0200 Subject: update jUnit tests for SL20 eID verification --- .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 9 +- .../modules/sl20_auth/EIDDataVerifier_OwnTest.java | 5 +- .../modules/sl20_auth/eIDDataVerifierTest.java | 91 +++++++++++++++------ .../moaspss_config/MOASPSSConfiguration.xml | 82 +++++++++++++++++++ .../1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 | Bin 0 -> 991 bytes .../AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 | Bin 0 -> 919 bytes .../C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 | Bin 0 -> 1018 bytes .../DFAE695342AC81A521025904406884399822B233 | Bin 0 -> 987 bytes .../C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 | Bin 0 -> 880 bytes .../42AD1897A4643D2AA634D980F16349E6694F3B1B | Bin 0 -> 1237 bytes .../FE7891B6ED7B178F528A28B21478299F865889BD | Bin 0 -> 1333 bytes .../4CAEE38931D19AE73B31AA75CA33D621290FA75E | Bin 0 -> 979 bytes .../D3C063F219ED073E34AD5D750B327629FFD59AF2 | Bin 0 -> 979 bytes .../0F843FB1E0C626540BE638B79A2987E2611CE630 | Bin 0 -> 1018 bytes .../69F21C82DC9A7A940ACEC414593E59C9E61E522F | Bin 0 -> 990 bytes .../FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 | Bin 0 -> 1087 bytes .../E185E05432F7D98BA7469D26A802DB4B0B2F6286 | Bin 0 -> 1851 bytes .../FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 | Bin 0 -> 1147 bytes .../A5A00B223EF24AED92D03F652CFE367CA9D1B200 | Bin 0 -> 958 bytes .../65698A39E03FF00FD552D4AD99FB290C2B9D4BEA | Bin 0 -> 1018 bytes .../ABAAFC4B7A88097279E89C22C242C40420D0826B | Bin 0 -> 1384 bytes .../6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F | Bin 0 -> 1300 bytes .../3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 | Bin 0 -> 1030 bytes .../9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B | Bin 0 -> 932 bytes .../A562C4B99E2847251CB4A1F05DA1FF43E7296F0B | Bin 0 -> 999 bytes .../52ED0FAFBD38A868C678174D7EB03D266ADB221C | Bin 0 -> 994 bytes .../BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 | Bin 0 -> 995 bytes .../CA80A13D41116E24CB1479E970CDC1C030C5907C | Bin 0 -> 1272 bytes .../7D60E314AA6AEF548A614A9354C5068192051A29 | Bin 0 -> 2278 bytes .../BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF | Bin 0 -> 996 bytes .../profiles/SL20_authblock_v1.0.xml | 8 ++ ...-20041130.SerNo01f6(SecureSignatureKeypair).cer | Bin 0 -> 901 bytes ...-20041215.SerNo021e(SecureSignatureKeypair).cer | Bin 0 -> 901 bytes ...-20050207.SerNo0291(SecureSignatureKeypair).cer | Bin 0 -> 1110 bytes ...-20050207.SerNo210d(SecureSignatureKeypair).cer | Bin 0 -> 1110 bytes ...-20141201.SerNoE243(SecureSignatureKeypair).cer | Bin 0 -> 1111 bytes ...rust-Qual-01b.20041201-20141201.SerNo01C854.cer | Bin 0 -> 1111 bytes ...-20141203.SerNoE248(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-02b.20041203-20141203.SerNo01C857.cer | Bin 0 -> 975 bytes ...-20180425.SerNoe694(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-03b.20080424-20180424.SerNo041D14.cer | Bin 0 -> 975 bytes ...-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer | Bin 0 -> 1485 bytes ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++ ...011201-20041201.SerNo0213(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...010427-20040427.SerNo006f(CertifiedKeypair).cer | Bin 0 -> 860 bytes ...011212-20041212.SerNo0213(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...011212-20041212.SerNo0218(CertifiedKeypair).cer | Bin 0 -> 861 bytes ...040326-20070326.SerNo6632(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...041201-20141201.SerNoe242(CertifiedKeypair).cer | Bin 0 -> 865 bytes ...rust-nQual-03.20050817-20150817.SerNo016c1e.cer | Bin 0 -> 979 bytes ...m-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer | Bin 0 -> 1028 bytes ...Test-Sig-02.20141124-20141118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes ...Test-Sig-02.20141124-20241118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes ...sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt | 24 ++++++ ...m-Test-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++ ...TEST-Qual-01a.20041117-20141117.SerNo00da88.cer | Bin 0 -> 991 bytes ...EST-nQual-01a.20041117-20080630.SerNo00da8b.cer | Bin 0 -> 995 bytes ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer | 23 ++++++ ...-20041130.SerNo01f6(SecureSignatureKeypair).cer | Bin 0 -> 901 bytes ...-20041215.SerNo021e(SecureSignatureKeypair).cer | Bin 0 -> 901 bytes ...-20050207.SerNo0291(SecureSignatureKeypair).cer | Bin 0 -> 1110 bytes ...-20050207.SerNo210d(SecureSignatureKeypair).cer | Bin 0 -> 1110 bytes ...-20141201.SerNoE243(SecureSignatureKeypair).cer | Bin 0 -> 1111 bytes ...rust-Qual-01b.20041201-20141201.SerNo01C854.cer | Bin 0 -> 1111 bytes ...-20141203.SerNoE248(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-02b.20041203-20141203.SerNo01C857.cer | Bin 0 -> 975 bytes ...-20180425.SerNoe694(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-03b.20080424-20180424.SerNo041D14.cer | Bin 0 -> 975 bytes ...-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer | Bin 0 -> 1485 bytes ...011201-20041201.SerNo0213(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...010427-20040427.SerNo006f(CertifiedKeypair).cer | Bin 0 -> 860 bytes ...011212-20041212.SerNo0213(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...011212-20041212.SerNo0218(CertifiedKeypair).cer | Bin 0 -> 861 bytes ...040326-20070326.SerNo6632(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...041201-20141201.SerNoe242(CertifiedKeypair).cer | Bin 0 -> 865 bytes ...rust-nQual-03.20050817-20150817.SerNo016c1e.cer | Bin 0 -> 979 bytes ...band oesterr. Sozialvers.,CN=Root-CA 1-2045.der | Bin 0 -> 1747 bytes ...A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer | Bin 0 -> 2278 bytes ...-20141203.SerNoE248(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-02b.20041203-20141203.SerNo01C857.cer | Bin 0 -> 975 bytes ...rust-nQual-03-20140723-20250723.SerNo14b4f9.cer | 23 ++++++ ...rust-nQual-03.20050817-20150817.SerNo016c1e.cer | Bin 0 -> 979 bytes ..._-_Signaturdienst.20070829-20140101.SerNo02.cer | Bin 0 -> 1272 bytes ...ab-BM-f-Inneres-20040219-20070219.SerNo5c39.der | Bin 0 -> 1205 bytes ...Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer | Bin 0 -> 1205 bytes .../Testuser_BRZ_IdentityLink_Signer.crt | 31 +++++++ ...traut_Kotschy.20070119-20120119.SerNo02DE1C.cer | Bin 0 -> 1385 bytes .../a-sign-SSL-03.cer | Bin 0 -> 1147 bytes ...rate-light-02.20140905-20240905.SerNo153B49.cer | Bin 0 -> 1167 bytes .../a-sign-corporate-light-02.cer | Bin 0 -> 1167 bytes ...rate-light-03-20051114-20151114.SerNo01AAED.cer | Bin 0 -> 1171 bytes ...rate-light-03-20051114-20151114.SerNo01aaed.der | Bin 0 -> 1171 bytes .../atrust_OCSP_Responder_03-1.cer | Bin 0 -> 1185 bytes .../idl_signer_from_IDL.crt | 27 ++++++ ...A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer | Bin 0 -> 2278 bytes ...Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer | Bin 0 -> 1205 bytes ...traut_Kotschy.20070119-20120119.SerNo02DE1C.cer | Bin 0 -> 1385 bytes .../a-sign-corporate-light-02.cer | Bin 0 -> 1167 bytes ...rate-light-03-20051114-20151114.SerNo01AAED.cer | Bin 0 -> 1171 bytes .../src/test/resources/tests/eIDdata_own_test.json | 8 +- 100 files changed, 364 insertions(+), 37 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index c3c10dd16..6ebbd0704 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -5,11 +5,8 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; -import org.junit.runner.RunWith; -import org.opensaml.DefaultBootstrap; import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.gson.JsonObject; import com.google.gson.JsonParser; @@ -17,12 +14,12 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -@RunWith(SpringJUnit4ClassRunner.class) +//@RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/SpringTest-context.xml") public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Before - public void init() throws SLCommandoParserException, IOException, ConfigurationException { + public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); JsonParser jsonParser = new JsonParser(); JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); @@ -35,8 +32,6 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { if (eIDData == null || eIDData.isEmpty()) throw new SLCommandoParserException("Can not load eID data"); - DefaultBootstrap.bootstrap(); - } @Override diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java index e56d5834a..419142c7d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -6,7 +6,6 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; import org.junit.runner.RunWith; -import org.opensaml.DefaultBootstrap; import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -23,7 +22,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { @Before - public void init() throws SLCommandoParserException, IOException, ConfigurationException { + public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json"))); JsonParser jsonParser = new JsonParser(); JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject(); @@ -33,12 +32,12 @@ public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { if (eIDData == null || eIDData.isEmpty()) throw new SLCommandoParserException("Can not load eID data"); - DefaultBootstrap.bootstrap(); } @Override protected String getSl20ReqId() { return "_57010b7fcc93cc4cf3f2b764389137c2"; } + } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index 365152f66..32d623b88 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -1,9 +1,12 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth; import java.io.ByteArrayInputStream; +import java.io.IOException; import java.util.Map; +import org.junit.BeforeClass; import org.junit.Test; +import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.core.Assertion; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig; @@ -30,13 +33,41 @@ import iaik.security.provider.IAIK; public abstract class eIDDataVerifierTest { protected Map eIDData = null; + + + + @BeforeClass + public static void moaSPSSInitialize() throws ConfigurationException, org.opensaml.xml.ConfigurationException, IOException { + Logger.info("Loading Java security providers."); + //System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); + String current = new java.io.File( "." ).getCanonicalPath(); + System.setProperty("moa.spss.server.configuration", current + "\\src\\test\\resources\\moaspss_config\\MOASPSSConfiguration.xml"); + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + DefaultBootstrap.bootstrap(); + + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + Logger.debug("Starting MOA-SPSS initialization process ... "); + Configurator.getInstance().init(); + Logger.info("MOA-SPSS initialization complete "); + + } catch (MOAException e) { + Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new ConfigurationException("config.10", new Object[] { e + .toString() }, e); + } + + } + @Test public void dummyTest() throws Exception { } - + @Test public void parseIdl() throws Exception { String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); @@ -47,10 +78,27 @@ public abstract class eIDDataVerifierTest { if (idl == null) throw new Exception("IDL parsing FAILED"); + + } + + @Test + public void verifyIdl() throws Exception { + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + + if (idl == null) + throw new Exception("IDL parsing FAILED"); + + IOAAuthParameters dummyOA = new DummyOA(); + AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); + QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig); } - //@Test + @Test public void parseAuthBlock() throws Exception { String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); if (MiscUtil.isEmpty(authBlockB64)) @@ -61,7 +109,21 @@ public abstract class eIDDataVerifierTest { } - //@Test + + + @Test + public void verifyAuthBlock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + IOAAuthParameters dummyOA = new DummyOA(); + AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); + QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); + + } + + @Test public void checkIDLAgainstAuthblock() throws Exception { String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); @@ -76,29 +138,12 @@ public abstract class eIDDataVerifierTest { IOAAuthParameters dummyOA = new DummyOA(); AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); - - Logger.info("Loading Java security providers."); - System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); - - IAIK.addAsProvider(); - ECCelerate.addAsProvider(); - try { - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - Logger.debug("Starting MOA-SPSS initialization process ... "); - Configurator.getInstance().init(); - Logger.info("MOA-SPSS initialization complete "); - - } catch (MOAException e) { - Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); - throw new ConfigurationException("config.10", new Object[] { e - .toString() }, e); - } - - QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig); + IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult); + + } protected abstract String getSl20ReqId(); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml new file mode 100644 index 000000000..99e60de85 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml @@ -0,0 +1,82 @@ + + + + + + + 192.168 + + + + + + + true + true + + + certstore + + + + + + pkix + + + CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT + 536 + + chaining + + + + C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1 + 376503867878755617282523408360935024869 + + chaining + + + + MOAIDBuergerkartePersonenbindung + trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten + + + MOAIDBuergerkarteAuthentisierungsDaten + trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten + + + MOAIDBuergerkartePersonenbindungMitTestkarten + trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten + + + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten + trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten + + + + + false + 0 + + CRL + OCSP + + + false + 365 + + + jdbc:url + fully.qualified.classname + + + + + + + SL20Authblock_v1.0 + profiles/SL20_authblock_v1.0.xml + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 new file mode 100644 index 000000000..d2e7db667 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 new file mode 100644 index 000000000..f2f1c6562 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 new file mode 100644 index 000000000..476a3efb2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 new file mode 100644 index 000000000..5c88b668a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 new file mode 100644 index 000000000..38c2de589 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B new file mode 100644 index 000000000..f1d7b6a28 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD new file mode 100644 index 000000000..c1b90c0f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E new file mode 100644 index 000000000..3c77b90d2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 new file mode 100644 index 000000000..33e776369 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 new file mode 100644 index 000000000..29d93550e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F new file mode 100644 index 000000000..2a88295a7 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 new file mode 100644 index 000000000..84a1690d2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 new file mode 100644 index 000000000..0dc186019 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 new file mode 100644 index 000000000..a699436ca Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 new file mode 100644 index 000000000..05a8b86f9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA new file mode 100644 index 000000000..836ba3767 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B new file mode 100644 index 000000000..87b13faaa Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F new file mode 100644 index 000000000..f1c03d688 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 new file mode 100644 index 000000000..781d1e4f2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B new file mode 100644 index 000000000..8286cabbc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B new file mode 100644 index 000000000..a0148f63b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C new file mode 100644 index 000000000..42a64da07 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 new file mode 100644 index 000000000..32893db7f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C new file mode 100644 index 000000000..277b6083a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 new file mode 100644 index 000000000..afe6fdf09 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF new file mode 100644 index 000000000..d71177a4e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 000000000..08e24fe92 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
+ Vollmachten-Referenz:
DataURL:
AuthBlockValidTo:

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer new file mode 100644 index 000000000..d361d919f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer new file mode 100644 index 000000000..ad13d7b28 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer new file mode 100644 index 000000000..f9f27442b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer new file mode 100644 index 000000000..b6f39e354 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer new file mode 100644 index 000000000..f9fef65fc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer new file mode 100644 index 000000000..3c7775b6e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer new file mode 100644 index 000000000..36a442b89 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer new file mode 100644 index 000000000..54f809962 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer new file mode 100644 index 000000000..ab9e0cd7d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer new file mode 100644 index 000000000..01965769d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer new file mode 100644 index 000000000..b9a0e5a61 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt new file mode 100644 index 000000000..9befb53fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt +MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B +AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv +YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt +cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b +DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk +hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP +IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A +e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ +67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG +36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t +zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky +zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi +v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S +nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B +o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM +TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6 +czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ +/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB +0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ +YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j +uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw +0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs +p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi +lm2dyCqZ9RUD5ZN2YRntJoo= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer new file mode 100644 index 000000000..b7d4b08a6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer new file mode 100644 index 000000000..69de75609 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer new file mode 100644 index 000000000..8c434777e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer new file mode 100644 index 000000000..efa28178e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer new file mode 100644 index 000000000..33e776369 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer new file mode 100644 index 000000000..911640d0e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer new file mode 100644 index 000000000..1bb449441 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer new file mode 100644 index 000000000..1bb449441 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt new file mode 100644 index 000000000..803b30eb1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIEOWntwTANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC +QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg +aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1U +ZXN0LVF1YWwtMDIxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1RdWFsLTAyMB4XDTE0 +MTEyNDE0NDkxN1oXDTI0MTExODEzNDkxN1owgaExCzAJBgNVBAYTAkFUMUgwRgYD +VQQKDD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0 +ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsMGmEtc2lnbi1QcmVtaXVtLVRl +c3QtU2lnLTAyMSMwIQYDVQQDDBphLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANwJSfWpRaziThddTTup72Cl +tlXl8oc7HQoK2SWsYQwZGAd5nJZbwbI4K8VFKlNnK72Zl8UhmQ2FxhzS6u+Q+qEz +JOM2xTfA2NB6A9/KFpTJXUjvCHgRvW16EEF9YpYXxKTSK+QrYCXAC5rL6SuYOzgA +7Q1ivq+zLbyXxroux2zVEBIiaBGpZhOHGDFJk6h/4QelIqzd2TIDCRzvhmLDVmhq +X2C1NQb5kZuMgrxxOhG5Cr1F8solkwyu43JiM+apY4bZJVQBwi9ATBMz5tfdoLRs +lQy1BCQ4X+b6u/2856gucU+1e/wa5pB9Ff0eP+xy+j2DZOXLNd8m/IQvnshjNusC +AwEAAaNLMEkwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIRgafjkGOFb0wEwYD +VR0jBAwwCoAIQg8xWXA9iecwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA +A4IBAQBq/owq5eGvhxegchLvnMjPnE9gTYIHEvMq8DN6h2J7pTEhKG2o09LLn/pN +HWRjKENU/LqZBIAJ5zebm5XqzB631BYcuu1abyPFfpMdAL9X4zFuDvg9EGaTir2c +81XaBYzVSLN7fxmNLKSmMwUt0JQQyqpe3V9iyoBE/WcQyKmKaEp7mCZsGFBm6KmJ +gqD6TPb7X9bWUr3yx6Z5gek71f3vQi69m1x811azXlxu1i/XFnVpzxkrKRXJWC+w +nQRxXmU7YnMzYPOA7UOpUG6J+7tYi29hY3EpMgyXM/T/BL5MdyzBefbPVzLHng5z +VaXNpO0ENCrlUyi1m3Yd/7QPDdJM +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt new file mode 100644 index 000000000..ee17cdb80 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS +BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp +gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR +cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls +5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d +s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka +hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE +/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 +kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh +5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu +IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj +AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 +3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy +8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG +x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM +tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 +76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra +nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN +sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp +FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy +Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq +C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 +85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK +6MsTXFjxlwpIacl4fkAxk6L22xfB +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer new file mode 100644 index 000000000..cac44093a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer new file mode 100644 index 000000000..32893db7f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer new file mode 100644 index 000000000..60bc9a557 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT +VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx +NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK +DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g +RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx +HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B +kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV +HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8 +fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK +shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61 +0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB +/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ +IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g +zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc +d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh +eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq +/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer new file mode 100644 index 000000000..d361d919f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer new file mode 100644 index 000000000..ad13d7b28 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer new file mode 100644 index 000000000..f9f27442b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer new file mode 100644 index 000000000..b6f39e354 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer new file mode 100644 index 000000000..f9fef65fc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer new file mode 100644 index 000000000..3c7775b6e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer new file mode 100644 index 000000000..36a442b89 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer new file mode 100644 index 000000000..54f809962 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer new file mode 100644 index 000000000..ab9e0cd7d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer new file mode 100644 index 000000000..01965769d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer new file mode 100644 index 000000000..b9a0e5a61 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer new file mode 100644 index 000000000..b7d4b08a6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer new file mode 100644 index 000000000..69de75609 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer new file mode 100644 index 000000000..8c434777e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer new file mode 100644 index 000000000..efa28178e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer new file mode 100644 index 000000000..33e776369 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der new file mode 100644 index 000000000..3be7b6a06 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer new file mode 100644 index 000000000..afe6fdf09 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer new file mode 100644 index 000000000..36a442b89 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer new file mode 100644 index 000000000..54f809962 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer new file mode 100644 index 000000000..2284687bb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy +OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM +EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj +lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ +znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH +2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 +k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs +2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD +VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1 +hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br +cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm +FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ +tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s +FJ6N46sU7LjJLqSKYEB8usoIiw== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer new file mode 100644 index 000000000..33e776369 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer new file mode 100644 index 000000000..277b6083a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der new file mode 100644 index 000000000..376d0753f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer new file mode 100644 index 000000000..376d0753f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt new file mode 100644 index 000000000..d69dc044e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIJAJav+zeqU/DMMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV +BAYTAkFUMQ0wCwYDVQQKEwRFR0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYw +JAYDVQQDFB1UZXN0X1NvZnR3YXJlY2FyZHNfSURMX1NpZ25lcjAeFw0xNjEwMTgx +MDM5MDdaFw0xOTA3MTQxMDM5MDdaMFwxCzAJBgNVBAYTAkFUMQ0wCwYDVQQKEwRF +R0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYwJAYDVQQDFB1UZXN0X1NvZnR3 +YXJlY2FyZHNfSURMX1NpZ25lcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBALkLgt+MFTxLfRzcEIZ0bycIFg7g/HPN7QWIZ67bHzrb6ehebzF9VinzDZXC +kfKWdUJbkNSuWKWrp2X62f7oGhdqK0yFc+Dlo+OpIDgQiWCpBfKJo8cPWsiAmNuT +xWVagU5faI1h7xvvOVMybWe92nivfqLOuEx6WvX/UoIawRHV2VmPGFgZocM5G0X6 +bUVEpqxAa3qOIlRr0poB+RA0PA86hRpRYal/Or93D8BfQH5l8zV9QcvPe/KeJSpJ +HgGWmEs593LtNuA1Rv1iDpuu10y7C2FeMBvcUpRkR7WAj7vIYVtQILXCh1FhfN1b +Hg6xLVTyshlgUn7ARQJYoJ3togdGamDRlnKU2rXN9j88Tw6fAdcCvWbWVtjy8pNj +WLkVJMlFWdfO6/5LAva1HxROMhFx7QOPhOzemetCtT2fI4FTAk9Vyf9wTUQOL8sq +K73t1A419lYS8WuUCzHDxLujLiTuwoIUgzMN/bqMEZrogPLY2Kj4vmZMZ4gU2PU7 +Yw+Xfang3+/yK1gYNEebpdvPi8SVUAnus/Cfmdwdn9O/naWiBpjc06GJvMbegjxw +oPBM5c0SkCR5xCaygZL2OBpRMKgdfrk4k0pj5ZUm+mtrOGojtRZJEZQCBpVPk1yD +3L4/Z4AZofOo8dSkUR+xJN0oKnIdfndvBxNF4sxY4IwOvFRrAgMBAAGjKTAnMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgWgMA0GByooAAoBBwEEAgUAMA0GCSqGSIb3DQEB +CwUAA4ICAQBcED7tE8qmAwFBdhyoz1D8yodEZmmdXZwksA/kI+o+5wQs6Y/qvw7j ++eBvlctyXCXWh1eFeb/FaiA5Cpoak8Nc/oY7T/yBj5gfKHlNqVT1owaBkHsEYMBv +aUXxyDCbnFMznJfkxjbvFbQdd1hceJht8Dx+ikpB6MJHqHIEry0WWgf3JdN5PErr +ATndjBE4BaTZ2q6sCv+SdK60Mk0mYA6l6nSC9eB8G9C4bA1cQEOu6+FPmFzSkiIF +temA1tjQnhxKZZigzxIN3EQAnq/23jf+CkxAt5GkpUjqF5bqKI1nerJOgn4Jm5j6 +sPZGpGllzHLBaybfY63Az4sERC28OlqFw1vxQs4hWIWNWEAMF3Oz4+pYg4OIIh5C +Nr1aqJgssWfOZrX2KSz2vqrZoU67zq84MQcJTSmgKVBb9OnrC5tYn5YVUlydPPjr +Um0iHlWC0MFiIgSzx6Ti2HnPgc0UHsA6IpSTo+UufYYNDiFCssRbu4r0/Syq4MP3 +ghYXdP9Tj0FISz2TvM6YQfzHej94bZcVNwnF4pWEnGZtBbNVvJRw9iJHHkDWLiYM +1B73zs7+pA8YgKqExDHXc1Shou5HvSuTXSmaTMUHrCkhotHfpqYhrJiAmJ+OftNv +6oxMPfNhZg01eOotm1J+WV2mJbgcPTNSC1ONcSFdQ5vZZLL24J2Hcw== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer new file mode 100644 index 000000000..592c96230 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer new file mode 100644 index 000000000..a699436ca Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer new file mode 100644 index 000000000..e4bd48dac Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer new file mode 100644 index 000000000..61a7ccb15 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer new file mode 100644 index 000000000..5171276f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der new file mode 100644 index 000000000..5171276f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer new file mode 100644 index 000000000..ebfbce9a0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt new file mode 100644 index 000000000..fda99f2bd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer new file mode 100644 index 000000000..afe6fdf09 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer new file mode 100644 index 000000000..376d0753f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer new file mode 100644 index 000000000..592c96230 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer new file mode 100644 index 000000000..61a7ccb15 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer new file mode 100644 index 000000000..5171276f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json index a75535da1..0513709e2 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json @@ -1,8 +1,8 @@ {"result": { - "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", - "EID-CITIZEN-QAA-LEVEL": "substantial", - "EID-CCS-URL": "https://www.a-trust.at/todo", - "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il81NzAxMGI3ZmNjOTNjYzRjZjNmMmI3NjQzODkxMzdjMiIgSXNzdWVJbnN0YW50PSIyMDE2LTAzLTI5VDA4OjUwOjU2LjQ1MFoiIFZlcnNpb249IjIuMCIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj4NCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2RlbW8tdmRhLmF0L3ZkYS1zZXJ2aWNlPC9zYW1sMjpJc3N1ZXI+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiLz48eHNsOnRlbXBsYXRlIG1hdGNoPSIvIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxoZWFkPjx0aXRsZT5TaWduYXR1ciBkZXIgQW5tZWxkZWRhdGVuPC90aXRsZT48c3R5bGUgbWVkaWE9InNjcmVlbiIgdHlwZT0idGV4dC9jc3MiPg0KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0NCgkJCQkJCQkJLnRpdGxlc3R5bGUgeyB0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lOyBmb250LXdlaWdodDpib2xkOyBmb250LXNpemU6IG1lZGl1bTsgfSANCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSANCiAgICAgICAgICAgICAgCQkJCTwvc3R5bGU+PC9oZWFkPjxib2R5PjxoNCBjbGFzcz0iaDRzdHlsZSI+QW5tZWxkZWRhdGVuOjwvaDQ+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBQZXJzb248L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb3JuYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjIwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+TmFjaG5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9sbG1hY2h0OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dGV4dD5JY2ggbWVsZGUgbWljaCBpbiBWZXJ0cmV0dW5nIGFuLiBJbSBuw6RjaHN0ZW4gU2Nocml0dCB3aXJkIG1pciBlaW5lIExpc3RlIGRlciBmw7xyIG1pY2ggdmVyZsO8Z2JhcmVuIFZlcnRyZXR1bmdzdmVyaMOkbHRuaXNzZSBhbmdlemVpZ3QsIGF1cyBkZW5lbiBpY2ggZWluZXMgYXVzd8OkaGxlbiB3ZXJkZS48L3hzbDp0ZXh0PjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgQW53ZW5kdW5nPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPklkZW50aWZpa2F0b3I6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyRnJpZW5kbHlOYW1lJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPlRlY2huaXNjaGUgUGFyYW1ldGVyPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdHVtOjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsOSwyKSIvPjx4c2w6dGV4dD4uPC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw2LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlVocnplaXQ6PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxMiwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxNSwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VHJhbnNha3Rpb25zVG9ra2VuOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL0BJRCIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPg0KCQkJCQkJCQkJCQlWb2xsbWFjaHRlbi1SZWZlcmVuejogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXRhVVJMOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbi9zYW1sMjpBdWRpZW5jZSIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48L2JvZHk+PC9odG1sPjwveHNsOnRlbXBsYXRlPjwveHNsOnN0eWxlc2hlZXQ+PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSNXaXRoQ29tbWVudHMiLz48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5tY0xFdXNpMmMySFZsZWJXZWJnK1VUVVVCVDRHSUxIVDdhN1ZGaDFNZ1YwPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDIvMDYveG1sZHNpZy1maWx0ZXIyIj48eHBmOlhQYXRoIHhtbG5zOnhwZj0iaHR0cDovL3d3dy53My5vcmcvMjAwMi8wNi94bWxkc2lnLWZpbHRlcjIiIEZpbHRlcj0iaW50ZXJzZWN0IiB4bWxuczpldHNpPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzL3YxLjEuMSMiPi8vKltASWQ9J2V0c2ktc2lnbmVkLTEtMSddL2V0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMvZXRzaTpTaWduZWRQcm9wZXJ0aWVzPC94cGY6WFBhdGg+PC9kc2lnOlRyYW5zZm9ybT48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5xMWdMWm9lTDZLOVZaZHkzM3lPdVRFaTJGVDFTaDBqRDJSZGMzRXJ0WmNvPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpTaWduZWRJbmZvPjxkc2lnOlNpZ25hdHVyZVZhbHVlPmpjV2YrejljckIvVU1COTVPR2ZlMys5U2pESXRrMUZWSGRFZWNGSnhnbVJndWRjMWxmc1V2Z21BTzhxYlBHcGpEMDJhMi9pNmowTlJFR1l4dU5aVGtBPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRm1qQ0NBNEtnQXdJQkFnSUVPTkd1bWpBTkJna3Foa2lHOXcwQkFRc0ZBRENCblRFTE1Ba0dBMVVFQmhNQ1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVoTUI4R0ExVUVDd3dZWVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNU0V3SHdZRFZRUUREQmhoTFhOcFoyNHRjSEpsYldsMWJTMXRiMkpwYkdVdE1EVXdIaGNOTVRnd05ERXlNRFl4T0RVd1doY05Nak13TkRFeU1EWXhPRFV3V2pCbU1Rc3dDUVlEVlFRR0V3SkJWREVhTUJnR0ExVUVBd3dSVkdodmJXRnpJRWRsYjNKbklFeGxibm94RFRBTEJnTlZCQVFNQkV4bGJub3hGVEFUQmdOVkJDb01ERlJvYjIxaGN5QkhaVzl5WnpFVk1CTUdBMVVFQlJNTU9ESXdNVGd3TnpjM01qZzNNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVmMmFZaTM5UlRPd3VHbHZqbWwwNms0eEdnSUZIOU8rajUrdms0bDdjbzVYRVNkYUYvK1FFQmJpcUIxQjlIcGZFOVJIZjdiYkc2WjdlZjh4VXhkdjMzYU9DQWVFd2dnSGRNSDBHQ0NzR0FRVUZCd0VCQkhFd2J6QkVCZ2dyQmdFRkJRY3dBb1k0YUhSMGNEb3ZMM2QzZHk1aExYUnlkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTF3Y21WdGFYVnRMVzF2WW1sc1pTMHdOUzVqY25Rd0p3WUlLd1lCQlFVSE1BR0dHMmgwZEhBNkx5OXZZM053TG1FdGRISjFjM1F1WVhRdmIyTnpjREFUQmdOVkhTTUVEREFLZ0FoSTgvMmNJdzZIZHpCeUJnZ3JCZ0VGQlFjQkF3Um1NR1F3Q2dZSUt3WUJCUVVIQ3dJd0NBWUdCQUNPUmdFQk1BZ0dCZ1FBamtZQkJEQVRCZ1lFQUk1R0FRWXdDUVlIQkFDT1JnRUdBVEF0QmdZRUFJNUdBUVV3SXpBaEZodG9kSFJ3Y3pvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDNCa2N5OFRBa1ZPTUJFR0ExVWREZ1FLQkFoS1F2Z2VFZTdPaURBT0JnTlZIUThCQWY4RUJBTUNCc0F3Q1FZRFZSMFRCQUl3QURCZ0JnTlZIU0FFV1RCWE1BZ0dCZ1FBaXpBQkFUQkxCZ1lxS0FBUkFSUXdRVEEvQmdnckJnRUZCUWNDQVJZemFIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMlJ2WTNNdlkzQXZZUzF6YVdkdUxYQnlaVzFwZFcwdGJXOWlhV3hsTUVNR0ExVWRId1E4TURvd09LQTJvRFNHTW1oMGRIQTZMeTlqY213dVlTMTBjblZ6ZEM1aGRDOWpjbXd2WVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUFyL1Z0T3hVaU5aTVVjeHJISG9yM0FYWnlqcVVmdTRWTTFkbkt3Zjl1d1hRa3NVcnF2b1Jzc3AyakhDbnpIM2FaV2plQ3U5UFVDSmV3NXgxUnBNeEUwaFZZanEzNzVrdjM4d1ZXUjM4WmE3eVl5ME45cTBVbjBOSmlTUHpuaklUa3RweWZkcHNGSkluTDIrM1h5Z2FZZU51dGU5NjA0WTMwK3JGSCtKck85UjgzWmFwbTZjdGs4ai8xSHBxb0c0NXlJbTZtS3AvWGhndGJnVk13OHptUjBQWGpBaW5FaTYrUmEzL1Z0cUV4ZVlHaUt5WS9SdWU1TWZQRGhiMmRBQjByd1ozVWtRakU0TWFyMFRDVzR0cHZKR0hiakhuQkwyMVY4SVNMZkUxb1NYcGJZWVNqTFh4TENmcmJrZUdSbkhTUTVENUUwU1ZqTzdsU3NQazFtaVErcExGR1FTNTZKS3VFWTBoVzRKYzlkUGRRc29Qc2FEVCtQZW1WQXIzcVZGTEQ1QSt0cm5GMFpqQ3A2RHVhYVdnT0hQajFweE05V0tVRFpXa1hUQWdDZVZhN3RLMlFjMlZWUUUvc3ZGS1I1OWlGTWlSdGpZQXpjTS9OZ215bE9DYUc1a01UZmlXOWhnbGo5QjNSdVVackZHWFNhY0ptcGM4ZWppRTl4a3B5UTVadDlpK3FDVE40ajdIOWdpRHMydkNnMDFwYnp3b0txc05zWGlFc2JzM3NVeTVTUFYyRzg4a055Vm9DTkVKVVZka0ZBZXBqQkcwbDJ5SkxaVkRtdHBucjlFbzc2LzRWSGhGeWJIYU84aWxabXJaQTRqMitMaGRBSFg3a3ZhVE1YbHQxSVphaWdOZE9YYVAwT3d2d3BWUGtSTG9LOHJ1UDRObzE4VGRvQVc0MTVpUT09PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PGRzaWc6T2JqZWN0IElkPSJldHNpLXNpZ25lZC0xLTEiPjxldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzIHhtbG5zOmV0c2k9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xIyIgVGFyZ2V0PSIjc2lnbmF0dXJlLTEtMSI+PGV0c2k6U2lnbmVkUHJvcGVydGllcz48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDVUMDY6MzI6MjZaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGV0c2k6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZXRzaTpEaWdlc3RWYWx1ZT5JZE1yc2VxMHNXczl5UStFRDN3UWpIOHcxeDg9PC9ldHNpOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDUsT1U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTA1LE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj45NTMyNjU4MTg8L2RzaWc6WDUwOVNlcmlhbE51bWJlcj48L2V0c2k6SXNzdWVyU2VyaWFsPjwvZXRzaTpDZXJ0PjwvZXRzaTpTaWduaW5nQ2VydGlmaWNhdGU+PGV0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48ZXRzaTpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT4NCgk8c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTYtMDMtMjlUMDg6NTA6NTYuNDUwWiIgTm90T25PckFmdGVyPSIyMDE2LTAzLTI5VDA4OjU1OjU2LjQ1MFoiPg0KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj4NCgkJCTxzYW1sMjpBdWRpZW5jZT5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9wb3N0PC9zYW1sMjpBdWRpZW5jZT4NCgkJPC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCTwvc2FtbDI6Q29uZGl0aW9ucz4NCgk8c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Mi4xPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NdXN0ZXJtYW5uPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIuNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TWF4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4wMS4wMy4xOTk4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9tZXRhZGF0YTwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUZyaWVuZGx5TmFtZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5EZW1vbG9naW4gU2VydmljZSBwcm92aWRlZCBieSBFR0laPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItQ291bnRyeUNvZGUiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5BVDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iTUFOREFURS1SRUZFUkVOQ0UtVkFMVUUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+X2FzZGZhZGZhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhczwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCTwvc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KPC9zYW1sMjpBc3NlcnRpb24+" + "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6cHI9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9wZXJzb25kYXRhLzIwMDIwMjI4IyIgeG1sbnM6c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiBBc3NlcnRpb25JRD0ic3pyLmJtaS5ndi5hdC1Bc3NlcnRpb25JRDE0Njc2MTY4NDU1MTg2OTkiIElzc3VlSW5zdGFudD0iMjAxNi0wNy0wNFQwOToyMDo0NSswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiPgoJPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCTxzYW1sOlN1YmplY3Q+CgkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJCQk8c2FtbDpDb25maXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KCQkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhPgoJCQkJCTxwcjpQZXJzb24gc2k6dHlwZT0icHI6UGh5c2ljYWxQZXJzb25UeXBlIj48cHI6SWRlbnRpZmljYXRpb24+PHByOlZhbHVlPkFUL0NaL3hXRTB2RldhcnpwelNMNExZbHBzdDliNnZnMD08L3ByOlZhbHVlPjxwcjpUeXBlPnVybjpwdWJsaWNpZDpndi5hdDplaWRhc2lkK0FUK0NaPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTgwLTAyLTI5PC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZWNkc2E6RUNEU0FLZXlWYWx1ZT48ZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6TmFtZWRDdXJ2ZSBVUk49InVybjpvaWQ6MS4yLjg0MC4xMDA0NS4zLjEuNyIvPjwvZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6UHVibGljS2V5PjxlY2RzYTpYIFZhbHVlPSI0OTYyOTAyMjY5NzQ3NDYwMjQ5NzcwNzQ3MzIzODI0NjkxNDYxMDIxNzUzNTY4OTc5ODUyNzMxMzYyMDE1NzEwOTYxNDM1NTI0Mjk4OCIgc2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8+PGVjZHNhOlkgVmFsdWU9Ijc3MTExNTYwNzEzNzU1OTE0NDUwNzM2MDQxNzUxNjE1MTEyNDAyMzEwNjQ5ODMyMTQ3NzMxNjA5MjIxNzEwNDY1MDY1NTAxMzU2NDkyIiBzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48L2VjZHNhOlB1YmxpY0tleT48L2VjZHNhOkVDRFNBS2V5VmFsdWU+PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI+PHNhbWw6QXR0cmlidXRlVmFsdWU+PGRzaWc6UlNBS2V5VmFsdWU+PGRzaWc6TW9kdWx1cz4xQkZPaXRpUVVjMWxBSERHa3NuZVhXWkdLR2FGQmN1MDNIRWlJRnNqSGpOdC9JZlJaNEl6cUhvdFVLSXR4bkNkTnRzRmMxTWtNSmcrCmcwQVhIc3VVNk1OZ2NiY1hQYVBmbUhwKzgrQkpoK2FtREYzRm5BTjRjZUc4b0ZBR1ZFWnRlT2dmZFdrMXI1UlEyU0srMFB1WFB1THAKVGVlN0l6WHRrc1JlWmtWRWFkVUN4bi9oaVJYWmEwZEFCZ2tGZTNrU1hiRHI1dEtYT0YwRkN0TEtoWkJJOXorTmJYK2FUU0tPbUFPcQo0anl5bW9vNUVQM0wraVBlY3JVd0hpakQwQm04OWgxSmp4UDUyMWZrWWUzU2krMEo0MG9rcm1DQ1FIQnIrSXpCMXVYOThwS2h2czdYCjZyUGpPSjZsQndQN1hqSzdEMTI4UC9jZzRlSDZ2NThjQ2ZiTGNRPT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCjxkc2lnOlNpZ25hdHVyZSBJZD0ic2lnbmF0dXJlLTEtMSIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzaWc6U2lnbmVkSW5mbz48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9InJlZmVyZW5jZS0xLTEiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHNpZzpEaWdlc3RWYWx1ZT5FK0JYSDBDMkY2RVlIamRKck9VS3IrRHNLVDg9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWU+SHZqNDBtOXJpZHAySE96ODFNVEFxemYwcStzWkM1WWVLcEpQNDNlSzVHMUhOSDEvRE5HVS9yLzZJVlBpYlU5WQpZR1lKb1hwem54UkZpYkVRNmRGQ0hBYU5QeUFEbWRHSHlKU1dyeUk1eXBBYXA0WThNSm5hVUdTV1k0OUlaYmh0ClBqZktXQjJqVU56ajFUMnU2ZWJJaWZBVGhBSzhacUlFK2U1dWFSK3FyckxpY3hJaFhjU1pveVNjYkt4TXVUMVEKcDZ6TnNOQk9IdWpiVkFmS0ZVRThXbUdJbnl2dW9EZ2VyVXJBMFhzdFdXZzJNOWdoeXRjREp3WnBUWXdYdm1tbwpHVjQ3dWUwSVRydE0rUXFXVmJ0K2RITzgzNjlKRm5HUTloLzZoLzRqOWl5TnV4Zkc3dS9FeUhRaVN1eTArRlA4CjFsa0xzZzFZWCsycE4wSEVseVhWcXc9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlFcXpDQ0JCU2dBd0lCQWdJSEFOdXg4MW9OZXpBTkJna3Foa2lHOXcwQkFRVUZBREJBTVNJd0lBWURWUVFECkV4bEpRVWxMSUZSbGMzUWdTVzUwWlhKdFpXUnBZWFJsSUVOQk1RMHdDd1lEVlFRS0V3UkpRVWxMTVFzd0NRWUQKVlFRR0V3SkJWREFlRncweE16QTVNamN3TlRNek16ZGFGdzB5TXpBNU1qY3dOVE16TXpkYU1JSGtNUXN3Q1FZRApWUVFHRXdKQlZERU5NQXNHQTFVRUJ4TUVSM0poZWpFbU1DUUdBMVVFQ2hNZFIzSmhlaUJWYm1sMlpYSnphWFI1CklHOW1JRlJsWTJodWIyeHZaM2t4U0RCR0JnTlZCQXNUUDBsdWMzUnBkSFYwWlNCbWIzSWdRWEJ3YkdsbFpDQkoKYm1admNtMWhkR2x2YmlCUWNtOWpaWE56YVc1bklHRnVaQ0JEYjIxdGRXNXBZMkYwYVc5dWN6RVVNQklHQTFVRQpCQk1MVFU5QkxWTlRJRlJsYzNReEdEQVdCZ05WQkNvVEQwVkhTVm9nVkdWemRIQnZjblJoYkRFa01DSUdBMVVFCkF4TWJSVWRKV2lCVVpYTjBjRzl5ZEdGc0lFMVBRUzFUVXlCVVpYTjBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUYKQUFPQ0FROEFNSUlCQ2dLQ0FRRUF1RGpPeWYrbVkrb1FMMkZRenp1YWlDOEMyM3ZWS2JxL24yWmk3QnFTaWJaSAptdHFNSmZtajRwVCtoV1NOSHZWdldzYXhGY3g0S2VOcWRDTXp3bncxcjRQM1NmKzJvNXVGa3U1S0hFTUxNb2tSCnlZUUc5VnFZL0trQjk0eWU3UHY2elQ4Z3ZLcXhHRmc5NlVhbUVDZXA0c3dQYVNackE4QU9FUjVXQXR5R0R6S0kKVHorYTV6ZkZhVFhEb2JhN2Y5OFBDV1I5NnlLaUZqVk9oenAzOFdWejRWSmd6K2I4WlNZN1hzdjVLbjdEWGpPTApTVFg0TWV2RkxraTNyRlB1cDMrNHZHVG9hTUJXM1BFajY3SFhCZHFSODU1TGU2K0U2clZ4T1Jxc1hxbFZ3aHNJCjZudVMwQ08yTFdZbUJOUjFJQjBtWHRlZVlIL0hmeHZ1WmMrN3lEamRQUUlEQVFBQm80SUJoRENDQVlBd0RnWUQKVlIwUEFRSC9CQVFEQWdiQU1Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRFZSME9CQllFRkVtY0g2Vlk0QkcxRUFHQgpUTG9OUjl2SC9nNnlNRkFHQTFVZEh3UkpNRWN3UmFCRG9FR0dQMmgwZEhBNkx5OWpZUzVwWVdsckxuUjFaM0poCmVpNWhkQzlqWVhCemJ5OWpjbXh6TDBsQlNVdFVaWE4wWDBsdWRHVnliV1ZrYVdGMFpVTkJMbU55YkRDQnFnWUkKS3dZQkJRVUhBUUVFZ1owd2dab3dTZ1lJS3dZQkJRVUhNQUdHUG1oMGRIQTZMeTlqWVM1cFlXbHJMblIxWjNKaAplaTVoZEM5allYQnpieTlQUTFOUVAyTmhQVWxCU1V0VVpYTjBYMGx1ZEdWeWJXVmthV0YwWlVOQk1Fd0dDQ3NHCkFRVUZCekFDaGtCb2RIUndPaTh2WTJFdWFXRnBheTUwZFdkeVlYb3VZWFF2WTJGd2MyOHZZMlZ5ZEhNdlNVRkoKUzFSbGMzUmZTVzUwWlhKdFpXUnBZWFJsUTBFdVkyVnlNQ0VHQTFVZEVRUWFNQmlCRm5Sb2IyMWhjeTVzWlc1NgpRR1ZuYVhvdVozWXVZWFF3SHdZRFZSMGpCQmd3Rm9BVWFLSmVFZHJlTDRCclJFUy9qZnBsTm9Fa3AyOHdEUVlKCktvWklodmNOQVFFRkJRQURnWUVBbEZHalV4WExzN1NBVDhOdFhTcnYyV3JqbGtsYVJuSFRGSExRd3lWbzhKV2IKZ3ZSa0hIRFV2Mm84b2ZYVVkyUjJXSjM4ZHhlRG9jY2diWHJKYi9RaGk4SVk3WWhDd3YvVHVJWkRpc3lBcW84VwpPUktTaXAvNkhXbEdDU1IvVmdvZXQxR3RDbUYwRm9VeEZVSUdTQXVRMnl5dDRmSXp0NUdKclUxWDV1ampJMXc9PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PC9kc2lnOlNpZ25hdHVyZT48L3NhbWw6QXNzZXJ0aW9uPg==", + "EID-CITIZEN-QAA-LEVEL": "http://eidas.europa.eu/LoA/substantial", + "EID-CCS-URL": "https://localhost.org/demovda", + "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0iXzU3MDEwYjdmY2M5M2NjNGNmM2YyYjc2NDM4OTEzN2MyIiBJc3N1ZUluc3RhbnQ9IjIwMTYtMDYtMDZUMTA6NDA6MDAuMDAwIiBWZXJzaW9uPSIyLjAiPg0KCTxzYW1sMjpJc3N1ZXIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiPmh0dHBzOi8vZGVtby12ZGEuYXQvdmRhLXNlcnZpY2U8L3NhbWwyOklzc3Vlcj48ZHNpZzpTaWduYXR1cmUgSWQ9IlNpZ25hdHVyZS03NmUyZDZmYi0xIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHNpZzpTaWduZWRJbmZvIElkPSJTaWduZWRJbmZvLTc2ZTJkNmZiLTEiPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNlY2RzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0xIiBVUkk9IiI+PGRzaWc6VHJhbnNmb3JtcyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCgkJCQk8ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk5L1JFQy14c2x0LTE5OTkxMTE2Ij48eHNsOnN0eWxlc2hlZXQgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIGV4Y2x1ZGUtcmVzdWx0LXByZWZpeGVzPSJzYW1sMiIgdmVyc2lvbj0iMS4wIiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHhzbDpvdXRwdXQgbWV0aG9kPSJ4bWwiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4c2w6dGVtcGxhdGUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIG1hdGNoPSIvIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3RpdGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+DQogICAgICAgICAgICAgIAkJCQkJLm5vcm1hbHN0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IH0gDQogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQ0KCQkJCQkJCQkudGl0bGVzdHlsZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KCQkJCQkJCQkuaDRzdHlsZSB7IGZvbnQtc2l6ZTogbGFyZ2U7IH0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IA0KICAgICAgICAgICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxlIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xsbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0PkljaCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hyaXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFyZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVuIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNUb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+DQoJCQkJCQkJCQkJCVZvbGxtYWNodGVuLVJlZmVyZW56OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5BdXRoQmxvY2tWYWxpZFRvOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvQE5vdE9uT3JBZnRlciIvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjwvYm9keT48L2h0bWw+PC94c2w6dGVtcGxhdGU+PC94c2w6c3R5bGVzaGVldD48L2RzaWc6VHJhbnNmb3JtPg0KCQkJCTxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1I1dpdGhDb21tZW50cyIvPg0KCQkJPC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+QWFqRkVkQWx5NW45MWkyVVZvcVNuL0JKcjREVlpZeFBYM2RIcE9aUC9vdz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0yIiBUeXBlPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iI1NpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+Nldac3lKNkYySUJLS3BsWDNacHJzQ0FJOVN0OXVmS0UyNWFlUDI1cDRkQT08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZSBJZD0iU2lnbmF0dXJlVmFsdWUtNzZlMmQ2ZmItMSI+NzY1NndpVGRGWVZCTDlyOGdXemprWVhJWXNhTk9EWDBVUHVQVXRyTlpSYnhZY3BJdDNhVUpVaUZuR0FBVzhiRw0KSytGdnZXYkYweDMzMm9zeFFYRDZtUT09PC9kc2lnOlNpZ25hdHVyZVZhbHVlPjxkc2lnOktleUluZm8+PGRzaWc6WDUwOURhdGE+PGRzaWc6WDUwOUNlcnRpZmljYXRlPk1JSUZDVENDQS9HZ0F3SUJBZ0lFWDcxL21qQU5CZ2txaGtpRzl3MEJBUVVGQURDQm9URUxNQWtHQTFVRUJoTUMNClFWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWcNCmFXMGdaV3hsYTNSeUxpQkVZWFJsYm5abGNtdGxhSElnUjIxaVNERWpNQ0VHQTFVRUN3d2FZUzF6YVdkdUxWQnkNClpXMXBkVzB0VkdWemRDMVRhV2N0TURJeEl6QWhCZ05WQkFNTUdtRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXQNClUybG5MVEF5TUI0WERURTJNRGN3TkRBM01qRXdPRm9YRFRJd01ETXpNVEExTWpFd09Gb3dnYmN4Q3pBSkJnTlYNCkJBWU1Ba0ZVTVRzd09RWURWUVFERERKWVdGaE5ZWEpwWVMxVWFHVnlaWE5wWVNCTGRXNXBaM1Z1WkdFZ1dGaFkNClNHRmljMkoxY21jdFRHOTBhSEpwYm1kbGJqRWZNQjBHQTFVRUJBd1dXRmhZU0dGaWMySjFjbWN0VEc5MGFISnANCmJtZGxiakVrTUNJR0ExVUVLZ3diV0ZoWVRXRnlhV0V0VkdobGNtVnphV0VnUzNWdWFXZDFibVJoTVJVd0V3WUQNClZRUUZEQXc0TWpnM05EZ3hNamM0TVRJeERUQUxCZ05WQkF3TUJFMWhaeTR3V1RBVEJnY3Foa2pPUFFJQkJnZ3ENCmhrak9QUU1CQndOQ0FBUnR1UWdLYTdpR013RHdVM0E3a1J2VzM0NXA2dVU1bUFRQURRWlpHVUZmN0twN21NRGkNCnZUWVNLcFREMjI2MTcrRXVrRGJ2dHVxdVpGd2ZscEtOZkhITW80SUIrakNDQWZZd2dZVUdDQ3NHQVFVRkJ3RUINCkJIa3dkekJIQmdnckJnRUZCUWN3QW9ZN2FIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMk5sY25SekwyRXQNCmMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5WVM1amNuUXdMQVlJS3dZQkJRVUhNQUdHSUdoMGRIQTYNCkx5OXZZM053TFhSbGMzUXVZUzEwY25WemRDNWhkQzl2WTNOd01BNEdBMVVkRHdFQi93UUVBd0lHd0RBbkJnZ3INCkJnRUZCUWNCQXdFQi93UVlNQll3Q0FZR0JBQ09SZ0VCTUFvR0NDc0dBUVVGQndzQk1JR2tCZ05WSFI4RWdad3cNCmdaa3dnWmFnZ1pPZ2daQ0dnWTFzWkdGd09pOHZiR1JoY0MxMFpYTjBMbUV0ZEhKMWMzUXVZWFF2YjNVOVlTMXoNCmFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNRElzYnoxQkxWUnlkWE4wTEdNOVFWUS9ZMlZ5ZEdsbWFXTmgNCmRHVnlaWFp2WTJGMGFXOXViR2x6ZEQ5aVlYTmxQMjlpYW1WamRHTnNZWE56UFdWcFpFTmxjblJwWm1sallYUnANCmIyNUJkWFJvYjNKcGRIa3dDUVlEVlIwVEJBSXdBREJaQmdOVkhTQUVVakJRTUFnR0JnUUFpekFCQVRCRUJnWXENCktBQVJBUXN3T2pBNEJnZ3JCZ0VGQlFjQ0FSWXNhSFIwY0RvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDJSdlkzTXYNClkzQXZZUzF6YVdkdUxWQnlaVzFwZFcwd0V3WURWUjBqQkF3d0NvQUlSZ2FmamtHT0ZiMHdFUVlEVlIwT0JBb0UNCkNFTVFVRXBMcjZNa01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQ2x5Mm1IbVhZNTUybHRNdm4xUTkzb3dweDMNCkwxMGJ4UVRIV3dZN2c4YnlVdlhBdDc3bW9USkU5aHNlZW90ZVkzQ1Y2c3VOL1h6VFZIeVlBRFZKMHkyR3lCWDANCjFvaGhNcjE0TDVuQ0YzNC81WUJ3bkdSYzhxWDhtMGxaZEhaajVmZkJqQTNreWRLWHQvTFhRSEpYYlBtU0VuYnMNCkc1NWMvRjNTc3A4OC93Q1M2ZC9WZ3d0S1RxMnN1RnNHR0RJbGhic1RKN0p6TnpLNm9pdEUzVXZLd05nbzdKWUMNCkZJM1R4bXhpUy84dm5qRnc4V3o1M016bjBaTjAwUERqYi9Nb24vT2hUMUN1Y3dBMmh2eW1KeWhwcG9JN2tQbm8NCmRxZGV3Y0toZzNPcGJHUkVGL3Z5N2pNRjRUSXhBMGJ3VkNvdUFsdmZqSnZoM2MvSElnQS84WlpTTVdrbTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPjxkc2lnOk9iamVjdCBJZD0iT2JqZWN0LTc2ZTJkNmZiLTEiPjx4YWRlczpRdWFsaWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiB4bWxuczpuczM9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuNC4xIyIgVGFyZ2V0PSIjU2lnbmF0dXJlLTc2ZTJkNmZiLTEiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNsPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3NlY3VyaXR5bGF5ZXIvMS4yIyI+PHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDZUMTE6NTg6MDRaPC94YWRlczpTaWduaW5nVGltZT48eGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpDZXJ0Pjx4YWRlczpDZXJ0RGlnZXN0Pjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPkZaTHZCVERTdEVMM0k1VEJZVmJaRjk2alcvMVRCcXhqdDJZYnNJUTN4OGM9PC9kc2lnOkRpZ2VzdFZhbHVlPjwveGFkZXM6Q2VydERpZ2VzdD48eGFkZXM6SXNzdWVyU2VyaWFsPjxkc2lnOlg1MDlJc3N1ZXJOYW1lPkNOPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE9VPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj4xNjA2MjU0NDkwPC9kc2lnOlg1MDlTZXJpYWxOdW1iZXI+PC94YWRlczpJc3N1ZXJTZXJpYWw+PC94YWRlczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L3hhZGVzOlNpZ25hdHVyZVBvbGljeUlkZW50aWZpZXI+PC94YWRlczpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjx4YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48eGFkZXM6RGF0YU9iamVjdEZvcm1hdCBPYmplY3RSZWZlcmVuY2U9IiNSZWZlcmVuY2UtNzZlMmQ2ZmItMSI+PHhhZGVzOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwveGFkZXM6TWltZVR5cGU+PC94YWRlczpEYXRhT2JqZWN0Rm9ybWF0PjwveGFkZXM6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC94YWRlczpTaWduZWRQcm9wZXJ0aWVzPjwveGFkZXM6UXVhbGlmeWluZ1Byb3BlcnRpZXM+PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPg0KCTxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOC0wNi0wNlQxMDo0MDowMC4wMDBaIiBOb3RPbk9yQWZ0ZXI9IjIwMTgtMDYtMDZUMTU6MDA6MDAuMDAwWiI+DQoJCTxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL3Bvc3Q8L3NhbWwyOkF1ZGllbmNlPg0KCQk8L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQoJPC9zYW1sMjpDb25kaXRpb25zPg0KCTxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQVlAtVkVSU0lPTiIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlBSSU5DSVBBTC1OQU1FIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkdJVkVOLU5BTUUiIE5hbWU9InVybjpvaWQ6Mi41LjQuNDIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkJJUlRIREFURSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjE5ODAtMDItMjk8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1VbmlxdWVJZCIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL21ldGFkYXRhPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkRlbW9sb2dpbiBTZXJ2aWNlIHByb3ZpZGVkIGJ5IEVHSVo8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFUPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJNQU5EQVRFLVJFRkVSRU5DRS1WQUxVRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5fYXNkZmFkZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQo8L3NhbWwyOkFzc2VydGlvbj4=" } } \ No newline at end of file -- cgit v1.2.3 From f807371b592e95511bb87c4a1ee2819e835663fc Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 7 Jun 2018 12:16:39 +0200 Subject: some more refactoring stuff --- .../at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 +- .../gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java | 5 +++-- .../moa/id/protocols/oauth20/protocol/OAuth20Protocol.java | 3 ++- .../id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java | 2 +- .../gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java | 11 ++++++----- 5 files changed, 13 insertions(+), 10 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index f12ef1994..97f56c6f4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -28,6 +28,7 @@ import org.xml.sax.SAXException; import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; @@ -71,7 +72,6 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 019a61b7c..8ed9e1f2e 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -43,8 +43,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; @@ -59,6 +59,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -81,7 +82,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * @author tlenz */ @Controller -public class EIDASProtocol extends AbstractAuthProtocolModulController { +public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo { public static final String NAME = EIDASProtocol.class.getName(); public static final String PATH = "eidas"; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 55348b5f8..5acb1c547 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -18,6 +18,7 @@ import org.springframework.web.bind.annotation.RequestMethod; import com.google.gson.JsonObject; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; @@ -34,7 +35,7 @@ import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @Controller -public class OAuth20Protocol extends AbstractAuthProtocolModulController { +public class OAuth20Protocol extends AbstractAuthProtocolModulController implements IModulInfo { public static final String NAME = OAuth20Protocol.class.getName(); public static final String PATH = "id_oauth20"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index add6d78e4..2ad19e088 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -26,6 +26,7 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; +import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; @@ -41,7 +42,6 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; import iaik.esi.sva.util.X509Utils; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 19fadb318..8dfe10268 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -35,18 +35,19 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; -import at.gv.egovernment.moa.id.auth.exception.InvalidProtocolRequestException; -import at.gv.egovernment.moa.id.auth.exception.ProtocolNotActiveException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -62,7 +63,7 @@ import at.gv.egovernment.moa.util.URLEncoder; */ @Controller -public class SAML1Protocol extends AbstractAuthProtocolModulController { +public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { @Autowired private SAML1AuthenticationServer saml1AuthServer; -- cgit v1.2.3 From ea49cd41d7ae571f8156f7b2ac02c9e2a6f86ca6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 11 Jun 2018 20:08:41 +0200 Subject: add jUnit for user-restrication whitelist-store --- .../egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index 32d623b88..35a8fd9c6 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -41,7 +41,7 @@ public abstract class eIDDataVerifierTest { Logger.info("Loading Java security providers."); //System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); String current = new java.io.File( "." ).getCanonicalPath(); - System.setProperty("moa.spss.server.configuration", current + "\\src\\test\\resources\\moaspss_config\\MOASPSSConfiguration.xml"); + System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); IAIK.addAsProvider(); ECCelerate.addAsProvider(); -- cgit v1.2.3 From 23201ce112d9aa132783f984e0765c0cacca95a5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 06:25:12 +0200 Subject: update SL20 module and add an additional jUnit test --- .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 2 +- .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 15 +++----- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 9 +++++ .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 2 +- .../modules/sl20_auth/EIDDataVerifier_SIC.java | 41 ++++++++++++++++++++ .../auth/modules/sl20_auth/dummydata/DummyOA.java | 6 +++ .../modules/sl20_auth/eIDDataVerifierTest.java | 7 ++-- .../A25C55270C21A4581BC3372639AE36F2CCC94C19 | Bin 0 -> 2048 bytes .../821E494DF27F9938F7E58CFCE8CE70029DB0EC5D | Bin 0 -> 1587 bytes .../SIC_TEST_USER.crt | 37 ++++++++++++++++++ .../SIC_IDL_SIGNER.crt | 42 +++++++++++++++++++++ .../src/test/resources/tests/eIDdata_atrust.json | 8 ++-- .../src/test/resources/tests/eIDdata_sic.json | 6 +++ 13 files changed, 157 insertions(+), 18 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index c95e0b731..a5696d36d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -148,7 +148,7 @@ public class JsonSecurityUtils implements IJOSETools{ jws.setKey(signPrivKey); //TODO: - //jws.setCertificateChainHeaderValue(signCertChain); + jws.setCertificateChainHeaderValue(signCertChain); jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]); return jws.getCompactSerialization(); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index fa52634a3..0dc2e762d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -172,16 +172,10 @@ public class SL20JSONExtractorUtils { if (result == null && encryptedResult == null) throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); - - else if (result == null && encryptedResult == null) - throw new SLCommandoParserException("result AND encryptedResultFOUND. Can not used twice"); - + else if (encryptedResult == null && mustBeEncrypted) throw new SLCommandoParserException("result MUST be signed."); - - else if (result != null) - return result; - + else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { try { return decrypter.decryptPayload(encryptedResult.getAsString()); @@ -200,7 +194,10 @@ public class SL20JSONExtractorUtils { throw e; } - + + } else if (result != null) { + return result; + } else throw new SLCommandoParserException("Internal build error"); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index bb66f452a..2f062b71d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -140,6 +140,15 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { String ccsURL = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL); String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA); + + + if (MiscUtil.isEmpty(idlB64) || MiscUtil.isEmpty(authBlockB64) + || MiscUtil.isEmpty(LoA) || MiscUtil.isEmpty(ccsURL)) { + Logger.info("SL20 'qualifiedeID' result does NOT contain all required attributes."); + throw new SLCommandoParserException("SL20 'qualifiedeID' result does NOT contain all required attributes."); + + } + //cache qualified eID data into pending request pendingReq.setGenericDataToSession( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index 6ebbd0704..6e4df144f 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -36,6 +36,6 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Override protected String getSl20ReqId() { - return "_ae0f0cbf2997125832e80b3a0082848a"; + return "_0ab3d7fd5ff8eb0bb15486ce48464fad"; } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java new file mode 100644 index 000000000..bb8598483 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.opensaml.xml.ConfigurationException; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonElement; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/SpringTest-context.xml" }) +public class EIDDataVerifier_SIC extends eIDDataVerifierTest { + + @Before + public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_sic.json"))); + JsonParser jsonParser = new JsonParser(); + JsonElement result = jsonParser.parse(eIDDataString).getAsJsonObject(); + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_40972fd777c59da1ebeed2b8d633a300"; + } + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java index 2df20edb4..7e1037fc7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -261,4 +261,10 @@ public class DummyOA implements IOAAuthParameters { return null; } + @Override + public List foreignbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index 32d623b88..85c823258 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.Map; +import org.jose4j.base64url.Base64Url; import org.junit.BeforeClass; import org.junit.Test; import org.opensaml.DefaultBootstrap; @@ -74,8 +75,8 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(idlB64)) throw new Exception("NO IDL found"); - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); - + //IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); if (idl == null) throw new Exception("IDL parsing FAILED"); @@ -87,7 +88,7 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(idlB64)) throw new Exception("NO IDL found"); - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); if (idl == null) throw new Exception("IDL parsing FAILED"); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 new file mode 100644 index 000000000..c478bf0fc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D new file mode 100644 index 000000000..8e513a9f0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt new file mode 100644 index 000000000..203c416fe --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGfzCCBGegAwIBAgIHAJZY0iYXUjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQG +EwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5IG9m +IFRlY2hub2xvZ3kxDTALBgNVBAsTBElBSUsxIjAgBgNVBAMTGUlBSUsgVGVzdCBJ +bnRlcm1lZGlhdGUgQ0EwHhcNMTgwNTI4MTQ0NTIxWhcNMjEwNTI4MTQ0NTIxWjAw +MQwwCgYDVQQqEwNFaWQxDTALBgNVBAQTBFRlc3QxETAPBgNVBAMTCEVpZCBUZXN0 +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKs+u9OdjFmRGF1Cbsa+XSuvzPoIG +pPtcJs+4thMbCubwSQMvUOssrCzrC1Ji9YVxeqHs3DU2RDEosoSUROJH3KOCAyAw +ggMcMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMIIBNgYIKwYBBQUHAQEE +ggEoMIIBJDCBggYIKwYBBQUHMAKGdmxkYXA6Ly9jYXBzby10ZXN0LmlhaWsudHVn +cmF6LmF0OjEzODkvY249aWFpay10ZXN0LWludGVybWVkaWF0ZS1jYSxvdT1wa2ks +ZGM9aWFpayxkYz10dWdyYXosZGM9YXQ/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnkwUAYI +KwYBBQUHMAKGRGh0dHA6Ly9jYXBzby10ZXN0LmlhaWsudHVncmF6LmF0L2NlcnRz +L2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEsGCCsGAQUFBzABhj9odHRw +Oi8vY2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdC9vY3NwL2lhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2EwHwYDVR0jBBgwFoAUedgPAoHlywvut/xEv9Nn+hCGURIwgaAG +A1UdIASBmDCBlTCBkgYMKwYBBAGVEgECBwEBMIGBMH8GCCsGAQUFBwICMHMMcVRo +aXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBieSBhICoqY29weSoqIG9mIGFuIElB +SUsgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgYW5kIG1heSBiZSB1c2VkIGZvciB0ZXN0 +IHB1cnBvc2VzIG9ubHkuMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYJsZGFwOi8v +Y2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdDoxMzg5L2NuPWlhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2Esb3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRp +ZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5hkNodHRwOi8vY2Fwc28tdGVzdC5p +YWlrLnR1Z3Jhei5hdC9jcmxzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY3Js +MB0GA1UdDgQWBBSOwKEfd5HkkkiziZBb5Yj4HWy1DDANBgkqhkiG9w0BAQsFAAOC +AgEAAjjDMSWxbUHvklPKS4xTJJV7Bl5Gy++/LZ39Mb8ZCgjIsGIP9w3hhz0kfi4z +Iz6hvf/Yx9zlKZ/wRIU8R4iygqQSY5Zm28WKVm3Vbhfs4ewN4FJTP8w8LgUSHJ02 +V+JIHtUt5i9U2a/I01bmzIIfBYL0IW8s1K3VMAzADyHDGW/U6h9ck7dayw8OWi8t +NT4tnKX4mEhH6z2kUPnv7fqFlSRrD0uqkeKZad3A1a155S0Dgj1cZmNjR4sRhQhh +gba/EGuHNyEXchVasIITohORuJV9BAq4CckbSLo/qCSf+uiQUJm336LwavjGZked +O/auvRTETctPipjdONSxF/jbjAQ3fmYR/VqvoCm6K3ZgWTzxk0S4mfarrwooDvlE +rkSnrlLf+D6EyQt9LCw/i5LvH/+E+ZQ4AKwTHmJok4xdSgywyNrxsciZrvUGgwe9 +n+CV3IzEymYfL28qykKWpqbPTlSHqa3SlImdl8ywJI4hAW7mzZDp4OjhibRydJsR +7uiFnfhIKMTDicnZGgPZZqIuS4qGwYBszU77R+XmwmZqZBkNP88eYW1qnxCFGEtI +OiiETwO4zxXFF21CeB06PEwRCVgebBg0zBnX+hIsT/nJqwHK8I0Yh24BCudESUC2 +gE9xrujrk3e7r+lOqbYbzeWRJnXILg+SnflzC9kS3LxRfJI= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt new file mode 100644 index 000000000..b2de9da56 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHajCCBVKgAwIBAgIGRUnF8D5SMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYT +AkFUMQ0wCwYDVQQHEwRHcmF6MSYwJAYDVQQKEx1HcmF6IFVuaXZlcnNpdHkgb2Yg +VGVjaG5vbG9neTENMAsGA1UECxMESUFJSzEiMCAGA1UEAxMZSUFJSyBUZXN0IElu +dGVybWVkaWF0ZSBDQTAeFw0xNjA4MjUxMzA4MzhaFw0xOTA4MjUxMzA4MzhaMIH8 +MQswCQYDVQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2 +ZXJzaXR5IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBw +bGllZCBJbmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEa +MBgGA1UEBBMRU2lnbmF0dXJlIFNlcnZpY2UxHjAcBgNVBCoTFVNlcnZlckJLVSBE +ZXZlbG9wbWVudDEwMC4GA1UEAxMnU2VydmVyQktVIERldmVsb3BtZW50IFNpZ25h +dHVyZSBTZXJ2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd/3 +9il61ghIH781wRGg5m+12MRxFB/eKLTn8Aj3YpTmI9+4CTG8ESmu20i/d+mRc/Bg +5tzvITi+964gIsovynCdU9QEwWF9SKTQ7vjTMfkTWDll+KfSWjO71l7Dm9F/dRVW +xKcx1j6oSxbnYZio3UBsSF+vfEz7cJz2DzAgAtM9s/2wSiYyWwfQMQcgEgA4uWtW +/7vre8FDgxxtA3XOV7IgKoEfFA2c7a6gVGUjN90OWxn4ZdDGpjDY9mAnEJS2rQoZ +EnkI47rfx35FrEPt7Rdc5mTSwDvbJqLlxkCUrPi+CV/esMxryX4+mivaghxVy3GT +SpTxf2IAgX2uX2VbUwIDAQABo4ICdDCCAnAwDgYDVR0PAQH/BAQDAgeAMAwGA1Ud +EwEB/wQCMAAwggEXBggrBgEFBQcBAQSCAQkwggEFMHcGCCsGAQUFBzAChmtsZGFw +Oi8vbGRhcC5pYWlrLnR1Z3Jhei5hdC9jbj1pYWlrLXRlc3QtaW50ZXJtZWRpYXRl +LWNhLG91PXBraSxkYz1pYWlrLGRjPXR1Z3JheixkYz1hdD9jQUNlcnRpZmljYXRl +O2JpbmFyeTBIBggrBgEFBQcwAoY8aHR0cDovL2NhLmlhaWsudHVncmF6LmF0L2Nl +cnRzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEAGCCsGAQUFBzABhjRo +dHRwOi8vb2NzcC5pYWlrLnR1Z3Jhei5hdC9pYWlrLXRlc3QtaW50ZXJtZWRpYXRl +LWNhMB8GA1UdIwQYMBaAFEJur6/qQSp/lFcFhYLgkUYhyVdCMBkGA1UdIAQSMBAw +DgYMKwYBBAGVEgECBwEBMIHKBgNVHR8EgcIwgb8wgbyggbmggbaGd2xkYXA6Ly9s +ZGFwLmlhaWsudHVncmF6LmF0L2NuPWlhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2Es +b3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRpZmljYXRlUmV2b2Nh +dGlvbkxpc3Q7YmluYXJ5hjtodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY3Jscy9p +YWlrLXRlc3QtaW50ZXJtZWRpYXRlLWNhLmNybDANBgcqKAAKAQcBBAIFADAdBgNV +HQ4EFgQUCGcmNEgrFLwredMpRpa/34jEqY8wDQYJKoZIhvcNAQELBQADggIBAIAg +/Ft+vM0DUKKipcF2xSZCweqEr6bF9I8FruxKyHg4WcWiUvFs96Wkwj/GA8YMJkjE +SKad1nP+hFjiraYU6dSfpOnAUJyLV0q5DM8Y0cl8GDqazE2kNGNzjmH9HvGY9CWp +vwF8htBnBX8N4Evw2t86eD4V507k2Ev8JOPWKifZwO0OCnPkkBfq30H5GVm9JA8W +joEXYQzzX2TBYrxqkWNosAsN9StcOvv9sfTTtW+ozK5/VPvAp9SUOjC5Eww7BuKq +yBxDrTSQ8hlfW2j8cMtCmg00LISnspiq8PdvIWktDO0sriyh3YuIIUx86OE9rBcG +20qr9s2oXYzVxq+T6hIEzDC1v/sPbpeYFdU6DW7bz/3ObPcKjkGD7J06ZDZFbgXr +aucr01ZFjdgBcdH0UzmsIaAMG+HY5RU99AZ5bP5RH+DbSTZLlcm8Zzne5/b0rN+a +2Q1ctptQnaPlZYQMcTSqXcbM7Umzn4LgnOedjfAcp8Pk0r+bZojrzFGuoi9fqkqe +qTup+PkGj+I8D+pOG/sSMaPx/gPZ4llO9v17VGHKH+OyGIsefwd+jXhMTJMdt5kO +6fLyTFF1MP4Ld64pRuboagZqe3dmy9HCy7AVnq9dIl/BlhLjhLSTYWvwtduh33WV +qegwBldr6P9vuJTsOrre7bRvkA+VnuZhlNW9AC1/ +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json index 141bd6741..826430b0d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -1,14 +1,14 @@ { "v": 10, - "respID": "kYZ6Mj143nTk7HSzVHxG", - "inResponseTo": "_ae0f0cbf2997125832e80b3a0082848a", + "respID": "FabhEfKEOBUW1jZryBqp", + "inResponseTo": "_0ab3d7fd5ff8eb0bb15486ce48464fad", "payload": { "name": "qualifiedeID", "result": { "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", - "EID-CITIZEN-QAA-LEVEL": "substantial", + "EID-CITIZEN-QAA-LEVEL": "http://eidas.europa.eu/LoA/substantial", "EID-CCS-URL": "https://www.a-trust.at/todo", - "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il9hZTBmMGNiZjI5OTcxMjU4MzJlODBiM2EwMDgyODQ4YSIgSXNzdWVJbnN0YW50PSIyMDE4LTA2LTA2VDA5OjIzOjQzKzAyOjAwIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvPC9zYW1sMjpJc3N1ZXI+PHNhbWwyOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE4LTA2LTA2VDA5OjIzOjQzKzAyOjAwIiBOb3RPbk9yQWZ0ZXI9IjIwMTgtMDYtMDZUMDk6Mzg6NDMrMDI6MDAiPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwczovL2VpZC5ndi5hdC9tb2EtaWQtYXV0aC9zbDIwL2RhdGFVcmw/cGVuZGluZ2lkPTU3NTg5NzU3OTA5MTc5NjMyMjU8L3NhbWwyOkF1ZGllbmNlPjwvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWwyOkNvbmRpdGlvbnM+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiIC8+PHhzbDp0ZW1wbGF0ZSBtYXRjaD0iLyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48aGVhZD48dGl0bGU+U2lnbmF0dXIgZGVyIEFubWVsZGVkYXRlbjwvdGl0bGU+PHN0eWxlIG1lZGlhPSJzY3JlZW4iIHR5cGU9InRleHQvY3NzIj4KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IAogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQoJCQkJCQkJCS50aXRsZXN0eWxlIHsgdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTsgZm9udC13ZWlnaHQ6Ym9sZDsgZm9udC1zaXplOiBtZWRpdW07IH0gCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IAogICAgICAgICAgICAgIAkJCQk8L3N0eWxlPjwvaGVhZD48Ym9keT48aDQgY2xhc3M9Img0c3R5bGUiPkFubWVsZGVkYXRlbjo8L2g0PjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgUGVyc29uPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9ybmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiIC8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvbGxtYWNodDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnRleHQ+SWNoIG1lbGRlIG1pY2ggaW4gVmVydHJldHVuZyBhbi4gSW0gbsOkY2hzdGVuIFNjaHJpdHQgd2lyZCBtaXIgZWluZSBMaXN0ZSBkZXIgZsO8ciBtaWNoIHZlcmbDvGdiYXJlbiBWZXJ0cmV0dW5nc3ZlcmjDpGx0bmlzc2UgYW5nZXplaWd0LCBhdXMgZGVuZW4gaWNoIGVpbmVzIGF1c3fDpGhsZW4gd2VyZGUuPC94c2w6dGV4dD48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIEFud2VuZHVuZzwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5JZGVudGlmaWthdG9yOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5UZWNobmlzY2hlIFBhcmFtZXRlcjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXR1bTo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDksMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiIC8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5VaHJ6ZWl0OjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMTIsMikiIC8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIiAvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIgLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlRyYW5zYWt0aW9uc1Rva2tlbjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9ASUQiIC8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIiAvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiIC8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpzdHlsZXNoZWV0PjwvZHNpZzpUcmFuc2Zvcm0+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIiAvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48ZHNpZzpEaWdlc3RWYWx1ZT4vdExReXEvU2dkTGZEUEk4MG9yRytxbEJWQTQ1c1JQZTZySnZHY0x0NWxnPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjZXRzaS1zaWduZWRwcm9wZXJ0aWVzLTEtMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjA2cUtPVkJqRWdVTk1XV3RTMis2WG1VWXBGV3NUT0o0V3pkMDNISlpTeW89PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWUgSWQ9InNpZ25hdHVyZXZhbHVlLTEtMSI+WW5zV01EY01wWExMR3dCb0tpYW45WHpZUWdiamordVVtSkNIRjZWVVZybGpNejlUeC9yeWpnNkNVaklMNjVGb0JQNHU0Zmc3a1JPRDFEeWlGYUtwMUVhaWxLQWtpWlE4WWJtRlNnZW1mNkdENUl6QklZblI1VlMxM1J4ZVMxRDdVUXhEU3c1TkpKaHdXelpFZFFRMnFyaUdsUW5sdUpBNlpuRmk2WFpHUXpUYmd1SFd3b3ZwT05UZ1BYaEJkcG9rb2VnZUkvS3dDNU9WTWt2dnNrVXRXSDZTaUlDRWVGclBpY054dGh3Ym4wZHA0ak1DNEI5TE5aZGRnQ0picUNkelIvNlF6YXBqWmQwYUVKNThWVncvQW5xa2dUL1krRmUwNkVUQXMwZ3FuL3M5dWJ3N0RmMGJqS3NrUE5xU3ZKc0EvWDN2Szk3U3FPeStNNWhvL25KTHpnPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRjFqQ0NCTDZnQXdJQkFnSUVmZ1MzL1RBTkJna3Foa2lHOXcwQkFRc0ZBRENCb1RFTE1Ba0dBMVVFQmd3Q1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVqTUNFR0ExVUVDd3dhWVMxemFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNREl4SXpBaEJnTlZCQU1NR21FdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TUI0WERURTRNRFV6TURBNE16SXlPVm9YRFRJek1EVXpNREE0TXpJeU9Wb3dZREVMTUFrR0ExVUVCZ3dDUVZReEZ6QVZCZ05WQkFNTURrMWhlQ0JOZFhOMFpYSnRZVzV1TVJNd0VRWURWUVFFREFwTmRYTjBaWEp0WVc1dU1Rd3dDZ1lEVlFRcURBTk5ZWGd4RlRBVEJnTlZCQVVNRERVeE56WTJNRGN4T0RrNU16Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxOR1lYUm12QXg5Q0ptelZPNHVLcmVKaHB3VHdIaS9mUWhuWDNRZkIxVnpRZVlNTUhpM0dmVnpFbUFhRDZoclZJODRjeXFMQlFzdHlvNVJ4Sk05TGY2ejg0VFUzWlZka093QlZ4WGpvZTk4RG8rT3hqN3pvbE8rNlFkZTJhMmZNalpwaUROZGtFUGRVclEybFJSUHBCcWp5SEJIYjIzenNaMVBJWElwTWw2bm1zVlZGczlabGxqYmFNaTlsNTZaRk9BUlZBYnVlWWZTcEYwd0Q2NlU1UUMzL2Z3OVNZMzFhRFpvNWFTbU1jd3F3Q1d2Q2MvRWY1ZXZ1RWhPMnNPN1g1NU4yRU10YVZIK1gzODJIY3J6eW42bE5FekJDZis0dlpqUTZnWDFLYWx3Qkk5TG5pYUJKT0QvNHBIZlViNTFDSlVoTHU5UnQvcmt5SnlLV1l1N3o2TUNBd0VBQWFPQ0FsUXdnZ0pRTUlHREJnZ3JCZ0VGQlFjQkFRUjNNSFV3UlFZSUt3WUJCUVVITUFLR09XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlqWlhKMGN5OWhMWE5wWjI0dGNISmxiV2wxYlMxdGIySnBiR1V0TUROaExtTnlkREFzQmdnckJnRUZCUWN3QVlZZ2FIUjBjRG92TDI5amMzQXRkR1Z6ZEM1aExYUnlkWE4wTG1GMEwyOWpjM0F3RXdZRFZSMGpCQXd3Q29BSVJnYWZqa0dPRmIwd2NnWUlLd1lCQlFVSEFRTUVaakJrTUFvR0NDc0dBUVVGQndzQ01BZ0dCZ1FBamtZQkFUQUlCZ1lFQUk1R0FRUXdFd1lHQkFDT1JnRUdNQWtHQndRQWprWUJCZ0V3TFFZR0JBQ09SZ0VGTUNNd0lSWWJhSFIwY0hNNkx5OTNkM2N1WVMxMGNuVnpkQzVoZEM5d1pITXZFd0pGVGpBUkJnTlZIUTRFQ2dRSVFXeVM1ZFhrL3RZd0RnWURWUjBQQVFIL0JBUURBZ2JBTUFrR0ExVWRFd1FDTUFBd1lBWURWUjBnQkZrd1Z6QUlCZ1lFQUlzd0FRRXdTd1lHS2lnQUVRRVVNRUV3UHdZSUt3WUJCUVVIQWdFV00yaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrYjJOekwyTndMMkV0YzJsbmJpMXdjbVZ0YVhWdExXMXZZbWxzWlRDQnJnWURWUjBmQklHbU1JR2pNSUdnb0lHZG9JR2Fob0dYYkdSaGNEb3ZMMnhrWVhBdGRHVnpkQzVoTFhSeWRYTjBMbUYwTDI5MVBXRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXRVMmxuTFRBeUlDaFRTRUV0TWpVMktTeHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wUDJKaGMyVS9iMkpxWldOMFkyeGhjM005Wldsa1EyVnlkR2xtYVdOaGRHbHZia0YxZEdodmNtbDBlVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBeUVtZ09EdDAyeGF4SGI0RStPOVhnSW1FQzBBb0g0UTk3UHE3QmQ0ditQcXFkNmk1Um9kdndmVGdJYVcxSitmdkg4S1VUekkwWFg5d3BVV3dJbVZFR01INjNWQUpjWFZIMHk5aWZFV0lIZGhPTHRSWVZpZjBTUUs5WVJhY2h2SkRtRjVoTHdBUVJFZUdzWDJpTm1QN2RZZTR4aU5LQXRRbjBwaHZsUHFnaGE2b0tER01ROEZOQWZSejNrQXRYSndQYkZnNlFFNGtJaGtUZ2QzMnVPaUFKVzdHMlRhSlpYV2ZLOVRwVjVMUTEzKzExRkoyUzNLUWM4dWIvKzFHZGdpcktTVzRKMXpoc2ZUK1dDci9PYXlVMk16UVhLdjhPV2IwU3hXSUpIaU1UZXhIN3I5bXVHay9aTGthUVFWMkN0U09ZcVRBTjhBd2VDaUoxMXVWRkhlTHBRPT08L2RzaWc6WDUwOUNlcnRpZmljYXRlPjwvZHNpZzpYNTA5RGF0YT48L2RzaWc6S2V5SW5mbz48ZHNpZzpPYmplY3QgSWQ9ImV0c2ktc2lnbmVkLTEtMSI+PGV0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMgeG1sbnM6ZXRzaT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNzaWduYXR1cmUtMS0xIj48ZXRzaTpTaWduZWRQcm9wZXJ0aWVzIElkPSJldHNpLXNpZ25lZHByb3BlcnRpZXMtMS0xIj48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDZUMDc6MjM6NDNaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjZhVGtoYS9ZOXhZUzRiUU1aYndJWDhURnNEMkNlemRodXFIcFR0Q0kzZjA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPVT1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPPUEtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSCxDPUFUPC9kc2lnOlg1MDlJc3N1ZXJOYW1lPjxkc2lnOlg1MDlTZXJpYWxOdW1iZXI+MjExNDIzODQ2MTwvZHNpZzpYNTA5U2VyaWFsTnVtYmVyPjwvZXRzaTpJc3N1ZXJTZXJpYWw+PC9ldHNpOkNlcnQ+PC9ldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjxldHNpOlNpZ25hdHVyZVBvbGljeUltcGxpZWQgLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT48c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQVlAtVkVSU0lPTiIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Mi4xPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iUFJJTkNJUEFMLU5BTUUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjIwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPk11c3Rlcm1hbm48L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIuNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPk1heDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkJJUlRIREFURSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4xOTQwLTAxLTAxPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLVVuaXF1ZUlkIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlclVuaXF1ZUlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vbGFiZGEuaWFpay50dWdyYXouYXQ6NTU1My9kZW1vbG9naW4vPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUZyaWVuZGx5TmFtZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+bGFiZGEgLSBEZXZlbG9wbWVudDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5BVDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+" + "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il8wYWIzZDdmZDVmZjhlYjBiYjE1NDg2Y2U0ODQ2NGZhZCIgSXNzdWVJbnN0YW50PSIyMDE4LTA2LTA3VDE1OjI2OjI1KzAyOjAwIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvPC9zYW1sMjpJc3N1ZXI+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiIC8+PHhzbDp0ZW1wbGF0ZSBtYXRjaD0iLyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48aGVhZD48dGl0bGU+U2lnbmF0dXIgZGVyIEFubWVsZGVkYXRlbjwvdGl0bGU+PHN0eWxlIG1lZGlhPSJzY3JlZW4iIHR5cGU9InRleHQvY3NzIj4KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IAogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQoJCQkJCQkJCS50aXRsZXN0eWxlIHsgdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTsgZm9udC13ZWlnaHQ6Ym9sZDsgZm9udC1zaXplOiBtZWRpdW07IH0gCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IAogICAgICAgICAgICAgIAkJCQk8L3N0eWxlPjwvaGVhZD48Ym9keT48aDQgY2xhc3M9Img0c3R5bGUiPkFubWVsZGVkYXRlbjo8L2g0PjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgUGVyc29uPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9ybmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiIC8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvbGxtYWNodDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnRleHQ+SWNoIG1lbGRlIG1pY2ggaW4gVmVydHJldHVuZyBhbi4gSW0gbsOkY2hzdGVuIFNjaHJpdHQgd2lyZCBtaXIgZWluZSBMaXN0ZSBkZXIgZsO8ciBtaWNoIHZlcmbDvGdiYXJlbiBWZXJ0cmV0dW5nc3ZlcmjDpGx0bmlzc2UgYW5nZXplaWd0LCBhdXMgZGVuZW4gaWNoIGVpbmVzIGF1c3fDpGhsZW4gd2VyZGUuPC94c2w6dGV4dD48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIEFud2VuZHVuZzwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5JZGVudGlmaWthdG9yOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5UZWNobmlzY2hlIFBhcmFtZXRlcjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXR1bTo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDksMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiIC8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5VaHJ6ZWl0OjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMTIsMikiIC8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIiAvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIgLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlRyYW5zYWt0aW9uc1Rva2tlbjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9ASUQiIC8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIiAvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiIC8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpzdHlsZXNoZWV0PjwvZHNpZzpUcmFuc2Zvcm0+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIiAvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48ZHNpZzpEaWdlc3RWYWx1ZT5iL1B5K3oweXIzQTVvaWsyRjJqSDZycXBYdTk0V2JZZzVBd0QrZGFUSmRFPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjZXRzaS1zaWduZWRwcm9wZXJ0aWVzLTEtMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPmdHNkxyS3JHcU5nWEtWZDVwaWIwdko2OVh1b0pRZlltNXhqZTFkOHFMSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWUgSWQ9InNpZ25hdHVyZXZhbHVlLTEtMSI+ZzR2OTlpV2R3K05jWnM4bWs5TnhPdVVxQ2Q3RnZXNXRKK3NLMkZzdEdoZkRnK0NMZmRiWVh4eWoxeTBYKzJpOGdJUjVLVVhybTRndEs0T09aT3Z4RlFzeWRtbkJqMW10QjRzM0V3MVhHK1pNeFJSRm5NTHpzWFdVQlhUTUxJcEozdlFpNW9qNHZmak5TdGRYL2NZWlFncEJ5OStJSVg3eDFjeVBGaWJtQk1CMzV3L2FEL1JQckhKOUVZalFEZ21IbGNHQXROZm96UFpJdS9MM0RXUGxDU2xJclBHNXZDS3BKSFBRcUt1QlFISy9nREFiUGI0WEx5ZVovR1BXNmsvRExMV1djWG04V1FyNysvYURvdHRtSWZwR0Z5YUIwSVlEWlpDdi82ZmxFRnpZMng4UXdyQmQ0cDkzeVZhMmJpUUZmd013VFNPQjVYVmJlODhQTW1jWDBnPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRjFqQ0NCTDZnQXdJQkFnSUVmZ1MzL1RBTkJna3Foa2lHOXcwQkFRc0ZBRENCb1RFTE1Ba0dBMVVFQmd3Q1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVqTUNFR0ExVUVDd3dhWVMxemFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNREl4SXpBaEJnTlZCQU1NR21FdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TUI0WERURTRNRFV6TURBNE16SXlPVm9YRFRJek1EVXpNREE0TXpJeU9Wb3dZREVMTUFrR0ExVUVCZ3dDUVZReEZ6QVZCZ05WQkFNTURrMWhlQ0JOZFhOMFpYSnRZVzV1TVJNd0VRWURWUVFFREFwTmRYTjBaWEp0WVc1dU1Rd3dDZ1lEVlFRcURBTk5ZWGd4RlRBVEJnTlZCQVVNRERVeE56WTJNRGN4T0RrNU16Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxOR1lYUm12QXg5Q0ptelZPNHVLcmVKaHB3VHdIaS9mUWhuWDNRZkIxVnpRZVlNTUhpM0dmVnpFbUFhRDZoclZJODRjeXFMQlFzdHlvNVJ4Sk05TGY2ejg0VFUzWlZka093QlZ4WGpvZTk4RG8rT3hqN3pvbE8rNlFkZTJhMmZNalpwaUROZGtFUGRVclEybFJSUHBCcWp5SEJIYjIzenNaMVBJWElwTWw2bm1zVlZGczlabGxqYmFNaTlsNTZaRk9BUlZBYnVlWWZTcEYwd0Q2NlU1UUMzL2Z3OVNZMzFhRFpvNWFTbU1jd3F3Q1d2Q2MvRWY1ZXZ1RWhPMnNPN1g1NU4yRU10YVZIK1gzODJIY3J6eW42bE5FekJDZis0dlpqUTZnWDFLYWx3Qkk5TG5pYUJKT0QvNHBIZlViNTFDSlVoTHU5UnQvcmt5SnlLV1l1N3o2TUNBd0VBQWFPQ0FsUXdnZ0pRTUlHREJnZ3JCZ0VGQlFjQkFRUjNNSFV3UlFZSUt3WUJCUVVITUFLR09XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlqWlhKMGN5OWhMWE5wWjI0dGNISmxiV2wxYlMxdGIySnBiR1V0TUROaExtTnlkREFzQmdnckJnRUZCUWN3QVlZZ2FIUjBjRG92TDI5amMzQXRkR1Z6ZEM1aExYUnlkWE4wTG1GMEwyOWpjM0F3RXdZRFZSMGpCQXd3Q29BSVJnYWZqa0dPRmIwd2NnWUlLd1lCQlFVSEFRTUVaakJrTUFvR0NDc0dBUVVGQndzQ01BZ0dCZ1FBamtZQkFUQUlCZ1lFQUk1R0FRUXdFd1lHQkFDT1JnRUdNQWtHQndRQWprWUJCZ0V3TFFZR0JBQ09SZ0VGTUNNd0lSWWJhSFIwY0hNNkx5OTNkM2N1WVMxMGNuVnpkQzVoZEM5d1pITXZFd0pGVGpBUkJnTlZIUTRFQ2dRSVFXeVM1ZFhrL3RZd0RnWURWUjBQQVFIL0JBUURBZ2JBTUFrR0ExVWRFd1FDTUFBd1lBWURWUjBnQkZrd1Z6QUlCZ1lFQUlzd0FRRXdTd1lHS2lnQUVRRVVNRUV3UHdZSUt3WUJCUVVIQWdFV00yaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrYjJOekwyTndMMkV0YzJsbmJpMXdjbVZ0YVhWdExXMXZZbWxzWlRDQnJnWURWUjBmQklHbU1JR2pNSUdnb0lHZG9JR2Fob0dYYkdSaGNEb3ZMMnhrWVhBdGRHVnpkQzVoTFhSeWRYTjBMbUYwTDI5MVBXRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXRVMmxuTFRBeUlDaFRTRUV0TWpVMktTeHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wUDJKaGMyVS9iMkpxWldOMFkyeGhjM005Wldsa1EyVnlkR2xtYVdOaGRHbHZia0YxZEdodmNtbDBlVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBeUVtZ09EdDAyeGF4SGI0RStPOVhnSW1FQzBBb0g0UTk3UHE3QmQ0ditQcXFkNmk1Um9kdndmVGdJYVcxSitmdkg4S1VUekkwWFg5d3BVV3dJbVZFR01INjNWQUpjWFZIMHk5aWZFV0lIZGhPTHRSWVZpZjBTUUs5WVJhY2h2SkRtRjVoTHdBUVJFZUdzWDJpTm1QN2RZZTR4aU5LQXRRbjBwaHZsUHFnaGE2b0tER01ROEZOQWZSejNrQXRYSndQYkZnNlFFNGtJaGtUZ2QzMnVPaUFKVzdHMlRhSlpYV2ZLOVRwVjVMUTEzKzExRkoyUzNLUWM4dWIvKzFHZGdpcktTVzRKMXpoc2ZUK1dDci9PYXlVMk16UVhLdjhPV2IwU3hXSUpIaU1UZXhIN3I5bXVHay9aTGthUVFWMkN0U09ZcVRBTjhBd2VDaUoxMXVWRkhlTHBRPT08L2RzaWc6WDUwOUNlcnRpZmljYXRlPjwvZHNpZzpYNTA5RGF0YT48L2RzaWc6S2V5SW5mbz48ZHNpZzpPYmplY3QgSWQ9ImV0c2ktc2lnbmVkLTEtMSI+PGV0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMgeG1sbnM6ZXRzaT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNzaWduYXR1cmUtMS0xIj48ZXRzaTpTaWduZWRQcm9wZXJ0aWVzIElkPSJldHNpLXNpZ25lZHByb3BlcnRpZXMtMS0xIj48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDdUMTM6MjY6MjVaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjZhVGtoYS9ZOXhZUzRiUU1aYndJWDhURnNEMkNlemRodXFIcFR0Q0kzZjA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPVT1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPPUEtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSCxDPUFUPC9kc2lnOlg1MDlJc3N1ZXJOYW1lPjxkc2lnOlg1MDlTZXJpYWxOdW1iZXI+MjExNDIzODQ2MTwvZHNpZzpYNTA5U2VyaWFsTnVtYmVyPjwvZXRzaTpJc3N1ZXJTZXJpYWw+PC9ldHNpOkNlcnQ+PC9ldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjxldHNpOlNpZ25hdHVyZVBvbGljeUltcGxpZWQgLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT48c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTgtMDYtMDdUMTU6MjY6MjUrMDI6MDAiIE5vdE9uT3JBZnRlcj0iMjAxOC0wNi0wN1QxNTo0MToyNSswMjowMCI+PHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vZWlkLmd2LmF0L21vYS1pZC1hdXRoL3NsMjAvZGF0YVVybD9wZW5kaW5naWQ9MTYxOTMyOTI0MzMwMjE3MjQ2PC9zYW1sMjpBdWRpZW5jZT48L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sMjpDb25kaXRpb25zPjxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlBWUC1WRVJTSU9OIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4xMCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TXVzdGVybWFubjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkdJVkVOLU5BTUUiIE5hbWU9InVybjpvaWQ6Mi41LjQuNDIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TWF4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iQklSVEhEQVRFIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1IiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjE5NDAtMDEtMDE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+aHR0cHM6Ly9sYWJkYS5pYWlrLnR1Z3Jhei5hdDo1NTUzL2RlbW9sb2dpbi88L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5sYWJkYSAtIERldmVsb3BtZW50PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUNvdW50cnlDb2RlIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFUPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48L3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWwyOkFzc2VydGlvbj4=" } } } \ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json new file mode 100644 index 000000000..8acd1986d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json @@ -0,0 +1,6 @@ +{ + "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6bnMzPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMiIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIEFzc2VydGlvbklEPSJsb2NhbGhvc3QtMjAxOC0wNS0yOFQxNjo0NDo0MSswMjowMCIgSXNzdWVJbnN0YW50PSIyMDE4LTA1LTI4VDE0OjQ0OjQxLjM2N1oiIElzc3Vlcj0iaHR0cDovL3Rlcm1pbmFsLmlhaWsudHVncmF6LmF0IiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI-PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOlN1YmplY3Q-PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48c2FtbDpDb25maXJtYXRpb25NZXRob2Q-dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT48cHI6UGVyc29uIHhzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU-QnMwbWNSWWVBTW5XeG5pVVlsM256QT09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24-PHByOk5hbWU-PHByOkdpdmVuTmFtZT5FaWQ8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlRlc3Q8L3ByOkZhbWlseU5hbWU-PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4yMDAwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE-PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24-PC9zYW1sOlN1YmplY3Q-PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI-PHNhbWw6QXR0cmlidXRlVmFsdWU-PGVjZHNhOkVDRFNBS2V5VmFsdWU-PGVjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOk5hbWVkQ3VydmUgVVJOPSJ1cm46b2lkOjEuMi44NDAuMTAwNDUuMy4xLjciLz48L2VjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOlB1YmxpY0tleT48ZWNkc2E6WCBWYWx1ZT0iMTkzNjQwODQ0ODkzNjU1NDM4MDYwNTQ2NjYxOTczNDAzODMzNzUxODUzNjU4MDgzMzA2MDY5NzQ2OTk5ODg2Mjc2ODc1Mjk0NTAyMTQiIHhzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48ZWNkc2E6WSBWYWx1ZT0iMTA4Njg0MDg1NDc2NTkxMDE3NTA1NjkyODQzMTE0NzMwNDU5MzUxODYzMTI5NDE4Mjg3NTUzMzg2OTM2MjE0NDQwODQxNjY4ODcyMTU2IiB4c2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8-PC9lY2RzYTpQdWJsaWNLZXk-PC9lY2RzYTpFQ0RTQUtleVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ-PGRzaWc6U2lnbmF0dXJlPjxkc2lnOlNpZ25lZEluZm8-PGRzaWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM-PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPjxkc2lnOlhQYXRoPm5vdChhbmNlc3Rvci1vci1zZWxmOjpwcjpJZGVudGlmaWNhdGlvbik8L2RzaWc6WFBhdGg-PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPm5JUlRucWZraUpETDhEc3A5ZHRuWUU4YnZxbTRrbUFRVVhOUDRyMzU5Qnc9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPnk5bXNyVmIxR2FOczNmZ3lkcVp2WnorYnp5cVFHeGRQRDhzazNyL1BnYTA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PC9kc2lnOlNpZ25lZEluZm8-PGRzaWc6U2lnbmF0dXJlVmFsdWU-WHNhNjlWaUFlTjcvTlBQeWlycXAzYWxwY1RsS2ZVMlJaUTBWS1FpTU1mSzExTnRHaFNlRE9aR1BvR1lnQjdaTApLbkw4UWxmVzRUK2I3eHNCcDM5WE5iSS9jVi9zY0c5ZUIweWhYa0x6MjVsdE1jUUJNcUdEcDJHcmNpOEpYQmRaCkFIQWVBS2IrNUZzVHR4MllyMUZIUGhyWnEwN3RFK2NhSXlNb2VOdi95bVBrSWFhT0lUcTZHWTdndFZReFJGNWwKMi9uUmFKWExwc1JIdnVpNmIrWHBxUlFuZFJvaVEvSW41N3lSY0JLVk5lbFBhcUJmekRSMmtjVEt1RCtxWFAvawpaMU1nRUErY1dXcVI0Y085UEdxQms4NUR1MTBBVXMvTjNCbzRqWDZrcTYvMWVKdWlnSDVhTmlTNnVTcnFHZktLCklxUWxYc2N6a0oxLzIxUDgzQmFYZUE9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlIYWpDQ0JWS2dBd0lCQWdJR1JVbkY4RDVTTUEwR0NTcUdTSWIzRFFFQkN3VUFNSGN4Q3pBSkJnTlZCQVlUCkFrRlVNUTB3Q3dZRFZRUUhFd1JIY21GNk1TWXdKQVlEVlFRS0V4MUhjbUY2SUZWdWFYWmxjbk5wZEhrZ2IyWWcKVkdWamFHNXZiRzluZVRFTk1Bc0dBMVVFQ3hNRVNVRkpTekVpTUNBR0ExVUVBeE1aU1VGSlN5QlVaWE4wSUVsdQpkR1Z5YldWa2FXRjBaU0JEUVRBZUZ3MHhOakE0TWpVeE16QTRNemhhRncweE9UQTRNalV4TXpBNE16aGFNSUg4Ck1Rc3dDUVlEVlFRR0V3SkJWREVOTUFzR0ExVUVCeE1FUjNKaGVqRW1NQ1FHQTFVRUNoTWRSM0poZWlCVmJtbDIKWlhKemFYUjVJRzltSUZSbFkyaHViMnh2WjNreFNEQkdCZ05WQkFzVFAwbHVjM1JwZEhWMFpTQm1iM0lnUVhCdwpiR2xsWkNCSmJtWnZjbTFoZEdsdmJpQlFjbTlqWlhOemFXNW5JR0Z1WkNCRGIyMXRkVzVwWTJGMGFXOXVjekVhCk1CZ0dBMVVFQkJNUlUybG5ibUYwZFhKbElGTmxjblpwWTJVeEhqQWNCZ05WQkNvVEZWTmxjblpsY2tKTFZTQkUKWlhabGJHOXdiV1Z1ZERFd01DNEdBMVVFQXhNblUyVnlkbVZ5UWt0VklFUmxkbVZzYjNCdFpXNTBJRk5wWjI1aApkSFZ5WlNCVFpYSjJhV05sTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4ZC8zCjlpbDYxZ2hJSDc4MXdSR2c1bSsxMk1SeEZCL2VLTFRuOEFqM1lwVG1JOSs0Q1RHOEVTbXUyMGkvZCttUmMvQmcKNXR6dklUaSs5NjRnSXNvdnluQ2RVOVFFd1dGOVNLVFE3dmpUTWZrVFdEbGwrS2ZTV2pPNzFsN0RtOUYvZFJWVwp4S2N4MWo2b1N4Ym5ZWmlvM1VCc1NGK3ZmRXo3Y0p6MkR6QWdBdE05cy8yd1NpWXlXd2ZRTVFjZ0VnQTR1V3RXCi83dnJlOEZEZ3h4dEEzWE9WN0lnS29FZkZBMmM3YTZnVkdVak45ME9XeG40WmRER3BqRFk5bUFuRUpTMnJRb1oKRW5rSTQ3cmZ4MzVGckVQdDdSZGM1bVRTd0R2YkpxTGx4a0NVclBpK0NWL2VzTXhyeVg0K21pdmFnaHhWeTNHVApTcFR4ZjJJQWdYMnVYMlZiVXdJREFRQUJvNElDZERDQ0FuQXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1Bd0dBMVVkCkV3RUIvd1FDTUFBd2dnRVhCZ2dyQmdFRkJRY0JBUVNDQVFrd2dnRUZNSGNHQ0NzR0FRVUZCekFDaG10c1pHRncKT2k4dmJHUmhjQzVwWVdsckxuUjFaM0poZWk1aGRDOWpiajFwWVdsckxYUmxjM1F0YVc1MFpYSnRaV1JwWVhSbApMV05oTEc5MVBYQnJhU3hrWXoxcFlXbHJMR1JqUFhSMVozSmhlaXhrWXoxaGREOWpRVU5sY25ScFptbGpZWFJsCk8ySnBibUZ5ZVRCSUJnZ3JCZ0VGQlFjd0FvWThhSFIwY0RvdkwyTmhMbWxoYVdzdWRIVm5jbUY2TG1GMEwyTmwKY25SekwybGhhV3N0ZEdWemRDMXBiblJsY20xbFpHbGhkR1V0WTJFdVkyVnlNRUFHQ0NzR0FRVUZCekFCaGpSbwpkSFJ3T2k4dmIyTnpjQzVwWVdsckxuUjFaM0poZWk1aGRDOXBZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsCkxXTmhNQjhHQTFVZEl3UVlNQmFBRkVKdXI2L3FRU3AvbEZjRmhZTGdrVVloeVZkQ01Ca0dBMVVkSUFRU01CQXcKRGdZTUt3WUJCQUdWRWdFQ0J3RUJNSUhLQmdOVkhSOEVnY0l3Z2I4d2dieWdnYm1nZ2JhR2QyeGtZWEE2THk5cwpaR0Z3TG1saGFXc3VkSFZuY21GNkxtRjBMMk51UFdsaGFXc3RkR1Z6ZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkVzCmIzVTljR3RwTEdSalBXbGhhV3NzWkdNOWRIVm5jbUY2TEdSalBXRjBQMk5sY25ScFptbGpZWFJsVW1WMmIyTmgKZEdsdmJreHBjM1E3WW1sdVlYSjVoanRvZEhSd09pOHZZMkV1YVdGcGF5NTBkV2R5WVhvdVlYUXZZM0pzY3k5cApZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsTFdOaExtTnliREFOQmdjcUtBQUtBUWNCQkFJRkFEQWRCZ05WCkhRNEVGZ1FVQ0djbU5FZ3JGTHdyZWRNcFJwYS8zNGpFcVk4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJQWcKL0Z0K3ZNMERVS0tpcGNGMnhTWkN3ZXFFcjZiRjlJOEZydXhLeUhnNFdjV2lVdkZzOTZXa3dqL0dBOFlNSmtqRQpTS2FkMW5QK2hGamlyYVlVNmRTZnBPbkFVSnlMVjBxNURNOFkwY2w4R0RxYXpFMmtOR056am1IOUh2R1k5Q1dwCnZ3RjhodEJuQlg4TjRFdncydDg2ZUQ0VjUwN2syRXY4Sk9QV0tpZlp3TzBPQ25Qa2tCZnEzMEg1R1ZtOUpBOFcKam9FWFlRenpYMlRCWXJ4cWtXTm9zQXNOOVN0Y092djlzZlRUdFcrb3pLNS9WUHZBcDlTVU9qQzVFd3c3QnVLcQp5QnhEclRTUThobGZXMmo4Y010Q21nMDBMSVNuc3BpcThQZHZJV2t0RE8wc3JpeWgzWXVJSVV4ODZPRTlyQmNHCjIwcXI5czJvWFl6VnhxK1Q2aElFekRDMXYvc1BicGVZRmRVNkRXN2J6LzNPYlBjS2prR0Q3SjA2WkRaRmJnWHIKYXVjcjAxWkZqZGdCY2RIMFV6bXNJYUFNRytIWTVSVTk5QVo1YlA1UkgrRGJTVFpMbGNtOFp6bmU1L2Iwck4rYQoyUTFjdHB0UW5hUGxaWVFNY1RTcVhjYk03VW16bjRMZ25PZWRqZkFjcDhQazByK2Jab2pyekZHdW9pOWZxa3FlCnFUdXArUGtHaitJOEQrcE9HL3NTTWFQeC9nUFo0bGxPOXYxN1ZHSEtIK095R0lzZWZ3ZCtqWGhNVEpNZHQ1a08KNmZMeVRGRjFNUDRMZDY0cFJ1Ym9hZ1pxZTNkbXk5SEN5N0FWbnE5ZElsL0JsaExqaExTVFlXdnd0ZHVoMzNXVgpxZWd3QmxkcjZQOXZ1SlRzT3JyZTdiUnZrQStWbnVaaGxOVzlBQzEvPC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE-PC9kc2lnOktleUluZm8-PGRzaWc6T2JqZWN0Pjxkc2lnOk1hbmlmZXN0IElkPSJtYW5pZmVzdCI-PGRzaWc6UmVmZXJlbmNlIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkvUkVDLXhwYXRoLTE5OTkxMTE2Ij48ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6ZHNpZzpTaWduYXR1cmUpPC9kc2lnOlhQYXRoPjwvZHNpZzpUcmFuc2Zvcm0-PC9kc2lnOlRyYW5zZm9ybXM-PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8-PGRzaWc6RGlnZXN0VmFsdWU-QWZHRytDVVAvZUY3bFpCaTgzMkVZYk9lS1MwYzNpYTljQ1p5OEUvYS9QZz08L2RzaWc6RGlnZXN0VmFsdWU-PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6TWFuaWZlc3Q-PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPjwvc2FtbDpBc3NlcnRpb24-", + "EID-CITIZEN-QAA-LEVEL": "eid-citizen-qaa-level", + "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDI6QXNz\r\nZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXNzZXJ0aW9uIiBJRD0iXzQwOTcyZmQ3NzdjNTlkYTFlYmVlZDJiOGQ2MzNhMzAw\r\nIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBWZXJzaW9uPSIy\r\nLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+\r\nCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6\r\nMi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL3NlcnZlcmJrdWRlbW8u\r\naWFpay50dWdyYXouYXQvZWlkPC9zYW1sMjpJc3N1ZXI+Cgk8ZHM6U2lnbmF0dXJl\r\nIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBJ\r\nZD0iU2lnbmF0dXJlLWx1cmx5d2ZjLTEiPjxkczpTaWduZWRJbmZvIElkPSJTaWdu\r\nZWRJbmZvLWx1cmx5d2ZjLTEiPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFs\r\nZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4j\r\nIi8+PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMu\r\nb3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkczpSZWZl\r\ncmVuY2UgSWQ9IlJlZmVyZW5jZS1sdXJseXdmYy0xIiBVUkk9IiI+PGRzOlRyYW5z\r\nZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3Jn\r\nL1RSLzE5OTkvUkVDLXhzbHQtMTk5OTExMTYiPjx4c2w6c3R5bGVzaGVldCB4bWxu\r\nczp4c2w9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvWFNML1RyYW5zZm9ybSIgZXhj\r\nbHVkZS1yZXN1bHQtcHJlZml4ZXM9InNhbWwyIiB2ZXJzaW9uPSIxLjAiIHhtbG5z\r\nOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48\r\neHNsOm91dHB1dCBtZXRob2Q9InhtbCIgeG1sbnM6eG1sPSJodHRwOi8vd3d3Lncz\r\nLm9yZy9YTUwvMTk5OC9uYW1lc3BhY2UiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4\r\nc2w6dGVtcGxhdGUgbWF0Y2g9Ii8iIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8x\r\nOTk5L3hodG1sIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94\r\naHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3Rp\r\ndGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+CiAgICAg\r\nICAgICAgICAgCQkJCQkubm9ybWFsc3R5bGUgeyBmb250LXNpemU6IG1lZGl1bTsg\r\nfSAKICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTog\r\nbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0KCQkJCQkJCQkudGl0bGVzdHls\r\nZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7\r\nIGZvbnQtc2l6ZTogbWVkaXVtOyB9IAoJCQkJCQkJCS5oNHN0eWxlIHsgZm9udC1z\r\naXplOiBsYXJnZTsgfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSAKICAgICAgICAg\r\nICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxl\r\nIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4g\r\nenVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYg\r\ndGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3Rh\r\ndGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40Midd\r\nL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5\r\nbGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2\r\nYWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRl\r\nU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40\r\nMiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4\r\nc2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIu\r\nNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0\r\ncj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwy\r\nOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVz\r\ndD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVt\r\nZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4y\r\nLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0i\r\naXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1h\r\nbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9z\r\nYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1\r\ncm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFs\r\ndWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNz\r\nZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVb\r\nQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xs\r\nbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0Pklj\r\naCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hy\r\naXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFy\r\nZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVu\r\nIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3Ry\r\nPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1\r\nciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRk\r\nIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQ\r\ncm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwv\r\ndHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpB\r\ndHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8v\r\nZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5\r\nTmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhz\r\nbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5n\r\ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUn\r\nXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNs\r\nOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0\r\nZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3Yu\r\nYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9z\r\nYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxl\r\nIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVl\r\nLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJ\r\nRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBj\r\nbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxl\r\nIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+\r\nRGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFu\r\ndCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2Vs\r\nZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYs\r\nMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9\r\nInN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIv\r\nPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8\r\nL3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0\r\nPSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIp\r\nIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJz\r\ndWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+\r\nPHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJz\r\ndHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90\r\nZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNU\r\nb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1v\r\nZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6\r\naWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1l\r\nbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIu\r\nMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNz\r\nPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6\r\nIDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxl\r\nY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3Nh\r\nbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4y\r\nNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDpp\r\nZj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0\r\nYVVSTDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL3NhbWwy\r\nOkF1ZGllbmNlUmVzdHJpY3Rpb24vc2FtbDI6QXVkaWVuY2UiLz48L3RkPjwvdHI+\r\nPHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMv\r\nQE5vdE9uT3JBZnRlciI+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPkF1dGhCbG9ja1ZhbGlkVG86IDwvdGQ+PHRkIGNsYXNzPSJub3Jt\r\nYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24v\r\nc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIi8+PC90ZD48L3RyPjwveHNs\r\nOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpz\r\ndHlsZXNoZWV0PjwvZHM6VHJhbnNmb3JtPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGht\r\nPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2Rz\r\nOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93\r\nd3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1\r\nZT5IbEk0T0lNbG1sVlpJQWtBdkQ1bGdGNWRGeXdxWVhES0wzVEVSaXRZeHlVPTwv\r\nZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PGRzOlJlZmVyZW5jZSBJZD0i\r\nUmVmZXJlbmNlLWx1cmx5d2ZjLTIiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcv\r\nMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjU2lnbmVkUHJvcGVydGllcy1s\r\ndXJseXdmYy0xIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRo\r\nbT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9k\r\nczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v\r\nd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFs\r\ndWU+a3lFdzl5bUlLbm9KSlF3bW85bitmdjF1VGpCUXdaNGpsZk5oSll5akpKTT08\r\nL2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48\r\nZHM6U2lnbmF0dXJlVmFsdWUgSWQ9IlNpZ25hdHVyZVZhbHVlLWx1cmx5d2ZjLTEi\r\nPlQrOTN3ejU3dUVsQUFFb1dZTVNYcVA3YnVIU0drZW9YVlQvTnN5Q1hrM056Zmpn\r\nbC9ERlgreFJqOGJqUDNkUEgKenVtejVUV1N3R25NRUU4bUNJTUxRQT09PC9kczpT\r\naWduYXR1cmVWYWx1ZT48ZHM6S2V5SW5mbyBJZD0iS2V5SW5mbyI+PGRzOlg1MDlE\r\nYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJR2Z6Q0NCR2VnQXdJQkFnSUhBSlpZ\r\nMGlZWFVqQU5CZ2txaGtpRzl3MEJBUXNGQURCM01Rc3dDUVlEVlFRRwpFd0pCVkRF\r\nTk1Bc0dBMVVFQnhNRVIzSmhlakVtTUNRR0ExVUVDaE1kUjNKaGVpQlZibWwyWlhK\r\nemFYUjVJRzltCklGUmxZMmh1YjJ4dloza3hEVEFMQmdOVkJBc1RCRWxCU1VzeElq\r\nQWdCZ05WQkFNVEdVbEJTVXNnVkdWemRDQkoKYm5SbGNtMWxaR2xoZEdVZ1EwRXdI\r\naGNOTVRnd05USTRNVFEwTlRJeFdoY05NakV3TlRJNE1UUTBOVEl4V2pBdwpNUXd3\r\nQ2dZRFZRUXFFd05GYVdReERUQUxCZ05WQkFRVEJGUmxjM1F4RVRBUEJnTlZCQU1U\r\nQ0VWcFpDQlVaWE4wCk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdB\r\nRUtzK3U5T2RqRm1SR0YxQ2JzYStYU3V2elBvSUcKcFB0Y0pzKzR0aE1iQ3Vid1NR\r\nTXZVT3NzckN6ckMxSmk5WVZ4ZXFIczNEVTJSREVvc29TVVJPSkgzS09DQXlBdwpn\r\nZ01jTUE0R0ExVWREd0VCL3dRRUF3SUhnREFNQmdOVkhSTUJBZjhFQWpBQU1JSUJO\r\nZ1lJS3dZQkJRVUhBUUVFCmdnRW9NSUlCSkRDQmdnWUlLd1lCQlFVSE1BS0dkbXhr\r\nWVhBNkx5OWpZWEJ6YnkxMFpYTjBMbWxoYVdzdWRIVm4KY21GNkxtRjBPakV6T0Rr\r\ndlkyNDlhV0ZwYXkxMFpYTjBMV2x1ZEdWeWJXVmthV0YwWlMxallTeHZkVDF3YTJr\r\ncwpaR005YVdGcGF5eGtZejEwZFdkeVlYb3NaR005WVhRL1kwRkRaWEowYVdacFky\r\nRjBaVHRpYVc1aGNua3dVQVlJCkt3WUJCUVVITUFLR1JHaDBkSEE2THk5allYQnpi\r\neTEwWlhOMExtbGhhV3N1ZEhWbmNtRjZMbUYwTDJObGNuUnoKTDJsaGFXc3RkR1Z6\r\nZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkV1WTJWeU1Fc0dDQ3NHQVFVRkJ6QUJoajlv\r\nZEhSdwpPaTh2WTJGd2MyOHRkR1Z6ZEM1cFlXbHJMblIxWjNKaGVpNWhkQzl2WTNO\r\nd0wybGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXdId1lEVlIwakJC\r\nZ3dGb0FVZWRnUEFvSGx5d3Z1dC94RXY5Tm4raENHVVJJd2dhQUcKQTFVZElBU0Jt\r\nRENCbFRDQmtnWU1Ld1lCQkFHVkVnRUNCd0VCTUlHQk1IOEdDQ3NHQVFVRkJ3SUNN\r\nSE1NY1ZSbwphWE1nWTJWeWRHbG1hV05oZEdVZ2QyRnpJR2x6YzNWbFpDQmllU0Jo\r\nSUNvcVkyOXdlU29xSUc5bUlHRnVJRWxCClNVc2dWR1Z6ZENCSmJuUmxjbTFsWkds\r\naGRHVWdRMEVnWVc1a0lHMWhlU0JpWlNCMWMyVmtJR1p2Y2lCMFpYTjAKSUhCMWNu\r\nQnZjMlZ6SUc5dWJIa3VNSUhlQmdOVkhSOEVnZFl3Z2RNd2dkQ2dnYzJnZ2NxR2dZ\r\nSnNaR0Z3T2k4dgpZMkZ3YzI4dGRHVnpkQzVwWVdsckxuUjFaM0poZWk1aGREb3hN\r\nemc1TDJOdVBXbGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXNiM1U5\r\nY0d0cExHUmpQV2xoYVdzc1pHTTlkSFZuY21GNkxHUmpQV0YwUDJObGNuUnAKWm1s\r\nallYUmxVbVYyYjJOaGRHbHZia3hwYzNRN1ltbHVZWEo1aGtOb2RIUndPaTh2WTJG\r\nd2MyOHRkR1Z6ZEM1cApZV2xyTG5SMVozSmhlaTVoZEM5amNteHpMMmxoYVdzdGRH\r\nVnpkQzFwYm5SbGNtMWxaR2xoZEdVdFkyRXVZM0pzCk1CMEdBMVVkRGdRV0JCU093\r\nS0VmZDVIa2traXppWkJiNVlqNEhXeTFEREFOQmdrcWhraUc5dzBCQVFzRkFBT0MK\r\nQWdFQUFqakRNU1d4YlVIdmtsUEtTNHhUSkpWN0JsNUd5KysvTFozOU1iOFpDZ2pJ\r\nc0dJUDl3M2hoejBrZmk0egpJejZodmYvWXg5emxLWi93UklVOFI0aXlncVFTWTVa\r\nbTI4V0tWbTNWYmhmczRld040RkpUUDh3OExnVVNISjAyClYrSklIdFV0NWk5VTJh\r\nL0kwMWJteklJZkJZTDBJVzhzMUszVk1BekFEeUhER1cvVTZoOWNrN2RheXc4T1dp\r\nOHQKTlQ0dG5LWDRtRWhINnoya1VQbnY3ZnFGbFNSckQwdXFrZUtaYWQzQTFhMTU1\r\nUzBEZ2oxY1ptTmpSNHNSaFFoaApnYmEvRUd1SE55RVhjaFZhc0lJVG9oT1J1SlY5\r\nQkFxNENja2JTTG8vcUNTZit1aVFVSm0zMzZMd2F2akdaa2VkCk8vYXV2UlRFVGN0\r\nUGlwamRPTlN4Ri9qYmpBUTNmbVlSL1Zxdm9DbTZLM1pnV1R6eGswUzRtZmFycndv\r\nb0R2bEUKcmtTbnJsTGYrRDZFeVF0OUxDdy9pNUx2SC8rRStaUTRBS3dUSG1Kb2s0\r\neGRTZ3l3eU5yeHNjaVpydlVHZ3dlOQpuK0NWM0l6RXltWWZMMjhxeWtLV3BxYlBU\r\nbFNIcWEzU2xJbWRsOHl3Skk0aEFXN216WkRwNE9qaGliUnlkSnNSCjd1aUZuZmhJ\r\nS01URGljblpHZ1BaWnFJdVM0cUd3WUJzelU3N1IrWG13bVpxWkJrTlA4OGVZVzFx\r\nbnhDRkdFdEkKT2lpRVR3TzR6eFhGRjIxQ2VCMDZQRXdSQ1ZnZWJCZzB6Qm5YK2hJ\r\nc1Qvbkpxd0hLOEkwWWgyNEJDdWRFU1VDMgpnRTl4cnVqcmszZTdyK2xPcWJZYnpl\r\nV1JKblhJTGcrU25mbHpDOWtTM0x4UmZKST08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48\r\nL2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48ZHM6T2JqZWN0Pjx4YWRlczpRdWFs\r\naWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9y\r\nZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNTaWduYXR1cmUtbHVybHl3ZmMtMSI+\r\nPHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtbHVy\r\nbHl3ZmMtMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVz\r\nOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDdUMTY6NTc6MzcrMDI6MDA8L3hhZGVzOlNp\r\nZ25pbmdUaW1lPjx4YWRlczpTaWduaW5nQ2VydGlmaWNhdGVWMj48eGFkZXM6Q2Vy\r\ndD48eGFkZXM6Q2VydERpZ2VzdD48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0i\r\naHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzOkRp\r\nZ2VzdFZhbHVlPmRXV01DZ29LL09Uc1Bkemk1S0orSFV0RUE5YWhxVitsQkVEK3BD\r\na1d0OFU9PC9kczpEaWdlc3RWYWx1ZT48L3hhZGVzOkNlcnREaWdlc3Q+PC94YWRl\r\nczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlVjI+PHhhZGVzOlNpZ25h\r\ndHVyZVBvbGljeUlkZW50aWZpZXI+PHhhZGVzOlNpZ25hdHVyZVBvbGljeUltcGxp\r\nZWQvPjwveGFkZXM6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L3hhZGVzOlNp\r\nZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25lZERhdGFPYmplY3RQ\r\ncm9wZXJ0aWVzPjx4YWRlczpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5j\r\nZT0iI1JlZmVyZW5jZS1sdXJseXdmYy0xIj48eGFkZXM6TWltZVR5cGU+YXBwbGlj\r\nYXRpb24veGh0bWwreG1sPC94YWRlczpNaW1lVHlwZT48L3hhZGVzOkRhdGFPYmpl\r\nY3RGb3JtYXQ+PC94YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48L3hh\r\nZGVzOlNpZ25lZFByb3BlcnRpZXM+PC94YWRlczpRdWFsaWZ5aW5nUHJvcGVydGll\r\ncz48L2RzOk9iamVjdD48L2RzOlNpZ25hdHVyZT48c2FtbDI6Q29uZGl0aW9ucyBO\r\nb3RCZWZvcmU9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBOb3RPbk9yQWZ0ZXI9IjIw\r\nMTgtMDYtMDdUMTU6MDI6MzdaIj4KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlv\r\nbj4KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHA6Ly9sYWJkYS5pYWlrLnR1Z3Jhei5h\r\ndDo4MDgwL21vYS1pZC1hdXRoL3NsMjAvZGF0YVVybD9wZW5kaW5naWQ9Nzg0NTg4\r\nMDkxNDYxODg5MjM2MTwvc2FtbDI6QXVkaWVuY2U+CgkJPC9zYW1sMjpBdWRpZW5j\r\nZVJlc3RyaWN0aW9uPgoJPC9zYW1sMjpDb25kaXRpb25zPgoJPHNhbWwyOkF0dHJp\r\nYnV0ZVN0YXRlbWVudD4KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0i\r\nUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYx\r\nLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0\r\ncm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxu\r\nczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNl\r\nIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5k\r\nbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4x\r\nMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpT\r\nQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0\r\nZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hl\r\nbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlRlc3Q8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIu\r\nNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXR0cm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4\r\nbWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3Rh\r\nbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5FaWQ8L3NhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJp\r\nZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAu\r\nMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu\r\nMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5z\r\ndGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjIwMDAtMDEtMDE8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5h\r\nbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3Zp\r\nZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1M\r\nOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEt\r\naW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vbGFiZGEuaWFp\r\nay50dWdyYXouYXQ6NTU1My9kZW1vbG9naW4vTG9naW5TZXJ2bGV0RXhhbXBsZS5h\r\nY3Rpb248L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRl\r\nPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlk\r\nZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRy\r\naWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0i\r\ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmki\r\nPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3\r\nLnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0\r\ncmluZyI+RGVtbyBBcHBsaWNhdGlvbjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+CgkJ\r\nPC9zYW1sMjpBdHRyaWJ1dGU+CgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5h\r\nbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2Vp\r\nZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29k\r\nZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJu\r\nYW1lLWZvcm1hdDp1cmkiPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6\r\neHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIg\r\neHNpOnR5cGU9InhzOnN0cmluZyI+QVQ8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJ\r\nCTwvc2FtbDI6QXR0cmlidXRlPgoJCQoJCQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQ+Cjwvc2FtbDI6QXNzZXJ0aW9uPg==", + "EID-CCS-URL": "eid-ccs-url" +} \ No newline at end of file -- cgit v1.2.3 From 721d4261b72a12dc6147687d72b81738014be20b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 09:20:52 +0200 Subject: add jUnit simple test for AuthDataBuilder and foreign bPK generation --- .../moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java | 8 ++++---- .../modules/ssotransfer/data/SSOTransferOnlineApplication.java | 6 ++++++ 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index a131e5e29..da0b7ac90 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -4,7 +4,6 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.Map; -import org.jose4j.base64url.Base64Url; import org.junit.BeforeClass; import org.junit.Test; import org.opensaml.DefaultBootstrap; @@ -75,8 +74,8 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(idlB64)) throw new Exception("NO IDL found"); - //IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + //IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); if (idl == null) throw new Exception("IDL parsing FAILED"); @@ -88,7 +87,8 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(idlB64)) throw new Exception("NO IDL found"); - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); +// IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); if (idl == null) throw new Exception("IDL parsing FAILED"); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c2132c1f9..a97e5944a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -424,4 +424,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { return null; } + @Override + public List foreignbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } -- cgit v1.2.3 From c4405efdb0177c6319c0a3a0b9f5d3f4d0967748 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 12:07:41 +0200 Subject: add log message --- .../moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index a5696d36d..f7e635b3b 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -223,8 +223,10 @@ public class JsonSecurityUtils implements IJOSETools{ throw new SL20SecurityException("JWS signature invalide."); } + //load payLoad + Logger.debug("SL2.0 commando signature validation sucessfull"); JsonElement sl20Req = new JsonParser().parse(jws.getPayload()); return new VerificationResult(sl20Req.getAsJsonObject(), null, valid) ; -- cgit v1.2.3 From fcb3d17f73a880fb19c4a6a2ea7f7009051553cf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 12:59:26 +0200 Subject: update jUnit tests for SIC mobile-phone signature --- .../sl20/verifier/QualifiedeIDVerifier.java | 24 +--------------------- .../sl20_auth/dummydata/DummyAuthConfig.java | 10 ++++++++- .../modules/sl20_auth/eIDDataVerifierTest.java | 3 ++- .../profiles/SL20_authblock_v1.0.xml | 8 -------- .../profiles/SL20_authblock_v1.0_sic.xml | 8 ++++++++ 5 files changed, 20 insertions(+), 33 deletions(-) delete mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index a437e3411..18428e554 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -5,7 +5,6 @@ import java.io.IOException; import java.util.Date; import java.util.List; -import org.jaxen.SimpleNamespaceContext; import org.opensaml.Configuration; import org.opensaml.saml2.core.Assertion; import org.opensaml.xml.XMLObject; @@ -33,31 +32,10 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; -public class QualifiedeIDVerifier { - - /** Xpath expression to the dsig:Signature element */ - private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; - - private static final String XADES_1_1_1_SIGNINGTIME_PATH = "//" + Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; - private static final String XADES_1_3_2_SIGNINGTIME_PATH = "//" + Constants.XADES_1_3_2_NS_PREFIX + ":SigningTime"; - - - private static final long MAX_DIFFERENCE_IN_MILLISECONDS = 600000; // 10min - - - private static SimpleNamespaceContext NS_CONTEXT; - static { - NS_CONTEXT = new SimpleNamespaceContext(); - NS_CONTEXT.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI); - NS_CONTEXT.addNamespace(Constants.XADES_1_2_2_NS_PREFIX, Constants.XADES_1_2_2_NS_URI); - NS_CONTEXT.addNamespace(Constants.XADES_1_3_2_NS_PREFIX, Constants.XADES_1_3_2_NS_URI); - NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI); - } - +public class QualifiedeIDVerifier { public static void verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { // validates the identity link IdentityLinkValidator.getInstance().validate(idl); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index bba4ade82..af47bc942 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -14,6 +14,14 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration; public class DummyAuthConfig implements AuthConfiguration { + private boolean requireAuthBlockQC = true; + + + + public void setRequireAuthBlockQC(boolean requireAuthBlockQC) { + this.requireAuthBlockQC = requireAuthBlockQC; + } + @Override public String getRootConfigFileDir() { // TODO Auto-generated method stub @@ -295,7 +303,7 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public boolean isCertifiacteQCActive() { - return true; + return this.requireAuthBlockQC; } @Override diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index da0b7ac90..c2784181a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -119,7 +119,8 @@ public abstract class eIDDataVerifierTest { throw new Exception("NO AuthBlock found"); IOAAuthParameters dummyOA = new DummyOA(); - AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); + DummyAuthConfig dummyAuthConfig = new DummyAuthConfig(); + dummyAuthConfig.setRequireAuthBlockQC(false); QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml deleted file mode 100644 index 08e24fe92..000000000 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml +++ /dev/null @@ -1,8 +0,0 @@ -Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
- Vollmachten-Referenz:
DataURL:
AuthBlockValidTo:

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml new file mode 100644 index 000000000..c2c984e33 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
+ Vollmachten-Referenz:
DataURL:
AuthBlockValidTo:

-- cgit v1.2.3 From e67ec48b9c27b718b7ca961267f690c44964255e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 13 Jun 2018 08:08:14 +0200 Subject: change moa-spss transformation profile for SL20 authblock --- .../moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java | 4 +--- .../resources/moaspss_config/profiles/SL20_authblock_v1.0.xml | 8 ++++++++ .../resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml | 8 -------- 3 files changed, 9 insertions(+), 11 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml delete mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java index 419142c7d..ceff0e516 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -5,10 +5,8 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; -import org.junit.runner.RunWith; import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -17,7 +15,7 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -@RunWith(SpringJUnit4ClassRunner.class) +//@RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/SpringTest-context.xml" }) public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 000000000..c2c984e33 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
+ Vollmachten-Referenz:
DataURL:
AuthBlockValidTo:

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml deleted file mode 100644 index c2c984e33..000000000 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml +++ /dev/null @@ -1,8 +0,0 @@ -Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
- Vollmachten-Referenz:
DataURL:
AuthBlockValidTo:

-- cgit v1.2.3 From 2a073c6727d704271e17d9b682be28410f23aae7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jun 2018 06:18:47 +0200 Subject: more refactoring staff --- .../java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java | 2 +- .../id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java | 2 +- .../moa/id/auth/parser/CreateXMLSignatureResponseParser.java | 2 +- .../egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java | 2 +- .../servlet/CitizenCardAuthProcessEngineSignalController.java | 2 ++ .../id/auth/validator/VerifyXMLSignatureResponseValidator.java | 2 +- .../moa/id/util/client/mis/simple/MISSimpleClient.java | 2 +- .../moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java | 2 +- .../egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java | 2 +- .../elgamandates/controller/ELGAMandateSignalController.java | 2 +- .../moa/id/auth/modules/sl20_auth/SL20SignalServlet.java | 2 +- .../modules/ssotransfer/servlet/SSOTransferSignalServlet.java | 2 +- .../federatedauth/controller/FederatedAuthSignalController.java | 2 +- .../moa/id/protocols/saml1/SAML1AuthenticationData.java | 8 ++++---- 14 files changed, 18 insertions(+), 16 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 97f56c6f4..d76e72aa4 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -42,7 +42,6 @@ import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.ServiceException; @@ -64,6 +63,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.Pair; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 703d72f00..805b1b8f1 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -39,8 +39,8 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java index eca231094..fb3cf3713 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/CreateXMLSignatureResponseParser.java @@ -61,8 +61,8 @@ import org.w3c.dom.traversal.NodeIterator; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.XPathUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java index 154092b03..dba26f1db 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParser.java @@ -64,9 +64,9 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.BKUException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.exceptions.BKUException; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java index 139be49fe..582af517c 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/servlet/CitizenCardAuthProcessEngineSignalController.java @@ -31,6 +31,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; + /** * @author tlenz * diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index a8d0f2236..f9a432a9f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -61,8 +61,8 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.util.MOAIDMessageProvider; import at.gv.egovernment.moa.logging.Logger; import iaik.asn1.structures.Name; import iaik.security.ec.common.ECPublicKey; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java index 26d50905e..a1e16a7f0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/client/mis/simple/MISSimpleClient.java @@ -70,8 +70,8 @@ import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; -import at.gv.egovernment.moa.id.auth.exception.MISSimpleClientException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java index 3198d04a3..9a98c1ae1 100644 --- a/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS-v2/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas_v2/eIDASSignalServlet.java @@ -32,7 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java index 16d909331..49d98ed33 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASSignalServlet.java @@ -32,7 +32,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java index 585e72c2f..503884edd 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/controller/ELGAMandateSignalController.java @@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java index 87d306822..ab7eb0830 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -31,7 +31,7 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java index 694f26b65..bf215373d 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferSignalServlet.java @@ -33,8 +33,8 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java index 431ed5ef1..5edd36248 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/controller/FederatedAuthSignalController.java @@ -32,8 +32,8 @@ import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; -import at.gv.egovernment.moa.id.auth.servlet.AbstractProcessEngineSignalController; import at.gv.egovernment.moa.logging.Logger; /** diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java index 2a7cce89e..c53d1c98d 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationData.java @@ -49,9 +49,9 @@ package at.gv.egovernment.moa.id.protocols.saml1; import java.text.ParseException; import java.util.List; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DateTimeUtils; @@ -62,7 +62,7 @@ import at.gv.egovernment.moa.util.DateTimeUtils; * @version $Id$ */ -public class SAML1AuthenticationData extends AuthenticationData { +public class SAML1AuthenticationData extends MOAAuthenticationData { /** * */ @@ -137,7 +137,7 @@ public void setAssertionID(String assertionID) { public void setIssueInstant(String date) { try { - setIssueInstant(DateTimeUtils.parseDateTime(date)); + setAuthenticationIssueInstant(DateTimeUtils.parseDateTime(date)); } catch (ParseException e) { Logger.error("Parse IssueInstant element FAILED.", e); -- cgit v1.2.3 From 17f4b996ccdf1b96675fa835c0f51f43d9690b34 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jun 2018 07:16:39 +0200 Subject: update SL20 authblock transformation --- .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 22 ++++++++++----- .../sl20_auth/dummydata/DummyAuthConfig.java | 30 ++++++++++++++++++--- .../modules/sl20_auth/eIDDataVerifierTest.java | 27 ++++++++----------- .../src/test/resources/SpringTest-context.xml | 7 ++++- .../moaspss_config/MOASPSSConfiguration.xml | 6 ++++- .../profiles/SL20_authblock_v1.0.xml | 6 ++--- .../profiles/SL20_authblock_v1.0_SIC.xml | 8 ++++++ .../src/test/resources/sl20.jks | Bin 0 -> 8439 bytes .../src/test/resources/tests/eIDdata_atrust.json | 14 +++------- 9 files changed, 79 insertions(+), 41 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index 6e4df144f..6a989dd47 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -5,27 +5,37 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; +import org.junit.runner.RunWith; import org.opensaml.xml.ConfigurationException; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -//@RunWith(SpringJUnit4ClassRunner.class) +@RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/SpringTest-context.xml") public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { - + + @Autowired IJOSETools joseTools; + + @Before - public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { + public void init() throws IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException, SL20Exception { String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); JsonParser jsonParser = new JsonParser(); JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); - JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); - JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad, "result", true); + //JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); + VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true); + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); @@ -36,6 +46,6 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Override protected String getSl20ReqId() { - return "_0ab3d7fd5ff8eb0bb15486ce48464fad"; + return "_63ff9ef67370024c4d2d8b9bfd380578"; } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index af47bc942..31275e492 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; +import java.io.IOException; import java.util.List; import java.util.Map; import java.util.Properties; @@ -24,8 +25,13 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public String getRootConfigFileDir() { - // TODO Auto-generated method stub - return null; + try { + return new java.io.File( "." ).getCanonicalPath(); + + } catch (IOException e) { + return null; + + } } @Override @@ -85,7 +91,25 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public String getBasicMOAIDConfiguration(String key) { if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID.equals(key)) - return "SL20Authblock_v1.0"; + return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key)) + return "/src/test/resources/sl20.jks"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD.equals(key)) + return "password"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS.equals(key)) + return "pvpIDP"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD.equals(key)) + return "password"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS.equals(key)) + return "pvpIDP"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD.equals(key)) + return "password"; else return null; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index c2784181a..54ea882de 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -8,13 +8,13 @@ import org.junit.BeforeClass; import org.junit.Test; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.core.Assertion; +import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; @@ -31,10 +31,10 @@ import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; public abstract class eIDDataVerifierTest { - - protected Map eIDData = null; + protected Map eIDData = null; + @Autowired DummyAuthConfig authConfig; @BeforeClass public static void moaSPSSInitialize() throws ConfigurationException, org.opensaml.xml.ConfigurationException, IOException { @@ -94,8 +94,7 @@ public abstract class eIDDataVerifierTest { throw new Exception("IDL parsing FAILED"); IOAAuthParameters dummyOA = new DummyOA(); - AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); - QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig); + QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , authConfig); } @@ -118,11 +117,11 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(authBlockB64)) throw new Exception("NO AuthBlock found"); - IOAAuthParameters dummyOA = new DummyOA(); - DummyAuthConfig dummyAuthConfig = new DummyAuthConfig(); - dummyAuthConfig.setRequireAuthBlockQC(false); - QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); - + IOAAuthParameters dummyOA = new DummyOA(); + authConfig.setRequireAuthBlockQC(false); + QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , authConfig); + authConfig.setRequireAuthBlockQC(true); + } @Test @@ -136,12 +135,8 @@ public abstract class eIDDataVerifierTest { IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); - AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); - - IOAAuthParameters dummyOA = new DummyOA(); - AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); - - IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, new DummyOA() , authConfig); QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml index 011d1ed64..c1f185208 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml @@ -9,5 +9,10 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - + + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml index 99e60de85..6cd4db122 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml @@ -74,9 +74,13 @@ - + SL20Authblock_v1.0 profiles/SL20_authblock_v1.0.xml + + SL20Authblock_v1.0_SIC + profiles/SL20_authblock_v1.0_SIC.xml + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml index c2c984e33..e67b1f5ce 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -1,8 +1,8 @@ -Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
- Vollmachten-Referenz:
DataURL:
AuthBlockValidTo:

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsToken:
+ Vollmachten-Referenz:
DataURL:
AuthBlockValidTo:

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml new file mode 100644 index 000000000..741013cd1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
+ Vollmachten-Referenz:
DataURL:
AuthBlockValidTo:

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks new file mode 100644 index 000000000..a9d1fc7d1 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json index 826430b0d..8fef32927 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -1,14 +1,6 @@ { "v": 10, - "respID": "FabhEfKEOBUW1jZryBqp", - "inResponseTo": "_0ab3d7fd5ff8eb0bb15486ce48464fad", - "payload": { - "name": "qualifiedeID", - "result": { - "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", - "EID-CITIZEN-QAA-LEVEL": "http://eidas.europa.eu/LoA/substantial", - "EID-CCS-URL": "https://www.a-trust.at/todo", - "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il8wYWIzZDdmZDVmZjhlYjBiYjE1NDg2Y2U0ODQ2NGZhZCIgSXNzdWVJbnN0YW50PSIyMDE4LTA2LTA3VDE1OjI2OjI1KzAyOjAwIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvPC9zYW1sMjpJc3N1ZXI+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiIC8+PHhzbDp0ZW1wbGF0ZSBtYXRjaD0iLyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48aGVhZD48dGl0bGU+U2lnbmF0dXIgZGVyIEFubWVsZGVkYXRlbjwvdGl0bGU+PHN0eWxlIG1lZGlhPSJzY3JlZW4iIHR5cGU9InRleHQvY3NzIj4KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IAogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQoJCQkJCQkJCS50aXRsZXN0eWxlIHsgdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTsgZm9udC13ZWlnaHQ6Ym9sZDsgZm9udC1zaXplOiBtZWRpdW07IH0gCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IAogICAgICAgICAgICAgIAkJCQk8L3N0eWxlPjwvaGVhZD48Ym9keT48aDQgY2xhc3M9Img0c3R5bGUiPkFubWVsZGVkYXRlbjo8L2g0PjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgUGVyc29uPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9ybmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiIC8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvbGxtYWNodDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnRleHQ+SWNoIG1lbGRlIG1pY2ggaW4gVmVydHJldHVuZyBhbi4gSW0gbsOkY2hzdGVuIFNjaHJpdHQgd2lyZCBtaXIgZWluZSBMaXN0ZSBkZXIgZsO8ciBtaWNoIHZlcmbDvGdiYXJlbiBWZXJ0cmV0dW5nc3ZlcmjDpGx0bmlzc2UgYW5nZXplaWd0LCBhdXMgZGVuZW4gaWNoIGVpbmVzIGF1c3fDpGhsZW4gd2VyZGUuPC94c2w6dGV4dD48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIEFud2VuZHVuZzwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5JZGVudGlmaWthdG9yOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5UZWNobmlzY2hlIFBhcmFtZXRlcjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXR1bTo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDksMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiIC8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5VaHJ6ZWl0OjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMTIsMikiIC8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIiAvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIgLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlRyYW5zYWt0aW9uc1Rva2tlbjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9ASUQiIC8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIiAvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiIC8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpzdHlsZXNoZWV0PjwvZHNpZzpUcmFuc2Zvcm0+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIiAvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48ZHNpZzpEaWdlc3RWYWx1ZT5iL1B5K3oweXIzQTVvaWsyRjJqSDZycXBYdTk0V2JZZzVBd0QrZGFUSmRFPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjZXRzaS1zaWduZWRwcm9wZXJ0aWVzLTEtMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPmdHNkxyS3JHcU5nWEtWZDVwaWIwdko2OVh1b0pRZlltNXhqZTFkOHFMSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWUgSWQ9InNpZ25hdHVyZXZhbHVlLTEtMSI+ZzR2OTlpV2R3K05jWnM4bWs5TnhPdVVxQ2Q3RnZXNXRKK3NLMkZzdEdoZkRnK0NMZmRiWVh4eWoxeTBYKzJpOGdJUjVLVVhybTRndEs0T09aT3Z4RlFzeWRtbkJqMW10QjRzM0V3MVhHK1pNeFJSRm5NTHpzWFdVQlhUTUxJcEozdlFpNW9qNHZmak5TdGRYL2NZWlFncEJ5OStJSVg3eDFjeVBGaWJtQk1CMzV3L2FEL1JQckhKOUVZalFEZ21IbGNHQXROZm96UFpJdS9MM0RXUGxDU2xJclBHNXZDS3BKSFBRcUt1QlFISy9nREFiUGI0WEx5ZVovR1BXNmsvRExMV1djWG04V1FyNysvYURvdHRtSWZwR0Z5YUIwSVlEWlpDdi82ZmxFRnpZMng4UXdyQmQ0cDkzeVZhMmJpUUZmd013VFNPQjVYVmJlODhQTW1jWDBnPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRjFqQ0NCTDZnQXdJQkFnSUVmZ1MzL1RBTkJna3Foa2lHOXcwQkFRc0ZBRENCb1RFTE1Ba0dBMVVFQmd3Q1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVqTUNFR0ExVUVDd3dhWVMxemFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNREl4SXpBaEJnTlZCQU1NR21FdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TUI0WERURTRNRFV6TURBNE16SXlPVm9YRFRJek1EVXpNREE0TXpJeU9Wb3dZREVMTUFrR0ExVUVCZ3dDUVZReEZ6QVZCZ05WQkFNTURrMWhlQ0JOZFhOMFpYSnRZVzV1TVJNd0VRWURWUVFFREFwTmRYTjBaWEp0WVc1dU1Rd3dDZ1lEVlFRcURBTk5ZWGd4RlRBVEJnTlZCQVVNRERVeE56WTJNRGN4T0RrNU16Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxOR1lYUm12QXg5Q0ptelZPNHVLcmVKaHB3VHdIaS9mUWhuWDNRZkIxVnpRZVlNTUhpM0dmVnpFbUFhRDZoclZJODRjeXFMQlFzdHlvNVJ4Sk05TGY2ejg0VFUzWlZka093QlZ4WGpvZTk4RG8rT3hqN3pvbE8rNlFkZTJhMmZNalpwaUROZGtFUGRVclEybFJSUHBCcWp5SEJIYjIzenNaMVBJWElwTWw2bm1zVlZGczlabGxqYmFNaTlsNTZaRk9BUlZBYnVlWWZTcEYwd0Q2NlU1UUMzL2Z3OVNZMzFhRFpvNWFTbU1jd3F3Q1d2Q2MvRWY1ZXZ1RWhPMnNPN1g1NU4yRU10YVZIK1gzODJIY3J6eW42bE5FekJDZis0dlpqUTZnWDFLYWx3Qkk5TG5pYUJKT0QvNHBIZlViNTFDSlVoTHU5UnQvcmt5SnlLV1l1N3o2TUNBd0VBQWFPQ0FsUXdnZ0pRTUlHREJnZ3JCZ0VGQlFjQkFRUjNNSFV3UlFZSUt3WUJCUVVITUFLR09XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlqWlhKMGN5OWhMWE5wWjI0dGNISmxiV2wxYlMxdGIySnBiR1V0TUROaExtTnlkREFzQmdnckJnRUZCUWN3QVlZZ2FIUjBjRG92TDI5amMzQXRkR1Z6ZEM1aExYUnlkWE4wTG1GMEwyOWpjM0F3RXdZRFZSMGpCQXd3Q29BSVJnYWZqa0dPRmIwd2NnWUlLd1lCQlFVSEFRTUVaakJrTUFvR0NDc0dBUVVGQndzQ01BZ0dCZ1FBamtZQkFUQUlCZ1lFQUk1R0FRUXdFd1lHQkFDT1JnRUdNQWtHQndRQWprWUJCZ0V3TFFZR0JBQ09SZ0VGTUNNd0lSWWJhSFIwY0hNNkx5OTNkM2N1WVMxMGNuVnpkQzVoZEM5d1pITXZFd0pGVGpBUkJnTlZIUTRFQ2dRSVFXeVM1ZFhrL3RZd0RnWURWUjBQQVFIL0JBUURBZ2JBTUFrR0ExVWRFd1FDTUFBd1lBWURWUjBnQkZrd1Z6QUlCZ1lFQUlzd0FRRXdTd1lHS2lnQUVRRVVNRUV3UHdZSUt3WUJCUVVIQWdFV00yaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrYjJOekwyTndMMkV0YzJsbmJpMXdjbVZ0YVhWdExXMXZZbWxzWlRDQnJnWURWUjBmQklHbU1JR2pNSUdnb0lHZG9JR2Fob0dYYkdSaGNEb3ZMMnhrWVhBdGRHVnpkQzVoTFhSeWRYTjBMbUYwTDI5MVBXRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXRVMmxuTFRBeUlDaFRTRUV0TWpVMktTeHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wUDJKaGMyVS9iMkpxWldOMFkyeGhjM005Wldsa1EyVnlkR2xtYVdOaGRHbHZia0YxZEdodmNtbDBlVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBeUVtZ09EdDAyeGF4SGI0RStPOVhnSW1FQzBBb0g0UTk3UHE3QmQ0ditQcXFkNmk1Um9kdndmVGdJYVcxSitmdkg4S1VUekkwWFg5d3BVV3dJbVZFR01INjNWQUpjWFZIMHk5aWZFV0lIZGhPTHRSWVZpZjBTUUs5WVJhY2h2SkRtRjVoTHdBUVJFZUdzWDJpTm1QN2RZZTR4aU5LQXRRbjBwaHZsUHFnaGE2b0tER01ROEZOQWZSejNrQXRYSndQYkZnNlFFNGtJaGtUZ2QzMnVPaUFKVzdHMlRhSlpYV2ZLOVRwVjVMUTEzKzExRkoyUzNLUWM4dWIvKzFHZGdpcktTVzRKMXpoc2ZUK1dDci9PYXlVMk16UVhLdjhPV2IwU3hXSUpIaU1UZXhIN3I5bXVHay9aTGthUVFWMkN0U09ZcVRBTjhBd2VDaUoxMXVWRkhlTHBRPT08L2RzaWc6WDUwOUNlcnRpZmljYXRlPjwvZHNpZzpYNTA5RGF0YT48L2RzaWc6S2V5SW5mbz48ZHNpZzpPYmplY3QgSWQ9ImV0c2ktc2lnbmVkLTEtMSI+PGV0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMgeG1sbnM6ZXRzaT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNzaWduYXR1cmUtMS0xIj48ZXRzaTpTaWduZWRQcm9wZXJ0aWVzIElkPSJldHNpLXNpZ25lZHByb3BlcnRpZXMtMS0xIj48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDdUMTM6MjY6MjVaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjZhVGtoYS9ZOXhZUzRiUU1aYndJWDhURnNEMkNlemRodXFIcFR0Q0kzZjA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPVT1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPPUEtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSCxDPUFUPC9kc2lnOlg1MDlJc3N1ZXJOYW1lPjxkc2lnOlg1MDlTZXJpYWxOdW1iZXI+MjExNDIzODQ2MTwvZHNpZzpYNTA5U2VyaWFsTnVtYmVyPjwvZXRzaTpJc3N1ZXJTZXJpYWw+PC9ldHNpOkNlcnQ+PC9ldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjxldHNpOlNpZ25hdHVyZVBvbGljeUltcGxpZWQgLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT48c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTgtMDYtMDdUMTU6MjY6MjUrMDI6MDAiIE5vdE9uT3JBZnRlcj0iMjAxOC0wNi0wN1QxNTo0MToyNSswMjowMCI+PHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vZWlkLmd2LmF0L21vYS1pZC1hdXRoL3NsMjAvZGF0YVVybD9wZW5kaW5naWQ9MTYxOTMyOTI0MzMwMjE3MjQ2PC9zYW1sMjpBdWRpZW5jZT48L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sMjpDb25kaXRpb25zPjxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlBWUC1WRVJTSU9OIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4xMCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TXVzdGVybWFubjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkdJVkVOLU5BTUUiIE5hbWU9InVybjpvaWQ6Mi41LjQuNDIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TWF4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iQklSVEhEQVRFIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1IiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjE5NDAtMDEtMDE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+aHR0cHM6Ly9sYWJkYS5pYWlrLnR1Z3Jhei5hdDo1NTUzL2RlbW9sb2dpbi88L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5sYWJkYSAtIERldmVsb3BtZW50PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUNvdW50cnlDb2RlIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFUPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48L3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWwyOkFzc2VydGlvbj4=" - } - } + "respID": "2LVPaGlWAwzxURkrcTQX", + "inResponseTo": "_63ff9ef67370024c4d2d8b9bfd380578", + "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAicmVzdWx0Ijogew0KICAgICJFSUQtSURFTlRJVFktTElOSyI6ICJQSE5oYld3NlFYTnpaWEowYVc5dUlFRnpjMlZ5ZEdsdmJrbEVQU0p6ZW5JdVltMXBMbWQyTG1GMExVRnpjMlZ5ZEdsdmJrbEVNVFV5T0RnNE1ESTJORE0wTURJNU5EVWlJRWx6YzNWbFNXNXpkR0Z1ZEQwaU1qQXhPQzB3TmkweE0xUXhNRG8xTnpvME5Dc3dNVG93TUNJZ1NYTnpkV1Z5UFNKb2RIUndPaTh2Y0c5eWRHRnNMbUp0YVM1bmRpNWhkQzl5WldZdmMzcHlMMmx6YzNWbGNpSWdUV0ZxYjNKV1pYSnphVzl1UFNJeElpQk5hVzV2Y2xabGNuTnBiMjQ5SWpBaUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qRXVNRHBoYzNObGNuUnBiMjRpSUhodGJHNXpPbkJ5UFNKb2RIUndPaTh2Y21WbVpYSmxibU5sTG1VdFoyOTJaWEp1YldWdWRDNW5kaTVoZEM5dVlXMWxjM0JoWTJVdmNHVnljMjl1WkdGMFlTOHlNREF5TURJeU9DTWlJSGh0Ykc1ek9tUnphV2M5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU1pSUhodGJHNXpPbVZqWkhOaFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU01pSUhodGJHNXpPbk5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0krQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblErQ2drSlBITmhiV3c2VTNWaWFtVmpkRDRLQ1FrSlBITmhiV3c2VTNWaWFtVmpkRU52Ym1acGNtMWhkR2x2Ymo0S0NRa0pDVHh6WVcxc09rTnZibVpwY20xaGRHbHZiazFsZEdodlpENTFjbTQ2YjJGemFYTTZibUZ0WlhNNmRHTTZVMEZOVERveExqQTZZMjA2YzJWdVpHVnlMWFp2ZFdOb1pYTThMM05oYld3NlEyOXVabWx5YldGMGFXOXVUV1YwYUc5a1Bnb0pDUWtKUEhOaGJXdzZVM1ZpYW1WamRFTnZibVpwY20xaGRHbHZia1JoZEdFK0Nna0pDUWtKUEhCeU9sQmxjbk52YmlCemFUcDBlWEJsUFNKd2NqcFFhSGx6YVdOaGJGQmxjbk52YmxSNWNHVWlQanh3Y2pwSlpHVnVkR2xtYVdOaGRHbHZiajQ4Y0hJNlZtRnNkV1UrZEhGRFVVVkROeXRCY1VkRlpXVk1Nemt3VmpWS1p6MDlQQzl3Y2pwV1lXeDFaVDQ4Y0hJNlZIbHdaVDUxY200NmNIVmliR2xqYVdRNlozWXVZWFE2WW1GelpXbGtQQzl3Y2pwVWVYQmxQand2Y0hJNlNXUmxiblJwWm1sallYUnBiMjQrUEhCeU9rNWhiV1UrUEhCeU9rZHBkbVZ1VG1GdFpUNU5ZWGc4TDNCeU9rZHBkbVZ1VG1GdFpUNDhjSEk2Um1GdGFXeDVUbUZ0WlNCd2NtbHRZWEo1UFNKMWJtUmxabWx1WldRaVBrMTFjM1JsY20xaGJtNDhMM0J5T2taaGJXbHNlVTVoYldVK1BDOXdjanBPWVcxbFBqeHdjanBFWVhSbFQyWkNhWEowYUQ0eE9UUXdMVEF4TFRBeFBDOXdjanBFWVhSbFQyWkNhWEowYUQ0OEwzQnlPbEJsY25OdmJqNEtDUWtKQ1R3dmMyRnRiRHBUZFdKcVpXTjBRMjl1Wm1seWJXRjBhVzl1UkdGMFlUNEtDUWtKUEM5ellXMXNPbE4xWW1wbFkzUkRiMjVtYVhKdFlYUnBiMjQrQ2drSlBDOXpZVzFzT2xOMVltcGxZM1ErQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1VnUVhSMGNtbGlkWFJsVG1GdFpUMGlRMmwwYVhwbGJsQjFZbXhwWTB0bGVTSWdRWFIwY21saWRYUmxUbUZ0WlhOd1lXTmxQU0oxY200NmNIVmliR2xqYVdRNlozWXVZWFE2Ym1GdFpYTndZV05sY3pwcFpHVnVkR2wwZVd4cGJtczZNUzR5SWo0OGMyRnRiRHBCZEhSeWFXSjFkR1ZXWVd4MVpUNDhaSE5wWnpwU1UwRkxaWGxXWVd4MVpUNDhaSE5wWnpwTmIyUjFiSFZ6UG5sMlIwMVFSRFZaYWtobVpXOHhkbHBoU0VGNFEwWkNNeXRCUW0xaVlWQnpjRE5HTVhGRGRHY3ZaWFpsVVZSSWNsQnlSVXhPVDJaT1VuWTBhV0V3WlhjNFRsQnlaVFpRUjJKRFZHTU5DbnBrT1ZGdVZqSmlSRE5yVFhCa1VqUlRjMlpRVFVnd2VGQkdXRFV4T0dsUlZEQTFUWHBhT1dRM01WVnpiRGxzZHpack1HcHdTMjFGVlVWMlpWcGpRVVZKTVhGa00ySjNTWEJVTURnTkNtRjZabG8xTDFCa1JUWlpSVmcyVlhwUE5FSk1VbHB3ZUdOTlJtTXdhRGxaYW5vclZ6QktjRVYxVTFKUE0xZFFjRVpvY2xZeVZVOUtVU3R4ZUhrdk5EWklZek5JVERkTlFsRlNWMm9OQ2twVU9XUndlV0l2T0dSbFpWQkRialJGTldoTFRWSlRjblZGUjJwaGFFOVlMMHcwTTNWSFVVOU5VRVZ4V1hCTFNIZzRhazlTTDBsUE16WnJTSFZWWm5GT1RuVlhiRWhDYlVzMldFME5DbmN3TUZsclYyTkRVRUkwYW1KUk5URTBSVk16UjFJMlJIQkpNbGRVVVRCaFRGbHRWR1YzUFQwOEwyUnphV2M2VFc5a2RXeDFjejQ4WkhOcFp6cEZlSEJ2Ym1WdWRENUJVVUZDUEM5a2MybG5Pa1Y0Y0c5dVpXNTBQand2WkhOcFp6cFNVMEZMWlhsV1lXeDFaVDQ4TDNOaGJXdzZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzT2tGMGRISnBZblYwWlQ0OEwzTmhiV3c2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwUGdvSlBHUnphV2M2VTJsbmJtRjBkWEpsUGdvSkNUeGtjMmxuT2xOcFoyNWxaRWx1Wm04K0Nna0pDVHhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekV3TDNodGJDMWxlR010WXpFMGJpTWlJQzgrQ2drSkNUeGtjMmxuT2xOcFoyNWhkSFZ5WlUxbGRHaHZaQ0JCYkdkdmNtbDBhRzA5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU55YzJFdGMyaGhNU0lnTHo0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGVlNTVDBpSWo0S0NRa0pDVHhrYzJsbk9sUnlZVzV6Wm05eWJYTStDZ2tKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrOFpITnBaenBZVUdGMGFENXViM1FvWVc1alpYTjBiM0l0YjNJdGMyVnNaam82Y0hJNlNXUmxiblJwWm1sallYUnBiMjRwUEM5a2MybG5PbGhRWVhSb1Bnb0pDUWtKQ1R3dlpITnBaenBVY21GdWMyWnZjbTArQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdElFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkyVnVkbVZzYjNCbFpDMXphV2R1WVhSMWNtVWlJQzgrQ2drSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1R4a2MybG5Pa1JwWjJWemRFMWxkR2h2WkNCQmJHZHZjbWwwYUcwOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREF2TURrdmVHMXNaSE5wWnlOemFHRXhJaUF2UGdvSkNRa0pQR1J6YVdjNlJHbG5aWE4wVm1Gc2RXVSthVXN6TW10cmJVNWtVelZIV2xSemJHOHhTbVJDWVdsRFRsVnJQVHd2WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDRLQ1FrSlBDOWtjMmxuT2xKbFptVnlaVzVqWlQ0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGUjVjR1U5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU5OWVc1cFptVnpkQ0lnVlZKSlBTSWpiV0Z1YVdabGMzUWlQZ29KQ1FrSlBHUnphV2M2UkdsblpYTjBUV1YwYUc5a0lFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkzTm9ZVEVpSUM4K0Nna0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDQ0TWtadVlVeGxja2x6YVVOM1RFRlhVVEZYUVVjcmJVUlVWVTA5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRazhMMlJ6YVdjNlVtVm1aWEpsYm1ObFBnb0pDVHd2WkhOcFp6cFRhV2R1WldSSmJtWnZQZ29KQ1R4a2MybG5PbE5wWjI1aGRIVnlaVlpoYkhWbFBnb2dJQ0FnY1UxMU1uTXJkV2xwVlhVMk0zRmpOWEZhYmxWWFpVeEZSREpuVm5GRFkwTmtRMGN4ZHpFMVoxSkdTV3Q0UzNOWVZGRlRRVE5LVjBoRFJYaHhjams1ZDBjMFYwMXRjRTF0U21oaFR3MEtkRGc0TjJOUlRtOUdURFJaYTBzMVRXcEhOR28wUjI1Q1ZHZFRhRVpXY0c0MWRXaFBkblpITUZsd1lVSlhNMlYyYVdSYVRYWkllV0psV1VSSVZHeHBia2sxVWtaU1pVaEdXRU5zVGcwS1dGQmhUMWxWTHpVek5GRnhaMWhLU1hrMFpXdHVkRFJ2UXk5TE0xRnVaVWhoU1VKbmVrSjFkMlpIUjIxbGEwVnlPVGROUkV0NllXWjBhMDVwTVVSS1dFNDRkMkZJVmtWTVdubHRPUTBLUjJGM1JraExjRUpGY2s5aGVqQXZVRVpxZUZGUVpsQkRaVW93UzJoNGRqbFFWVmh5YUZkUlMySkhZWEp1VlU1MUx5dFRNVEZqUzA5eGMzQmpiR2htUzFac2QxUlNhQzlXVkdsaFZBMEtSbUU0THpoYVMwSTVNM2cyV21SSVQwMHlZblY1VERaMVRqQTFjblpMWW05d1ozcG5ObEU5UFFvZ0lEd3ZaSE5wWnpwVGFXZHVZWFIxY21WV1lXeDFaVDQ4WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2xnMU1EbEVZWFJoUGp4a2MybG5PbGcxTURsRFpYSjBhV1pwWTJGMFpUNU5TVWxHZFhwRFEwSkxUMmRCZDBsQ1FXZEpSRWRUYTJWTlFUQkhRMU54UjFOSllqTkVVVVZDUWxGVlFVMUpSMlpOVVhOM1ExRlpSRlpSVVVkRmQwcENEUXBXUkVaSlRVVlpSMEV4VlVWRFozY3ZVVk14VldOdVZucGtRMEpJV2xoTmRVbEhXWFZKUms1d1dUSm9iR050YUd4aFdGSjZZek5zZW1SSFZuUmFVMEp3RFFwaVUwSnNZa2RXY21SSVNYVkpSVkpvWkVkV2RXUnRWbmxoTWxadlkybENTR0pYU2tsTlUwbDNTVUZaUkZaUlVVeEVRbXhvVEZoT2NGb3lOSFJaTWpsNURRcGpSemw1V1ZoU2JFeFhlSEJhTW1nd1RGUkJlVTFUU1hkSlFWbEVWbEZSUkVSQ2JHaE1XRTV3V2pJMGRGa3lPWGxqUnpsNVdWaFNiRXhYZUhCYU1tZ3dEUXBNVkVGNVRVSTBXRVJVUlRGTlJHTjVUMFJGTVU1RWEzZE9WbTlZUkZSSmQwMUVZM2xQUkVWNlRrUnJkMDVXYjNkbllsbDRRM3BCU2tKblRsWkNRVmxVRFFwQmEwWlZUVkkwZDBoQldVUldVVkZMUkVKV1JWbFlVbXhpYms1cVlVaFdNR1Z0ZEhaaVZ6RndZek5PY0dJeU5IaEpha0ZuUW1kT1ZrSkJjMDFIVms0d0RRcFpWekYwWlcxR2IySklTbXhhTW14NlpFZFdlVmx0Vm05aU1sWjVXa2RWZUV4cVFYTkNaMDVXUWtGTlRVcFdUbkJhTWpWb1pFaFdlV015Vm5sa2JXeHFEUXBhVTBKRldWaFNiR0p1VG1waFNGWXdaVzEwZG1KWE1YQmpNMDV3WWpJMGVFWlVRVlJDWjA1V1FrRlZWRVJFVFhsT1ZHdDVUMFJOZVUxNmF6VlBSRVZqRFFwTlFtOUhRMU54UjFOSllqTkVVVVZLUVZGM1RscElUbkpSUjFKNllYazFibVJwTldoa1JFTkRRVk5KZDBSUldVcExiMXBKYUhaalRrRlJSVUpDVVVGRURRcG5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVNHJaRUpUUlVKSGFqSnFWVmhKU3pGTmNETnNWbmhqTDFwaEszQktUV2w1UzNKWU0wY3hXbmhuV0M5cGEzZzNEUXBFT1hOamMxQlpUWFEwTnpOTWJFRlhiRGxqYlVOaVNHSktTeXRRVmpKWVRrNWtWVkpNVFZWRFNWZ3JOSFpWVG5NeVRVaGxSRlJSZEZnNFFsaHFTa1p3RFFwM1NsbFRiMkZTU2xFek9VWldVeTh4Y2pWelYyTnlZVGxJYUdSdE4zYzFSM1I0THpKMWEzbEVXREJyWkd0NFlYZHJhRkEwUlZGRmVta3ZVMGtyUm5WbkRRcHVLMWR4WjFFeGJrRmtiR0o0WWk5a1kwSjNOWGN4YURsaU0yeHRkWGRWWmpSNk0yOXZVVmRWUkRKRVowRXZhMHRrTVV0bGFrNVNORE50VEZWemJYWlREUXA2WlhaUWVGUTVlbk0zT0hCUFVqRlBZV05DTjBsemVsUldTbEJZWlU5RllXRk9Xa2h1YmtJdlZXVlBNMmM0VEVWV0x6TlBhMWhqVldkalRXdGlTVWxwRFFwaFFraHNiR3czTVZCeE1FTlBhamxyY1dwWWIyVTNUM0pTYWt4Wk5Xa3pTM2RQY0dFMlZFMURRWGRGUVVGaFQwTkJaVlYzWjJkSWFFMUNSVWRCTVZWa0RRcEVaMUZMUWtGb1RVTkJObVZIZGxNeGRXcEJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkNURUYzUkdkWlNFdHBaMEZEWjBWSVFWRlJSRUZSU0M5TlFrMUhEUXBCTVZWa1NYZFJUVTFCY1VGRFJXdGpWMFJ3VURaQk1FUk5RV3RIUVRGVlpFVjNVVU5OUVVGM1JrRlpTRXRwWjBGRFowVkNRVkZSU2tSQlpFTlZNRWwwRFFwU1JrNU1UVWc0UjBORGMwZEJVVlZHUW5kRlFrSklUWGRqVkVKSFFtZG5ja0puUlVaQ1VXTjNRVzlaTm1GSVVqQmpSRzkyVEROa00yUjVOV2hNV0ZKNURRcGtXRTR3VEcxR01Fd3lUbXhqYmxKNlRESkZkR015Ykc1aWFURnFZak5LZDJJelNtaGtSMVYwWWtkc2JtRklVWFJOUkVwb1RHMU9lV1JFUVc1Q1oyZHlEUXBDWjBWR1FsRmpkMEZaV1dKaFNGSXdZMFJ2ZGt3eU9XcGpNMEYxV1ZNeE1HTnVWbnBrUXpWb1pFTTVkbGt6VG5kTlJsRkhRVEZWWkVsQlVrNU5SWE4zRFFwVFVWbEhTMmxuUVVWUlJWTk5SRGgzVUZGWlNVdDNXVUpDVVZWSVFXZEZWMDFYYURCa1NFRTJUSGs1TTJRelkzVlpVekV3WTI1V2VtUkROV2hrUXpsckRRcGlNazU2VERKT2Qwd3lSWFJqTW14dVlta3hRbUpZVW5wak1teHVZbTFHTUdSWVNYZG5XalJIUVRGVlpFaDNVMEpzYWtOQ2EzcERRbXRMUTBKcVlVTkNEUXBwYjJGQ2FESjRhMWxZUVRaTWVUbHpXa2RHZDB4dFJYUmtTRW94WXpOUmRWbFlVWFppTTFVNVdWTXhlbUZYWkhWTVYwNTJZMjVDZG1OdFJqQmFVekZ6RFFwaFYyUnZaRU13ZDAxcGVIWlFWVVYwVmtoS01XTXpVWE5aZWpGQ1ZrUTVhbHBZU2pCaFYxcHdXVEpHTUZwWVNteGtiVGxxV1ZoU2NHSXlOWE5oV0U0d0RRcFFNa3BvWXpKVkwySXlTbkZhVjA0d1dUSjRhR016VFRsYVYyeHJVVEpXZVdSSGJHMWhWMDVvWkVkc2RtSnJSakZrUjJoMlkyMXNNR1ZVUVU1Q1oydHhEUXBvYTJsSE9YY3dRa0ZSVlVaQlFVOURRVkZGUVVoUk0xcERUWFJCWW1GNlpVMUliVmRCTW5wb1dXeEljVWhuUzFadlkxWllSVVJuYlU1dFYweEhjVVpsRFFvNFJVRkVSa2x6T0hWSGNtdDBRbTFYUTFWSldHSlljemRVU0dObWVITXlTalEzZGtoMVkyOXdjMlJyWVdKT2JGaEZhbnB1WkZKbWJtTXJNVlpKYm1KdkRRcDZUWEpaWkRkcVpVUk9WRXN2ZEVscWFVOUZXV1J5ZVVsd1pXdFdPVU5tWVhjM2VYVTJiV1ZtVFhwbGRURmhRWGRtTjBKdVN5OW9kV2wzU2xkdVpXNXdEUXBDTjJsRUwxQjJXaXR0ZW5WRE4xSk9aa3BtUmlzclUzUnBRbFI0YVROV1dYaE9SMDFxVFRGalZUaEhkemxXVjJNd1VqTkZkV3BQWVZoWFowTkRPR2sxRFFwR1IyaFdkazlaYUU1WVpuTjRTbGhpVG5obGQwVkRhbkJCVEhaRWJFWk1UQ3RwUXpRNVJ5dEJSRk52VW5Zd1UyczVNVTlRZFN0alNXMURhak55Y3pOUkRRcDBZWE5KTDNBNVRGbGhZMGMyWXk5blNUTjBSVEJwYUhGbk9WSmljMHRJV0ZGc00xQlBka1ZTU2tFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBnb0pDVHhrYzJsbk9rOWlhbVZqZEQ0S0NRa0pQR1J6YVdjNlRXRnVhV1psYzNRZ1NXUTlJbTFoYm1sbVpYTjBJajRLQ1FrSkNUeGtjMmxuT2xKbFptVnlaVzVqWlNCVlVrazlJaUkrQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrSlBHUnphV2M2V0ZCaGRHZytibTkwS0dGdVkyVnpkRzl5TFc5eUxYTmxiR1k2T21SemFXYzZVMmxuYm1GMGRYSmxLVHd2WkhOcFp6cFlVR0YwYUQ0S0NRa0pDUWtKUEM5a2MybG5PbFJ5WVc1elptOXliVDRLQ1FrSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrOFpITnBaenBFYVdkbGMzUk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF3THpBNUwzaHRiR1J6YVdjamMyaGhNU0lnTHo0S0NRa0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDV0TWpWR056UXZOMWRMVlV4QmIwVXlWemRDYzBneVdVWlFUelE5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRa0pQQzlrYzJsbk9sSmxabVZ5Wlc1alpUNEtDUWtKUEM5a2MybG5PazFoYm1sbVpYTjBQZ29KQ1R3dlpITnBaenBQWW1wbFkzUStDZ2s4TDJSemFXYzZVMmxuYm1GMGRYSmxQZ284TDNOaGJXdzZRWE56WlhKMGFXOXVQZz09IiwNCiAgICAiRUlELUNJVElaRU4tUUFBLUxFVkVMIjogImh0dHA6Ly9laWRhcy5ldXJvcGEuZXUvTG9BL3N1YnN0YW50aWFsIiwNCiAgICAiRUlELUNDUy1VUkwiOiAiaHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvIiwNCiAgICAiRUlELUFVVEgtQkxPQ0siOiAiUEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpSUhOMFlXNWtZV3h2Ym1VOUltNXZJajgrUEhOaGJXd3lPa0Z6YzJWeWRHbHZiaUI0Yld4dWN6cHpZVzFzTWowaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRnpjMlZ5ZEdsdmJpSWdTVVE5SWw4Mk0yWm1PV1ZtTmpjek56QXdNalJqTkdReVpEaGlPV0ptWkRNNE1EVTNPQ0lnU1hOemRXVkpibk4wWVc1MFBTSXlNREU0TFRBMkxURXpWREUzT2pRMk9qQTVLekF5T2pBd0lpQldaWEp6YVc5dVBTSXlMakFpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0krUEhOaGJXd3lPa2x6YzNWbGNpQkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcHVZVzFsYVdRdFptOXliV0YwT21WdWRHbDBlU0krYUhSMGNITTZMeTkzZDNjdVlTMTBjblZ6ZEM1aGRDOTBiMlJ2UEM5ellXMXNNanBKYzNOMVpYSStQR1J6YVdjNlUybG5ibUYwZFhKbElIaHRiRzV6T21SemFXYzlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURBdk1Ea3ZlRzFzWkhOcFp5TWlJRWxrUFNKemFXZHVZWFIxY21VdE1TMHhJajQ4WkhOcFp6cFRhV2R1WldSSmJtWnZQanhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk5VVVpOHlNREF4TDFKRlF5MTRiV3d0WXpFMGJpMHlNREF4TURNeE5TSWdMejQ4WkhOcFp6cFRhV2R1WVhSMWNtVk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU055YzJFdGMyaGhNalUySWlBdlBqeGtjMmxuT2xKbFptVnlaVzVqWlNCSlpEMGljbVZtWlhKbGJtTmxMVEV0TVNJZ1ZWSkpQU0lpUGp4a2MybG5PbFJ5WVc1elptOXliWE0rUEdSemFXYzZWSEpoYm5ObWIzSnRJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2VkZJdk1UazVPUzlTUlVNdGVITnNkQzB4T1RrNU1URXhOaUkrUEhoemJEcHpkSGxzWlhOb1pXVjBJSGh0Ykc1ek9uaHpiRDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TVRrNU9TOVlVMHd2VkhKaGJuTm1iM0p0SWlCbGVHTnNkV1JsTFhKbGMzVnNkQzF3Y21WbWFYaGxjejBpYzJGdGJESWlJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02YzJGdGJESTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUGp4NGMydzZiM1YwY0hWMElHMWxkR2h2WkQwaWVHMXNJaUI0Yld3NmMzQmhZMlU5SW1SbFptRjFiSFFpSUM4K1BIaHpiRHAwWlcxd2JHRjBaU0J0WVhSamFEMGlMeUlnZUcxc2JuTTlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5MekU1T1RrdmVHaDBiV3dpUGp4b2RHMXNJSGh0Ykc1elBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDNob2RHMXNJajQ4YUdWaFpENDhkR2wwYkdVK1UybG5ibUYwZFhJZ1pHVnlJRUZ1YldWc1pHVmtZWFJsYmp3dmRHbDBiR1UrUEhOMGVXeGxJRzFsWkdsaFBTSnpZM0psWlc0aUlIUjVjR1U5SW5SbGVIUXZZM056SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FKQ1FrSkNTNXViM0p0WVd4emRIbHNaU0I3SUdadmJuUXRjMmw2WlRvZ2JXVmthWFZ0T3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRa0pMbWwwWVd4cFkzTjBlV3hsSUhzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lHWnZiblF0YzNSNWJHVTZJR2wwWVd4cFl6c2dmUW9KQ1FrSkNRa0pDUzUwYVhSc1pYTjBlV3hsSUhzZ2RHVjRkQzFrWldOdmNtRjBhVzl1T25WdVpHVnliR2x1WlRzZ1ptOXVkQzEzWldsbmFIUTZZbTlzWkRzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lIMGdDZ2tKQ1FrSkNRa0pMbWcwYzNSNWJHVWdleUJtYjI1MExYTnBlbVU2SUd4aGNtZGxPeUI5SUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtDUWtKQ1FrSkNRa3VhR2xrWkdWdUlIdGthWE53YkdGNU9pQnViMjVsT3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRazhMM04wZVd4bFBqd3ZhR1ZoWkQ0OFltOWtlVDQ4YURRZ1kyeGhjM005SW1nMGMzUjViR1VpUGtGdWJXVnNaR1ZrWVhSbGJqbzhMMmcwUGp4d0lHTnNZWE56UFNKMGFYUnNaWE4wZVd4bElqNUVZWFJsYmlCNmRYSWdVR1Z5YzI5dVBDOXdQangwWVdKc1pTQmpiR0Z6Y3owaWNHRnlZVzFsZEdWeWN5SStQSGh6YkRwcFppQjBaWE4wUFNKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUXZjMkZ0YkRJNlFYUjBjbWxpZFhSbFcwQk9ZVzFsUFNkMWNtNDZiMmxrT2pJdU5TNDBMalF5SjEwdmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVXBJajQ4ZEhJK1BIUmtJR05zWVhOelBTSnBkR0ZzYVdOemRIbHNaU0krVm05eWJtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakl1TlM0MExqUXlKMTB2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVaUlDOCtQQzkwWkQ0OEwzUnlQand2ZUhOc09tbG1Qang0YzJ3NmFXWWdkR1Z6ZEQwaWMzUnlhVzVuS0M5ellXMXNNanBCYzNObGNuUnBiMjR2YzJGdGJESTZRWFIwY21saWRYUmxVM1JoZEdWdFpXNTBMM05oYld3eU9rRjBkSEpwWW5WMFpWdEFUbUZ0WlQwbmRYSnVPbTlwWkRveExqSXVOREF1TUM0eE1DNHlMakV1TVM0eU5qRXVNakFuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTa2lQangwY2o0OGRHUWdZMnhoYzNNOUltbDBZV3hwWTNOMGVXeGxJajVPWVdOb2JtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhlSE5zT21sbUlIUmxjM1E5SW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMM05oYld3eU9rRjBkSEpwWW5WMFpWTjBZWFJsYldWdWRDOXpZVzFzTWpwQmRIUnlhV0oxZEdWYlFFNWhiV1U5SjNWeWJqcHZhV1E2TVM0eUxqUXdMakF1TVRBdU1pNHhMakV1TlRVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU2tpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SFpXSjFjblJ6WkdGMGRXMDZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNDFOU2RkTDNOaGJXd3lPa0YwZEhKcFluVjBaVlpoYkhWbElpQXZQand2ZEdRK1BDOTBjajQ4TDNoemJEcHBaajQ4ZUhOc09tbG1JSFJsYzNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNHlOakV1T1RBblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGxadmJHeHRZV05vZERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25SbGVIUStTV05vSUcxbGJHUmxJRzFwWTJnZ2FXNGdWbVZ5ZEhKbGRIVnVaeUJoYmk0Z1NXMGdic09rWTJoemRHVnVJRk5qYUhKcGRIUWdkMmx5WkNCdGFYSWdaV2x1WlNCTWFYTjBaU0JrWlhJZ1pzTzhjaUJ0YVdOb0lIWmxjbWJEdkdkaVlYSmxiaUJXWlhKMGNtVjBkVzVuYzNabGNtakRwR3gwYm1semMyVWdZVzVuWlhwbGFXZDBMQ0JoZFhNZ1pHVnVaVzRnYVdOb0lHVnBibVZ6SUdGMWMzZkRwR2hzWlc0Z2QyVnlaR1V1UEM5NGMydzZkR1Y0ZEQ0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BDOTBZV0pzWlQ0OGNDQmpiR0Z6Y3owaWRHbDBiR1Z6ZEhsc1pTSStSR0YwWlc0Z2VuVnlJRUZ1ZDJWdVpIVnVaend2Y0Q0OGRHRmliR1VnWTJ4aGMzTTlJbkJoY21GdFpYUmxjbk1pUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SlpHVnVkR2xtYVd0aGRHOXlPaUE4TDNSa1BqeDBaQ0JqYkdGemN6MGlibTl5YldGc2MzUjViR1VpUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKMmgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblF2YzJGdGJESTZRWFIwY21saWRYUmxXMEJPWVcxbFBTZG9kSFJ3T2k4dlpXbGtMbWQyTG1GMEwyVkpSQzloZEhSeWFXSjFkR1Z6TDFObGNuWnBZMlZRY205MmFXUmxja1p5YVdWdVpHeDVUbUZ0WlNkZEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxLU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGs1aGJXVTZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5hSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpHY21sbGJtUnNlVTVoYldVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0lnTHo0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BIaHpiRHBwWmlCMFpYTjBQU0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2RvZEhSd09pOHZaV2xrTG1kMkxtRjBMMlZKUkM5aGRIUnlhV0oxZEdWekwxTmxjblpwWTJWUWNtOTJhV1JsY2tOdmRXNTBjbmxEYjJSbEoxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VwSWo0OGRISStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1UzUmhZWFE2SUR3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJaTl6WVcxc01qcEJjM05sY25ScGIyNHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFUzUmhkR1Z0Wlc1MEwzTmhiV3d5T2tGMGRISnBZblYwWlZ0QVRtRnRaVDBuYUhSMGNEb3ZMMlZwWkM1bmRpNWhkQzlsU1VRdllYUjBjbWxpZFhSbGN5OVRaWEoyYVdObFVISnZkbWxrWlhKRGIzVnVkSEo1UTI5a1pTZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhMM1JoWW14bFBqeHdJR05zWVhOelBTSjBhWFJzWlhOMGVXeGxJajVVWldOb2JtbHpZMmhsSUZCaGNtRnRaWFJsY2p3dmNENDhkR0ZpYkdVZ1kyeGhjM005SW5CaGNtRnRaWFJsY25NaVBqeDBjajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUVZWFIxYlRvOEwzUmtQangwWkNCamJHRnpjejBpYm05eWJXRnNjM1I1YkdVaVBqeDRjMnc2ZG1Gc2RXVXRiMllnYzJWc1pXTjBQU0p6ZFdKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTlBU1hOemRXVkpibk4wWVc1MExEa3NNaWtpSUM4K1BIaHpiRHAwWlhoMFBpNDhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMRFlzTWlraUlDOCtQSGh6YkRwMFpYaDBQaTQ4TDNoemJEcDBaWGgwUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSnpkV0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOUFTWE56ZFdWSmJuTjBZVzUwTERFc05Da2lJQzgrUEM5MFpENDhMM1J5UGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1VmFISjZaV2wwT2p3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJbk4xWW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMMEJKYzNOMVpVbHVjM1JoYm5Rc01USXNNaWtpSUM4K1BIaHpiRHAwWlhoMFBqbzhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMREUxTERJcElpQXZQang0YzJ3NmRHVjRkRDQ2UEM5NGMydzZkR1Y0ZEQ0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGljM1ZpYzNSeWFXNW5LQzl6WVcxc01qcEJjM05sY25ScGIyNHZRRWx6YzNWbFNXNXpkR0Z1ZEN3eE9Dd3lLU0lnTHo0OEwzUmtQand2ZEhJK1BIUnlQangwWkNCamJHRnpjejBpYVhSaGJHbGpjM1I1YkdVaVBsUnlZVzV6WVd0MGFXOXVjMVJ2YTJWdU9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDBCSlJDSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKM1Z5YmpwdmFXUTZNUzR5TGpRd0xqQXVNVEF1TWk0eExqRXVNall4TGprd0oxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo0S0NRa0pDUWtKQ1FrSkNRbFdiMnhzYldGamFIUmxiaTFTWldabGNtVnVlam9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0NU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhkSElnWTJ4aGMzTTlJbWhwWkdSbGJpSStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1JHRjBZVlZTVERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25aaGJIVmxMVzltSUhObGJHVmpkRDBpTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcERiMjVrYVhScGIyNXpMM05oYld3eU9rRjFaR2xsYm1ObFVtVnpkSEpwWTNScGIyNHZjMkZ0YkRJNlFYVmthV1Z1WTJVaUlDOCtQQzkwWkQ0OEwzUnlQang0YzJ3NmFXWWdkR1Z6ZEQwaUwzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBEYjI1a2FYUnBiMjV6TDBCT2IzUlBiazl5UVdaMFpYSWlQangwY2lCamJHRnpjejBpYUdsa1pHVnVJajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUJkWFJvUW14dlkydFdZV3hwWkZSdk9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDNOaGJXd3lPa052Ym1ScGRHbHZibk12UUU1dmRFOXVUM0pCWm5SbGNpSWdMejQ4TDNSa1Bqd3ZkSEkrUEM5NGMydzZhV1krUEM5MFlXSnNaVDQ4TDJKdlpIaytQQzlvZEcxc1Bqd3ZlSE5zT25SbGJYQnNZWFJsUGp3dmVITnNPbk4wZVd4bGMyaGxaWFErUEM5a2MybG5PbFJ5WVc1elptOXliVDQ4WkhOcFp6cFVjbUZ1YzJadmNtMGdRV3huYjNKcGRHaHRQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEx6RXdMM2h0YkMxbGVHTXRZekUwYmlNaUlDOCtQQzlrYzJsbk9sUnlZVzV6Wm05eWJYTStQR1J6YVdjNlJHbG5aWE4wVFdWMGFHOWtJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOHdOQzk0Yld4bGJtTWpjMmhoTWpVMklpQXZQanhrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQbXBoTUhSSlVEQkJVVEU0ZGk4NFpsVmpOR1kxYVhsSGNIWXhXVGhFYWpGUGJDODVNa2RTU0V0Q2EyYzlQQzlrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQand2WkhOcFp6cFNaV1psY21WdVkyVStQR1J6YVdjNlVtVm1aWEpsYm1ObElFbGtQU0psZEhOcExXUmhkR0V0Y21WbVpYSmxibU5sTFRFdE1TSWdWSGx3WlQwaWFIUjBjRG92TDNWeWFTNWxkSE5wTG05eVp5OHdNVGt3TXlOVGFXZHVaV1JRY205d1pYSjBhV1Z6SWlCVlVrazlJaU5sZEhOcExYTnBaMjVsWkhCeWIzQmxjblJwWlhNdE1TMHhJajQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrTVZGVWFXNTBPR1Y1UXpsNFVFbExXR0ZxYzJ0cmVUWmlMM2MzY20xV1JEUldZMjQwUjFkMVJrMVZjejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5a2MybG5PbEpsWm1WeVpXNWpaVDQ4TDJSemFXYzZVMmxuYm1Wa1NXNW1iejQ4WkhOcFp6cFRhV2R1WVhSMWNtVldZV3gxWlNCSlpEMGljMmxuYm1GMGRYSmxkbUZzZFdVdE1TMHhJajVLT0ROMFdUUnhUMWhGWVhWNWMxVXhMM1pUZWtzMk1EbDBNRWRKUm5sQlJUZFVkR05LYmpsRmNXZGFXa3RHTmxNMWVVRllURTlzZEhsc1JVdFBZV015TW1zMUsxaHlaRlZ0ZFV0NGFtNHdMekZQWTNwSFJqRTNlR1pYYXpORWFtbHdUMDlqZFVOM2VYQlZTV3BWTW5KVEt6RldkMnhxVUU4NGNIY3hTSGR3VEZaa1JtbFJjVzkzZVU5NFRGTkJlV05VUlV4Ukx6bHhRVTFaTm05UFpscFBiMEZhVTNaVFpXOVJVazVhVFN0YUwyTjZOalZDZUhwdFZrUklkMjgwYmxkemJTOXdVWEpSYmtkblVGQTFORmRNVWpSc1YyOXZWV2xqU1ZkdVEyMW5ZbVV6WVdkUVoybFBNVTlITVV4SWNuTkVNbXBrY0VKeGJITkJjWGR2Y0U1Qk5ta3dXbkE1Y3pFNVNEWk1VbWxsTjBKNE9EUnpSbmxLWlhNMU5qWTFaRkp4WlhoWFpub3ZOVGhaU0ZndmMzWkdOWEpDZUhjMVVHcEtZbGhYYmxKNlptcHpORXM0YzBSeVdsQmFhSEZSU0hwQ1Zub3pTV2M5UFR3dlpITnBaenBUYVdkdVlYUjFjbVZXWVd4MVpUNDhaSE5wWnpwTFpYbEpibVp2UGp4a2MybG5PbGcxTURsRVlYUmhQanhrYzJsbk9sZzFNRGxEWlhKMGFXWnBZMkYwWlQ1TlNVbEdNV3BEUTBKTU5tZEJkMGxDUVdkSlJWRnpNVEpxVkVGT1FtZHJjV2hyYVVjNWR6QkNRVkZ6UmtGRVEwSnZWRVZNVFVGclIwRXhWVVZDWjNkRFVWWlJlRk5FUWtkQ1owNVdRa0Z2VFZBd1JYUldTRW94WXpOUloxSXlWbnBNYVVKdFRHbENWR0ZYVG05YVdFcHZXbGRzTUdNelRqVmpNMUpzWWxkVloyRlhNR2RhVjNoc1lUTlNlVXhwUWtWWldGSnNZbTVhYkdOdGRHeGhTRWxuVWpJeGFWTkVSV3BOUTBWSFFURlZSVU4zZDJGWlV6RjZZVmRrZFV4V1FubGFWekZ3WkZjd2RGWkhWbnBrUXpGVVlWZGpkRTFFU1hoSmVrRm9RbWRPVmtKQlRVMUhiVVYwWXpKc2JtSnBNVkZqYlZaMFlWaFdkRXhXVW14ak0xRjBWVEpzYmt4VVFYbE5RalJZUkZSRk5FMUVXWGhOZWtFMFRsUmpNVTlHYjFoRVZFbDZUVVJaZUUxNlFUUk9WR014VDBadmQxbEVSVXhOUVd0SFFURlZSVUpuZDBOUlZsRjRSbnBCVmtKblRsWkNRVTFOUkdzeGFHVkRRazVrV0U0d1dsaEtkRmxYTlhWTlVrMTNSVkZaUkZaUlVVVkVRWEJPWkZoT01GcFlTblJaVnpWMVRWRjNkME5uV1VSV1VWRnhSRUZPVGxsWVozaEdWRUZVUW1kT1ZrSkJWVTFFUkZWNFRVUmpNVTFFV1RCUFJFMTRUVlJEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUWEo0YWtSM0sxZEplRE16Y1U1aU1sZG9kMDFSYUZGa0wyZEJXbTB5YWpkTFpIaGtZV2R5V1ZBemNqTnJSWGcyZWpaNFEzcFVibnBWWWl0SmJYUkljMUJFVkRZemRXcDRiWGRyTTAwelpsVktNV1J0ZHprMVJFdFlWV1ZGY2toNmVrSTVUVlI0Vml0a1prbHJSVGxQVkUweVpsaGxPVlpNU21aYVkwOXdUa2syVTNCb1JrSk1NMjFZUVVKRFRtRnVaREk0UTB0Vk9WQkhjek15WldaNk0xSlBiVUpHSzJ4TmVuVkJVekJYWVdOWVJFSllUa2xtVjBrNEwyeDBRMkZTVEd0clZIUXhhalpTV1dFeFpHeEVhVlZRY1hOamRpdFBhRE5PZUhrcmVrRlZSVlp2ZVZVdldHRmpiUzh2U0ZodWFuZHdLMEpQV1ZOcVJWVnhOMmhDYnpKdlZHd3ZlU3RPTjJoclJHcEVlRXR0UzFOb09HWkplbXRtZVVSMEszQkNOMnhJTm1wVVlteHdVbmRhYVhWc2VrMU9Ua2RLUm01QmFuZGxTVEl3VDJSbFFrVjBlR3RsWnpaVFRteHJNRTVIYVRKS2F6TnpRMEYzUlVGQllVOURRV3hSZDJkblNsRk5TVWRFUW1kbmNrSm5SVVpDVVdOQ1FWRlNNMDFJVlhkU1VWbEpTM2RaUWtKUlZVaE5RVXRIVDFkb01HUklRVFpNZVRrelpETmpkVmxUTVRCamJsWjZaRU0xYUdSRE9XcGFXRW93WTNrNWFFeFlUbkJhTWpSMFkwaEtiR0pYYkRGaVV6RjBZakpLY0dKSFZYUk5SRTVvVEcxT2VXUkVRWE5DWjJkeVFtZEZSa0pSWTNkQldWbG5ZVWhTTUdORWIzWk1NamxxWXpOQmRHUkhWbnBrUXpWb1RGaFNlV1JZVGpCTWJVWXdUREk1YW1NelFYZEZkMWxFVmxJd2FrSkJkM2REYjBGSlVtZGhabXByUjA5R1lqQjNZMmRaU1V0M1dVSkNVVlZJUVZGTlJWcHFRbXROUVc5SFEwTnpSMEZSVlVaQ2QzTkRUVUZuUjBKblVVRnFhMWxDUVZSQlNVSm5XVVZCU1RWSFFWRlJkMFYzV1VkQ1FVTlBVbWRGUjAxQmEwZENkMUZCYW10WlFrSm5SWGRNVVZsSFFrRkRUMUpuUlVaTlEwMTNTVkpaWW1GSVVqQmpTRTAyVEhrNU0yUXpZM1ZaVXpFd1kyNVdlbVJETldoa1F6bDNXa2hOZGtWM1NrWlVha0ZTUW1kT1ZraFJORVZEWjFGSlVqWjRPRVZqYzNGUGVITjNSR2RaUkZaU01GQkJVVWd2UWtGUlJFRm5Za0ZOUVd0SFFURlZaRVYzVVVOTlFVRjNXVUZaUkZaU01HZENSbXQzVm5wQlNVSm5XVVZCU1hOM1FWRkZkMU4zV1VkTGFXZEJSVkZGVlUxRlJYZFFkMWxKUzNkWlFrSlJWVWhCWjBWWFRUSm9NR1JJUVRaTWVUa3paRE5qZFZsVE1UQmpibFo2WkVNMWFHUkRPV3RpTWs1NlRESk9kMHd5UlhSak1teHVZbWt4ZDJOdFZuUmhXRlowVEZjeGRsbHRiSE5hVkVOQ2NtZFpSRlpTTUdaQ1NVZHRUVWxIYWsxSlIyZHZTVWRrYjBsSFlXaHZSMWhpUjFKb1kwUnZka3d5ZUd0WldFRjBaRWRXZW1SRE5XaE1XRko1WkZoT01FeHRSakJNTWpreFVGZEZkR015Ykc1aWFURlJZMjFXZEdGWVZuUk1WbEpzWXpOUmRGVXliRzVNVkVGNVNVTm9WRk5GUlhSTmFsVXlTMU40ZGxCVlJYUldTRW94WXpOUmMxbDZNVUpXUkRscVdsaEtNR0ZYV25CWk1rWXdXbGhLYkdSdE9XcFpXRkp3WWpJMWMyRllUakJRTWtwb1l6SlZMMkl5U25GYVYwNHdXVEo0YUdNelRUbGFWMnhyVVRKV2VXUkhiRzFoVjA1b1pFZHNkbUpyUmpGa1IyaDJZMjFzTUdWVVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGTk1GQkVMekl6U20xUE16Wk5Uazk1SzNwYVFpOVVUSE5oUmpjNE1HMXRUMHRxY0dzeFdITllRWHBWVGt0YU5sTnlkQ3R0TUhVcksybFhiemxNT0VoR0wyeHllRk5FT0VkWVNtTkVURmxYUm1aNE56QnlORW81ZDFVNFN6ZHdSRWt4YmpsRmNXSkJjekJTSzNaWlZtNU1OVlZXVUM5MVZWRmxkekpYYkhBMU9GQkdjR2RCV0N0VUwxTkZNR05sWlV0NVRUaFlSVzVZVTNwbFRpOUZVM1JzUml0S1EyRkJPSFZ0Y1dwdFJFVnVZV1V6Y1hWeFUxVnNLMHhsYTFCVk9HazRSME56YmpVNWRYaDBibFZ1ZUVsTlMzY3paR2N2TjBRM1dUaE1ObFoxTkU1WE5FeGpiemRtYVRsRGNtRklRelJTVEV4MFpIaFliSFpQZGxGcFJWbHZSU3Q1TVRkbk1Ia3ZRemhPTkVSelkyaGFhWHBaZDNBd2NFOVNUMkpqWmt0V1RuQndWWFZMZFhOTmFIUnRVMnBzTUZaeEx5OWhkamhVVlhGU2NEVkdlalpYWTNwMFVFZEhVM2N3Um1WbGRsVkxSRzlETDBFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2s5aWFtVmpkQ0JKWkQwaVpYUnphUzF6YVdkdVpXUXRNUzB4SWo0OFpYUnphVHBSZFdGc2FXWjVhVzVuVUhKdmNHVnlkR2xsY3lCNGJXeHVjenBsZEhOcFBTSm9kSFJ3T2k4dmRYSnBMbVYwYzJrdWIzSm5MekF4T1RBekwzWXhMak11TWlNaUlGUmhjbWRsZEQwaUkzTnBaMjVoZEhWeVpTMHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGQnliM0JsY25ScFpYTWdTV1E5SW1WMGMya3RjMmxuYm1Wa2NISnZjR1Z5ZEdsbGN5MHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGTnBaMjVoZEhWeVpWQnliM0JsY25ScFpYTStQR1YwYzJrNlUybG5ibWx1WjFScGJXVStNakF4T0Mwd05pMHhNMVF4TlRvME5qb3dPVm84TDJWMGMyazZVMmxuYm1sdVoxUnBiV1UrUEdWMGMyazZVMmxuYm1sdVowTmxjblJwWm1sallYUmxQanhsZEhOcE9rTmxjblErUEdWMGMyazZRMlZ5ZEVScFoyVnpkRDQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrYW1WQmJFcHdTVEZIWkV0WlVXMVNOM1pRY25KVWNrZFdPVWRNT1M5MVdXeExNM0JyU1ROUWVtNHpiejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5bGRITnBPa05sY25SRWFXZGxjM1ErUEdWMGMyazZTWE56ZFdWeVUyVnlhV0ZzUGp4a2MybG5PbGcxTURsSmMzTjFaWEpPWVcxbFBrTk9QV0V0YzJsbmJpMVFjbVZ0YVhWdExWUmxjM1F0VTJsbkxUQXlMRTlWUFdFdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TEU4OVFTMVVjblZ6ZENCSFpYTXVJR1l1SUZOcFkyaGxjbWhsYVhSemMzbHpkR1Z0WlNCcGJTQmxiR1ZyZEhJdUlFUmhkR1Z1ZG1WeWEyVm9jaUJIYldKSUxFTTlRVlE4TDJSemFXYzZXRFV3T1VsemMzVmxjazVoYldVK1BHUnphV2M2V0RVd09WTmxjbWxoYkU1MWJXSmxjajR4TVRJd056WXhORGcxUEM5a2MybG5PbGcxTURsVFpYSnBZV3hPZFcxaVpYSStQQzlsZEhOcE9rbHpjM1ZsY2xObGNtbGhiRDQ4TDJWMGMyazZRMlZ5ZEQ0OEwyVjBjMms2VTJsbmJtbHVaME5sY25ScFptbGpZWFJsUGp4bGRITnBPbE5wWjI1aGRIVnlaVkJ2YkdsamVVbGtaVzUwYVdacFpYSStQR1YwYzJrNlUybG5ibUYwZFhKbFVHOXNhV041U1cxd2JHbGxaQ0F2UGp3dlpYUnphVHBUYVdkdVlYUjFjbVZRYjJ4cFkzbEpaR1Z1ZEdsbWFXVnlQand2WlhSemFUcFRhV2R1WldSVGFXZHVZWFIxY21WUWNtOXdaWEowYVdWelBqeGxkSE5wT2xOcFoyNWxaRVJoZEdGUFltcGxZM1JRY205d1pYSjBhV1Z6UGp4bGRITnBPa1JoZEdGUFltcGxZM1JHYjNKdFlYUWdUMkpxWldOMFVtVm1aWEpsYm1ObFBTSWpjbVZtWlhKbGJtTmxMVEV0TVNJK1BHVjBjMms2VFdsdFpWUjVjR1UrWVhCd2JHbGpZWFJwYjI0dmVHaDBiV3dyZUcxc1BDOWxkSE5wT2sxcGJXVlVlWEJsUGp3dlpYUnphVHBFWVhSaFQySnFaV04wUm05eWJXRjBQand2WlhSemFUcFRhV2R1WldSRVlYUmhUMkpxWldOMFVISnZjR1Z5ZEdsbGN6NDhMMlYwYzJrNlUybG5ibVZrVUhKdmNHVnlkR2xsY3o0OEwyVjBjMms2VVhWaGJHbG1lV2x1WjFCeWIzQmxjblJwWlhNK1BDOWtjMmxuT2s5aWFtVmpkRDQ4TDJSemFXYzZVMmxuYm1GMGRYSmxQanh6WVcxc01qcERiMjVrYVhScGIyNXpJRTV2ZEVKbFptOXlaVDBpTWpBeE9DMHdOaTB4TTFReE56bzBOam93T1Nzd01qb3dNQ0lnVG05MFQyNVBja0ZtZEdWeVBTSXlNREU0TFRBMkxURXpWREU0T2pBeE9qQTVLekF5T2pBd0lqNDhjMkZ0YkRJNlFYVmthV1Z1WTJWU1pYTjBjbWxqZEdsdmJqNDhjMkZ0YkRJNlFYVmthV1Z1WTJVK2FIUjBjSE02THk5bGFXUXVaM1l1WVhRdmJXOWhMV2xrTFdGMWRHZ3ZjMnd5TUM5a1lYUmhWWEpzUDNCbGJtUnBibWRwWkQwME9UYzFOelUxTXpjNE16azBNRFF4TkRnMlBDOXpZVzFzTWpwQmRXUnBaVzVqWlQ0OEwzTmhiV3d5T2tGMVpHbGxibU5sVW1WemRISnBZM1JwYjI0K1BDOXpZVzFzTWpwRGIyNWthWFJwYjI1elBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbEJXVUMxV1JWSlRTVTlPSWlCT1lXMWxQU0oxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eE1DSWdUbUZ0WlVadmNtMWhkRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T21GMGRISnVZVzFsTFdadmNtMWhkRHAxY21raVBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0I0Yld4dWN6cDRjMms5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01ERXZXRTFNVTJOb1pXMWhMV2x1YzNSaGJtTmxJaUI0YzJrNmRIbHdaVDBpZUhNNmMzUnlhVzVuSWo0eUxqRThMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsUGp3dmMyRnRiREk2UVhSMGNtbGlkWFJsUGp4ellXMXNNanBCZEhSeWFXSjFkR1VnUm5KcFpXNWtiSGxPWVcxbFBTSlFVa2xPUTBsUVFVd3RUa0ZOUlNJZ1RtRnRaVDBpZFhKdU9tOXBaRG94TGpJdU5EQXVNQzR4TUM0eUxqRXVNUzR5TmpFdU1qQWlJRTVoYldWR2IzSnRZWFE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaGRIUnlibUZ0WlMxbWIzSnRZWFE2ZFhKcElqNDhjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VnZUcxc2JuTTZlSE5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0lnZUhOcE9uUjVjR1U5SW5oek9uTjBjbWx1WnlJK1RYVnpkR1Z5YldGdWJqd3ZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1UrUEM5ellXMXNNanBCZEhSeWFXSjFkR1UrUEhOaGJXd3lPa0YwZEhKcFluVjBaU0JHY21sbGJtUnNlVTVoYldVOUlrZEpWa1ZPTFU1QlRVVWlJRTVoYldVOUluVnlianB2YVdRNk1pNDFMalF1TkRJaUlFNWhiV1ZHYjNKdFlYUTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoZEhSeWJtRnRaUzFtYjNKdFlYUTZkWEpwSWo0OGMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVWdlRzFzYm5NNmVITnBQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEwxaE5URk5qYUdWdFlTMXBibk4wWVc1alpTSWdlSE5wT25SNWNHVTlJbmh6T25OMGNtbHVaeUkrVFdGNFBDOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaVDQ4TDNOaGJXd3lPa0YwZEhKcFluVjBaVDQ4YzJGdGJESTZRWFIwY21saWRYUmxJRVp5YVdWdVpHeDVUbUZ0WlQwaVFrbFNWRWhFUVZSRklpQk9ZVzFsUFNKMWNtNDZiMmxrT2pFdU1pNDBNQzR3TGpFd0xqSXVNUzR4TGpVMUlpQk9ZVzFsUm05eWJXRjBQU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WVhSMGNtNWhiV1V0Wm05eWJXRjBPblZ5YVNJK1BITmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxJSGh0Ykc1ek9uaHphVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOVlUVXhUWTJobGJXRXRhVzV6ZEdGdVkyVWlJSGh6YVRwMGVYQmxQU0o0Y3pwemRISnBibWNpUGpFNU5EQXRNREV0TURFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Vlc1cGNYVmxTV1FpSUU1aGJXVTlJbWgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FpSUU1aGJXVkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcGhkSFJ5Ym1GdFpTMW1iM0p0WVhRNmRYSnBJajQ4YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVZ2VHMXNibk02ZUhOcFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4TDFoTlRGTmphR1Z0WVMxcGJuTjBZVzVqWlNJZ2VITnBPblI1Y0dVOUluaHpPbk4wY21sdVp5SSthSFIwY0hNNkx5OWlhVzVrYVc1bkxtOWxjM1JsY25KbGFXTm9MbWQyTG1GMEwyRjFkR2d2YzNBdlRXVjBZV1JoZEdFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Um5KcFpXNWtiSGxPWVcxbElpQk9ZVzFsUFNKb2RIUndPaTh2Wldsa0xtZDJMbUYwTDJWSlJDOWhkSFJ5YVdKMWRHVnpMMU5sY25acFkyVlFjbTkyYVdSbGNrWnlhV1Z1Wkd4NVRtRnRaU0lnVG1GdFpVWnZjbTFoZEQwaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRjBkSEp1WVcxbExXWnZjbTFoZERwMWNta2lQanh6WVcxc01qcEJkSFJ5YVdKMWRHVldZV3gxWlNCNGJXeHVjenA0YzJrOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREV2V0UxTVUyTm9aVzFoTFdsdWMzUmhibU5sSWlCNGMyazZkSGx3WlQwaWVITTZjM1J5YVc1bklqNUNhVzVrYVc1bklGTmxjblpwWTJVZ1pzTzhjaUJ2WlM1bmRpNWhkRHd2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzTWpwQmRIUnlhV0oxZEdVK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbE5sY25acFkyVlFjbTkyYVdSbGNpMURiM1Z1ZEhKNVEyOWtaU0lnVG1GdFpUMGlhSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpEYjNWdWRISjVRMjlrWlNJZ1RtRnRaVVp2Y20xaGREMGlkWEp1T205aGMybHpPbTVoYldWek9uUmpPbE5CVFV3Nk1pNHdPbUYwZEhKdVlXMWxMV1p2Y20xaGREcDFjbWtpUGp4ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTQjRiV3h1Y3pwNGMyazlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURFdldFMU1VMk5vWlcxaExXbHVjM1JoYm1ObElpQjRjMms2ZEhsd1pUMGllSE02YzNSeWFXNW5JajVCVkR3dmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUStQQzl6WVcxc01qcEJjM05sY25ScGIyNCsiDQogIH0NCn0.WgPyI2KiVzp2DzbC6AfbDlQbXEYk-hL78-bfzj_b_IXwyHmuENwHA8MslDHOe1bYd3mlSTnoAUE20igmXM6gnFOe4pQes2i5d8YAnYRspbwhj86sn5_vMyGfHtBsApP3MqjcSHL24vo6DHqKYqN85FMGq6GnPub9HGbeIgMAvECuH0ZCqY5MDWj4FI2OA5Jrn2fyBY1CebF5NdTSUeBJMjG_q-cpTnWmkcELKXTNJg9ihkHR8FkBjt8xh2YWh9Opk_0RrUIZI5U9YC4Xc-Hgj7C7YplA4Pr0_SUHdqH_86xF7GcMMuC5Bs8EU22lejxhxwz0BzPPg2Ws0LJ8RGAm0A" } \ No newline at end of file -- cgit v1.2.3 From fc41c6901072a2711f577b96c38f894798ce7a31 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jun 2018 07:31:14 +0200 Subject: fix problem in Exception handling --- .../auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java | 3 +-- .../id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java | 4 +++- .../id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java | 2 +- .../test/resources/moaspss_config/MOASPSSConfiguration.xml | 6 +++++- .../moaspss_config/profiles/SL20_authblock_v1.0_own.xml | 11 +++++++++++ 5 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index cc74bb11a..f2a93e3ed 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -13,7 +13,6 @@ import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; -import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -79,7 +78,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //TODO: add LoA verification - } catch (SL20eIDDataValidationException e) { + } catch (MOAIDException e) { if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { Logger.warn("SL20 eID data validation IS DISABLED!!"); Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java index ceff0e516..419142c7d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -5,8 +5,10 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; +import org.junit.runner.RunWith; import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -15,7 +17,7 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -//@RunWith(SpringJUnit4ClassRunner.class) +@RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/SpringTest-context.xml" }) public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index 31275e492..d50b31363 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -91,7 +91,7 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public String getBasicMOAIDConfiguration(String key) { if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID.equals(key)) - return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC"; + return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key)) return "/src/test/resources/sl20.jks"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml index 6cd4db122..0840ecd94 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml @@ -81,6 +81,10 @@ SL20Authblock_v1.0_SIC profiles/SL20_authblock_v1.0_SIC.xml - + + + SL20Authblock_v1.0_OWN + profiles/SL20_authblock_v1.0_own.xml + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml new file mode 100644 index 000000000..517f6437c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml @@ -0,0 +1,11 @@ + + Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht:	Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:	..
Uhrzeit:	::
TransaktionsTokken:
+ Vollmachten-Referenz:
DataURL:
AuthBlockValidTo:

+ + -- cgit v1.2.3 From 3b26a365d832d4b0664777d2c348606247022564 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jun 2018 13:55:39 +0200 Subject: some more stuff --- .../bkamobileauthtests/BKAMobileAuthModule.java | 14 ++-- .../tasks/FirstBKAMobileAuthTask.java | 25 +++++-- .../tasks/SecondBKAMobileAuthTask.java | 24 ++++-- .../attributes/OAuth20AttributeBuilder.java | 29 ++++---- .../attributes/OpenIdAudiencesAttribute.java | 17 ++--- .../OpenIdAuthenticationTimeAttribute.java | 17 ++--- .../attributes/OpenIdExpirationTimeAttribute.java | 15 ++-- .../attributes/OpenIdIssueInstantAttribute.java | 15 ++-- .../oauth20/attributes/OpenIdIssuerAttribute.java | 17 ++--- .../oauth20/attributes/OpenIdNonceAttribute.java | 20 ++--- .../OpenIdSubjectIdentifierAttribute.java | 15 ++-- .../attributes/ProfileDateOfBirthAttribute.java | 15 ++-- .../attributes/ProfileFamilyNameAttribute.java | 15 ++-- .../attributes/ProfileGivenNameAttribute.java | 15 ++-- .../oauth20/protocol/OAuth20AuthRequest.java | 86 ++++++++++------------ .../oauth20/protocol/OAuth20BaseRequest.java | 15 ++-- .../oauth20/protocol/OAuth20Protocol.java | 2 +- .../tasks/CreateAuthnRequestTask.java | 4 +- 18 files changed, 185 insertions(+), 175 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 2e09bf55c..1269229d0 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -29,13 +29,13 @@ import javax.annotation.PostConstruct; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks.FirstBKAMobileAuthTask; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -48,7 +48,7 @@ public class BKAMobileAuthModule implements AuthModule { private int priority = 1; @Autowired(required=true) protected AuthConfiguration authConfig; - @Autowired(required=true) private AuthenticationManager authManager; + @Autowired(required=true) private IAuthenticationManager authManager; private List uniqueIDsDummyAuthEnabled = new ArrayList(); @@ -71,7 +71,7 @@ public class BKAMobileAuthModule implements AuthModule { @PostConstruct public void initialDummyAuthWhiteList() { - String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID"); + String sensitiveSpIdentifier = authConfig.getBasicConfiguration("modules.bkamobileAuth.entityID"); if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) { uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier)); @@ -91,7 +91,7 @@ public class BKAMobileAuthModule implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER); + String spEntityID = (String) context.get(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID); if (MiscUtil.isNotEmpty(spEntityID)) { if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) { String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index 37ee3f201..68b944814 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -29,6 +29,7 @@ import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.security.spec.KeySpec; +import java.util.Date; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; @@ -54,15 +55,17 @@ import com.google.gson.JsonParseException; import com.google.gson.JsonParser; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -90,7 +93,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { private static final String EIDCONTAINER_EID = "eid"; private static final String EIDCONTAINER_KEY_IDL = "idl"; private static final String EIDCONTAINER_KEY_BINDINGCERT = "cert"; - + public static final String REQ_PARAM_eID_BLOW = "eidToken"; @Autowired(required=true) private AuthConfiguration authConfig; @@ -111,7 +114,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { throw new MOAIDException("NO eID data blob included!", null); } - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64); + parseDemoValuesIntoMOASession(pendingReq, eIDBlobRawB64); } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); @@ -133,7 +136,9 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { * @throws MOAIDException * @throws IOException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession, String eIDBlobRawB64) throws MOAIDException, IOException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException { + IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date()); + Logger.debug("Check eID blob signature ... "); byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false); @@ -209,6 +214,8 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { Logger.info("Session Restore completed"); + pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession()); + } catch (MOAIDException e) { throw e; @@ -236,6 +243,10 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e); throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e); + } catch (EAAFStorageException e) { + Logger.error("Can not populate pending-request with eID data.", e); + throw new MOAIDException("Can not populate pending-request with eID data.", null, e); + } finally { } @@ -243,7 +254,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } private SecretKey generateDecryptionKey(byte[] salt) throws MOAIDException { - String decryptionPassPhrase = authConfig.getBasicMOAIDConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); + String decryptionPassPhrase = authConfig.getBasicConfiguration(CONF_EID_TOKEN_ENCRYPTION_KEY, "DEFAULTPASSWORD"); try { SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256"); KeySpec spec = new PBEKeySpec(decryptionPassPhrase.toCharArray(), salt, 2000, 128); @@ -276,7 +287,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } SignerInfo signerInfos = verifySigResult.getSignerInfo(); DateTime date = new DateTime(signerInfos.getSigningTime().getTime()); - Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicMOAIDConfiguration(CONF_SIGNING_TIME_JITTER, "5")); + Integer signingTimeJitter = Integer.valueOf(authConfig.getBasicConfiguration(CONF_SIGNING_TIME_JITTER, "5")); if (date.plusMinutes(signingTimeJitter).isBeforeNow()) { Logger.warn("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter)); throw new MOAIDException("CMS signature-time is before: " + date.plusMinutes(signingTimeJitter), null); @@ -290,7 +301,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { cmsSigVerifyReq.setSignatories(VerifyCMSSignatureRequestImpl.ALL_SIGNATORIES); cmsSigVerifyReq.setExtended(false); cmsSigVerifyReq.setPDF(false); - cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicMOAIDConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); + cmsSigVerifyReq.setTrustProfileId(authConfig.getBasicConfiguration(CONF_MOASPSS_TRUSTPROFILE, "!!NOT SET!!!")); cmsSigVerifyReq.setCMSSignature(new ByteArrayInputStream(eIDBlobRaw)); return cmsSigVerifyReq; } diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java index 5c70b2628..9ce987956 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java @@ -25,21 +25,26 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks; import java.io.IOException; import java.io.InputStream; import java.net.URL; +import java.util.Date; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; @@ -50,7 +55,9 @@ import at.gv.egovernment.moa.util.FileUtils; */ @Component("SecondBKAMobileAuthTask") public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { - + + @Autowired AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -60,7 +67,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { try { Logger.info("Add user credentials for BKA MobileAuth SAML2 test and finalize authentication"); - parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession()); + parseDemoValuesIntoMOASession(pendingReq); // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -78,8 +85,11 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { * @param pendingReq * @param moaSession * @throws MOAIDException + * @throws EAAFStorageException */ - private void parseDemoValuesIntoMOASession(IRequest pendingReq, IAuthenticationSession moaSession) throws MOAIDException { + private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException { + IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date()); + moaSession.setUseMandates(false); moaSession.setForeigner(false); @@ -87,18 +97,20 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask { moaSession.setQAALevel(PVPConstants.STORK_QAA_1_4); try { - String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir()); + String idlurl = FileUtils.makeAbsoluteURL(moaAuthConfig.getMonitoringTestIdentityLinkURL(), moaAuthConfig.getRootConfigFileDir()); URL keystoreURL = new URL(idlurl); InputStream idlstream = keystoreURL.openStream(); IIdentityLink identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); moaSession.setIdentityLink(identityLink); - + } catch (ParseException | IOException e) { Logger.error("IdentityLink is not parseable.", e); throw new MOAIDException("IdentityLink is not parseable.", null); } + pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession()); + } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 6afc68161..46381fb3d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -30,23 +30,25 @@ import org.apache.commons.lang.StringUtils; import com.google.gson.JsonObject; import com.google.gson.JsonPrimitive; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BPKAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIdentityLinkBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDIssuingNationAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCitizenQAALevelAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIdentityLinkBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDIssuingNationAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSTORKTOKEN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSectorForIDAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSignerCertificate; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePIN; -import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDSourcePINType; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonFullNameAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinTypeAttributeBuilder; @@ -62,7 +64,6 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateReferenceVal import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateTypeAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; public final class OAuth20AttributeBuilder { @@ -70,7 +71,7 @@ public final class OAuth20AttributeBuilder { private OAuth20AttributeBuilder() { throw new InstantiationError(); } - + private static IAttributeGenerator> generator = new IAttributeGenerator>() { public Pair buildStringAttribute(final String friendlyName, final String name, final String value) { @@ -206,7 +207,7 @@ public final class OAuth20AttributeBuilder { } private static void addAttibutes(final List builders, final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { + final ISPConfiguration oaParam, final IAuthData authData, OAuth20AuthRequest oAuthRequest) { for (IAttributeBuilder b : builders) { try { //TODO: better solution requires more refactoring :( @@ -222,7 +223,7 @@ public final class OAuth20AttributeBuilder { jsonObject.add(attribute.getFirst(), attribute.getSecond()); } } - catch (AttributeException e) { + catch (AttributeBuilderException e) { Logger.info("Cannot add attribute " + b.getName()); } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java index 076ded75a..b3586245b 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAudiencesAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAudiencesAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAudiencesAttribute implements IAttributeBuilder { return "aud"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", oaParam.getPublicURLPrefix()); + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", oaParam.getUniqueIdentifier()); } public ATT buildEmpty(IAttributeGenerator g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java index 0e99a18c3..933ee8904 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdAuthenticationTimeAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdAuthenticationTimeAttribute implements IAttributeBuilder { return "auth_time"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - return g.buildLongAttribute(this.getName(), "", ((long) (authData.getIssueInstant().getTime() / 1000))); + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + return g.buildLongAttribute(this.getName(), "", ((long) (authData.getAuthenticationIssueInstant().getTime() / 1000))); } public ATT buildEmpty(IAttributeGenerator g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java index 05638c907..04efa3979 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdExpirationTimeAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { @@ -39,8 +38,8 @@ public class OpenIdExpirationTimeAttribute implements IAttributeBuilder { return "exp"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000 + expirationTime)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java index b40d752eb..459d2b1cd 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssueInstantAttribute.java @@ -24,12 +24,11 @@ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; import java.util.Date; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssueInstantAttribute implements IAttributeBuilder { @@ -37,8 +36,8 @@ public class OpenIdIssueInstantAttribute implements IAttributeBuilder { return "iat"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { return g.buildLongAttribute(this.getName(), "", (long) (new Date().getTime() / 1000)); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java index d212feb12..2f4124c32 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdIssuerAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdIssuerAttribute implements IAttributeBuilder { @@ -35,9 +34,9 @@ public class OpenIdIssuerAttribute implements IAttributeBuilder { return "iss"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - return g.buildStringAttribute(this.getName(), "", authData.getIssuer()); + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + return g.buildStringAttribute(this.getName(), "", authData.getAuthenticationIssuer()); } public ATT buildEmpty(IAttributeGenerator g) { diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java index 99465bf95..66b6a2518 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdNonceAttribute.java @@ -22,27 +22,27 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egovernment.moa.id.protocols.oauth20.protocol.OAuth20AuthRequest; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.util.MiscUtil; public class OpenIdNonceAttribute implements IAttributeBuilder { - public String getName() { + public String getName() { return "nonce"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", null); } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, - IAttributeGenerator g) throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, OAuth20AuthRequest oAuthRequest, + IAttributeGenerator g) throws AttributeBuilderException { if (MiscUtil.isNotEmpty(oAuthRequest.getNonce())) return g.buildStringAttribute(this.getName(), "", oAuthRequest.getNonce()); else diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java index 4b1219c9d..e3e717ec3 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OpenIdSubjectIdentifierAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class OpenIdSubjectIdentifierAttribute implements IAttributeBuilder { return "sub"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getBPK()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java index f1b0bd108..d23877395 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileDateOfBirthAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileDateOfBirthAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileDateOfBirthAttribute implements IAttributeBuilder { return "birthdate"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFormatedDateOfBirth()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java index 0ea6ba643..540962a29 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileFamilyNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileFamilyNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileFamilyNameAttribute implements IAttributeBuilder { return "family_name"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java index e6c7fd18d..f6f774a46 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/ProfileGivenNameAttribute.java @@ -22,12 +22,11 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.attributes; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; public class ProfileGivenNameAttribute implements IAttributeBuilder { @@ -35,8 +34,8 @@ public class ProfileGivenNameAttribute implements IAttributeBuilder { return "given_name"; } - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { return g.buildStringAttribute(this.getName(), "", authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 67c0aafce..1528cfb28 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -22,30 +22,22 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; -import java.util.HashMap; -import java.util.Map; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; -import at.gv.egovernment.moa.id.protocols.oauth20.attributes.OAuth20AttributeBuilder; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20ResponseTypeException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20WrongParameterException; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVP2XProtocol; import at.gv.egovernment.moa.logging.Logger; @Component("OAuth20AuthRequest") @@ -102,7 +94,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { * the state to set */ public void setState(String state) { - this.state = state; + this.state = state; } /** @@ -188,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getSPEntityId()); if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -206,40 +198,40 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection getRequestedAttributes(MetadataProvider metadataProvider) { - Map reqAttr = new HashMap(); - for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) - reqAttr.put(el, ""); - - for (String s : scope.split(" ")) { - if (s.equalsIgnoreCase("profile")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("eID_gov")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("mandate")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) - reqAttr.put(el.getName(), ""); - - } else if (s.equalsIgnoreCase("stork")) { - for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) - reqAttr.put(el.getName(), ""); - - } - } - - //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); - return reqAttr.keySet(); - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection getRequestedAttributes(MetadataProvider metadataProvider) { +// Map reqAttr = new HashMap(); +// for (String el : PVP2XProtocol.DEFAULTREQUESTEDATTRFORINTERFEDERATION) +// reqAttr.put(el, ""); +// +// for (String s : scope.split(" ")) { +// if (s.equalsIgnoreCase("profile")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersprofile()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseid()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("eID_gov")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuilderseidgov()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("mandate")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersmandate()) +// reqAttr.put(el.getName(), ""); +// +// } else if (s.equalsIgnoreCase("stork")) { +// for (IAttributeBuilder el :OAuth20AttributeBuilder.getBuildersstork()) +// reqAttr.put(el.getName(), ""); +// +// } +// } +// +// //return attributQueryBuilder.buildSAML2AttributeList(this.getOnlineApplicationConfiguration(), reqAttr.keySet().iterator()); +// return reqAttr.keySet(); +// } } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java index d3136b43e..2ce5234ac 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java @@ -30,12 +30,13 @@ import javax.servlet.http.HttpServletRequest; import org.apache.commons.lang.StringEscapeUtils; import org.apache.commons.lang.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20OANotSupportedException; @@ -49,6 +50,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { protected Set allowedParameters = new HashSet(); + @Autowired(required=true) protected IConfiguration authConfig; + protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception { String param = request.getParameter(name); Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param); @@ -70,8 +73,8 @@ abstract class OAuth20BaseRequest extends RequestImpl { if (!ParamValidatorUtils.isValidOA(oaURL)) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } - this.setOAURL(oaURL); - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(oaURL); + this.setSPEntityId(oaURL); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(oaURL); if (oaParam == null) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); @@ -83,7 +86,7 @@ abstract class OAuth20BaseRequest extends RequestImpl { throw new OAuth20OANotSupportedException(); } } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index 5acb1c547..ff802136f 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -57,7 +57,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme return PATH; } - /** + /** * */ public OAuth20Protocol() { diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index 4c829f6ca..4ae255d1d 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -49,7 +49,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider; -import at.gv.egovernment.moa.id.util.PVPtoSTORKMapper; +import at.gv.egovernment.moa.id.util.LoALevelMapper; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -182,7 +182,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { pendingReq.getClass().isInstance(storkRequst)) { try { - secClass = PVPtoSTORKMapper.getInstance().mapToSecClass( + secClass = LoALevelMapper.getInstance().mapToSecClass( PVPConstants.STORK_QAA_PREFIX + String.valueOf(storkSecClass)); } catch (Exception e) { -- cgit v1.2.3 From 6b38531ef2a829e3dab513ae8c679511a848421d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jun 2018 16:30:49 +0200 Subject: untested, but without dependency problems --- .../moa/id/auth/AuthenticationServer.java | 35 +++++----- .../AuthenticationBlockAssertionBuilder.java | 5 +- .../auth/builder/GetIdentityLinkFormBuilder.java | 7 +- .../internal/DefaultCitizenCardAuthModuleImpl.java | 6 +- .../internal/tasks/CertificateReadRequestTask.java | 14 ++-- .../internal/tasks/CreateIdentityLinkFormTask.java | 15 ++-- .../modules/internal/tasks/GetForeignIDTask.java | 15 ++-- .../internal/tasks/GetMISSessionIDTask.java | 24 ++++--- .../tasks/InitializeBKUAuthenticationTask.java | 30 ++++---- .../tasks/PrepareAuthBlockSignatureTask.java | 8 ++- .../internal/tasks/PrepareGetMISMandateTask.java | 30 ++++---- .../tasks/VerifyAuthenticationBlockTask.java | 11 +-- .../internal/tasks/VerifyCertificateTask.java | 16 ++--- .../internal/tasks/VerifyIdentityLinkTask.java | 11 +-- .../CreateXMLSignatureResponseValidator.java | 8 +-- .../VerifyXMLSignatureResponseValidator.java | 4 +- .../moa/id/util/CitizenCardServletUtils.java | 6 +- .../MOAeIDASSAMLEngineConfigurationImpl.java | 4 +- .../eidas/eIDASAuthenticationModulImpl.java | 6 +- .../engine/MOAeIDASChainingMetadataProvider.java | 13 +++- .../eidas/tasks/CreateIdentityLinkTask.java | 23 ++++--- .../eidas/tasks/GenerateAuthnRequestTask.java | 23 ++++--- .../eidas/tasks/ReceiveAuthnResponseTask.java | 27 ++++---- .../auth/modules/eidas/utils/SAMLEngineUtils.java | 2 +- .../eidas/utils/SimpleEidasAttributeGenerator.java | 4 +- .../modules/eidas/utils/eIDASAttributeBuilder.java | 23 ++++--- .../moa/id/protocols/eidas/EIDASData.java | 11 +-- .../moa/id/protocols/eidas/EIDASProtocol.java | 26 +++---- .../id/protocols/eidas/EidasMetaDataRequest.java | 12 ++-- .../eidas/attributes/builder/IeIDASAttribute.java | 4 +- .../attributes/builder/eIDASAttrDateOfBirth.java | 4 +- .../attributes/builder/eIDASAttrFamilyName.java | 14 ++-- .../attributes/builder/eIDASAttrGivenName.java | 12 ++-- .../builder/eIDASAttrLegalPersonIdentifier.java | 39 ++++++----- .../eIDASAttrNaturalPersonalIdentifier.java | 14 ++-- ...DASAttrRepresentativeLegalPersonIdentifier.java | 46 +++++++------ ...ttrRepresentativeNaturalPersonalIdentifier.java | 14 ++-- .../eidas/eIDASAuthenticationRequest.java | 16 +++-- .../eidas/validator/eIDASResponseValidator.java | 3 +- .../elgamandates/ELGAMandatesAuthModuleImpl.java | 6 +- .../tasks/EvaluateMandateServiceTask.java | 6 +- .../tasks/ReceiveElgaMandateResponseTask.java | 27 ++++---- .../tasks/RedirectToMandateSelectionTask.java | 4 +- .../elgamandates/tasks/RequestELGAMandateTask.java | 14 ++-- .../tasks/SelectMandateServiceTask.java | 6 +- .../utils/ELGAMandateServiceMetadataProvider.java | 2 +- .../elgamandates/utils/ELGAMandateUtils.java | 9 +-- .../utils/ELGAMandatesCredentialProvider.java | 19 +++--- .../attributes/OAuth20AttributeBuilder.java | 13 ++-- .../oauth20/protocol/OAuth20AuthAction.java | 16 ++--- .../oauth20/protocol/OAuth20AuthRequest.java | 8 +-- .../oauth20/protocol/OAuth20Protocol.java | 49 +++++++------- .../oauth20/protocol/OAuth20TokenAction.java | 8 +-- .../oauth20/protocol/OAuth20TokenRequest.java | 25 +++---- .../sl20_auth/SL20AuthenticationModulImpl.java | 10 +-- .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 15 ++-- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 21 +++--- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 21 +++--- .../ssotransfer/SSOTransferAuthModuleImpl.java | 6 +- .../data/SSOTransferAuthenticationData.java | 60 +++++++++------- .../data/SSOTransferOnlineApplication.java | 57 +++++++++++----- .../ssotransfer/servlet/SSOTransferServlet.java | 23 +++++-- .../task/InitializeRestoreSSOSessionTask.java | 6 +- .../ssotransfer/task/RestoreSSOSessionTask.java | 28 ++++---- .../auth/modules/ssotransfer/utils/GUIUtils.java | 4 +- .../ssotransfer/utils/SSOContainerUtils.java | 7 +- .../FederatedAuthenticationModuleImpl.java | 6 +- .../tasks/CreateAuthnRequestTask.java | 14 ++-- .../tasks/ReceiveAuthnResponseTask.java | 79 +++++++++++----------- .../utils/FederatedAuthCredentialProvider.java | 19 +++--- .../AuthenticationDataAssertionBuilder.java | 19 +++--- .../moa/id/protocols/saml1/GetArtifactAction.java | 14 ++-- .../saml1/GetAuthenticationDataService.java | 18 +++-- .../protocols/saml1/SAML1AuthenticationServer.java | 29 ++++---- .../moa/id/protocols/saml1/SAML1Protocol.java | 51 +++++++------- .../moa/id/protocols/saml1/SAML1RequestImpl.java | 59 +++++++--------- .../moa/id/auth/parser/SAMLArtifactParserTest.java | 4 +- .../moa/id/monitoring/DatabaseTestModule.java | 4 +- .../moa/id/monitoring/IdentityLinkTestModule.java | 2 +- 79 files changed, 720 insertions(+), 653 deletions(-) (limited to 'id/server/modules') diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index d76e72aa4..2b2a8cab6 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -25,10 +25,8 @@ import org.w3c.dom.Element; import org.w3c.dom.NodeList; import org.xml.sax.SAXException; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; -import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; @@ -58,6 +56,7 @@ import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; @@ -72,6 +71,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.StringUtils; @@ -93,7 +93,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { @Autowired private MOAReversionLogger revisionsLogger; @Autowired private AuthConfiguration authConfig; - + /** * Constructor for AuthenticationServer. */ @@ -145,9 +145,9 @@ public class AuthenticationServer extends BaseAuthenticationServer { } //load OnlineApplication configuration - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[]{pendingReq.getOAURL()}); + throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()}); //load Template String templateURL = pendingReq.getGenericData( @@ -200,7 +200,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //build DataURL for BKU request String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), REQ_VERIFY_IDENTITY_LINK, pendingReq.getPendingRequestId()); //removed in MOAID 2.0 String pushInfobox = ""; @@ -295,7 +295,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { // builds a for a call of MOA-SP Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() .build(identityLink, authConfig - .getMoaSpIdentityLinkTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseIDLTestTrustStore())); + .getMoaSpIdentityLinkTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseIDLTestTrustStore())); // invokes the call Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() @@ -304,7 +304,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser( domVerifyXMLSignatureResponse).parseData(); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // validates the VerifyXMLSignatureResponseValidator.getInstance().validate( @@ -319,8 +319,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //Removed in MOA-ID 2.0 //verifyInfoboxes(session, infoboxReadResponseParameters, false); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); return "found!"; } @@ -398,7 +397,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { throw new AuthenticationException("auth.10", new Object[]{ GET_MIS_SESSIONID, PARAM_SESSIONID}); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); try { // sets the extended SAML attributes for OID (Organwalter) setExtendedSAMLAttributeForMandatesOID(session, mandate, oaParam @@ -435,7 +434,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { IAuthenticationSession session, IRequest pendingReq) throws ConfigurationException, BuildException, ValidateException { - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // builds the AUTH-block String authBlock = buildAuthenticationBlock(session, oaParam, pendingReq); @@ -448,7 +447,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { transformsInfos); SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest); - SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); + SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString()); SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class)); SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class)); @@ -514,8 +513,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { xmlReadInfoboxResponse); X509Certificate cert = p.parseCertificate(); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_CERTIFICATE_VALIDATED); return cert; @@ -966,7 +964,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { // builds a for a MOA-SPSS call List vtids = authConfig.getMoaSpAuthBlockVerifyTransformsInfoIDs(); - String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getOnlineApplicationConfiguration().isUseAuthBlockTestTestStore()); + String tpid = authConfig.getMoaSpAuthBlockTrustProfileID(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).isUseAuthBlockTestTestStore()); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // debug output @@ -996,7 +994,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { } } - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, @@ -1037,8 +1035,7 @@ public class AuthenticationServer extends BaseAuthenticationServer { //set QAA Level four in case of card authentifcation session.setQAALevel(PVPConstants.STORK_QAA_1_4); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); revisionsLogger.logPersonalInformationEvent(pendingReq, session.getIdentityLink() ); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java index 1c5fe0c5b..bbd90fdaa 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java @@ -47,13 +47,13 @@ import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Element; import org.w3c.dom.Node; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -69,8 +69,7 @@ import at.gv.egovernment.moa.util.StringUtils; * Builder for the authentication block <saml:Assertion> * to be included in a <CreateXMLSignatureResponse>. * - * @author Paul Ivancsics - * @version $Id$ + * @author Paul Ivancsics */ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertionBuilder implements Constants { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java index 8c3147af2..e4063903d 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilder.java @@ -50,9 +50,9 @@ import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.frontend.utils.FormBuildUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.util.MiscUtil; @@ -156,9 +156,10 @@ public class GetIdentityLinkFormBuilder extends Builder { String dataURL, String certInfoXMLRequest, String certInfoDataURL, - String pushInfobox, IOAAuthParameters oaParam, + String pushInfobox, + IOAAuthParameters oaParam, String appletheigth, - String appletwidth, + String appletwidth, String contextURL) throws BuildException { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java index c6faad2bb..5bf0bc422 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/DefaultCitizenCardAuthModuleImpl.java @@ -3,9 +3,9 @@ package at.gv.egovernment.moa.id.auth.modules.internal; import org.apache.commons.lang3.StringUtils; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * Module descriptor @@ -16,7 +16,7 @@ public class DefaultCitizenCardAuthModuleImpl implements AuthModule { public int getPriority() { return 0; } - + @Override public String selectProcess(ExecutionContext context) { //select process if BKU is selected and it is no STORK authentication diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java index 3e2ebdc3c..f53dfae45 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java @@ -10,15 +10,15 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.BooleanUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilderCertificate; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -50,10 +50,9 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate."); - try { + try { //execute default task initialization - defaultTaskInitialization(req, executionContext); - + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); boolean useMandate = moasession.isMandateUsed(); boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable")); if (!identityLinkAvailable && useMandate) { @@ -66,7 +65,7 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { // build dataurl (to the VerifyCertificateSerlvet) String dataurl = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), REQ_VERIFY_CERTIFICATE, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, infoboxReadRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyIdentityLink", dataurl); @@ -77,9 +76,6 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask { } catch (IOException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); - } catch (MOADatabaseException e1) { - throw new TaskExecutionException(pendingReq, e1.getMessage(), e1); - } finally { } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java index fbb900cf6..af8f780ec 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java @@ -10,14 +10,15 @@ import org.springframework.stereotype.Component; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.StringUtils; @@ -61,20 +62,18 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - try { + try { //execute default task initialization - defaultTaskInitialization(req, executionContext); - + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + //normal MOA-ID authentication Logger.debug("Starting normal MOA-ID authentication"); String getIdentityLinkForm = authServer.startAuthentication(moasession, req, pendingReq); if (BooleanUtils.isTrue((Boolean) executionContext.get("useMandate"))) - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATES_REQUESTED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, moasession.getBkuURL()); if (!StringUtils.isEmpty(getIdentityLinkForm)) { byte[] content = getIdentityLinkForm.getBytes("UTF-8"); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java index 1f20ee389..ec1de6155 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetForeignIDTask.java @@ -18,10 +18,12 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; @@ -31,7 +33,6 @@ import at.gv.egovernment.moa.id.client.SZRGWClientException; import at.gv.egovernment.moa.id.client.utils.SZRGWClientUtils; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -72,7 +73,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - Logger.debug("POST GetForeignIDServlet"); + Logger.debug("POST GetForeignIDServlet"); Map parameters; @@ -94,8 +95,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { Logger.debug(xmlCreateXMLSignatureResponse); //execute default task initialization - defaultTaskInitialization(req, executionContext); - + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse) .parseResponseDsig(); @@ -122,8 +122,7 @@ public class GetForeignIDTask extends AbstractAuthServletTask { throw new MOAIDException("auth.14", null); } - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_CONNECTED); // make SZR request to the identity link CreateIdentityLinkResponse response = SZRGWClientUtils.getIdentityLink(pendingReq, signature); @@ -143,10 +142,10 @@ public class GetForeignIDTask extends AbstractAuthServletTask { authServer.getForeignAuthenticationData(moasession); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_SZRGW_RECEIVED); //store pending request + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java index a56c8f6ac..d81afee7b 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java @@ -15,16 +15,19 @@ import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.MISMandate; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; import at.gv.egovernment.moa.logging.Logger; @@ -58,28 +61,29 @@ import iaik.pki.PKIException; public class GetMISSessionIDTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; + @Autowired private AuthConfiguration moaAuthConfig; @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { - + Logger.debug("POST GetMISSessionIDServlet"); try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); //get MIS sessionID String misSessionID = moasession.getMISSessionID(); //get mandates from MIS - ConnectionParameterInterface connectionParameters = authConfig - .getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); + ConnectionParameterInterface connectionParameters = moaAuthConfig + .getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( - authConfig, + moaAuthConfig, connectionParameters); List list = MISSimpleClient.sendGetMandatesRequest( - connectionParameters.getUrl(), misSessionID, sslFactory, authConfig); + connectionParameters.getUrl(), misSessionID, sslFactory, moaAuthConfig); //check if mandates received if (list == null || list.size() == 0) { @@ -87,8 +91,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { throw new AuthenticationException("auth.15", null); } - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_RECEIVED); // for now: list contains only one element @@ -114,9 +117,10 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask { moasession.setMISMandate(mandate); //log mandate specific set of events - revisionsLogger.logMandateEventSet(pendingReq, mandate); + //revisionsLogger.logMandateEventSet(pendingReq, mandate); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java index ceaf4ca38..b170d9e89 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java @@ -30,17 +30,19 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; -import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -53,11 +55,12 @@ import at.gv.egovernment.moa.util.MiscUtil; public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { @Autowired StartAuthentificationParameterParser authInitialisationParser; + @Autowired private AuthConfiguration moaAuthConfig; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -81,10 +84,10 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } protected void internalInitializeWithoutPersist(ExecutionContext executionContext, - HttpServletRequest request, HttpServletResponse response) throws WrongParametersException, MOAIDException, MOADatabaseException { + HttpServletRequest request, HttpServletResponse response) throws EAAFException { Logger.info("BKU is selected -> Start BKU communication ..."); - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); boolean isLegacyRequest = false; Object isLegacyRequestObj = executionContext.get("isLegacyRequest"); @@ -109,14 +112,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { } //load OA Config - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); if (oaParam == null) - throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() }); + throw new AuthenticationException("auth.00", new Object[] { pendingReq.getSPEntityId() }); else { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, bkuid); //get Target from config or from request in case of SAML 1 String target = null; @@ -128,7 +130,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { String bkuURL = oaParam.getBKUURL(bkuid); if (MiscUtil.isEmpty(bkuURL)) { Logger.info("No OA specific BKU defined. Use BKU from default configuration"); - bkuURL = authConfig.getDefaultBKUURL(bkuid); + bkuURL = moaAuthConfig.getDefaultBKUURL(bkuid); } //search for OA specific template @@ -139,13 +141,13 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { templateURL = oaTemplateURLList.get(0); } else { - templateURL = authConfig.getSLRequestTemplates(bkuid); + templateURL = moaAuthConfig.getSLRequestTemplates(bkuid); } //make url absolut if it is a local url if (MiscUtil.isNotEmpty(templateURL)) templateURL = FileUtils.makeAbsoluteURL(templateURL, - authConfig.getRootConfigFileDir()); + moaAuthConfig.getRootConfigFileDir()); if (oaParam.isOnlyMandateAllowed()) useMandate = "true"; @@ -156,7 +158,7 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask { //parse all OA parameters i authInitialisationParser.parse( moasession, target, - pendingReq.getOAURL(), + pendingReq.getSPEntityId(), bkuURL, templateURL, useMandate, diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java index 2fac58e44..d1d0ef086 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java @@ -7,11 +7,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; @@ -40,7 +41,7 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { // note: code taken from at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet @@ -49,13 +50,14 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask { try { //initialize task - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); //build authBlock String createXMLSignatureRequest = authServer .getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); //write response diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java index 805b1b8f1..4db814246 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java @@ -30,18 +30,21 @@ import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MISSimpleClientException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSessionId; import at.gv.egovernment.moa.id.util.client.mis.simple.MISSimpleClient; @@ -55,7 +58,9 @@ import at.gv.egovernment.moa.util.DOMUtils; @Component("PrepareGetMISMandateTask") public class PrepareGetMISMandateTask extends AbstractAuthServletTask { - /* (non-Javadoc) + @Autowired private AuthConfiguration moaAuthConfig; + + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -66,11 +71,11 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //mandate Mode try { //perform default task initialization - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); ConnectionParameterInterface connectionParameters = - authConfig.getOnlineMandatesConnectionParameter(pendingReq.getOnlineApplicationConfiguration()); - SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(authConfig, connectionParameters); + moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class)); + SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory(moaAuthConfig, connectionParameters); // get identitity link as byte[] Element elem = moasession.getIdentityLink().getSamlAssertion(); @@ -83,9 +88,9 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { String redirectURL = new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), GET_MIS_SESSIONID, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); List profiles = oaParam.getMandateProfiles(); if (profiles == null) { @@ -101,8 +106,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { //TODO: check in case of SSO!!! String targetType = oaParam.getAreaSpecificTargetIdentifier(); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_SERVICE_REQUESTED, mandateReferenceValue); MISSessionId misSessionID = MISSimpleClient.sendSessionIdRequest( connectionParameters.getUrl(), @@ -115,7 +119,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { targetType, authBlock, sslFactory, - authConfig); + moaAuthConfig); if (misSessionID == null) { Logger.error("Fehler bei Anfrage an Vollmachten Service. MIS Session ID ist null."); @@ -127,10 +131,10 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask { moasession.setMISSessionID(misSessionID.getSessiondId()); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT); response.setStatus(302); response.addHeader("Location", redirectMISGUI); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java index c16eec30c..3b70c55e9 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java @@ -13,13 +13,14 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -55,7 +56,7 @@ import at.gv.egovernment.moa.logging.Logger; * Code taken from {@link at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet}. * @see #execute(ExecutionContext, HttpServletRequest, HttpServletResponse) * - */ + */ @Component("VerifyAuthenticationBlockTask") public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { @@ -86,15 +87,15 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask { throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12"); //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //verify authBlock authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java index e7a66b5a9..5b207d33e 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java @@ -13,14 +13,15 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.CitizenCardServletUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.spss.util.CertificateUtils; @@ -56,7 +57,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { @@ -76,10 +77,9 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //read certificate from response X509Certificate cert = authServer.getCertificate(pendingReq, parameters); @@ -98,6 +98,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq); //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate"); @@ -113,8 +114,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { } // Foreign Identities Modus - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_FOREIGN_FOUND); String createXMLSignatureRequest = authServer.createXMLSignatureRequestForeignID(pendingReq, cert); @@ -123,7 +123,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask { new DataURLBuilder().buildDataURL( pendingReq.getAuthURL(), REQ_GET_FOREIGN_ID, - pendingReq.getRequestID()); + pendingReq.getPendingRequestId()); CitizenCardServletUtils.writeCreateXMLSignatureRequest(resp, createXMLSignatureRequest, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "GetForeignID", dataurl); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java index b9fed684c..99eba56c1 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java @@ -10,13 +10,14 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -48,7 +49,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { @Autowired @Qualifier("CitizenCardAuthenticationServer") private AuthenticationServer authServer; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest req, HttpServletResponse resp) throws TaskExecutionException { @@ -65,15 +66,15 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask { try { //execute default task initialization - defaultTaskInitialization(req, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), - pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost()); //verify identityLink boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null; //store pending request with new MOASession data information + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); //set 'identityLink exists' flag to context diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java index 21de37603..44c3992d0 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java @@ -56,7 +56,6 @@ import javax.xml.bind.DatatypeConverter; import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; @@ -65,6 +64,7 @@ import at.gv.egovernment.moa.id.auth.data.SAMLAttribute; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; @@ -138,7 +138,7 @@ public class CreateXMLSignatureResponseValidator { public void validate(CreateXMLSignatureResponse createXMLSignatureResponse, IAuthenticationSession session, IRequest pendingReq) throws ValidateException, BuildException, ConfigurationException { // A3.056: more then one /saml:Assertion/saml:AttributeStatement/saml:Subject/saml:NameIdentifier - IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); String oaURL = oaParam.getPublicURLPrefix(); IIdentityLink identityLink = session.getIdentityLink(); @@ -663,11 +663,11 @@ public class CreateXMLSignatureResponseValidator { } catch (Exception e) { SpecificTraceLogger.trace("Validate AuthBlock with SSO"); SpecificTraceLogger.trace("Signed AuthBlock: " + session.getAuthBlock()); - SpecificTraceLogger.trace("OA config: " + pendingReq.getOnlineApplicationConfiguration().toString()); + SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration().toString()); throw e; } - + } public void validateSigningDateTime( CreateXMLSignatureResponse csresp) throws ValidateException { diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index f9a432a9f..17a3fe7ab 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -54,10 +54,10 @@ import java.util.Iterator; import java.util.List; import java.util.Set; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; @@ -113,7 +113,7 @@ public class VerifyXMLSignatureResponseValidator { public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, List identityLinkSignersSubjectDNNames, String whatToCheck, - IOAAuthParameters oaParam) + IOAAuthParameters oaParam) throws ValidateException, ConfigurationException { if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java index 3eb1114ea..01e349d0f 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/util/CitizenCardServletUtils.java @@ -70,7 +70,7 @@ import at.gv.egovernment.moa.logging.Logger; */ public class CitizenCardServletUtils extends ServletUtils{ - /** + /** * Writes out whether the CreateXMLSignatureRequest or a Redirect for form input processing * depending on the requests starting text. * @@ -89,7 +89,7 @@ public class CitizenCardServletUtils extends ServletUtils{ if (!createXMLSignatureRequestOrRedirect.startsWith("Redirect")) { resp.setStatus(307); String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getRequestID()); + pendingReq.getAuthURL(), MOAIDAuthConstants.REQ_VERIFY_AUTH_BLOCK, pendingReq.getPendingRequestId()); resp.addHeader("Location", dataURL); //TODO test impact of explicit setting charset with older versions of BKUs (HotSign) @@ -101,7 +101,7 @@ public class CitizenCardServletUtils extends ServletUtils{ Logger.debug("Finished POST " + servletName); } else { - String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getRequestID()); + String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), servletGoal, pendingReq.getPendingRequestId()); resp.setContentType("text/html"); resp.setStatus(302); resp.addHeader("Location", redirectURL); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java index 78793d3fc..d743b57e3 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/config/MOAeIDASSAMLEngineConfigurationImpl.java @@ -131,7 +131,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends private Properties loadConfigurationFromExternalFile(String key) throws ConfigurationException { String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(key); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(key); if (MiscUtil.isEmpty(configFile)) { Logger.warn("No eIDAS SAML-engine configuration key: " + key + " found in MOA-ID properties configuration file."); @@ -150,7 +150,7 @@ public class MOAeIDASSAMLEngineConfigurationImpl extends Properties inputProps = loadConfigurationFromExternalFile(configKey); String configFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration(configKey); + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration(configKey); PropsParameter outputProps = new PropsParameter(); outputProps.setFileName(configFile); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java index 90dbb7342..ec042949a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/eIDASAuthenticationModulImpl.java @@ -24,8 +24,8 @@ package at.gv.egovernment.moa.id.auth.modules.eidas; import org.apache.commons.lang3.StringUtils; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -37,7 +37,7 @@ public class eIDASAuthenticationModulImpl implements AuthModule { @Override public int getPriority() { - return priority; + return priority; } /** diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java index a2ec47a45..94cd04ca7 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/engine/MOAeIDASChainingMetadataProvider.java @@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.auth.IDestroyableObject; import at.gv.egovernment.moa.id.auth.IGarbageCollectorProcessing; import at.gv.egovernment.moa.id.auth.IPostStartupInitializable; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.IMOARefreshableMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.SimpleMOAMetadataProvider; import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter; @@ -71,11 +72,17 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider */ @Override public void executeAfterStartup() { - initializeEidasMetadataFromFileSystem(); + try { + initializeEidasMetadataFromFileSystem(); + + } catch (ConfigurationException e) { + Logger.error("Post start-up initialization of eIDAS Metadata-Provider FAILED.", e); + + } } - protected void initializeEidasMetadataFromFileSystem() { + protected void initializeEidasMetadataFromFileSystem() throws ConfigurationException { Map metadataToLoad = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONIG_PROPS_EIDAS_METADATA_URLS_LIST_PREFIX); if (!metadataToLoad.isEmpty()) { Logger.info("Load static configurated eIDAS metadata ... "); @@ -229,7 +236,7 @@ public class MOAeIDASChainingMetadataProvider extends SimpleMOAMetadataProvider //add Metadata filters MetadataFilterChain filter = new MetadataFilterChain(); filter.addFilter(new MOASPMetadataSignatureFilter( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_METADATA_VALIDATION_TRUSTSTORE))); return createNewMoaMetadataProvider(metadataURL, filter, "eIDAS metadata-provider", diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java index 4045e1ad6..45033562f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java @@ -24,27 +24,31 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks; import java.io.InputStream; import java.text.SimpleDateFormat; +import java.util.Date; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.w3c.dom.Element; import org.w3c.dom.Node; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.IdentityLinkReSigner; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.DOMUtils; @@ -58,18 +62,18 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; @Component("CreateIdentityLinkTask") public class CreateIdentityLinkTask extends AbstractAuthServletTask { + @Autowired private AuthConfiguration moaAuthConfig; + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ - defaultTaskInitialization(request, executionContext); - + try{ //get eIDAS attributes from MOA-Session - ImmutableAttributeMap eIDASAttributes = moasession.getGenericDataFromSession( + ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, ImmutableAttributeMap.class); @@ -138,7 +142,7 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { //resign IDL IdentityLinkReSigner identitylinkresigner = IdentityLinkReSigner.getInstance(); - Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), authConfig.getStorkFakeIdLResigningKey()); + Element resignedilAssertion = identitylinkresigner.resignIdentityLink(identityLink.getSamlAssertion(), moaAuthConfig.getStorkFakeIdLResigningKey()); identityLink = new IdentityLinkAssertionParser(resignedilAssertion).parseIdentityLink(); } else { @@ -156,10 +160,13 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask { throw new MOAIDException("stork.10", null); } - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED); + AuthenticationSession moasession = new AuthenticationSession("1234", new Date()); moasession.setForeigner(true); moasession.setIdentityLink(identityLink); moasession.setBkuURL("Not applicable (eIDASAuthentication)"); + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); + //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java index 4ad5194a9..a87d971d8 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/GenerateAuthnRequestTask.java @@ -44,8 +44,8 @@ import org.springframework.util.StringUtils; import com.google.common.net.MediaType; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -56,10 +56,11 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -87,14 +88,14 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try{ //get service-provider configuration - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters oaConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); // get target and validate citizen countryCode String citizenCountryCode = (String) executionContext.get(MOAIDAuthConstants.PARAM_CCC); @@ -104,7 +105,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { throw new AuthenticationException("eIDAS.03", new Object[] { "" }); } - CPEPS cpeps = authConfig.getStorkConfig().getCPEPSWithFullName(citizenCountryCode); + CPEPS cpeps = ((AuthConfiguration)authConfig).getStorkConfig().getCPEPSWithFullName(citizenCountryCode); if(null == cpeps) { Logger.error("PEPS unknown for country: " + citizenCountryCode); throw new AuthenticationException("eIDAS.04", new Object[] {citizenCountryCode}); @@ -161,7 +162,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } //TODO: switch to entityID - revisionsLogger.logEvent(oaConfig, pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_SELECTED, metadataUrl); @@ -181,7 +182,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { } else { boolean globallyMandatory = false; - for (StorkAttribute currentGlobalAttribute : authConfig.getStorkConfig().getStorkAttributes()) + for (StorkAttribute currentGlobalAttribute : ((AuthConfiguration)authConfig).getStorkConfig().getStorkAttributes()) if (current.getName().equals(currentGlobalAttribute.getName())) { globallyMandatory = BooleanUtils.isTrue(currentGlobalAttribute.getMandatory()); break; @@ -195,7 +196,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //request if (reqAttrList.isEmpty()) { - Logger.info("No attributes requested by OA:" + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + Logger.info("No attributes requested by OA:" + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() + " --> Request attr:" + Constants.eIDAS_ATTR_PERSONALIDENTIFIER + " by default"); AttributeDefinition newAttribute = SAMLEngineUtils.getMapOfAllAvailableAttributes().get(Constants.eIDAS_ATTR_PERSONALIDENTIFIER); Builder attrBuilder = AttributeDefinition.builder(newAttribute).required(true); @@ -235,7 +236,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { //set service provider (eIDAS node) countryCode authnRequestBuilder.serviceProviderCountryCode( - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT")); //set citizen country code for foreign uses authnRequestBuilder.citizenCountryCode(cpeps.getCountryCode()); @@ -302,7 +303,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { String actionType = "SAMLRequest"; context.put(actionType, SAMLRequest); - context.put("RelayState", pendingReq.getRequestID()); + context.put("RelayState", pendingReq.getPendingRequestId()); context.put("action", authnReqEndpoint.getLocation()); Logger.debug("Using SingleSignOnService url as action: " + authnReqEndpoint.getLocation()); @@ -323,7 +324,7 @@ public class GenerateAuthnRequestTask extends AbstractAuthServletTask { response.setContentLength(content.length); response.getOutputStream().write(content); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_REQUESTED, authnRequest.getRequest().getId()); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java index 5f6f01f01..55416e92b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java @@ -7,6 +7,7 @@ import org.opensaml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -16,9 +17,9 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASResponseNotSuccessException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; +import at.gv.egovernment.moa.id.commons.api.data.AuthProzessDataConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.eidas.validator.eIDASResponseValidator; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.logging.Logger; @@ -36,7 +37,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - try{ + try{ //get SAML Response String base64SamlToken = request.getParameter("SAMLResponse"); if (MiscUtil.isEmpty(base64SamlToken)) { @@ -46,7 +47,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //get MOASession - defaultTaskInitialization(request, executionContext); + //defaultTaskInitialization(request, executionContext); //decode SAML response byte[] decSamlToken = EidasStringUtil.decodeBytesFromBase64(base64SamlToken); @@ -79,7 +80,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { // ********************************************************** // ******* MOA-ID specific response validation ********** // ********************************************************** - String spCountry = authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); + String spCountry = authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, "AT"); eIDASResponseValidator.validateResponse(pendingReq, samlResp, spCountry); @@ -90,23 +91,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //update MOA-Session data with received information Logger.debug("Store eIDAS response information into MOA-session."); - moasession.setQAALevel(samlResp.getLevelOfAssurance()); - - moasession.setGenericDataToSession( + pendingReq.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance()); + + pendingReq.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, samlResp.getAttributes()); - moasession.setGenericDataToSession( + pendingReq.setGenericDataToSession( AuthenticationSessionStorageConstants.eIDAS_RESPONSE, decSamlToken); //set issuer nation as PVP attribute into MOASession - moasession.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); + pendingReq.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry()); //store MOA-session to database requestStoreage.storePendingRequest(pendingReq); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED, samlResp.getId()); @@ -116,20 +117,20 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { }catch (EIDASSAMLEngineException e) { Logger.warn("eIDAS Response validation FAILED.", e); Logger.debug("eIDAS response was: " + request.getParameter("SAMLResponse")); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new EIDASEngineException("eIDAS.09", new Object[]{e.getMessage()}, e)); } catch (MOADatabaseException e) { - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, "eIDAS Response processing FAILED.", new MOAIDException("init.04", new Object[]{""}, e)); } catch (Exception e) { Logger.warn("eIDAS Response processing FAILED.", e); - revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), pendingReq, + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_RECEIVED_ERROR); throw new TaskExecutionException(pendingReq, e.getMessage(), new MOAIDException("eIDAS.10", new Object[]{e.getMessage()}, e)); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java index 02a5df098..8e840e2c1 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SAMLEngineUtils.java @@ -82,7 +82,7 @@ public class SAMLEngineUtils { //load additional eIDAS attribute definitions String additionalAttributeConfigFile = - AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfiguration( + AuthConfigurationProviderFactory.getInstance().getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_SAMLENGINE_ATTIONAL_ATTRIBUTE_DEFINITIONS); AttributeRegistry addAttrDefinitions = AttributeRegistries.empty(); if (MiscUtil.isNotEmpty(additionalAttributeConfigFile)) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java index d43fa1622..e3b58d259 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/SimpleEidasAttributeGenerator.java @@ -22,7 +22,7 @@ */ package at.gv.egovernment.moa.id.auth.modules.eidas.utils; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; /** * @author tlenz @@ -37,7 +37,7 @@ public class SimpleEidasAttributeGenerator implements IAttributeGenerator generator = new SimpleEidasAttributeGenerator(); - + private static List listOfSupportedeIDASAttributes; private static ServiceLoader eIDASAttributLoader = ServiceLoader.load(IeIDASAttribute.class); @@ -99,7 +100,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { * @param authData Authentication data that contains user information for attribute generation * @return eIDAS attribute response {@link Pair} or null if the attribute generation FAILES */ - public static Pair,ImmutableSet>> buildAttribute(AttributeDefinition attr, IOAAuthParameters onlineApplicationConfiguration, + public static Pair,ImmutableSet>> buildAttribute(AttributeDefinition attr, ISPConfiguration onlineApplicationConfiguration, IAuthData authData) { String attrName = attr.getNameUri().toString(); @@ -110,11 +111,15 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { if (attrBuilder != null) { try { String attrValue = attrBuilder.build(onlineApplicationConfiguration, authData, generator); + boolean isMandatesUsed = false; + if (authData instanceof IMOAAuthData) + isMandatesUsed = ((IMOAAuthData)authData).isUseMandate(); + if (MiscUtil.isNotEmpty(attrValue)) { //set uniqueIdentifier attribute, because eIDAS SAMLEngine use this flag to select the // Subject->NameID value from this attribute Builder eIDASAttrBuilder = AttributeDefinition.builder(attr); - eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, authData.isUseMandate())); + eIDASAttrBuilder.uniqueIdentifier(evaluateUniqueID(attrName, isMandatesUsed)); AttributeDefinition returnAttr = eIDASAttrBuilder.build(); //unmarshal attribute value into eIDAS attribute @@ -135,7 +140,7 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder { } - } catch (AttributeException e) { + } catch (AttributeBuilderException e) { Logger.debug("Attribute can not generate requested attribute:" + attr.getNameUri().toString() + " Reason:" + e.getMessage()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java index 7d25af05a..a9a3ef01f 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASData.java @@ -1,8 +1,5 @@ package at.gv.egovernment.moa.id.protocols.eidas; -import java.util.Collection; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; @@ -30,13 +27,7 @@ public class EIDASData extends RequestImpl { private String remoteIPAddress; private String remoteRelayState; - - @Override - public Collection getRequestedAttributes(MetadataProvider metadataProvider) { - // TODO Auto-generated method stub - return null; - } - + /** * Gets the eidas requested attributes. * diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java index 8ed9e1f2e..ce5f4dc6b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java @@ -45,8 +45,9 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; @@ -59,7 +60,6 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASException; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.MOAIDConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -81,9 +81,11 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; * * @author tlenz */ -@Controller +@Controller public class EIDASProtocol extends AbstractAuthProtocolModulController implements IModulInfo { + public static final String eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE = "eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE"; + public static final String NAME = EIDASProtocol.class.getName(); public static final String PATH = "eidas"; @@ -109,11 +111,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement //eIDAS metadata end-point @RequestMapping(value = "/eidas/metadata", method = {RequestMethod.GET}) - public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException { + public void eIDASMetadataRequest(HttpServletRequest req, HttpServletResponse resp) throws EAAFException { //create pendingRequest object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); pendingReq.setNeedAuthentication(false); pendingReq.setAuthenticated(false); @@ -138,11 +140,11 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement //PVP2.x IDP POST-Binding end-point @RequestMapping(value = "/eidas/ColleagueRequest", method = {RequestMethod.POST}) - public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { + public void PVPIDPPostRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { //create pending-request object EIDASData pendingReq = applicationContext.getBean(EIDASData.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -192,7 +194,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement ProtocolEngineI engine = SAMLEngineUtils.createSAMLEngine(eIDASMetadataProvider); String cititzenCountryCode = - authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, + authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRYCODE, MOAIDAuthConstants.COUNTRYCODE_AUSTRIA); @@ -222,7 +224,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement } //check eIDAS node configuration - IOAAuthParameters oaConfig = authConfig.getOnlineApplicationParameter(samlReq.getIssuer()); + ISPConfiguration oaConfig = authConfig.getServiceProviderConfiguration(samlReq.getIssuer()); if (oaConfig == null) throw new EIDASAuthnRequestProcessingException("eIDAS.08", new Object[]{samlReq.getIssuer()}); @@ -347,7 +349,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement pendingReq.setRemoteRelayState(relayState); //store level of assurance - pendingReq.setGenericDataToSession(RequestImpl.eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, + pendingReq.setGenericDataToSession(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, eIDASSamlReq.getEidasLevelOfAssurance().stringValue()); //set flag if transiend identifier is requested @@ -364,7 +366,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement pendingReq.setEidasRequest(eIDASSamlReq); // - memorize OA url - pendingReq.setOAURL(samlReq.getIssuer()); + pendingReq.setSPEntityId(samlReq.getIssuer()); // - memorize OA config pendingReq.setOnlineApplicationConfiguration(oaConfig); @@ -487,7 +489,7 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement private boolean iseIDASTargetAValidOrganisation(String reqCC, String bPKTargetArea) { if (MiscUtil.isNotEmpty(reqCC)) { List allowedOrganisations = KeyValueUtils.getListOfCSVValues( - authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); + authConfig.getBasicConfiguration(Constants.CONFIG_PROPS_EIDAS_BPK_TARGET_PREFIX + reqCC.toLowerCase())); if (allowedOrganisations.contains(bPKTargetArea)) { Logger.debug(bPKTargetArea + " is a valid OrganisationIdentifier for request-country: "+ reqCC); return true; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java index 5df905d31..bbd132a3b 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EidasMetaDataRequest.java @@ -28,10 +28,10 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.MediaType; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IAction; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException; @@ -56,7 +56,7 @@ import eu.eidas.engine.exceptions.EIDASSAMLEngineException; */ @Service("EidasMetaDataRequest") public class EidasMetaDataRequest implements IAction { - + @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @Autowired(required=true) AuthConfiguration authConfig; @@ -136,7 +136,7 @@ public class EidasMetaDataRequest implements IAction { metadataConfigBuilder.authnRequestsSigned(true); metadataConfigBuilder.wantAssertionsSigned(true); metadataConfigBuilder.assuranceLevel( - authConfig.getBasicMOAIDConfiguration( + authConfig.getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_NODE_LoA, MOAIDAuthConstants.eIDAS_LOA_HIGH)); @@ -172,7 +172,7 @@ public class EidasMetaDataRequest implements IAction { if (pvpOrganisation != null) { eu.eidas.auth.engine.metadata.OrganizationData.Builder organizationConfig = OrganizationData.builder(); organizationConfig.url(pvpOrganisation.getURLs().get(0).getURL().getLocalString()); - organizationConfig.name(authConfig.getBasicMOAIDConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); + organizationConfig.name(authConfig.getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_NODE_COUNTRY, "Austria")); //TODO: add display name and maybe update name diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java index 15060fb52..84b68f91a 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/IeIDASAttribute.java @@ -22,12 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; /** * @author tlenz * */ -public interface IeIDASAttribute extends IAttributeBuilder{ +public interface IeIDASAttribute extends IAttributeBuilder{ } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java index 64e5ae770..1f00af765 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java @@ -22,14 +22,14 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egovernment.moa.id.protocols.builder.attributes.BirthdateAttributeBuilder; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilder; /** * @author tlenz * */ public class eIDASAttrDateOfBirth extends BirthdateAttributeBuilder implements IeIDASAttribute { - + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.DATE_OF_BIRTH.getNameUri().toString(); diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java index 6fde4696a..50b270765 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java @@ -22,10 +22,10 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz @@ -36,7 +36,7 @@ public class eIDASAttrFamilyName implements IeIDASAttribute{ /* (non-Javadoc) * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#getName() */ - @Override + @Override public String getName() { return eu.eidas.auth.engine.core.eidas.spec.NaturalPersonSpec.Definitions.CURRENT_FAMILY_NAME.getNameUri().toString(); } @@ -45,8 +45,8 @@ public class eIDASAttrFamilyName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator g) - throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getFamilyName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java index 812e9f83a..3b83a9793 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java @@ -22,10 +22,10 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; /** * @author tlenz @@ -45,8 +45,8 @@ public class eIDASAttrGivenName implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator g) - throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { return g.buildStringAttribute(null, getName(), authData.getGivenName()); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java index 028be9096..7f18c21cb 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -38,24 +39,26 @@ import at.gv.egovernment.moa.util.MiscUtil; public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - if(authData.isUseMandate()) { + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java index f36f9298c..14b1d06b6 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java @@ -24,14 +24,14 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -54,8 +54,8 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator g) - throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { String personalID = authData.getBPK(); //generate eIDAS conform 'PersonalIdentifier' attribute @@ -64,7 +64,7 @@ public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{ if (MiscUtil.isEmpty(authData.getBPKType()) || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java index 692896842..6c65872e4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java @@ -22,11 +22,12 @@ */ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonSourcePinAttributeBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -37,24 +38,27 @@ import at.gv.egovernment.moa.util.MiscUtil; public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute { @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, - IAttributeGenerator g) throws AttributeException { - if(authData.isUseMandate()) { - - //extract eIDAS unique Id prefix from naturalPerson bPK identifier - if (MiscUtil.isEmpty(authData.getBPKType()) - || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { - Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + + if (authData instanceof IMOAAuthData) { + if(((IMOAAuthData)authData).isUseMandate()) { + + //extract eIDAS unique Id prefix from naturalPerson bPK identifier + if (MiscUtil.isEmpty(authData.getBPKType()) + || !authData.getBPKType().startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { + Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); + + } + + //add eIDAS eID prefix to legal person identifier + String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); + String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(((IMOAAuthData)authData)); + return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, + MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - } - - //add eIDAS eID prefix to legal person identifier - String prefix = authData.getBPKType().substring(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS.length() + 1); - String legalPersonID = prefix.replaceAll("\\+", "/") + "/" + getLegalPersonIdentifierFromMandate(authData); - return g.buildStringAttribute(MANDATE_LEG_PER_SOURCE_PIN_FRIENDLY_NAME, - MANDATE_LEG_PER_SOURCE_PIN_NAME, legalPersonID); - + } } return null; diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java index 98915a562..6c3bfc569 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java @@ -24,16 +24,16 @@ package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder; import java.security.MessageDigest; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.Trible; -import at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator; import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPersonBPKAttributeBuilder; import at.gv.egovernment.moa.id.protocols.eidas.EIDASData; -import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.MiscUtil; @@ -56,8 +56,8 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat * @see at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeBuilder#build(at.gv.egovernment.moa.id.commons.api.IOAAuthParameters, at.gv.egovernment.moa.id.data.IAuthData, at.gv.egovernment.moa.id.protocols.builder.attributes.IAttributeGenerator) */ @Override - public ATT build(IOAAuthParameters oaParam, IAuthData authData, IAttributeGenerator g) - throws AttributeException { + public ATT build(ISPConfiguration oaParam, IAuthData authData, IAttributeGenerator g) + throws AttributeBuilderException { try { Pair calcResult = internalBPKGenerator(oaParam, authData); @@ -71,7 +71,7 @@ public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNat if (MiscUtil.isEmpty(type) || !type.startsWith(at.gv.egovernment.moa.util.Constants.URN_PREFIX_EIDAS)) { Logger.error("BPKType is empty or does not start with eIDAS bPKType prefix! bPKType:" + authData.getBPKType()); - throw new AttributeException("Suspect bPKType for eIDAS identifier generation"); + throw new AttributeBuilderException("Suspect bPKType for eIDAS identifier generation"); } diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java index 509d4b71a..82d0facd4 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/eIDASAuthenticationRequest.java @@ -36,10 +36,10 @@ import org.springframework.stereotype.Service; import com.google.common.collect.ImmutableSet; -import at.gv.egiz.eaaf.core.api.IAction; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; @@ -47,6 +47,7 @@ import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetada import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeBuilder; import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.data.SLOInformationImpl; import at.gv.egovernment.moa.logging.Logger; @@ -71,7 +72,7 @@ import eu.eidas.auth.engine.xml.opensaml.SAMLEngineUtils; */ @Service("eIDASAuthenticationRequest") -public class eIDASAuthenticationRequest implements IAction { +public class eIDASAuthenticationRequest implements IAction { @Autowired protected IRevisionLogger revisionsLogger; @Autowired(required=true) MOAeIDASChainingMetadataProvider eIDASMetadataProvider; @@ -93,7 +94,8 @@ public class eIDASAuthenticationRequest implements IAction { ImmutableAttributeMap reqAttributeList = (ImmutableAttributeMap) eidasRequest.getEidasRequestedAttributes(); //add mandate attr. to requested attributes of eMandates are used an no mandate attr. are requested - if (authData.isUseMandate()) { + if (authData instanceof IMOAAuthData + && ((IMOAAuthData)authData).isUseMandate()) { Logger.trace("eMandates are used. Starting eIDAS requsted attr. update process ...."); Builder reqAttrWithMandates = ImmutableAttributeMap.builder(reqAttributeList); @@ -154,7 +156,7 @@ public class eIDASAuthenticationRequest implements IAction { //add attributes responseBuilder.attributes(eIDASAttrbutMap); - //set success statuscode + //set success statuscode responseBuilder.statusCode(StatusCode.SUCCESS_URI); //build response @@ -246,7 +248,7 @@ public class eIDASAuthenticationRequest implements IAction { private void buildAndAddAttribute(ImmutableAttributeMap.Builder attrMapBuilder, AttributeDefinition attr, IRequest req, IAuthData authData) throws MOAIDException { Pair, ImmutableSet>> eIDASAttr = eIDASAttributeBuilder.buildAttribute( - attr, req.getOnlineApplicationConfiguration(), authData); + attr, req.getServiceProviderConfiguration(), authData); if(eIDASAttr == null) { if (attr.isRequired()) { diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java index 48b438b09..24d24db2c 100644 --- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java +++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/validator/eIDASResponseValidator.java @@ -26,6 +26,7 @@ import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egovernment.moa.id.auth.modules.eidas.Constants; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils; import at.gv.egovernment.moa.id.auth.modules.eidas.utils.eIDASAttributeProcessingUtils; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.data.Trible; import at.gv.egovernment.moa.logging.Logger; @@ -46,7 +47,7 @@ public class eIDASResponseValidator { * validate received LoA against minimum required LoA | *_____________________________________________________| */ - LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getOnlineApplicationConfiguration().getQaaLevel()); + LevelOfAssurance reqLoA = LevelOfAssurance.fromString(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getQaaLevel()); LevelOfAssurance respLoA = LevelOfAssurance.fromString(samlResp.getLevelOfAssurance()); if (respLoA.numericValue() < reqLoA.numericValue()) { Logger.error("eIDAS Response LevelOfAssurance is lower than the required! " diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java index f14ffb111..0d460f293 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/ELGAMandatesAuthModuleImpl.java @@ -25,10 +25,10 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates; import org.springframework.beans.factory.annotation.Autowired; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -40,14 +40,14 @@ import at.gv.egovernment.moa.util.MiscUtil; public class ELGAMandatesAuthModuleImpl extends DefaultCitizenCardAuthModuleImpl { @Autowired private AuthConfiguration authConfig; - + private int priority = 0; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() */ @Override - public int getPriority() { + public int getPriority() { return priority; } diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java index 7a8c0c9e0..5c1f8e7bb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/EvaluateMandateServiceTask.java @@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringEscapeUtils; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; @@ -35,7 +36,6 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConsta import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -50,7 +50,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { try { @@ -68,7 +68,7 @@ public class EvaluateMandateServiceTask extends AbstractAuthServletTask { if (useELGA) { //validate service-provider again if (!ELGAMandateUtils.checkServiceProviderAgainstELGAModulConfigration(authConfig, pendingReq)) { - Logger.info("Service-Provider: " + pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix() + Logger.info("Service-Provider: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier() + " does not fulfill requirements to use ELGA-MandateService."); throw new MOAIDException("service.10", new Object[]{ ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING, diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java index 015a40507..12f2bde60 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java @@ -37,6 +37,7 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -45,7 +46,6 @@ import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; @@ -78,7 +78,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { InboundMessage msg = null; @@ -113,7 +113,8 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { if (MiscUtil.isEmpty(msg.getEntityID())) { throw new InvalidProtocolRequestException("sp.pvp2.04", - new Object[] {ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING}); + new Object[] {ELGAMandatesAuthConstants.MODULE_NAME_FOR_LOGGING}, + "No service-provider with EntityId: " + msg.getEntityID() + " in configuration"); } @@ -144,12 +145,6 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { } - - - //load MOASession object - defaultTaskInitialization(request, executionContext); - - /** * Mandate Reference-Value is generated from ELGA MandateServie --> * MOA-ID generated reference value is not equal to reference-value from ELGA MandateService @@ -169,7 +164,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { Set includedAttrNames = extractor.getAllIncludeAttributeNames(); for (String el : includedAttrNames) { - moasession.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); + pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el)); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } @@ -186,11 +181,13 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask { extractor.getSingleAttributeValue(PVPConstants.MANDATE_TYPE_NAME)); revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_TYPE, MOAReversionLogger.NAT_PERSON); - revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, - revisionsLogger.buildPersonInformationHash( - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), - extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME))); + + //TODO!!!! +// revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.PERSONAL_INFORMATION_MANDATE_MANDATOR_HASH, +// revisionsLogger.buildPersonInformationHash( +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_GIVEN_NAME_NAME), +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_FAMILY_NAME_NAME), +// extractor.getSingleAttributeValue(PVPConstants.MANDATE_NAT_PER_BIRTHDATE_NAME))); Logger.info("Receive a valid assertion from ELGA mandate-service " + msg.getEntityID()); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java index 6eff5e574..625623f4a 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RedirectToMandateSelectionTask.java @@ -29,12 +29,12 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils; import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.logging.Logger; public class RedirectToMandateSelectionTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java index abe23f0a4..70dc87df9 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java @@ -35,11 +35,13 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.auth.modules.elgamandates.config.ELGAMandatesRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.elgamandates.exceptions.ELGAMetadataException; @@ -49,7 +51,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.data.Pair; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.logging.Logger; @@ -67,7 +68,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { @Autowired ELGAMandatesCredentialProvider credential; @Autowired AuthConfiguration authConfig; @Autowired ELGAMandateServiceMetadataProvider metadataService; - + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @@ -76,7 +77,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ // get IDP entityID from Online Application configuration - String elgaMandateServiceEntityID = pendingReq.getOnlineApplicationConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); + String elgaMandateServiceEntityID = pendingReq.getServiceProviderConfiguration().getConfigurationValue(ELGAMandatesAuthConstants.CONFIG_PROPS_ENTITYID); // use first ELGA Mandate-Service from general MOA-ID configuration, of no OA specific exists if (MiscUtil.isEmpty(elgaMandateServiceEntityID)) { @@ -100,7 +101,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { } //load metadata with metadataURL, as backup - String metadataURL = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL); + String metadataURL = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATAURL); if (MiscUtil.isNotEmpty(metadataURL)) { Logger.warn("Use not recommended metadata-provider initialization!" + " SAML2 'Well-Known-Location' is the preferred methode."); @@ -113,7 +114,8 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID); //load MOASession from database - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); + //setup AuthnRequestBuilder configuration ELGAMandatesRequestBuilderConfiguration authnReqConfig = new ELGAMandatesRequestBuilderConfiguration(); @@ -125,7 +127,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask { //set bPK of representative String representativeBPK = null; - String configTarget = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET); + String configTarget = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_SUBJECTNAMEID_TARGET); if (MiscUtil.isEmpty(configTarget)) { Logger.warn("Connect ELGA Mandate-Service FAILED -> No bPK-Type for SubjectNameID found."); throw new MOAIDException("service.10", diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java index 978f9db9d..854f9d2bb 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/SelectMandateServiceTask.java @@ -30,6 +30,7 @@ import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.gui.IGUIBuilderConfiguration; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; @@ -39,7 +40,6 @@ import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateUtils import at.gv.egovernment.moa.id.auth.servlet.GeneralProcessEngineSignalController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; /** @@ -51,7 +51,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { @Autowired IGUIFormBuilder guiBuilder; - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -67,7 +67,7 @@ public class SelectMandateServiceTask extends AbstractAuthServletTask { ELGAMandatesAuthConstants.TEMPLATE_MANDATE_SERVICE_SELECTION, MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL, GeneralProcessEngineSignalController.ENDPOINT_GENERIC, - authConfig.getRootConfigFileDir()); + authConfig.getConfigurationRootDirectory().toURL().toString()); guiBuilder.build(response, config, "Mandate-Service selection"); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java index adc2a310b..07f618c10 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateServiceMetadataProvider.java @@ -238,7 +238,7 @@ public class ELGAMandateServiceMetadataProvider extends SimpleMOAMetadataProvide //Metadata provider seems not loaded --> Add new metadata provider Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ELGA Mandate-Service"); - String trustProfileID = authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); + String trustProfileID = authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_METADATA_TRUSTPROFILE); if (MiscUtil.isEmpty(trustProfileID)) { Logger.error("Create ELGA Mandate-Service Client FAILED: No trustProfileID to verify PVP metadata." ); throw new MetadataProviderException("No trustProfileID to verify PVP metadata."); diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java index 90eb7b0fb..6fa9c5a77 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandateUtils.java @@ -25,9 +25,10 @@ package at.gv.egovernment.moa.id.auth.modules.elgamandates.utils; import java.util.List; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; /** * @author tlenz @@ -39,11 +40,11 @@ public class ELGAMandateUtils { * * @return true, if ELGA mandateservice is allowed, otherwise false */ - public static boolean checkServiceProviderAgainstELGAModulConfigration(AuthConfiguration authConfig, IRequest pendingReq) { + public static boolean checkServiceProviderAgainstELGAModulConfigration(IConfiguration authConfig, IRequest pendingReq) { String allowedMandateTypesCSV = - authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); + authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_ALLOWED_MANDATE_TYPES); List allowedMandateTypes = KeyValueUtils.getListOfCSVValues(allowedMandateTypesCSV); - List spMandateProfiles = pendingReq.getOnlineApplicationConfiguration().getMandateProfiles(); + List spMandateProfiles = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).getMandateProfiles(); boolean isELGAMandateServiceAllowed = false; if (spMandateProfiles != null) { diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java index f5bcdb70b..c8fe55e51 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/utils/ELGAMandatesCredentialProvider.java @@ -27,6 +27,7 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; import at.gv.egovernment.moa.util.FileUtils; @@ -43,9 +44,9 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTORE), authConfig.getRootConfigFileDir()); } @@ -54,7 +55,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + return authConfig.getBasicConfiguration(ELGAMandatesAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); } @@ -63,7 +64,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getMetadataKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); } @@ -72,7 +73,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getMetadataKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); } @@ -81,7 +82,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getSignatureKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); } @@ -90,7 +91,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getSignatureKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); } @@ -99,7 +100,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); } @@ -108,7 +109,7 @@ public class ELGAMandatesCredentialProvider extends AbstractCredentialProvider { */ @Override public String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( ELGAMandatesAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java index 46381fb3d..d97c8f7cf 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/attributes/OAuth20AttributeBuilder.java @@ -42,7 +42,6 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSectorForIDAttributeB import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePIN; import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.EIDSourcePINType; import at.gv.egovernment.moa.id.auth.stork.STORKConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDAuthBlock; import at.gv.egovernment.moa.id.protocols.builder.attributes.EIDCcsURL; @@ -230,33 +229,33 @@ public final class OAuth20AttributeBuilder { } public static void addScopeOpenId(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData, + final ISPConfiguration oaParam, final IAuthData authData, final OAuth20AuthRequest oAuthRequest) { addAttibutes(buildersOpenId, jsonObject, oaParam, authData, oAuthRequest); } public static void addScopeProfile(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersProfile, jsonObject, oaParam, authData, null); } public static void addScopeEID(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEID, jsonObject, oaParam, authData, null); } public static void addScopeEIDGov(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersEIDGov, jsonObject, oaParam, authData, null); } public static void addScopeMandate(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersMandate, jsonObject, oaParam, authData, null); } public static void addScopeSTORK(final JsonObject jsonObject, - final IOAAuthParameters oaParam, final IAuthData authData) { + final ISPConfiguration oaParam, final IAuthData authData) { addAttibutes(buildersSTORK, jsonObject, oaParam, authData, null); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java index 0189bc97d..5d461afc8 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthAction.java @@ -33,11 +33,11 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IAction; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egiz.eaaf.core.impl.utils.Random; @@ -67,7 +67,7 @@ class OAuth20AuthAction implements IAction { IAuthData authData) throws MOAIDException { OAuth20AuthRequest oAuthRequest = (OAuth20AuthRequest) req; - String responseType = oAuthRequest.getResponseType(); + String responseType = oAuthRequest.getResponseType(); revisionsLogger.logEvent(req, MOAIDEventConstants.AUTHPROTOCOL_OPENIDCONNECT_AUTHREQUEST); @@ -111,7 +111,7 @@ class OAuth20AuthAction implements IAction { //TODO: maybe add bPK / wbPK to SLO information - SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getOnlineApplicationConfiguration().getPublicURLPrefix(), accessToken, null, null, req.requestedModule()); + SLOInformationInterface sloInformation = new SLOInformationImpl(req.getAuthURL(), req.getServiceProviderConfiguration().getUniqueIdentifier(), accessToken, null, null, req.requestedModule()); return sloInformation; } @@ -156,9 +156,9 @@ class OAuth20AuthAction implements IAction { private Pair buildIdToken(String scope, OAuth20AuthRequest oAuthRequest, IAuthData authData) throws MOAIDException, SignatureException { - IOAAuthParameters oaParam = oAuthRequest.getOnlineApplicationConfiguration(); + ISPConfiguration oaParam = oAuthRequest.getServiceProviderConfiguration(); - OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getIssuer()); + OAuthSigner signer = OAuth20SignatureUtil.loadSigner(authData.getAuthenticationIssuer()); OAuthJsonToken token = new OAuthJsonToken(signer); StringBuilder resultScopes = new StringBuilder(); diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java index 1528cfb28..40701d91d 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java @@ -28,10 +28,10 @@ import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; @@ -180,7 +180,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { // check if client id and redirect uri are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oAuthConfig = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getSPEntityId()); + ISPConfiguration oAuthConfig = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oAuthConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID)) @@ -192,7 +192,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest { Logger.info("Dispatch OpenIDConnect AuthRequest: ClientID=" + this.clientID); - } catch (ConfigurationException e) { + } catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java index ff802136f..e04d719d9 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java @@ -19,8 +19,8 @@ import com.google.gson.JsonObject; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -30,7 +30,6 @@ import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Util; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; @@ -49,7 +48,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme PVPConstants.BPK_NAME }); - public String getName() { + public String getName() { return NAME; } @@ -68,22 +67,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //OpenID Connect auth request @RequestMapping(value = "/oauth2/auth", method = {RequestMethod.POST, RequestMethod.GET}) - public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void openIDConnectAuthRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20AuthRequest pendingReq = applicationContext.getBean(OAuth20AuthRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); pendingReq.populateParameters(req); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e); } @@ -102,22 +101,22 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme //openID Connect tokken request @RequestMapping(value = "/oauth2/token", method = {RequestMethod.POST, RequestMethod.GET}) - public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!authConfig.getAllowedProtocols().isOAUTHActive()) { - Logger.info("OpenID-Connect is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); - - } + public void OpenIDConnectTokkenRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException, InvalidProtocolRequestException { +// if (!authConfig.getAllowedProtocols().isOAUTHActive()) { +// Logger.info("OpenID-Connect is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new java.lang.Object[] { NAME }); +// +// } OAuth20TokenRequest pendingReq = applicationContext.getBean(OAuth20TokenRequest.class); try { - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(OAuth20Protocol.NAME); pendingReq.populateParameters(req); - } catch (OAuth20Exception e) { + } catch (EAAFException e) { Logger.info("OpenID-Connect request has a validation error: " + e.getMessage()); - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), e); + throw new InvalidProtocolRequestException(e.getErrorId(), e.getParams(), e.getMessage(), e); } @@ -149,18 +148,16 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme String errorUri = protocolRequest.getAuthURL() +"/" + OAuth20Constants.ERRORPAGE; String moaError = null; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (e instanceof OAuth20Exception) { errorCode = ((OAuth20Exception) e).getErrorCode(); errorDescription = URLEncoder.encode(((OAuth20Exception) e).getMessageId() + ": " + e.getMessage(), "UTF-8"); - moaError = errorUtils.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); + moaError = statusMessager.mapInternalErrorToExternalError(((OAuth20Exception) e).getMessageId()); } else { errorCode = OAuth20Constants.ERROR_SERVER_ERROR; errorDescription = URLEncoder.encode(e.getMessage(), "UTF-8"); - moaError = errorUtils.getResponseErrorCode(e); + moaError = statusMessager.getResponseErrorCode(e); } String paramRedirect = null; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java index 239665801..f3dcbd295 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenAction.java @@ -31,10 +31,10 @@ import org.springframework.stereotype.Service; import com.google.gson.JsonObject; -import at.gv.egiz.eaaf.core.api.IAction; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; -import at.gv.egiz.eaaf.core.api.data.SLOInformationInterface; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; @@ -55,7 +55,7 @@ class OAuth20TokenAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData authData) throws MOAIDException { - + OAuth20SessionObject auth20SessionObject = null; try { OAuth20TokenRequest oAuthRequest = (OAuth20TokenRequest) req; diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java index cada39a3a..e14914512 100644 --- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java +++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java @@ -22,19 +22,16 @@ *******************************************************************************/ package at.gv.egovernment.moa.id.protocols.oauth20.protocol; -import java.util.Collection; - import javax.servlet.http.HttpServletRequest; -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.oauth20.OAuth20Constants; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20AccessDeniedException; import at.gv.egovernment.moa.id.protocols.oauth20.exceptions.OAuth20Exception; @@ -141,7 +138,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { // check if client id and secret are ok try { // OAOAUTH20 cannot be null at this point. check was done in base request - IOAAuthParameters oaParam = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(this.getOAURL()); + ISPConfiguration oaParam = authConfig.getServiceProviderConfiguration(this.getSPEntityId()); if (!this.getClientID().equals(oaParam.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_PROTOCOLS_OPENID_CLIENTID))) { throw new OAuth20AccessDeniedException(); @@ -154,7 +151,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.setOnlineApplicationConfiguration(oaParam); } - catch (ConfigurationException e) { + catch (EAAFConfigurationException e) { throw new OAuth20WrongParameterException(OAuth20Constants.PARAM_CLIENT_ID); } @@ -165,11 +162,11 @@ class OAuth20TokenRequest extends OAuth20BaseRequest { this.allowedParameters.add(OAuth20Constants.PARAM_REDIRECT_URI); } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection getRequestedAttributes(MetadataProvider metadataProvider) { - return null; - } +// /* (non-Javadoc) +// * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() +// */ +// @Override +// public Collection getRequestedAttributes(MetadataProvider metadataProvider) { +// return null; +// } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java index 1b49c3969..a2b58931e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -27,11 +27,11 @@ import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; -import at.gv.egiz.eaaf.core.impl.idp.auth.AuthenticationManager; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.logging.Logger; /** @@ -46,8 +46,8 @@ public class SL20AuthenticationModulImpl implements AuthModule { @Autowired(required=true) private AuthenticationManager authManager; @Override - public int getPriority() { - return priority; + public int getPriority() { + return priority; } /** diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index e0965c712..2766eab05 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20SecurityEx import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoBuildException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.utils.X509Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; @@ -226,34 +227,34 @@ public class JsonSecurityUtils implements IJOSETools{ return null; } - private String getKeyStoreFilePath() { + private String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), + authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH), authConfig.getRootConfigFileDir()); } private String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim(); + return authConfig.getBasicConfiguration(Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD).trim(); } private String getSigningKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS).trim(); } private String getSigningKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD).trim(); } private String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS).trim(); } private String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index 85ec1e213..77ccb0720 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -22,7 +22,8 @@ import org.springframework.stereotype.Component; import com.google.gson.JsonObject; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; @@ -38,7 +39,6 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; @@ -47,8 +47,9 @@ import at.gv.egovernment.moaspss.logging.Logger; public class CreateQualeIDRequestTask extends AbstractAuthServletTask { @Autowired(required=true) private IJOSETools joseTools; + @Autowired private AuthConfiguration moaAuthConfig; - @Override + @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { @@ -56,17 +57,17 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { try { //get service-provider configuration - IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); + ISPConfiguration oaConfig = pendingReq.getServiceProviderConfiguration(); //get basic configuration parameters - String vdaQualeIDUrl = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID); + String vdaQualeIDUrl = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID); if (MiscUtil.isEmpty(vdaQualeIDUrl)) { Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + ")"); throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); } - String authBlockId = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID); + String authBlockId = authConfig.getBasicConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID); if (MiscUtil.isEmpty(authBlockId)) { Logger.error("NO AuthBlock Template identifier for qualified eID (" + Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID + ")"); throw new SL20Exception("sl20.03", new Object[]{"NO AuthBlock Template identifier for qualified eID"}); @@ -75,11 +76,11 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { //build DataURL for qualified eID response String dataURL = new DataURLBuilder().buildDataURL( - pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getRequestID()); + pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_DATAURL, pendingReq.getPendingRequestId()); //build qualifiedeID command Map qualifiedeIDParams = new HashMap(); - qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getPublicURLPrefix()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getUniqueIdentifier()); qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName()); //qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString()); @@ -95,11 +96,11 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { //open http client SSLSocketFactory sslFactory = SSLUtils.getSSLSocketFactory( - authConfig, + moaAuthConfig, vdaQualeIDUrl); CloseableHttpClient httpClient = HttpClientWithProxySupport.getHttpClient( sslFactory, - authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); + moaAuthConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); //build post request HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 2ad19e088..325e1906d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -13,7 +13,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.http.entity.ContentType; -import org.jose4j.keys.X509Util; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -22,12 +21,14 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import com.google.gson.JsonSyntaxException; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder; -import at.gv.egiz.eaaf.core.impl.utils.DateTimeUtils; import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; @@ -38,14 +39,11 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; -import iaik.esi.sva.util.X509Utils; -import iaik.utils.Util; @Component("ReceiveQualeIDTask") public class ReceiveQualeIDTask extends AbstractAuthServletTask { @@ -55,7 +53,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - + Logger.debug("Receiving SL2.0 response process .... "); try { //get SL2.0 command or result from HTTP request @@ -131,7 +129,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //add into session - defaultTaskInitialization(request, executionContext); + AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink()); moasession.setBkuURL(ccsURL); //TODO: from AuthBlock @@ -143,13 +141,14 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { pendingReq.setAuthenticated(true); //store pending request + pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession()); requestStoreage.storePendingRequest(pendingReq); //create response Map reqParameters = new HashMap(); - reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); + reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId()); JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, false, reqParameters); @@ -161,7 +160,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //build second redirect command for IDP JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), redirectOneCommand, null, true); JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java index f65694703..b9d08a20f 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/SSOTransferAuthModuleImpl.java @@ -22,8 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.modules.ssotransfer; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; /** * @author tlenz @@ -49,7 +49,7 @@ public class SSOTransferAuthModuleImpl implements AuthModule{ this.priority = priority; } - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) */ @Override diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java index 1a1d06479..5a17d6123 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferAuthenticationData.java @@ -28,7 +28,6 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egiz.eaaf.core.api.data.IAuthData; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; @@ -36,13 +35,14 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.logging.Logger; /** * @author tlenz * - */ -public class SSOTransferAuthenticationData implements IAuthData { + */ +public class SSOTransferAuthenticationData implements IMOAAuthData { private IAuthenticationSession authSession = null; boolean isIDPPrivateService = true; @@ -55,21 +55,38 @@ public class SSOTransferAuthenticationData implements IAuthData { } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssueInstant() + * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() */ @Override - public Date getIssueInstant() { + public boolean isBaseIDTransferRestrication() { + return this.isIDPPrivateService; + } + + + @Override + public Date getAuthenticationIssueInstant() { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getIssuer() - */ + @Override - public String getIssuer() { + public String getAuthenticationIssueInstantString() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getAuthenticationIssuer() { + // TODO Auto-generated method stub + return null; + } + + + @Override + public String getCiticenCountryCode() { // TODO Auto-generated method stub return null; } @@ -327,15 +344,6 @@ public class SSOTransferAuthenticationData implements IAuthData { return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#getCcc() - */ - @Override - public String getCcc() { - // TODO Auto-generated method stub - return null; - } - /* (non-Javadoc) * @see at.gv.egovernment.moa.id.data.IAuthData#getEIDASQAALevel() */ @@ -354,13 +362,17 @@ public class SSOTransferAuthenticationData implements IAuthData { return this.authSession.getGenericDataFromSession(key, clazz); } + @Override + public String getInterfederatedIDP() { + // TODO Auto-generated method stub + return null; + } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.data.IAuthData#isBaseIDTransferRestrication() - */ @Override - public boolean isBaseIDTransferRestrication() { - return this.isIDPPrivateService; + public boolean isInterfederatedSSOSession() { + // TODO Auto-generated method stub + return false; } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index 8656c1224..a866f3939 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -27,7 +27,7 @@ import java.util.Collection; import java.util.List; import java.util.Map; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.CPEPS; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; @@ -35,7 +35,7 @@ import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; /** - * @author tlenz + * @author tlenz * */ public class SSOTransferOnlineApplication implements IOAAuthParameters { @@ -391,37 +391,60 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { } /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdInternalProcessingRestriction() + * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() */ @Override - public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { - return false; + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#hasBaseIdTransferRestriction() - */ @Override - public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + public boolean containsConfigurationKey(String arg0) { + // TODO Auto-generated method stub return false; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifier() - */ @Override - public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + public String getMinimumLevelOfAssurence() { // TODO Auto-generated method stub return null; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.commons.api.IOAAuthParameters#getAreaSpecificTargetIdentifierFriendlyName() - */ @Override - public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + public List getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getTargetsWithNoBaseIdTransferRestriction() { // TODO Auto-generated method stub return null; } + @Override + public String getUniqueIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return false; + } + } diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java index 055a49bd2..9f910d598 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/servlet/SSOTransferServlet.java @@ -74,6 +74,7 @@ import com.google.gson.JsonParser; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; @@ -87,6 +88,7 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; @@ -138,7 +140,7 @@ public class SSOTransferServlet{ * @throws IOException */ @RequestMapping(value = { "/TestTransferSSOSession" - }, + }, method = {RequestMethod.GET}) public void testTransferSSOSessionGUIWithoutAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { @@ -267,6 +269,14 @@ public class SSOTransferServlet{ Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } catch (ConfigurationException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + Logger.warn("Device inpersonisation FAILED: " + e.getMessage(), e); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } } else { @@ -367,6 +377,11 @@ public class SSOTransferServlet{ } catch (NoSuchPaddingException e) { e.printStackTrace(); resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + + } catch (EAAFException e) { + e.printStackTrace(); + resp.sendError(HttpServletResponse.SC_BAD_REQUEST, StringEscapeUtils.escapeHtml(e.getMessage())); + } @@ -405,10 +420,10 @@ public class SSOTransferServlet{ if (ssomanager.isValidSSOSession(ssoid, null)) { //create first step of SSO Transfer GUI - IAuthenticationSession authSession = authenticationSessionStorage.getInternalMOASessionWithSSOID(ssoid); - if(authSession != null) { + String ssoSessionId = authenticationSessionStorage.getInternalSSOSessionWithSSOID(ssoid); + if(ssoSessionId != null) { internalCreateQRCodeForTransfer(resp, authURL, - authSession.getSessionID(), + ssoSessionId, SSOTransferConstants.SERVLET_SSOTRANSFER_TO_SMARTPHONE, config); return; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java index 2b53a1e75..95590b51a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java @@ -34,6 +34,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; @@ -45,7 +46,6 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -61,7 +61,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) - */ + */ @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) @@ -86,7 +86,7 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask { String nonce = Random.nextLongRandom(); GUIUtils.buildSSOTransferGUI(guiBuilder, response, authURL, - pendingReq.getRequestID(), nonce, dhKeyIDP.getF()); + pendingReq.getPendingRequestId(), nonce, dhKeyIDP.getF()); //store DH params and nonce to pending-request SSOTransferContainer container = new SSOTransferContainer(); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java index 72ed9c7be..f1075f060 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java @@ -27,6 +27,7 @@ import java.io.IOException; import java.io.PrintWriter; import java.math.BigInteger; import java.security.MessageDigest; +import java.util.Date; import javax.crypto.Cipher; import javax.crypto.spec.DHPublicKeySpec; @@ -44,17 +45,19 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.logging.Logger; @@ -72,7 +75,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { @Autowired SSOContainerUtils ssoTransferUtils; @Autowired IGUIFormBuilder guiBuilder; - /* (non-Javadoc) + /* (non-Javadoc) * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse) */ @Override @@ -186,8 +189,10 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { Logger.debug("MobileDevice is valid. --> Starting session reconstruction ..."); //transfer SSO Assertion into MOA-Session - ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, pendingReq.getMOASession(), attributeExtractor); - + AuthenticationSession moaSession = new AuthenticationSession("1235", new Date()); + ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor); + pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession()); + // store MOASession into database requestStoreage.storePendingRequest(pendingReq); @@ -244,15 +249,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } else { //session is valid --> load MOASession object - try { - defaultTaskInitialization(request, executionContext); - - } catch (MOAIDException | MOADatabaseException e1) { - Logger.error("Database Error! MOASession is not stored!"); - throw new TaskExecutionException(pendingReq, "Load MOASession FAILED.", e1); - - } - + + IAuthenticationSession moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage()); DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime()); if (moaSessionCreated.plusMinutes(1).isBeforeNow()) { Logger.warn("No SSO session-container received. Stop authentication process after time-out."); @@ -274,7 +272,7 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask { } GUIUtils.buildSSOTransferGUI(guiBuilder, response, - authURL, pendingReq.getRequestID(), nonce, container.getDhParams().getF()); + authURL, pendingReq.getPendingRequestId(), nonce, container.getDhParams().getF()); } catch (IOException | MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java index fac59ed4e..1a4a9b80b 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/GUIUtils.java @@ -30,11 +30,11 @@ import javax.servlet.http.HttpServletResponse; import com.google.gson.JsonObject; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; import at.gv.egiz.eaaf.core.api.gui.IGUIFormBuilder; import at.gv.egiz.eaaf.core.exceptions.GUIBuildException; import at.gv.egovernment.moa.id.auth.frontend.builder.DefaultGUIFormBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; @@ -71,7 +71,7 @@ public class GUIUtils { try { String containerURL = authURL + SSOTransferConstants.SERVLET_SSOTRANSFER_FROM_SMARTPHONE - + "?" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + requestID; + + "?" + EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID + "=" + requestID; diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java index 5c85fd8b0..189fcd2f6 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/utils/SSOContainerUtils.java @@ -97,9 +97,8 @@ import org.w3c.dom.NodeList; import com.google.gson.JsonObject; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.data.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants; @@ -108,11 +107,13 @@ import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferAuthent import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferOnlineApplication; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.id.data.IMOAAuthData; import at.gv.egovernment.moa.id.data.MISMandate; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAttributeBuilder; @@ -366,7 +367,7 @@ public class SSOContainerUtils { String sessionIndex = SAML2Utils.getSecureIdentifier(); - IAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); + IMOAAuthData authData = new SSOTransferAuthenticationData(authConfig, authSession); Assertion assertion = PVP2AssertionBuilder.buildGenericAssertion( entityID, diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java index 6bf6652c8..4068d2d99 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/FederatedAuthenticationModuleImpl.java @@ -22,9 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules.federatedauth; -import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; /** * @author tlenz @@ -39,7 +39,7 @@ public class FederatedAuthenticationModuleImpl implements AuthModule { public int getPriority() { // TODO Auto-generated method stub return 0; - } + } /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext) diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java index 4ae255d1d..717099a8d 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java @@ -35,16 +35,16 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.config.FederatedAuthnRequestBuilderConfiguration; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.moduls.SSOManager; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.PVPAuthnRequestBuilder; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnRequestBuildException; @@ -59,7 +59,7 @@ import at.gv.egovernment.moa.util.MiscUtil; */ @Component("CreateFederatedAuthnRequestTask") public class CreateAuthnRequestTask extends AbstractAuthServletTask { - + @Autowired PVPAuthnRequestBuilder authnReqBuilder; @Autowired FederatedAuthCredentialProvider credential; @Autowired(required=true) MOAMetadataProvider metadataProvider; @@ -72,7 +72,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { throws TaskExecutionException { try{ // get IDP entityID - String idpEntityID = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class); + String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class); if (MiscUtil.isEmpty(idpEntityID)) { Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!"); @@ -81,7 +81,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } //load IDP configuration from MOA-ID Configuration - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(idpEntityID); + IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(idpEntityID, IOAAuthParameters.class); //validate IDP if (!idpConfig.isInderfederationIDP() || !idpConfig.isInboundSSOInterfederationAllowed()) { Logger.info("Requested interfederation IDP " + idpEntityID + " is not valid for interfederation."); @@ -156,7 +156,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask { } private String evaluateRequiredQAALevel() { - IOAAuthParameters sp = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters sp = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if STORK protocol module is in ClassPath Object storkRequst = null; diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java index 2fc1ec053..c20342a11 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java @@ -25,6 +25,7 @@ package at.gv.egovernment.moa.id.auth.modules.federatedauth.tasks; import java.io.IOException; import java.util.Arrays; import java.util.Collection; +import java.util.Collections; import java.util.List; import java.util.Set; @@ -41,11 +42,12 @@ import org.opensaml.xml.security.SecurityException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; -import at.gv.egiz.eaaf.core.api.IOAAuthParameters; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; -import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants; @@ -53,11 +55,10 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.auth.modules.federatedauth.utils.FederatedAuthCredentialProvider; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; import at.gv.egovernment.moa.id.moduls.SSOManager; -import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPTargetConfiguration; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IDecoder; @@ -65,9 +66,7 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.binding.MOAURICompare; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.AttributQueryBuilder; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionValidationExeption; -import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AttributQueryException; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AuthnResponseValidationException; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.InboundMessage; import at.gv.egovernment.moa.id.protocols.pvp2x.messages.MOAResponse; @@ -89,7 +88,7 @@ import at.gv.egovernment.moa.util.MiscUtil; public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { @Autowired private SAMLVerificationEngineSP samlVerificationEngine; - @Autowired private FederatedAuthCredentialProvider credentialProvider; + @Autowired private FederatedAuthCredentialProvider credentialProvider; @Autowired private SSOManager ssoManager; @Autowired private AttributQueryBuilder attributQueryBuilder; @Autowired private AuthenticationDataBuilder authDataBuilder; @@ -133,7 +132,9 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { comperator); if (MiscUtil.isEmpty(msg.getEntityID())) { - throw new InvalidProtocolRequestException("sp.pvp2.04", new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}); + throw new InvalidProtocolRequestException("sp.pvp2.04", + new Object[] {FederatedAuthConstants.MODULE_NAME_FOR_LOGGING}, + "NO configuration for SP entityID: " + msg.getEntityID()); } @@ -150,8 +151,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { MOAResponse processedMsg = preProcessAuthResponse((MOAResponse) msg); //load IDP and SP configuration - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); - IOAAuthParameters spConfig = pendingReq.getOnlineApplicationConfiguration(); + IOAAuthParameters idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + IOAAuthParameters spConfig = pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class); //check if response Entity is valid if (!idpConfig.isInderfederationIDP()) { @@ -161,10 +162,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { msg.getEntityID()}); } - - //load MOASession from database - defaultTaskInitialization(request, executionContext); - + //initialize Attribute extractor AssertionAttributeExtractor extractor = new AssertionAttributeExtractor((Response) processedMsg.getResponse()); @@ -187,7 +185,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { //SP is real Service-Provider --> check attributes in response // and start Attribute-Query if required - getAuthDataFromInterfederation(extractor, pendingReq.getOnlineApplicationConfiguration(), + getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class), idpConfig); //store federatedIDP to MOASession @@ -199,8 +197,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } //store valid assertion into pending-request - pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); - pendingReq.setGenericDataToSession(RequestImpl.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); + pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg); + pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID()); //store pending-request requestStoreage.storePendingRequest(pendingReq); @@ -225,13 +223,21 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } catch (AssertionValidationExeption | AuthnResponseValidationException e) { Logger.info("PVP response validation FAILED. Msg:" + e.getMessage()); if (msg != null) { - IOAAuthParameters idpConfig = authConfig.getOnlineApplicationParameter(msg.getEntityID()); - - //remove federated IDP from SSO session if exists - ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + IOAAuthParameters idpConfig = null; + try { + idpConfig = authConfig.getServiceProviderConfiguration(msg.getEntityID(), IOAAuthParameters.class); + //remove federated IDP from SSO session if exists + ssoManager.removeInterfederatedSSOIDP(msg.getEntityID(), request); + + //select next step + handleAuthnResponseValidationProblem(executionContext, idpConfig, e); + + } catch (EAAFConfigurationException e1) { + Logger.error("Can not handle error during an internal problem. ", e1); + throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); + + } - //select next step - handleAuthnResponseValidationProblem(executionContext, idpConfig, e); } else throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e); @@ -256,22 +262,25 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { try { Logger.debug("Service Provider is no federated IDP --> start Attribute validation or requesting ... "); - Collection requestedAttr = pendingReq.getRequestedAttributes(metadataProvider); + + //TODO!!!!! + //Collection requestedAttr = pendingReq.getRequestedAttributes(metadataProvider); + Collection requestedAttr = Collections.emptyList(); //check if SAML2 Assertion contains a minimal set of attributes //TODO: switch back to correct attribute query if (!extractor.containsAllRequiredAttributes() - && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList)) { + && !extractor.containsAllRequiredAttributes(minimalIDLAttributeNamesList) ) { Logger.info("Received assertion does no contain a minimum set of attributes. Starting AttributeQuery process ..."); //build attributQuery request List attributs = attributQueryBuilder.buildSAML2AttributeList(spConfig, requestedAttr.iterator()); - //request IDP to get additional attributes - extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), - idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA); +// //request IDP to get additional attributes +// extractor = authDataBuilder.getAuthDataFromAttributeQuery(attributs, extractor.getNameID(), +// idpConfig, pendingReq.getAuthURL() + FederatedAuthConstants.ENDPOINT_METADATA); } else { Logger.info("Interfedation response include a minimal set of attributes with are required. Skip AttributQuery request step. "); @@ -303,29 +312,23 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask { } } - moasession.setGenericDataToSession(el, value); + pendingReq.setGenericDataToSession(el, value); Logger.debug("Add PVP-attribute " + el + " into MOASession"); } //set validTo from this federated IDP response - moasession.setGenericDataToSession( + pendingReq.setGenericDataToSession( AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, extractor.getAssertionNotOnOrAfter()); - } catch (AttributQueryException e) { - throw new BuildException("builder.06", null, e); - - } catch (SessionDataStorageException e) { - throw new BuildException("builder.06", null, e); - } catch (AssertionValidationExeption e) { throw new BuildException("builder.06", null, e); - } catch (AssertionAttributeExtractorExeption e) { + } catch (MOAIDException e) { throw new BuildException("builder.06", null, e); - } catch (MOAIDException e) { + } catch (EAAFStorageException e) { throw new BuildException("builder.06", null, e); } diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java index aac253083..9ef02935b 100644 --- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java +++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/utils/FederatedAuthCredentialProvider.java @@ -27,6 +27,7 @@ import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider; import at.gv.egovernment.moa.util.FileUtils; @@ -43,9 +44,9 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath() */ @Override - public String getKeyStoreFilePath() { + public String getKeyStoreFilePath() throws ConfigurationException { return FileUtils.makeAbsoluteURL( - authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), + authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTORE), authConfig.getRootConfigFileDir()); } @@ -54,7 +55,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getKeyStorePassword() { - return authConfig.getBasicMOAIDConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); + return authConfig.getBasicConfiguration(FederatedAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim(); } @@ -63,7 +64,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getMetadataKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim(); } @@ -72,7 +73,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getMetadataKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim(); } @@ -81,7 +82,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getSignatureKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim(); } @@ -90,7 +91,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getSignatureKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim(); } @@ -99,7 +100,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getEncryptionKeyAlias() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim(); } @@ -108,7 +109,7 @@ public class FederatedAuthCredentialProvider extends AbstractCredentialProvider */ @Override public String getEncryptionKeyPassword() { - return authConfig.getBasicMOAIDConfiguration( + return authConfig.getBasicConfiguration( FederatedAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim(); } diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java index f6c8cb6e3..7ab222fa0 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataAssertionBuilder.java @@ -32,7 +32,6 @@ import java.util.List; import at.gv.egovernment.moa.id.auth.exception.BuildException; import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; -import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.protocols.saml1.SAML1AuthenticationData; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; @@ -41,7 +40,7 @@ import at.gv.egovernment.moa.util.StringUtils; /** * Builder for the authentication data <saml:Assertion> - * to be provided by the MOA ID Auth component. + * to be provided by the MOA ID Auth component. * * @author Paul Ivancsics * @version $Id$ @@ -277,8 +276,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -302,8 +301,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, @@ -400,8 +399,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB if (!useCondition) { assertion = MessageFormat.format(AUTH_DATA_MANDATE, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), pkType, pkValue, StringUtils.removeXMLDeclaration(xmlAuthBlock), @@ -426,8 +425,8 @@ public class AuthenticationDataAssertionBuilder extends AuthenticationAssertionB assertion = MessageFormat.format(AUTH_DATA_MANDATE_WITH_CONDITIONS, new Object[] { authData.getAssertionID(), - authData.getIssuer(), - authData.getIssueInstantString(), + authData.getAuthenticationIssuer(), + authData.getAuthenticationIssueInstantString(), notBefore, notOnOrAfter, pkType, diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java index 99d5d9063..3452da003 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java @@ -28,15 +28,15 @@ import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAction; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.slo.SLOInformationInterface; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.servlet.RedirectServlet; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; -import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.data.SLOInformationImpl; -import at.gv.egovernment.moa.id.data.SLOInformationInterface; -import at.gv.egovernment.moa.id.moduls.IAction; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.URLEncoder; @@ -49,9 +49,9 @@ public class GetArtifactAction implements IAction { public SLOInformationInterface processRequest(IRequest req, HttpServletRequest httpReq, HttpServletResponse httpResp, IAuthData obj) throws AuthenticationException { - String oaURL = (String) req.getOAURL(); + String oaURL = (String) req.getSPEntityId(); - String sourceID = null; + String sourceID = null; if (req instanceof SAML1RequestImpl) { SAML1RequestImpl saml1req = (SAML1RequestImpl) req; sourceID = saml1req.getSourceID(); @@ -68,7 +68,7 @@ public class GetArtifactAction implements IAction { } try { - IOAAuthParameters oaParam = req.getOnlineApplicationConfiguration(); + IOAAuthParameters oaParam = req.getServiceProviderConfiguration(IOAAuthParameters.class); //TODO: add eIDAS to SAML1 protocol if it is really necessary diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java index 13df30862..85e2107c6 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetAuthenticationDataService.java @@ -72,15 +72,14 @@ import org.xml.sax.SAXException; import com.google.common.net.MediaType; +import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController; +import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.builder.SAMLResponseBuilder; import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; import at.gv.egovernment.moa.id.auth.frontend.velocity.VelocityProvider; -import at.gv.egovernment.moa.id.auth.servlet.AbstractController; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.util.ErrorResponseUtils; -import at.gv.egovernment.moa.id.util.HTTPUtils; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; @@ -98,7 +97,7 @@ import at.gv.egovernment.moa.util.XPathUtils; * since SAML1 is deprecated MOA-ID >= 2.0.0 * * @author tlenz - */ + */ @Controller public class GetAuthenticationDataService extends AbstractController implements Constants { @@ -280,9 +279,7 @@ public class GetAuthenticationDataService extends AbstractController implements try { Throwable error = saml1AuthServer.getErrorResponse(samlArtifact); statusCode = "samlp:Responder"; - - ErrorResponseUtils errorUtils = ErrorResponseUtils.getInstance(); - + if (error instanceof MOAIDException) { statusMessageCode = ((MOAIDException)error).getMessageId(); statusMessage = StringEscapeUtils.escapeXml(((MOAIDException)error).getMessage()); @@ -291,8 +288,9 @@ public class GetAuthenticationDataService extends AbstractController implements statusMessage = StringEscapeUtils.escapeXml(error.getMessage()); } - subStatusCode = errorUtils.getResponseErrorCode(error); - + subStatusCode = statusMessager.getResponseErrorCode(error); + + } catch (Exception e) { //no authentication data for given SAML artifact statusCode = "samlp:Requester"; diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java index bf4a55e46..1be3e3daa 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java @@ -43,6 +43,11 @@ import org.xml.sax.SAXException; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate; import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; @@ -57,17 +62,12 @@ import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.IRequest; import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; -import at.gv.egovernment.moa.id.data.AuthenticationData; -import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; import at.gv.egovernment.moa.id.data.Pair; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; -import at.gv.egovernment.moa.id.storage.ITransactionStorage; -import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; @@ -86,7 +86,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { @Autowired private ITransactionStorage authenticationDataStore; - /** + /** * time out in milliseconds used by {@link cleanup} for authentication data * store */ @@ -103,8 +103,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } Throwable error = null; try { - error = authenticationDataStore - .get(samlArtifact, Throwable.class); + error = authenticationDataStore.get(samlArtifact, Throwable.class); if (error == null) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); @@ -114,7 +113,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { authenticationDataStore.remove(samlArtifact); - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -189,7 +188,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - } catch (MOADatabaseException e) { + } catch (EAAFException e) { Logger.error("Assertion not found for SAML Artifact: " + samlArtifact); throw new AuthenticationException("1206", new Object[] { samlArtifact }); } @@ -201,10 +200,10 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } public String BuildErrorAssertion(Throwable error, IRequest protocolRequest) - throws BuildException, MOADatabaseException { + throws EAAFException { String samlArtifact = new SAMLArtifactBuilder().build( - protocolRequest.getOAURL(), protocolRequest.getRequestID(), + protocolRequest.getSPEntityId(), protocolRequest.getPendingRequestId(), null); authenticationDataStore.put(samlArtifact, error, authDataTimeOut); @@ -428,7 +427,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { //authData.setSamlAssertion(samlAssertion); String samlArtifact = new SAMLArtifactBuilder().build( - authData.getIssuer(), Random.nextRandom(), + authData.getAuthenticationIssuer(), Random.nextRandom(), sourceID); storeAuthenticationData(samlArtifact, samlAssertion); @@ -443,7 +442,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer { } - private String generateMandateDate(IOAAuthParameters oaParam, AuthenticationData authData + private String generateMandateDate(IOAAuthParameters oaParam, MOAAuthenticationData authData ) throws AuthenticationException, BuildException, ParseException, ConfigurationException, ServiceException, ValidateException { diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java index 8dfe10268..54b137ce1 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java @@ -37,8 +37,10 @@ import org.springframework.web.bind.annotation.RequestMethod; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.core.exceptions.ProtocolNotActiveException; import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController; import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.auth.exception.WrongParametersException; @@ -47,7 +49,6 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; import at.gv.egovernment.moa.id.util.ParamValidatorUtils; import at.gv.egovernment.moa.logging.Logger; @@ -60,7 +61,7 @@ import at.gv.egovernment.moa.util.URLEncoder; * @deprecated * @author tlenz * - */ + */ @Controller public class SAML1Protocol extends AbstractAuthProtocolModulController implements IModulInfo { @@ -99,15 +100,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement @RequestMapping(value = "/StartAuthentication", method = {RequestMethod.POST, RequestMethod.GET}) - public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws MOAIDException, IOException { - if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { - Logger.info("SAML1 is deaktivated!"); - throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); - - } + public void SAML1AuthnRequest(HttpServletRequest req, HttpServletResponse resp) throws IOException, EAAFException { +// if (!AuthConfigurationProviderFactory.getInstance().getAllowedProtocols().isSAML1Active()) { +// Logger.info("SAML1 is deaktivated!"); +// throw new ProtocolNotActiveException("auth.22", new Object[] { "SAML 1" }); +// +// } SAML1RequestImpl pendingReq = applicationContext.getBean(SAML1RequestImpl.class); - pendingReq.initialize(req); + pendingReq.initialize(req, authConfig); pendingReq.setModule(NAME); revisionsLogger.logEvent(MOAIDEventConstants.SESSION_CREATED, pendingReq.getUniqueSessionIdentifier()); @@ -128,15 +129,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement public void preProcess(HttpServletRequest request, - HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException { + HttpServletResponse response, SAML1RequestImpl pendingRequest) throws MOAIDException, InvalidProtocolRequestException, EAAFConfigurationException, EAAFStorageException { try { - String oaURL = (String) request.getParameter(PARAM_OA); + String oaURL = (String) request.getParameter(MOAIDAuthConstants.PARAM_OA); //oaURL = StringEscapeUtils.escapeHtml(oaURL); - String target = (String) request.getParameter(PARAM_TARGET); + String target = (String) request.getParameter(MOAIDAuthConstants.PARAM_TARGET); target = StringEscapeUtils.escapeHtml(target); - String sourceID = request.getParameter(PARAM_SOURCEID); + String sourceID = request.getParameter(MOAIDAuthConstants.PARAM_SOURCEID); sourceID = StringEscapeUtils.escapeHtml(sourceID); //the target parameter is used to define the OA in SAML1 standard @@ -147,35 +148,35 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement if (MiscUtil.isEmpty(oaURL)) { Logger.info("Receive SAML1 request with no OA parameter. Authentication STOPPED!"); - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); } if (!ParamValidatorUtils.isValidOA(oaURL)) - throw new WrongParametersException("StartAuthentication", PARAM_OA, + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_OA, "auth.12"); - pendingRequest.setOAURL(oaURL); + pendingRequest.setSPEntityId(oaURL); Logger.info("Dispatch SAML1 Request: OAURL=" + oaURL); if (!ParamValidatorUtils.isValidSourceID(sourceID)) - throw new WrongParametersException("StartAuthentication", PARAM_SOURCEID, "auth.12"); + throw new WrongParametersException("StartAuthentication", MOAIDAuthConstants.PARAM_SOURCEID, "auth.12"); //load Target only from OA config - IOAAuthParameters oaParam = authConfig.getOnlineApplicationParameter(oaURL); + IOAAuthParameters oaParam = authConfig.getServiceProviderConfiguration(oaURL, IOAAuthParameters.class); if (oaParam == null) throw new InvalidProtocolRequestException("auth.00", - new Object[] { null }); + new Object[] { null }, "No Online-Application configuration found"); SAML1ConfigurationParameters saml1 = oaParam.getSAML1Parameter(); if (saml1 == null || !(saml1.isIsActive() != null && saml1.isIsActive()) ) { Logger.info("Online-Application " + oaURL + " can not use SAML1 for authentication."); throw new InvalidProtocolRequestException("auth.00", - new Object[] { null }); + new Object[] { null }, "OA: " + oaURL + " can not used with SAML1"); } pendingRequest.setOnlineApplicationConfiguration(oaParam); @@ -213,7 +214,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement pendingRequest.setAction(GetArtifactAction.class.getName()); } catch (WrongParametersException e) { - throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters()); + throw new InvalidProtocolRequestException(e.getMessageId(), e.getParameters(), "SAML1 parameter validation FAILED"); } catch (InvalidProtocolRequestException e) { throw e; @@ -226,15 +227,15 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement HttpServletRequest request, HttpServletResponse response, IRequest protocolRequest) throws Throwable{ - if (!protocolRequest.getOnlineApplicationConfiguration().getSAML1Parameter().isProvideAllErrors()) + if (!protocolRequest.getServiceProviderConfiguration(IOAAuthParameters.class).getSAML1Parameter().isProvideAllErrors()) return false; else { String samlArtifactBase64 = saml1AuthServer.BuildErrorAssertion(e, protocolRequest); String url = protocolRequest.getAuthURL() + "/RedirectServlet"; - url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getOAURL(), "UTF-8")); - url = addURLParameter(url, PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); + url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(protocolRequest.getSPEntityId(), "UTF-8")); + url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8")); url = response.encodeRedirectURL(url); response.setContentType("text/html"); diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java index 1d3525626..4d3e60dd7 100644 --- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java +++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1RequestImpl.java @@ -22,18 +22,11 @@ */ package at.gv.egovernment.moa.id.protocols.saml1; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; - -import org.opensaml.saml2.metadata.provider.MetadataProvider; import org.springframework.beans.factory.config.BeanDefinition; import org.springframework.context.annotation.Scope; import org.springframework.stereotype.Component; -import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; -import at.gv.egovernment.moa.id.moduls.RequestImpl; -import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; /** * @author tlenz @@ -45,7 +38,7 @@ public class SAML1RequestImpl extends RequestImpl { private static final long serialVersionUID = -4961979968425683115L; - private String sourceID = null; + private String sourceID = null; private String target = null; /** @@ -78,29 +71,29 @@ public class SAML1RequestImpl extends RequestImpl { this.target = target; } - /* (non-Javadoc) - * @see at.gv.egovernment.moa.id.moduls.RequestImpl#getRequestedAttributes() - */ - @Override - public Collection getRequestedAttributes(MetadataProvider metadataProvider) { - - List reqAttr = new ArrayList


   
+  
+			org.bouncycastle
+			bcprov-jdk15on
+			1.52
+			
+
+  
   
   	
 		org.springframework
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
index f7e635b3b..8456cfad5 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java
@@ -20,6 +20,7 @@ import org.jose4j.jwe.JsonWebEncryption;
 import org.jose4j.jws.AlgorithmIdentifiers;
 import org.jose4j.jws.JsonWebSignature;
 import org.jose4j.jwx.JsonWebStructure;
+import org.jose4j.keys.X509Util;
 import org.jose4j.keys.resolvers.X509VerificationKeyResolver;
 import org.jose4j.lang.JoseException;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -78,7 +79,7 @@ public class JsonSecurityUtils implements IJOSETools{
 			try {
 				encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray());
 				if (encPrivKey != null) {
-					Certificate[] certChainEncryption = keyStore.getCertificateChain(getSigningKeyAlias());
+					Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias());
 					encCertChain = new X509Certificate[certChainEncryption.length];
 					for (int i=0; i x5cCerts = receiverJwe.getCertificateChainHeaderValue();
+			String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue();
+			if (x5cCerts != null) {
+				Logger.debug("Found x509 certificate in JOSE header ... ");
+				Logger.trace("Sorting received X509 certificates ... ");
+				List sortedX5cCerts  = X509Utils.sortCertificates(x5cCerts);
+				
+				if (!sortedX5cCerts.get(0).equals(encCertChain[0])) {
+					Logger.info("Certificate from JOSE header does NOT match encryption certificate");
+					Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString());
 					
-			//TODO: validate key from header against key from config
-		
-			//decrypt payload
+					try {
+						Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded()));
+					} catch (CertificateEncodingException | IOException e) {
+						e.printStackTrace();
+					}
+					throw new SL20Exception("sl20.05", new Object[]{"Certificate from JOSE header does NOT match encryption certificate"});
+				}
+				
+			} else if (MiscUtil.isNotEmpty(x5t256)) {
+				Logger.debug("Found x5t256 fingerprint in JOSE header .... ");
+				String certFingerPrint = X509Util.x5tS256(encCertChain[0]);
+				if (!certFingerPrint.equals(x5t256)) {
+					Logger.info("X5t256 from JOSE header does NOT match encryption certificate");
+					Logger.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint);
+					throw new SL20Exception("sl20.05", new Object[]{"X5t256 from JOSE header does NOT match encryption certificate"});
+					
+				}
+				
+			} else {
+				Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
+				throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint");
+				
+			}
+						
+			//set key
 			receiverJwe.setKey(encPrivKey);
 			
+						
+			//decrypt payload			
 			return new JsonParser().parse(receiverJwe.getPlaintextString());
 			
 		} catch (JoseException e) {
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
index 0dc2e762d..6d0a349f4 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
@@ -186,9 +186,16 @@ public class SL20JSONExtractorUtils {
 					log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible");
 
 					//dummy code
-					String[] signedPayload = encryptedResult.toString().split("\\.");
-					JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
-					return payLoad;
+					try {
+						String[] signedPayload = encryptedResult.toString().split("\\.");
+						JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1])));
+						return payLoad;
+						
+					} catch (Exception e1) {
+						log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ...");
+						throw new SL20Exception(e.getMessage(), null, e);
+						
+					}
 					
 				} else
 					throw e;	
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index 883ae07f2..04daa5999 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -23,6 +23,7 @@ import org.springframework.stereotype.Component;
 
 import com.google.gson.JsonObject;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -59,6 +60,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 			
 			Logger.debug("Starting SL2.0 authentication process .... ");
 
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, "sl20auth");
+			
 			try {
 				//get service-provider configuration
 				IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration();
@@ -70,6 +73,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 					throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"});
 					
 				}
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, vdaQualeIDUrl);
+				
 				
 				String authBlockId = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID);
 				if (MiscUtil.isEmpty(authBlockId)) {
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index 2f062b71d..bf42ef9ca 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -21,6 +21,7 @@ import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import com.google.gson.JsonSyntaxException;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -74,7 +75,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 					
 				}
 
-				Logger.trace("Received SL2.0 result: " + sl20Result);
+				Logger.trace("Received SL2.0 result: " + sl20Result);				
+				revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, request.getRemoteAddr());
 				
 				//parse SL2.0 command/result into JSON			
 				try {
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index f2a93e3ed..06b670d0a 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.opensaml.saml2.core.Assertion;
 import org.springframework.stereotype.Component;
 
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
@@ -72,6 +73,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			
 				//validate eID data			
 				QualifiedeIDVerifier.verifyIdentityLink(idl, pendingReq.getOnlineApplicationConfiguration(), authConfig);
+				
 				authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(
 							authBlockB64, pendingReq.getOnlineApplicationConfiguration(), authConfig);
 				QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult);
@@ -87,7 +89,12 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 					throw e;
 				
 			}
-							
+			
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED);
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED);
+			
+			
+			
 			//add into session
 			defaultTaskInitialization(request, executionContext);
 			moasession.setIdentityLink(idl);
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
index 6a989dd47..0e6c96f8d 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
@@ -35,8 +35,8 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest {
 		
 		//JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true);
 		VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true);		
-		JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true);
-		
+		//JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true);
+		JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true);
 		
 		eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
 		if (eIDData == null || eIDData.isEmpty())
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
index d50b31363..88924500b 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
@@ -94,19 +94,19 @@ public class DummyAuthConfig implements AuthConfiguration {
 			return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN";
 		
 		else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key))
-			return "/src/test/resources/sl20.jks";
+			return "/src/test/resources/prod_sl20.jks";
 		
 		else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD.equals(key))			
 			return "password";
 		
 		else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS.equals(key))
-			return "pvpIDP";
+			return "sl20signing";
 		
 		else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD.equals(key))
 			return "password";
 		
 		else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS.equals(key))
-			return "pvpIDP";
+			return "sl20encryption";
 		
 		else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD.equals(key))
 			return "password";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks
index a9d1fc7d1..4413b8c8a 100644
Binary files a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks differ
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
index 8fef32927..5f0be5407 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
@@ -1,6 +1,6 @@
 {
   "v": 10,
-  "respID": "2LVPaGlWAwzxURkrcTQX",
-  "inResponseTo": "_63ff9ef67370024c4d2d8b9bfd380578",
-  "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAicmVzdWx0Ijogew0KICAgICJFSUQtSURFTlRJVFktTElOSyI6ICJQSE5oYld3NlFYTnpaWEowYVc5dUlFRnpjMlZ5ZEdsdmJrbEVQU0p6ZW5JdVltMXBMbWQyTG1GMExVRnpjMlZ5ZEdsdmJrbEVNVFV5T0RnNE1ESTJORE0wTURJNU5EVWlJRWx6YzNWbFNXNXpkR0Z1ZEQwaU1qQXhPQzB3TmkweE0xUXhNRG8xTnpvME5Dc3dNVG93TUNJZ1NYTnpkV1Z5UFNKb2RIUndPaTh2Y0c5eWRHRnNMbUp0YVM1bmRpNWhkQzl5WldZdmMzcHlMMmx6YzNWbGNpSWdUV0ZxYjNKV1pYSnphVzl1UFNJeElpQk5hVzV2Y2xabGNuTnBiMjQ5SWpBaUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qRXVNRHBoYzNObGNuUnBiMjRpSUhodGJHNXpPbkJ5UFNKb2RIUndPaTh2Y21WbVpYSmxibU5sTG1VdFoyOTJaWEp1YldWdWRDNW5kaTVoZEM5dVlXMWxjM0JoWTJVdmNHVnljMjl1WkdGMFlTOHlNREF5TURJeU9DTWlJSGh0Ykc1ek9tUnphV2M5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU1pSUhodGJHNXpPbVZqWkhOaFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU01pSUhodGJHNXpPbk5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0krQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblErQ2drSlBITmhiV3c2VTNWaWFtVmpkRDRLQ1FrSlBITmhiV3c2VTNWaWFtVmpkRU52Ym1acGNtMWhkR2x2Ymo0S0NRa0pDVHh6WVcxc09rTnZibVpwY20xaGRHbHZiazFsZEdodlpENTFjbTQ2YjJGemFYTTZibUZ0WlhNNmRHTTZVMEZOVERveExqQTZZMjA2YzJWdVpHVnlMWFp2ZFdOb1pYTThMM05oYld3NlEyOXVabWx5YldGMGFXOXVUV1YwYUc5a1Bnb0pDUWtKUEhOaGJXdzZVM1ZpYW1WamRFTnZibVpwY20xaGRHbHZia1JoZEdFK0Nna0pDUWtKUEhCeU9sQmxjbk52YmlCemFUcDBlWEJsUFNKd2NqcFFhSGx6YVdOaGJGQmxjbk52YmxSNWNHVWlQanh3Y2pwSlpHVnVkR2xtYVdOaGRHbHZiajQ4Y0hJNlZtRnNkV1UrZEhGRFVVVkROeXRCY1VkRlpXVk1Nemt3VmpWS1p6MDlQQzl3Y2pwV1lXeDFaVDQ4Y0hJNlZIbHdaVDUxY200NmNIVmliR2xqYVdRNlozWXVZWFE2WW1GelpXbGtQQzl3Y2pwVWVYQmxQand2Y0hJNlNXUmxiblJwWm1sallYUnBiMjQrUEhCeU9rNWhiV1UrUEhCeU9rZHBkbVZ1VG1GdFpUNU5ZWGc4TDNCeU9rZHBkbVZ1VG1GdFpUNDhjSEk2Um1GdGFXeDVUbUZ0WlNCd2NtbHRZWEo1UFNKMWJtUmxabWx1WldRaVBrMTFjM1JsY20xaGJtNDhMM0J5T2taaGJXbHNlVTVoYldVK1BDOXdjanBPWVcxbFBqeHdjanBFWVhSbFQyWkNhWEowYUQ0eE9UUXdMVEF4TFRBeFBDOXdjanBFWVhSbFQyWkNhWEowYUQ0OEwzQnlPbEJsY25OdmJqNEtDUWtKQ1R3dmMyRnRiRHBUZFdKcVpXTjBRMjl1Wm1seWJXRjBhVzl1UkdGMFlUNEtDUWtKUEM5ellXMXNPbE4xWW1wbFkzUkRiMjVtYVhKdFlYUnBiMjQrQ2drSlBDOXpZVzFzT2xOMVltcGxZM1ErQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1VnUVhSMGNtbGlkWFJsVG1GdFpUMGlRMmwwYVhwbGJsQjFZbXhwWTB0bGVTSWdRWFIwY21saWRYUmxUbUZ0WlhOd1lXTmxQU0oxY200NmNIVmliR2xqYVdRNlozWXVZWFE2Ym1GdFpYTndZV05sY3pwcFpHVnVkR2wwZVd4cGJtczZNUzR5SWo0OGMyRnRiRHBCZEhSeWFXSjFkR1ZXWVd4MVpUNDhaSE5wWnpwU1UwRkxaWGxXWVd4MVpUNDhaSE5wWnpwTmIyUjFiSFZ6UG5sMlIwMVFSRFZaYWtobVpXOHhkbHBoU0VGNFEwWkNNeXRCUW0xaVlWQnpjRE5HTVhGRGRHY3ZaWFpsVVZSSWNsQnlSVXhPVDJaT1VuWTBhV0V3WlhjNFRsQnlaVFpRUjJKRFZHTU5DbnBrT1ZGdVZqSmlSRE5yVFhCa1VqUlRjMlpRVFVnd2VGQkdXRFV4T0dsUlZEQTFUWHBhT1dRM01WVnpiRGxzZHpack1HcHdTMjFGVlVWMlpWcGpRVVZKTVhGa00ySjNTWEJVTURnTkNtRjZabG8xTDFCa1JUWlpSVmcyVlhwUE5FSk1VbHB3ZUdOTlJtTXdhRGxaYW5vclZ6QktjRVYxVTFKUE0xZFFjRVpvY2xZeVZVOUtVU3R4ZUhrdk5EWklZek5JVERkTlFsRlNWMm9OQ2twVU9XUndlV0l2T0dSbFpWQkRialJGTldoTFRWSlRjblZGUjJwaGFFOVlMMHcwTTNWSFVVOU5VRVZ4V1hCTFNIZzRhazlTTDBsUE16WnJTSFZWWm5GT1RuVlhiRWhDYlVzMldFME5DbmN3TUZsclYyTkRVRUkwYW1KUk5URTBSVk16UjFJMlJIQkpNbGRVVVRCaFRGbHRWR1YzUFQwOEwyUnphV2M2VFc5a2RXeDFjejQ4WkhOcFp6cEZlSEJ2Ym1WdWRENUJVVUZDUEM5a2MybG5Pa1Y0Y0c5dVpXNTBQand2WkhOcFp6cFNVMEZMWlhsV1lXeDFaVDQ4TDNOaGJXdzZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzT2tGMGRISnBZblYwWlQ0OEwzTmhiV3c2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwUGdvSlBHUnphV2M2VTJsbmJtRjBkWEpsUGdvSkNUeGtjMmxuT2xOcFoyNWxaRWx1Wm04K0Nna0pDVHhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekV3TDNodGJDMWxlR010WXpFMGJpTWlJQzgrQ2drSkNUeGtjMmxuT2xOcFoyNWhkSFZ5WlUxbGRHaHZaQ0JCYkdkdmNtbDBhRzA5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU55YzJFdGMyaGhNU0lnTHo0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGVlNTVDBpSWo0S0NRa0pDVHhrYzJsbk9sUnlZVzV6Wm05eWJYTStDZ2tKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrOFpITnBaenBZVUdGMGFENXViM1FvWVc1alpYTjBiM0l0YjNJdGMyVnNaam82Y0hJNlNXUmxiblJwWm1sallYUnBiMjRwUEM5a2MybG5PbGhRWVhSb1Bnb0pDUWtKQ1R3dlpITnBaenBVY21GdWMyWnZjbTArQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdElFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkyVnVkbVZzYjNCbFpDMXphV2R1WVhSMWNtVWlJQzgrQ2drSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1R4a2MybG5Pa1JwWjJWemRFMWxkR2h2WkNCQmJHZHZjbWwwYUcwOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREF2TURrdmVHMXNaSE5wWnlOemFHRXhJaUF2UGdvSkNRa0pQR1J6YVdjNlJHbG5aWE4wVm1Gc2RXVSthVXN6TW10cmJVNWtVelZIV2xSemJHOHhTbVJDWVdsRFRsVnJQVHd2WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDRLQ1FrSlBDOWtjMmxuT2xKbFptVnlaVzVqWlQ0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGUjVjR1U5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU5OWVc1cFptVnpkQ0lnVlZKSlBTSWpiV0Z1YVdabGMzUWlQZ29KQ1FrSlBHUnphV2M2UkdsblpYTjBUV1YwYUc5a0lFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkzTm9ZVEVpSUM4K0Nna0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDQ0TWtadVlVeGxja2x6YVVOM1RFRlhVVEZYUVVjcmJVUlVWVTA5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRazhMMlJ6YVdjNlVtVm1aWEpsYm1ObFBnb0pDVHd2WkhOcFp6cFRhV2R1WldSSmJtWnZQZ29KQ1R4a2MybG5PbE5wWjI1aGRIVnlaVlpoYkhWbFBnb2dJQ0FnY1UxMU1uTXJkV2xwVlhVMk0zRmpOWEZhYmxWWFpVeEZSREpuVm5GRFkwTmtRMGN4ZHpFMVoxSkdTV3Q0UzNOWVZGRlRRVE5LVjBoRFJYaHhjams1ZDBjMFYwMXRjRTF0U21oaFR3MEtkRGc0TjJOUlRtOUdURFJaYTBzMVRXcEhOR28wUjI1Q1ZHZFRhRVpXY0c0MWRXaFBkblpITUZsd1lVSlhNMlYyYVdSYVRYWkllV0psV1VSSVZHeHBia2sxVWtaU1pVaEdXRU5zVGcwS1dGQmhUMWxWTHpVek5GRnhaMWhLU1hrMFpXdHVkRFJ2UXk5TE0xRnVaVWhoU1VKbmVrSjFkMlpIUjIxbGEwVnlPVGROUkV0NllXWjBhMDVwTVVSS1dFNDRkMkZJVmtWTVdubHRPUTBLUjJGM1JraExjRUpGY2s5aGVqQXZVRVpxZUZGUVpsQkRaVW93UzJoNGRqbFFWVmh5YUZkUlMySkhZWEp1VlU1MUx5dFRNVEZqUzA5eGMzQmpiR2htUzFac2QxUlNhQzlXVkdsaFZBMEtSbUU0THpoYVMwSTVNM2cyV21SSVQwMHlZblY1VERaMVRqQTFjblpMWW05d1ozcG5ObEU5UFFvZ0lEd3ZaSE5wWnpwVGFXZHVZWFIxY21WV1lXeDFaVDQ4WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2xnMU1EbEVZWFJoUGp4a2MybG5PbGcxTURsRFpYSjBhV1pwWTJGMFpUNU5TVWxHZFhwRFEwSkxUMmRCZDBsQ1FXZEpSRWRUYTJWTlFUQkhRMU54UjFOSllqTkVVVVZDUWxGVlFVMUpSMlpOVVhOM1ExRlpSRlpSVVVkRmQwcENEUXBXUkVaSlRVVlpSMEV4VlVWRFozY3ZVVk14VldOdVZucGtRMEpJV2xoTmRVbEhXWFZKUms1d1dUSm9iR050YUd4aFdGSjZZek5zZW1SSFZuUmFVMEp3RFFwaVUwSnNZa2RXY21SSVNYVkpSVkpvWkVkV2RXUnRWbmxoTWxadlkybENTR0pYU2tsTlUwbDNTVUZaUkZaUlVVeEVRbXhvVEZoT2NGb3lOSFJaTWpsNURRcGpSemw1V1ZoU2JFeFhlSEJhTW1nd1RGUkJlVTFUU1hkSlFWbEVWbEZSUkVSQ2JHaE1XRTV3V2pJMGRGa3lPWGxqUnpsNVdWaFNiRXhYZUhCYU1tZ3dEUXBNVkVGNVRVSTBXRVJVUlRGTlJHTjVUMFJGTVU1RWEzZE9WbTlZUkZSSmQwMUVZM2xQUkVWNlRrUnJkMDVXYjNkbllsbDRRM3BCU2tKblRsWkNRVmxVRFFwQmEwWlZUVkkwZDBoQldVUldVVkZMUkVKV1JWbFlVbXhpYms1cVlVaFdNR1Z0ZEhaaVZ6RndZek5PY0dJeU5IaEpha0ZuUW1kT1ZrSkJjMDFIVms0d0RRcFpWekYwWlcxR2IySklTbXhhTW14NlpFZFdlVmx0Vm05aU1sWjVXa2RWZUV4cVFYTkNaMDVXUWtGTlRVcFdUbkJhTWpWb1pFaFdlV015Vm5sa2JXeHFEUXBhVTBKRldWaFNiR0p1VG1waFNGWXdaVzEwZG1KWE1YQmpNMDV3WWpJMGVFWlVRVlJDWjA1V1FrRlZWRVJFVFhsT1ZHdDVUMFJOZVUxNmF6VlBSRVZqRFFwTlFtOUhRMU54UjFOSllqTkVVVVZLUVZGM1RscElUbkpSUjFKNllYazFibVJwTldoa1JFTkRRVk5KZDBSUldVcExiMXBKYUhaalRrRlJSVUpDVVVGRURRcG5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVNHJaRUpUUlVKSGFqSnFWVmhKU3pGTmNETnNWbmhqTDFwaEszQktUV2w1UzNKWU0wY3hXbmhuV0M5cGEzZzNEUXBFT1hOamMxQlpUWFEwTnpOTWJFRlhiRGxqYlVOaVNHSktTeXRRVmpKWVRrNWtWVkpNVFZWRFNWZ3JOSFpWVG5NeVRVaGxSRlJSZEZnNFFsaHFTa1p3RFFwM1NsbFRiMkZTU2xFek9VWldVeTh4Y2pWelYyTnlZVGxJYUdSdE4zYzFSM1I0THpKMWEzbEVXREJyWkd0NFlYZHJhRkEwUlZGRmVta3ZVMGtyUm5WbkRRcHVLMWR4WjFFeGJrRmtiR0o0WWk5a1kwSjNOWGN4YURsaU0yeHRkWGRWWmpSNk0yOXZVVmRWUkRKRVowRXZhMHRrTVV0bGFrNVNORE50VEZWemJYWlREUXA2WlhaUWVGUTVlbk0zT0hCUFVqRlBZV05DTjBsemVsUldTbEJZWlU5RllXRk9Xa2h1YmtJdlZXVlBNMmM0VEVWV0x6TlBhMWhqVldkalRXdGlTVWxwRFFwaFFraHNiR3czTVZCeE1FTlBhamxyY1dwWWIyVTNUM0pTYWt4Wk5Xa3pTM2RQY0dFMlZFMURRWGRGUVVGaFQwTkJaVlYzWjJkSWFFMUNSVWRCTVZWa0RRcEVaMUZMUWtGb1RVTkJObVZIZGxNeGRXcEJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkNURUYzUkdkWlNFdHBaMEZEWjBWSVFWRlJSRUZSU0M5TlFrMUhEUXBCTVZWa1NYZFJUVTFCY1VGRFJXdGpWMFJ3VURaQk1FUk5RV3RIUVRGVlpFVjNVVU5OUVVGM1JrRlpTRXRwWjBGRFowVkNRVkZSU2tSQlpFTlZNRWwwRFFwU1JrNU1UVWc0UjBORGMwZEJVVlZHUW5kRlFrSklUWGRqVkVKSFFtZG5ja0puUlVaQ1VXTjNRVzlaTm1GSVVqQmpSRzkyVEROa00yUjVOV2hNV0ZKNURRcGtXRTR3VEcxR01Fd3lUbXhqYmxKNlRESkZkR015Ykc1aWFURnFZak5LZDJJelNtaGtSMVYwWWtkc2JtRklVWFJOUkVwb1RHMU9lV1JFUVc1Q1oyZHlEUXBDWjBWR1FsRmpkMEZaV1dKaFNGSXdZMFJ2ZGt3eU9XcGpNMEYxV1ZNeE1HTnVWbnBrUXpWb1pFTTVkbGt6VG5kTlJsRkhRVEZWWkVsQlVrNU5SWE4zRFFwVFVWbEhTMmxuUVVWUlJWTk5SRGgzVUZGWlNVdDNXVUpDVVZWSVFXZEZWMDFYYURCa1NFRTJUSGs1TTJRelkzVlpVekV3WTI1V2VtUkROV2hrUXpsckRRcGlNazU2VERKT2Qwd3lSWFJqTW14dVlta3hRbUpZVW5wak1teHVZbTFHTUdSWVNYZG5XalJIUVRGVlpFaDNVMEpzYWtOQ2EzcERRbXRMUTBKcVlVTkNEUXBwYjJGQ2FESjRhMWxZUVRaTWVUbHpXa2RHZDB4dFJYUmtTRW94WXpOUmRWbFlVWFppTTFVNVdWTXhlbUZYWkhWTVYwNTJZMjVDZG1OdFJqQmFVekZ6RFFwaFYyUnZaRU13ZDAxcGVIWlFWVVYwVmtoS01XTXpVWE5aZWpGQ1ZrUTVhbHBZU2pCaFYxcHdXVEpHTUZwWVNteGtiVGxxV1ZoU2NHSXlOWE5oV0U0d0RRcFFNa3BvWXpKVkwySXlTbkZhVjA0d1dUSjRhR016VFRsYVYyeHJVVEpXZVdSSGJHMWhWMDVvWkVkc2RtSnJSakZrUjJoMlkyMXNNR1ZVUVU1Q1oydHhEUXBvYTJsSE9YY3dRa0ZSVlVaQlFVOURRVkZGUVVoUk0xcERUWFJCWW1GNlpVMUliVmRCTW5wb1dXeEljVWhuUzFadlkxWllSVVJuYlU1dFYweEhjVVpsRFFvNFJVRkVSa2x6T0hWSGNtdDBRbTFYUTFWSldHSlljemRVU0dObWVITXlTalEzZGtoMVkyOXdjMlJyWVdKT2JGaEZhbnB1WkZKbWJtTXJNVlpKYm1KdkRRcDZUWEpaWkRkcVpVUk9WRXN2ZEVscWFVOUZXV1J5ZVVsd1pXdFdPVU5tWVhjM2VYVTJiV1ZtVFhwbGRURmhRWGRtTjBKdVN5OW9kV2wzU2xkdVpXNXdEUXBDTjJsRUwxQjJXaXR0ZW5WRE4xSk9aa3BtUmlzclUzUnBRbFI0YVROV1dYaE9SMDFxVFRGalZUaEhkemxXVjJNd1VqTkZkV3BQWVZoWFowTkRPR2sxRFFwR1IyaFdkazlaYUU1WVpuTjRTbGhpVG5obGQwVkRhbkJCVEhaRWJFWk1UQ3RwUXpRNVJ5dEJSRk52VW5Zd1UyczVNVTlRZFN0alNXMURhak55Y3pOUkRRcDBZWE5KTDNBNVRGbGhZMGMyWXk5blNUTjBSVEJwYUhGbk9WSmljMHRJV0ZGc00xQlBka1ZTU2tFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBnb0pDVHhrYzJsbk9rOWlhbVZqZEQ0S0NRa0pQR1J6YVdjNlRXRnVhV1psYzNRZ1NXUTlJbTFoYm1sbVpYTjBJajRLQ1FrSkNUeGtjMmxuT2xKbFptVnlaVzVqWlNCVlVrazlJaUkrQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrSlBHUnphV2M2V0ZCaGRHZytibTkwS0dGdVkyVnpkRzl5TFc5eUxYTmxiR1k2T21SemFXYzZVMmxuYm1GMGRYSmxLVHd2WkhOcFp6cFlVR0YwYUQ0S0NRa0pDUWtKUEM5a2MybG5PbFJ5WVc1elptOXliVDRLQ1FrSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrOFpITnBaenBFYVdkbGMzUk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF3THpBNUwzaHRiR1J6YVdjamMyaGhNU0lnTHo0S0NRa0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDV0TWpWR056UXZOMWRMVlV4QmIwVXlWemRDYzBneVdVWlFUelE5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRa0pQQzlrYzJsbk9sSmxabVZ5Wlc1alpUNEtDUWtKUEM5a2MybG5PazFoYm1sbVpYTjBQZ29KQ1R3dlpITnBaenBQWW1wbFkzUStDZ2s4TDJSemFXYzZVMmxuYm1GMGRYSmxQZ284TDNOaGJXdzZRWE56WlhKMGFXOXVQZz09IiwNCiAgICAiRUlELUNJVElaRU4tUUFBLUxFVkVMIjogImh0dHA6Ly9laWRhcy5ldXJvcGEuZXUvTG9BL3N1YnN0YW50aWFsIiwNCiAgICAiRUlELUNDUy1VUkwiOiAiaHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvIiwNCiAgICAiRUlELUFVVEgtQkxPQ0siOiAiUEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpSUhOMFlXNWtZV3h2Ym1VOUltNXZJajgrUEhOaGJXd3lPa0Z6YzJWeWRHbHZiaUI0Yld4dWN6cHpZVzFzTWowaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRnpjMlZ5ZEdsdmJpSWdTVVE5SWw4Mk0yWm1PV1ZtTmpjek56QXdNalJqTkdReVpEaGlPV0ptWkRNNE1EVTNPQ0lnU1hOemRXVkpibk4wWVc1MFBTSXlNREU0TFRBMkxURXpWREUzT2pRMk9qQTVLekF5T2pBd0lpQldaWEp6YVc5dVBTSXlMakFpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0krUEhOaGJXd3lPa2x6YzNWbGNpQkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcHVZVzFsYVdRdFptOXliV0YwT21WdWRHbDBlU0krYUhSMGNITTZMeTkzZDNjdVlTMTBjblZ6ZEM1aGRDOTBiMlJ2UEM5ellXMXNNanBKYzNOMVpYSStQR1J6YVdjNlUybG5ibUYwZFhKbElIaHRiRzV6T21SemFXYzlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURBdk1Ea3ZlRzFzWkhOcFp5TWlJRWxrUFNKemFXZHVZWFIxY21VdE1TMHhJajQ4WkhOcFp6cFRhV2R1WldSSmJtWnZQanhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk5VVVpOHlNREF4TDFKRlF5MTRiV3d0WXpFMGJpMHlNREF4TURNeE5TSWdMejQ4WkhOcFp6cFRhV2R1WVhSMWNtVk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU055YzJFdGMyaGhNalUySWlBdlBqeGtjMmxuT2xKbFptVnlaVzVqWlNCSlpEMGljbVZtWlhKbGJtTmxMVEV0TVNJZ1ZWSkpQU0lpUGp4a2MybG5PbFJ5WVc1elptOXliWE0rUEdSemFXYzZWSEpoYm5ObWIzSnRJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2VkZJdk1UazVPUzlTUlVNdGVITnNkQzB4T1RrNU1URXhOaUkrUEhoemJEcHpkSGxzWlhOb1pXVjBJSGh0Ykc1ek9uaHpiRDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TVRrNU9TOVlVMHd2VkhKaGJuTm1iM0p0SWlCbGVHTnNkV1JsTFhKbGMzVnNkQzF3Y21WbWFYaGxjejBpYzJGdGJESWlJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02YzJGdGJESTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUGp4NGMydzZiM1YwY0hWMElHMWxkR2h2WkQwaWVHMXNJaUI0Yld3NmMzQmhZMlU5SW1SbFptRjFiSFFpSUM4K1BIaHpiRHAwWlcxd2JHRjBaU0J0WVhSamFEMGlMeUlnZUcxc2JuTTlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5MekU1T1RrdmVHaDBiV3dpUGp4b2RHMXNJSGh0Ykc1elBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDNob2RHMXNJajQ4YUdWaFpENDhkR2wwYkdVK1UybG5ibUYwZFhJZ1pHVnlJRUZ1YldWc1pHVmtZWFJsYmp3dmRHbDBiR1UrUEhOMGVXeGxJRzFsWkdsaFBTSnpZM0psWlc0aUlIUjVjR1U5SW5SbGVIUXZZM056SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FKQ1FrSkNTNXViM0p0WVd4emRIbHNaU0I3SUdadmJuUXRjMmw2WlRvZ2JXVmthWFZ0T3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRa0pMbWwwWVd4cFkzTjBlV3hsSUhzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lHWnZiblF0YzNSNWJHVTZJR2wwWVd4cFl6c2dmUW9KQ1FrSkNRa0pDUzUwYVhSc1pYTjBlV3hsSUhzZ2RHVjRkQzFrWldOdmNtRjBhVzl1T25WdVpHVnliR2x1WlRzZ1ptOXVkQzEzWldsbmFIUTZZbTlzWkRzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lIMGdDZ2tKQ1FrSkNRa0pMbWcwYzNSNWJHVWdleUJtYjI1MExYTnBlbVU2SUd4aGNtZGxPeUI5SUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtDUWtKQ1FrSkNRa3VhR2xrWkdWdUlIdGthWE53YkdGNU9pQnViMjVsT3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRazhMM04wZVd4bFBqd3ZhR1ZoWkQ0OFltOWtlVDQ4YURRZ1kyeGhjM005SW1nMGMzUjViR1VpUGtGdWJXVnNaR1ZrWVhSbGJqbzhMMmcwUGp4d0lHTnNZWE56UFNKMGFYUnNaWE4wZVd4bElqNUVZWFJsYmlCNmRYSWdVR1Z5YzI5dVBDOXdQangwWVdKc1pTQmpiR0Z6Y3owaWNHRnlZVzFsZEdWeWN5SStQSGh6YkRwcFppQjBaWE4wUFNKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUXZjMkZ0YkRJNlFYUjBjbWxpZFhSbFcwQk9ZVzFsUFNkMWNtNDZiMmxrT2pJdU5TNDBMalF5SjEwdmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVXBJajQ4ZEhJK1BIUmtJR05zWVhOelBTSnBkR0ZzYVdOemRIbHNaU0krVm05eWJtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakl1TlM0MExqUXlKMTB2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVaUlDOCtQQzkwWkQ0OEwzUnlQand2ZUhOc09tbG1Qang0YzJ3NmFXWWdkR1Z6ZEQwaWMzUnlhVzVuS0M5ellXMXNNanBCYzNObGNuUnBiMjR2YzJGdGJESTZRWFIwY21saWRYUmxVM1JoZEdWdFpXNTBMM05oYld3eU9rRjBkSEpwWW5WMFpWdEFUbUZ0WlQwbmRYSnVPbTlwWkRveExqSXVOREF1TUM0eE1DNHlMakV1TVM0eU5qRXVNakFuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTa2lQangwY2o0OGRHUWdZMnhoYzNNOUltbDBZV3hwWTNOMGVXeGxJajVPWVdOb2JtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhlSE5zT21sbUlIUmxjM1E5SW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMM05oYld3eU9rRjBkSEpwWW5WMFpWTjBZWFJsYldWdWRDOXpZVzFzTWpwQmRIUnlhV0oxZEdWYlFFNWhiV1U5SjNWeWJqcHZhV1E2TVM0eUxqUXdMakF1TVRBdU1pNHhMakV1TlRVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU2tpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SFpXSjFjblJ6WkdGMGRXMDZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNDFOU2RkTDNOaGJXd3lPa0YwZEhKcFluVjBaVlpoYkhWbElpQXZQand2ZEdRK1BDOTBjajQ4TDNoemJEcHBaajQ4ZUhOc09tbG1JSFJsYzNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNHlOakV1T1RBblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGxadmJHeHRZV05vZERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25SbGVIUStTV05vSUcxbGJHUmxJRzFwWTJnZ2FXNGdWbVZ5ZEhKbGRIVnVaeUJoYmk0Z1NXMGdic09rWTJoemRHVnVJRk5qYUhKcGRIUWdkMmx5WkNCdGFYSWdaV2x1WlNCTWFYTjBaU0JrWlhJZ1pzTzhjaUJ0YVdOb0lIWmxjbWJEdkdkaVlYSmxiaUJXWlhKMGNtVjBkVzVuYzNabGNtakRwR3gwYm1semMyVWdZVzVuWlhwbGFXZDBMQ0JoZFhNZ1pHVnVaVzRnYVdOb0lHVnBibVZ6SUdGMWMzZkRwR2hzWlc0Z2QyVnlaR1V1UEM5NGMydzZkR1Y0ZEQ0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BDOTBZV0pzWlQ0OGNDQmpiR0Z6Y3owaWRHbDBiR1Z6ZEhsc1pTSStSR0YwWlc0Z2VuVnlJRUZ1ZDJWdVpIVnVaend2Y0Q0OGRHRmliR1VnWTJ4aGMzTTlJbkJoY21GdFpYUmxjbk1pUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SlpHVnVkR2xtYVd0aGRHOXlPaUE4TDNSa1BqeDBaQ0JqYkdGemN6MGlibTl5YldGc2MzUjViR1VpUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKMmgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblF2YzJGdGJESTZRWFIwY21saWRYUmxXMEJPWVcxbFBTZG9kSFJ3T2k4dlpXbGtMbWQyTG1GMEwyVkpSQzloZEhSeWFXSjFkR1Z6TDFObGNuWnBZMlZRY205MmFXUmxja1p5YVdWdVpHeDVUbUZ0WlNkZEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxLU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGs1aGJXVTZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5hSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpHY21sbGJtUnNlVTVoYldVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0lnTHo0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BIaHpiRHBwWmlCMFpYTjBQU0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2RvZEhSd09pOHZaV2xrTG1kMkxtRjBMMlZKUkM5aGRIUnlhV0oxZEdWekwxTmxjblpwWTJWUWNtOTJhV1JsY2tOdmRXNTBjbmxEYjJSbEoxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VwSWo0OGRISStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1UzUmhZWFE2SUR3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJaTl6WVcxc01qcEJjM05sY25ScGIyNHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFUzUmhkR1Z0Wlc1MEwzTmhiV3d5T2tGMGRISnBZblYwWlZ0QVRtRnRaVDBuYUhSMGNEb3ZMMlZwWkM1bmRpNWhkQzlsU1VRdllYUjBjbWxpZFhSbGN5OVRaWEoyYVdObFVISnZkbWxrWlhKRGIzVnVkSEo1UTI5a1pTZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhMM1JoWW14bFBqeHdJR05zWVhOelBTSjBhWFJzWlhOMGVXeGxJajVVWldOb2JtbHpZMmhsSUZCaGNtRnRaWFJsY2p3dmNENDhkR0ZpYkdVZ1kyeGhjM005SW5CaGNtRnRaWFJsY25NaVBqeDBjajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUVZWFIxYlRvOEwzUmtQangwWkNCamJHRnpjejBpYm05eWJXRnNjM1I1YkdVaVBqeDRjMnc2ZG1Gc2RXVXRiMllnYzJWc1pXTjBQU0p6ZFdKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTlBU1hOemRXVkpibk4wWVc1MExEa3NNaWtpSUM4K1BIaHpiRHAwWlhoMFBpNDhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMRFlzTWlraUlDOCtQSGh6YkRwMFpYaDBQaTQ4TDNoemJEcDBaWGgwUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSnpkV0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOUFTWE56ZFdWSmJuTjBZVzUwTERFc05Da2lJQzgrUEM5MFpENDhMM1J5UGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1VmFISjZaV2wwT2p3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJbk4xWW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMMEJKYzNOMVpVbHVjM1JoYm5Rc01USXNNaWtpSUM4K1BIaHpiRHAwWlhoMFBqbzhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMREUxTERJcElpQXZQang0YzJ3NmRHVjRkRDQ2UEM5NGMydzZkR1Y0ZEQ0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGljM1ZpYzNSeWFXNW5LQzl6WVcxc01qcEJjM05sY25ScGIyNHZRRWx6YzNWbFNXNXpkR0Z1ZEN3eE9Dd3lLU0lnTHo0OEwzUmtQand2ZEhJK1BIUnlQangwWkNCamJHRnpjejBpYVhSaGJHbGpjM1I1YkdVaVBsUnlZVzV6WVd0MGFXOXVjMVJ2YTJWdU9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDBCSlJDSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKM1Z5YmpwdmFXUTZNUzR5TGpRd0xqQXVNVEF1TWk0eExqRXVNall4TGprd0oxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo0S0NRa0pDUWtKQ1FrSkNRbFdiMnhzYldGamFIUmxiaTFTWldabGNtVnVlam9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0NU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhkSElnWTJ4aGMzTTlJbWhwWkdSbGJpSStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1JHRjBZVlZTVERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25aaGJIVmxMVzltSUhObGJHVmpkRDBpTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcERiMjVrYVhScGIyNXpMM05oYld3eU9rRjFaR2xsYm1ObFVtVnpkSEpwWTNScGIyNHZjMkZ0YkRJNlFYVmthV1Z1WTJVaUlDOCtQQzkwWkQ0OEwzUnlQang0YzJ3NmFXWWdkR1Z6ZEQwaUwzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBEYjI1a2FYUnBiMjV6TDBCT2IzUlBiazl5UVdaMFpYSWlQangwY2lCamJHRnpjejBpYUdsa1pHVnVJajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUJkWFJvUW14dlkydFdZV3hwWkZSdk9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDNOaGJXd3lPa052Ym1ScGRHbHZibk12UUU1dmRFOXVUM0pCWm5SbGNpSWdMejQ4TDNSa1Bqd3ZkSEkrUEM5NGMydzZhV1krUEM5MFlXSnNaVDQ4TDJKdlpIaytQQzlvZEcxc1Bqd3ZlSE5zT25SbGJYQnNZWFJsUGp3dmVITnNPbk4wZVd4bGMyaGxaWFErUEM5a2MybG5PbFJ5WVc1elptOXliVDQ4WkhOcFp6cFVjbUZ1YzJadmNtMGdRV3huYjNKcGRHaHRQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEx6RXdMM2h0YkMxbGVHTXRZekUwYmlNaUlDOCtQQzlrYzJsbk9sUnlZVzV6Wm05eWJYTStQR1J6YVdjNlJHbG5aWE4wVFdWMGFHOWtJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOHdOQzk0Yld4bGJtTWpjMmhoTWpVMklpQXZQanhrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQbXBoTUhSSlVEQkJVVEU0ZGk4NFpsVmpOR1kxYVhsSGNIWXhXVGhFYWpGUGJDODVNa2RTU0V0Q2EyYzlQQzlrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQand2WkhOcFp6cFNaV1psY21WdVkyVStQR1J6YVdjNlVtVm1aWEpsYm1ObElFbGtQU0psZEhOcExXUmhkR0V0Y21WbVpYSmxibU5sTFRFdE1TSWdWSGx3WlQwaWFIUjBjRG92TDNWeWFTNWxkSE5wTG05eVp5OHdNVGt3TXlOVGFXZHVaV1JRY205d1pYSjBhV1Z6SWlCVlVrazlJaU5sZEhOcExYTnBaMjVsWkhCeWIzQmxjblJwWlhNdE1TMHhJajQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrTVZGVWFXNTBPR1Y1UXpsNFVFbExXR0ZxYzJ0cmVUWmlMM2MzY20xV1JEUldZMjQwUjFkMVJrMVZjejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5a2MybG5PbEpsWm1WeVpXNWpaVDQ4TDJSemFXYzZVMmxuYm1Wa1NXNW1iejQ4WkhOcFp6cFRhV2R1WVhSMWNtVldZV3gxWlNCSlpEMGljMmxuYm1GMGRYSmxkbUZzZFdVdE1TMHhJajVLT0ROMFdUUnhUMWhGWVhWNWMxVXhMM1pUZWtzMk1EbDBNRWRKUm5sQlJUZFVkR05LYmpsRmNXZGFXa3RHTmxNMWVVRllURTlzZEhsc1JVdFBZV015TW1zMUsxaHlaRlZ0ZFV0NGFtNHdMekZQWTNwSFJqRTNlR1pYYXpORWFtbHdUMDlqZFVOM2VYQlZTV3BWTW5KVEt6RldkMnhxVUU4NGNIY3hTSGR3VEZaa1JtbFJjVzkzZVU5NFRGTkJlV05VUlV4Ukx6bHhRVTFaTm05UFpscFBiMEZhVTNaVFpXOVJVazVhVFN0YUwyTjZOalZDZUhwdFZrUklkMjgwYmxkemJTOXdVWEpSYmtkblVGQTFORmRNVWpSc1YyOXZWV2xqU1ZkdVEyMW5ZbVV6WVdkUVoybFBNVTlITVV4SWNuTkVNbXBrY0VKeGJITkJjWGR2Y0U1Qk5ta3dXbkE1Y3pFNVNEWk1VbWxsTjBKNE9EUnpSbmxLWlhNMU5qWTFaRkp4WlhoWFpub3ZOVGhaU0ZndmMzWkdOWEpDZUhjMVVHcEtZbGhYYmxKNlptcHpORXM0YzBSeVdsQmFhSEZSU0hwQ1Zub3pTV2M5UFR3dlpITnBaenBUYVdkdVlYUjFjbVZXWVd4MVpUNDhaSE5wWnpwTFpYbEpibVp2UGp4a2MybG5PbGcxTURsRVlYUmhQanhrYzJsbk9sZzFNRGxEWlhKMGFXWnBZMkYwWlQ1TlNVbEdNV3BEUTBKTU5tZEJkMGxDUVdkSlJWRnpNVEpxVkVGT1FtZHJjV2hyYVVjNWR6QkNRVkZ6UmtGRVEwSnZWRVZNVFVGclIwRXhWVVZDWjNkRFVWWlJlRk5FUWtkQ1owNVdRa0Z2VFZBd1JYUldTRW94WXpOUloxSXlWbnBNYVVKdFRHbENWR0ZYVG05YVdFcHZXbGRzTUdNelRqVmpNMUpzWWxkVloyRlhNR2RhVjNoc1lUTlNlVXhwUWtWWldGSnNZbTVhYkdOdGRHeGhTRWxuVWpJeGFWTkVSV3BOUTBWSFFURlZSVU4zZDJGWlV6RjZZVmRrZFV4V1FubGFWekZ3WkZjd2RGWkhWbnBrUXpGVVlWZGpkRTFFU1hoSmVrRm9RbWRPVmtKQlRVMUhiVVYwWXpKc2JtSnBNVkZqYlZaMFlWaFdkRXhXVW14ak0xRjBWVEpzYmt4VVFYbE5RalJZUkZSRk5FMUVXWGhOZWtFMFRsUmpNVTlHYjFoRVZFbDZUVVJaZUUxNlFUUk9WR014VDBadmQxbEVSVXhOUVd0SFFURlZSVUpuZDBOUlZsRjRSbnBCVmtKblRsWkNRVTFOUkdzeGFHVkRRazVrV0U0d1dsaEtkRmxYTlhWTlVrMTNSVkZaUkZaUlVVVkVRWEJPWkZoT01GcFlTblJaVnpWMVRWRjNkME5uV1VSV1VWRnhSRUZPVGxsWVozaEdWRUZVUW1kT1ZrSkJWVTFFUkZWNFRVUmpNVTFFV1RCUFJFMTRUVlJEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUWEo0YWtSM0sxZEplRE16Y1U1aU1sZG9kMDFSYUZGa0wyZEJXbTB5YWpkTFpIaGtZV2R5V1ZBemNqTnJSWGcyZWpaNFEzcFVibnBWWWl0SmJYUkljMUJFVkRZemRXcDRiWGRyTTAwelpsVktNV1J0ZHprMVJFdFlWV1ZGY2toNmVrSTVUVlI0Vml0a1prbHJSVGxQVkUweVpsaGxPVlpNU21aYVkwOXdUa2syVTNCb1JrSk1NMjFZUVVKRFRtRnVaREk0UTB0Vk9WQkhjek15WldaNk0xSlBiVUpHSzJ4TmVuVkJVekJYWVdOWVJFSllUa2xtVjBrNEwyeDBRMkZTVEd0clZIUXhhalpTV1dFeFpHeEVhVlZRY1hOamRpdFBhRE5PZUhrcmVrRlZSVlp2ZVZVdldHRmpiUzh2U0ZodWFuZHdLMEpQV1ZOcVJWVnhOMmhDYnpKdlZHd3ZlU3RPTjJoclJHcEVlRXR0UzFOb09HWkplbXRtZVVSMEszQkNOMnhJTm1wVVlteHdVbmRhYVhWc2VrMU9Ua2RLUm01QmFuZGxTVEl3VDJSbFFrVjBlR3RsWnpaVFRteHJNRTVIYVRKS2F6TnpRMEYzUlVGQllVOURRV3hSZDJkblNsRk5TVWRFUW1kbmNrSm5SVVpDVVdOQ1FWRlNNMDFJVlhkU1VWbEpTM2RaUWtKUlZVaE5RVXRIVDFkb01HUklRVFpNZVRrelpETmpkVmxUTVRCamJsWjZaRU0xYUdSRE9XcGFXRW93WTNrNWFFeFlUbkJhTWpSMFkwaEtiR0pYYkRGaVV6RjBZakpLY0dKSFZYUk5SRTVvVEcxT2VXUkVRWE5DWjJkeVFtZEZSa0pSWTNkQldWbG5ZVWhTTUdORWIzWk1NamxxWXpOQmRHUkhWbnBrUXpWb1RGaFNlV1JZVGpCTWJVWXdUREk1YW1NelFYZEZkMWxFVmxJd2FrSkJkM2REYjBGSlVtZGhabXByUjA5R1lqQjNZMmRaU1V0M1dVSkNVVlZJUVZGTlJWcHFRbXROUVc5SFEwTnpSMEZSVlVaQ2QzTkRUVUZuUjBKblVVRnFhMWxDUVZSQlNVSm5XVVZCU1RWSFFWRlJkMFYzV1VkQ1FVTlBVbWRGUjAxQmEwZENkMUZCYW10WlFrSm5SWGRNVVZsSFFrRkRUMUpuUlVaTlEwMTNTVkpaWW1GSVVqQmpTRTAyVEhrNU0yUXpZM1ZaVXpFd1kyNVdlbVJETldoa1F6bDNXa2hOZGtWM1NrWlVha0ZTUW1kT1ZraFJORVZEWjFGSlVqWjRPRVZqYzNGUGVITjNSR2RaUkZaU01GQkJVVWd2UWtGUlJFRm5Za0ZOUVd0SFFURlZaRVYzVVVOTlFVRjNXVUZaUkZaU01HZENSbXQzVm5wQlNVSm5XVVZCU1hOM1FWRkZkMU4zV1VkTGFXZEJSVkZGVlUxRlJYZFFkMWxKUzNkWlFrSlJWVWhCWjBWWFRUSm9NR1JJUVRaTWVUa3paRE5qZFZsVE1UQmpibFo2WkVNMWFHUkRPV3RpTWs1NlRESk9kMHd5UlhSak1teHVZbWt4ZDJOdFZuUmhXRlowVEZjeGRsbHRiSE5hVkVOQ2NtZFpSRlpTTUdaQ1NVZHRUVWxIYWsxSlIyZHZTVWRrYjBsSFlXaHZSMWhpUjFKb1kwUnZka3d5ZUd0WldFRjBaRWRXZW1SRE5XaE1XRko1WkZoT01FeHRSakJNTWpreFVGZEZkR015Ykc1aWFURlJZMjFXZEdGWVZuUk1WbEpzWXpOUmRGVXliRzVNVkVGNVNVTm9WRk5GUlhSTmFsVXlTMU40ZGxCVlJYUldTRW94WXpOUmMxbDZNVUpXUkRscVdsaEtNR0ZYV25CWk1rWXdXbGhLYkdSdE9XcFpXRkp3WWpJMWMyRllUakJRTWtwb1l6SlZMMkl5U25GYVYwNHdXVEo0YUdNelRUbGFWMnhyVVRKV2VXUkhiRzFoVjA1b1pFZHNkbUpyUmpGa1IyaDJZMjFzTUdWVVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGTk1GQkVMekl6U20xUE16Wk5Uazk1SzNwYVFpOVVUSE5oUmpjNE1HMXRUMHRxY0dzeFdITllRWHBWVGt0YU5sTnlkQ3R0TUhVcksybFhiemxNT0VoR0wyeHllRk5FT0VkWVNtTkVURmxYUm1aNE56QnlORW81ZDFVNFN6ZHdSRWt4YmpsRmNXSkJjekJTSzNaWlZtNU1OVlZXVUM5MVZWRmxkekpYYkhBMU9GQkdjR2RCV0N0VUwxTkZNR05sWlV0NVRUaFlSVzVZVTNwbFRpOUZVM1JzUml0S1EyRkJPSFZ0Y1dwdFJFVnVZV1V6Y1hWeFUxVnNLMHhsYTFCVk9HazRSME56YmpVNWRYaDBibFZ1ZUVsTlMzY3paR2N2TjBRM1dUaE1ObFoxTkU1WE5FeGpiemRtYVRsRGNtRklRelJTVEV4MFpIaFliSFpQZGxGcFJWbHZSU3Q1TVRkbk1Ia3ZRemhPTkVSelkyaGFhWHBaZDNBd2NFOVNUMkpqWmt0V1RuQndWWFZMZFhOTmFIUnRVMnBzTUZaeEx5OWhkamhVVlhGU2NEVkdlalpYWTNwMFVFZEhVM2N3Um1WbGRsVkxSRzlETDBFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2s5aWFtVmpkQ0JKWkQwaVpYUnphUzF6YVdkdVpXUXRNUzB4SWo0OFpYUnphVHBSZFdGc2FXWjVhVzVuVUhKdmNHVnlkR2xsY3lCNGJXeHVjenBsZEhOcFBTSm9kSFJ3T2k4dmRYSnBMbVYwYzJrdWIzSm5MekF4T1RBekwzWXhMak11TWlNaUlGUmhjbWRsZEQwaUkzTnBaMjVoZEhWeVpTMHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGQnliM0JsY25ScFpYTWdTV1E5SW1WMGMya3RjMmxuYm1Wa2NISnZjR1Z5ZEdsbGN5MHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGTnBaMjVoZEhWeVpWQnliM0JsY25ScFpYTStQR1YwYzJrNlUybG5ibWx1WjFScGJXVStNakF4T0Mwd05pMHhNMVF4TlRvME5qb3dPVm84TDJWMGMyazZVMmxuYm1sdVoxUnBiV1UrUEdWMGMyazZVMmxuYm1sdVowTmxjblJwWm1sallYUmxQanhsZEhOcE9rTmxjblErUEdWMGMyazZRMlZ5ZEVScFoyVnpkRDQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrYW1WQmJFcHdTVEZIWkV0WlVXMVNOM1pRY25KVWNrZFdPVWRNT1M5MVdXeExNM0JyU1ROUWVtNHpiejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5bGRITnBPa05sY25SRWFXZGxjM1ErUEdWMGMyazZTWE56ZFdWeVUyVnlhV0ZzUGp4a2MybG5PbGcxTURsSmMzTjFaWEpPWVcxbFBrTk9QV0V0YzJsbmJpMVFjbVZ0YVhWdExWUmxjM1F0VTJsbkxUQXlMRTlWUFdFdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TEU4OVFTMVVjblZ6ZENCSFpYTXVJR1l1SUZOcFkyaGxjbWhsYVhSemMzbHpkR1Z0WlNCcGJTQmxiR1ZyZEhJdUlFUmhkR1Z1ZG1WeWEyVm9jaUJIYldKSUxFTTlRVlE4TDJSemFXYzZXRFV3T1VsemMzVmxjazVoYldVK1BHUnphV2M2V0RVd09WTmxjbWxoYkU1MWJXSmxjajR4TVRJd056WXhORGcxUEM5a2MybG5PbGcxTURsVFpYSnBZV3hPZFcxaVpYSStQQzlsZEhOcE9rbHpjM1ZsY2xObGNtbGhiRDQ4TDJWMGMyazZRMlZ5ZEQ0OEwyVjBjMms2VTJsbmJtbHVaME5sY25ScFptbGpZWFJsUGp4bGRITnBPbE5wWjI1aGRIVnlaVkJ2YkdsamVVbGtaVzUwYVdacFpYSStQR1YwYzJrNlUybG5ibUYwZFhKbFVHOXNhV041U1cxd2JHbGxaQ0F2UGp3dlpYUnphVHBUYVdkdVlYUjFjbVZRYjJ4cFkzbEpaR1Z1ZEdsbWFXVnlQand2WlhSemFUcFRhV2R1WldSVGFXZHVZWFIxY21WUWNtOXdaWEowYVdWelBqeGxkSE5wT2xOcFoyNWxaRVJoZEdGUFltcGxZM1JRY205d1pYSjBhV1Z6UGp4bGRITnBPa1JoZEdGUFltcGxZM1JHYjNKdFlYUWdUMkpxWldOMFVtVm1aWEpsYm1ObFBTSWpjbVZtWlhKbGJtTmxMVEV0TVNJK1BHVjBjMms2VFdsdFpWUjVjR1UrWVhCd2JHbGpZWFJwYjI0dmVHaDBiV3dyZUcxc1BDOWxkSE5wT2sxcGJXVlVlWEJsUGp3dlpYUnphVHBFWVhSaFQySnFaV04wUm05eWJXRjBQand2WlhSemFUcFRhV2R1WldSRVlYUmhUMkpxWldOMFVISnZjR1Z5ZEdsbGN6NDhMMlYwYzJrNlUybG5ibVZrVUhKdmNHVnlkR2xsY3o0OEwyVjBjMms2VVhWaGJHbG1lV2x1WjFCeWIzQmxjblJwWlhNK1BDOWtjMmxuT2s5aWFtVmpkRDQ4TDJSemFXYzZVMmxuYm1GMGRYSmxQanh6WVcxc01qcERiMjVrYVhScGIyNXpJRTV2ZEVKbFptOXlaVDBpTWpBeE9DMHdOaTB4TTFReE56bzBOam93T1Nzd01qb3dNQ0lnVG05MFQyNVBja0ZtZEdWeVBTSXlNREU0TFRBMkxURXpWREU0T2pBeE9qQTVLekF5T2pBd0lqNDhjMkZ0YkRJNlFYVmthV1Z1WTJWU1pYTjBjbWxqZEdsdmJqNDhjMkZ0YkRJNlFYVmthV1Z1WTJVK2FIUjBjSE02THk5bGFXUXVaM1l1WVhRdmJXOWhMV2xrTFdGMWRHZ3ZjMnd5TUM5a1lYUmhWWEpzUDNCbGJtUnBibWRwWkQwME9UYzFOelUxTXpjNE16azBNRFF4TkRnMlBDOXpZVzFzTWpwQmRXUnBaVzVqWlQ0OEwzTmhiV3d5T2tGMVpHbGxibU5sVW1WemRISnBZM1JwYjI0K1BDOXpZVzFzTWpwRGIyNWthWFJwYjI1elBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbEJXVUMxV1JWSlRTVTlPSWlCT1lXMWxQU0oxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eE1DSWdUbUZ0WlVadmNtMWhkRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T21GMGRISnVZVzFsTFdadmNtMWhkRHAxY21raVBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0I0Yld4dWN6cDRjMms5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01ERXZXRTFNVTJOb1pXMWhMV2x1YzNSaGJtTmxJaUI0YzJrNmRIbHdaVDBpZUhNNmMzUnlhVzVuSWo0eUxqRThMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsUGp3dmMyRnRiREk2UVhSMGNtbGlkWFJsUGp4ellXMXNNanBCZEhSeWFXSjFkR1VnUm5KcFpXNWtiSGxPWVcxbFBTSlFVa2xPUTBsUVFVd3RUa0ZOUlNJZ1RtRnRaVDBpZFhKdU9tOXBaRG94TGpJdU5EQXVNQzR4TUM0eUxqRXVNUzR5TmpFdU1qQWlJRTVoYldWR2IzSnRZWFE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaGRIUnlibUZ0WlMxbWIzSnRZWFE2ZFhKcElqNDhjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VnZUcxc2JuTTZlSE5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0lnZUhOcE9uUjVjR1U5SW5oek9uTjBjbWx1WnlJK1RYVnpkR1Z5YldGdWJqd3ZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1UrUEM5ellXMXNNanBCZEhSeWFXSjFkR1UrUEhOaGJXd3lPa0YwZEhKcFluVjBaU0JHY21sbGJtUnNlVTVoYldVOUlrZEpWa1ZPTFU1QlRVVWlJRTVoYldVOUluVnlianB2YVdRNk1pNDFMalF1TkRJaUlFNWhiV1ZHYjNKdFlYUTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoZEhSeWJtRnRaUzFtYjNKdFlYUTZkWEpwSWo0OGMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVWdlRzFzYm5NNmVITnBQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEwxaE5URk5qYUdWdFlTMXBibk4wWVc1alpTSWdlSE5wT25SNWNHVTlJbmh6T25OMGNtbHVaeUkrVFdGNFBDOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaVDQ4TDNOaGJXd3lPa0YwZEhKcFluVjBaVDQ4YzJGdGJESTZRWFIwY21saWRYUmxJRVp5YVdWdVpHeDVUbUZ0WlQwaVFrbFNWRWhFUVZSRklpQk9ZVzFsUFNKMWNtNDZiMmxrT2pFdU1pNDBNQzR3TGpFd0xqSXVNUzR4TGpVMUlpQk9ZVzFsUm05eWJXRjBQU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WVhSMGNtNWhiV1V0Wm05eWJXRjBPblZ5YVNJK1BITmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxJSGh0Ykc1ek9uaHphVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOVlUVXhUWTJobGJXRXRhVzV6ZEdGdVkyVWlJSGh6YVRwMGVYQmxQU0o0Y3pwemRISnBibWNpUGpFNU5EQXRNREV0TURFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Vlc1cGNYVmxTV1FpSUU1aGJXVTlJbWgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FpSUU1aGJXVkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcGhkSFJ5Ym1GdFpTMW1iM0p0WVhRNmRYSnBJajQ4YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVZ2VHMXNibk02ZUhOcFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4TDFoTlRGTmphR1Z0WVMxcGJuTjBZVzVqWlNJZ2VITnBPblI1Y0dVOUluaHpPbk4wY21sdVp5SSthSFIwY0hNNkx5OWlhVzVrYVc1bkxtOWxjM1JsY25KbGFXTm9MbWQyTG1GMEwyRjFkR2d2YzNBdlRXVjBZV1JoZEdFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Um5KcFpXNWtiSGxPWVcxbElpQk9ZVzFsUFNKb2RIUndPaTh2Wldsa0xtZDJMbUYwTDJWSlJDOWhkSFJ5YVdKMWRHVnpMMU5sY25acFkyVlFjbTkyYVdSbGNrWnlhV1Z1Wkd4NVRtRnRaU0lnVG1GdFpVWnZjbTFoZEQwaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRjBkSEp1WVcxbExXWnZjbTFoZERwMWNta2lQanh6WVcxc01qcEJkSFJ5YVdKMWRHVldZV3gxWlNCNGJXeHVjenA0YzJrOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREV2V0UxTVUyTm9aVzFoTFdsdWMzUmhibU5sSWlCNGMyazZkSGx3WlQwaWVITTZjM1J5YVc1bklqNUNhVzVrYVc1bklGTmxjblpwWTJVZ1pzTzhjaUJ2WlM1bmRpNWhkRHd2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzTWpwQmRIUnlhV0oxZEdVK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbE5sY25acFkyVlFjbTkyYVdSbGNpMURiM1Z1ZEhKNVEyOWtaU0lnVG1GdFpUMGlhSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpEYjNWdWRISjVRMjlrWlNJZ1RtRnRaVVp2Y20xaGREMGlkWEp1T205aGMybHpPbTVoYldWek9uUmpPbE5CVFV3Nk1pNHdPbUYwZEhKdVlXMWxMV1p2Y20xaGREcDFjbWtpUGp4ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTQjRiV3h1Y3pwNGMyazlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURFdldFMU1VMk5vWlcxaExXbHVjM1JoYm1ObElpQjRjMms2ZEhsd1pUMGllSE02YzNSeWFXNW5JajVCVkR3dmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUStQQzl6WVcxc01qcEJjM05sY25ScGIyNCsiDQogIH0NCn0.WgPyI2KiVzp2DzbC6AfbDlQbXEYk-hL78-bfzj_b_IXwyHmuENwHA8MslDHOe1bYd3mlSTnoAUE20igmXM6gnFOe4pQes2i5d8YAnYRspbwhj86sn5_vMyGfHtBsApP3MqjcSHL24vo6DHqKYqN85FMGq6GnPub9HGbeIgMAvECuH0ZCqY5MDWj4FI2OA5Jrn2fyBY1CebF5NdTSUeBJMjG_q-cpTnWmkcELKXTNJg9ihkHR8FkBjt8xh2YWh9Opk_0RrUIZI5U9YC4Xc-Hgj7C7YplA4Pr0_SUHdqH_86xF7GcMMuC5Bs8EU22lejxhxwz0BzPPg2Ws0LJ8RGAm0A"
+  "respID": "EK3d4E7SpVhzuq4mrQHb",
+  "inResponseTo": "_ef45ddc4a2a44392d81e5626d6290ace",
+  "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIl92cGVPcTItZDlzNzVKV21RS1B2WFBRR2pldTBoUWhsNFJ6VkR5N0V5UHciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAiZW5jcnlwdGVkUmVzdWx0IjogImV5SmhiR2NpT2lKU1UwRXRUMEZGVUMweU5UWWlMQ0psYm1NaU9pSkJNalUyUjBOTklpd2lZM1I1SWpvaVlYQndiR2xqWVhScGIyNHZjMnd5TGpBN2NtVnpkV3gwSWl3aWVEVjBJMU15TlRZaU9pSktXRTlKVVhnNFRrUjJkWHBLTjBGb2FEUjJPREJuYldOd1dVNVhZblZOZURaVFkyNVpVVlJTTURadkluMC5pS1BjUjk4bDU3ekpzZmw5ZmRjRjE1MF80blFianIydVdzMlZMMmI5RXZrS08yVXphNDE1MEtkRkRSM050d2V2Rk1Jbm8xVXBMX28xTVlQTnU5dzZIM2ZvYW4yaDFMYnlNcldlZnBqaTgyVWNteE12YlpqcFRUUGxQWktpQ0ZTMUxhWnhLQ09OOUN5SDFnMHY1amkxbkpfYXlGVUJ3d1ZQR0h1UU1rSDFVWUdVVjFZRUJUdnVqdDNsVTdISEdzbDI0bFk3U1d4ODhJS1VmVlJDTWZ2OGZiOVBjRjhaTDRoRnpVWTRyVWVFM2htWkxCeDdVYjZGNEV0dDI0d3JTVWhNRGVIWUJQRTVBT3BHSHJKZHoxQzJmZWJqejczLXJIRFN6UGhibEkwSzVLaE9JcEd1UjdtUHpRUFBFWFhxRGNaSU5LZHZtRkYyM0xFUnVmOGVIckg2VVEuajdQRTZPLV9pWVZDbFRHQzUxa1BWTi1NbzAxcVh2WEFQQVhwaTVCTmxLTS5nekJuUktzczJ1c0FyeXNzZHF5alhxZDh0R3hxODFZM0FGNVFkZWNETWZtTU42NVMyOVlvSkRsTGl1TE5Yc3gyd1FNOFp0T3lMTDNpN3pvRzVLcmRneUlfQU1ITkVOWHd4aHU0NWNieGJnZC1Ld21rTjZaRVh2YklvMlF4d1pHcDgzSkF5ckEwX3RKVlktOU5TUWQ0RmxITUFXR2pqckxNR2ZtSVZUd0xnbWZKZ0ZtWnM1cEtzVGFiTkhTNW1NWTFUN2didmMxSlF6ZmtxRHVTa0FSYTJQYnkySl9lQmtRaXVIcHl2S1lvaWZmWEpiamszaDloblJoNGtLYXZQSG1GMDZxZlMwTUI4bTd1Q3hRTUQ2V1hoQW9GZWNDRmQya0RsYnpBLS0xUG1aRWYxd1E0R2Q0bWJncXRlSGg5SWVzaXFNQ05naUZOaTQ4MUZjbWpmMDRuLUk4al9TZzhwR1dOcDR4Ni10ckQ4dVNfN1lQMlZsb0pZRUotYUZ4MmhkMlB1d3draTE5dG1KRE8zLW13eDJ3OHNqQ294Z3JCNkgzNHJmRlQyd1JHTUZOUTVQUUhONHg1X3pmRVVSczVBRDlXMGcyUF9pRkduTlYxRVJmUW04ZEFDOXlGRWhXaks3UC1jSTRheEVQUk5GV1hoYmpwN0ZmUUdQM3hfc2JrSDItNzFMZ2lJdFFZcVNCWGhxQ2ZfWlowb2l5UVZkbk10eTk2OFBzaEFNYjlHZjVzNUJRVmFRWko5TFJzNjhqNFlXWWJKamEzTlZQUGFpdFE5RHA5M1NvWkIxeEZMNEY2alA2NnZhQVk0amJUU2hXRnpPRmx3bGZCOGQzd1pLbnRid0xkMGtQWFJMblBNQ3E0TFhwNExwd1k2dmxCbHhOYzVtVGtWZmZDaC0teGtxOHNQMFZpZGZRWG1kQXVXQXZpaEpZTktsNGVlZTZaMEotLWxQVzZBZnpCZ25FQnZrWU5wYVVobkRqTTY0ZlNhanN3eEh5QmtrVXVuZFFCZ29HQmRLcWc2bERXYWs5aG1vNGVzTGZEZ1N3TnB4aWdVNThNckFEUFlwNzFmUU5POWM5VFFwNmktME9BYzR0bTZFTHV4S1VNbnN0c0ZtcWV3VXdHM2xFOU9QOGdsem5GTU1TVENfZlAtempGV2RnbUVFYklFUHlvVFVCSldLOEo3aWIzMUxRSHZXak83NjJvOVRaYTNyUmN6WnR0OFZmckItQ1R1NDh0YmxfN1d3Mmlhc3ZjWFloTE5vaVFIZl9iSnp3MTZZUFJOY0VYaWNiRFp6SzRmcDlRQnBPaks4cWNlMU1CTVRMN2VEdHpTUnI1RmJGaFNydW85N194Q1JGd19abHd0dFVlQlJ3ME5IcFpRaFR2Rk83a0taOG5LbE5paE1rWGE5ZFpRRVIyZUxGWEJUOEJWMXdjTnZNa0ZxQUtPTFhsTV9tcXZ2eEsxbXNHdHVYWTZLZkJ5dWU0R1hwNXVCQkRmd1M4bzhfV1QtcHNxcnhzQjBrMVQxZ3E0OHYxZ21wZUdrT1N2QTl1LTJqUVFPR0pTZnJmeVBWVnFSRmVOd3JYZV9ZX0NLWE1Kd1FfZjNqN0lCWlQ4WWpKaW5Sd1l6di04ZGU0S1RRdmJYMU5pRFpLdVdCcjU0Q3pBbnhnYUJRQ3R0NHUzMnF0RjEydzRMSUtDV3hSY3RPX0RRTkdFMHQwaDJzRlIxSGp5N3hsZWFob1h0UWdtWEZKMms2T2YyVUNLd0NXLVZmZTBMNkhNLVVOX3ItdEg0QWVlQVRIWE04N21nYmQwbFBVMEpXLUVXZ3dtaXhkQUxBcDNSSUhiQjVfYmJnTV9KRXFaUlVqd3FzUFlObE53SkRzM0dDMXpianZETzgxU3Bmb05iTjlvX1VLTnp4dEpScGY3MG9sSXFVQmRnenlEOTJNa3cyaW9WZm9qTF9FSjVuV1VjQVhvbnNZSnJiWEpaYjY0eTZ3NXI5SFdrbVFqWF9BZ21yNjBPbXBNNlhVWENXZG50U3ZHTnhla3MwX3RpUHlXR0hWODYtVXhMSmNvYWRWSWJOZVhCTUM1ekJjMzJOQnkzVGx4bmtieU1RYUVsRFNESnllUlJBOXVnVHhfX2JRUnRzUHVqYTVrS1BvSG1PVWRtS0trV19idHpRS2Z6WWtCcjhVaUtXT3QxTU5HZ0F5cmttb2YyQVFOR0RtT0VSaXFRT2pfSTNLcThsc25ydXlBOHprNG03ZjFxLTVaUkY5SW1wYVk4Vm9seGxRQWNXU1kyODJma24yTHB6ZDJ5MjZrMFB4MGR5ZDZHMkNrRDQ5VjdfaGMzM1ZuY3huWTR0eFZZVDVDV2VPbTVBN3VYMzhza0ZBdFFGRmh5bGNtbHBWdGk5NF9yWFdnZFBpcWxJbEdsVnZieXFqcTREYnNUbElhdl9kNThYWElud01EbVZjalFhQWpPVVotR2wwcXNIQWtJdllMcXl2VjAwNVRpdVBhUUJqLUtzbm9JaEJVYV9nVVRoR2M1aG8weXp2SEI1bVVWMVBuc0RiR0xLYUxFbTB0LUVxaFpjX1VleGg1MGhCTjhHbkhqUVRlaTQwWXhVTlFwUTc0QWdWM19uYzdRRTBjemZfMzd1S1BYWUFZaGNJcmVsWERnYktxWTZhbGEwb3Y2NW5VeElSUGJJMXQzYjNDR0hpMWJJWl9WODNBcEZpaHpJVmdZV3dfc2g0ckh3Nk9GcEdvOVNELU55OTBGZThuS0pWQnJoM21KMFZ5Ty1MTWw0aENMUUpkallDaWhZa3VHcTBUcTJKU2IxN2dOMmM3WFB6LXdjTGV0UEpnYnI5bFdHZnVhM3YzSGNHbFcwdHhNamNkQ0Q0S3hpaWhlOWx1OWI3VkgwUndSRWJsUXFwWEpGbkRZN2pvelZENUJCamRuWWdKRkdpb0sxdkJVOTNudUJ5LXhCNmNCUXJNOXYtWFJLd1Y5al9VOXR3WThuTjRIOGZsWUNTUmNXQ1FFT1hfSXNrdzdjOGV6OGNESFFMdzBUVWIzQ1MzSC1fX2E3Mkdobmt5d1hOTjhtT1ZwcGRzcEY5cW5qMnU2UHlFRkJQNUF4UmZrR08yMGVYSnRkMkxRTE9kMWJTVU9PZzQ0UUlaS084MEt0d1VmTVUtNDNSbnllaUlfMVAybjZRWmxXakk1MzladHd4eGV4S2dJZXF6VU1fVXFrTUFFTnJlbkZKN1lZNnFTSTZkWTBESkNEak8zLTRoUjZzT0xvdWJ3MG9MTHI3dzJLVGNnYjVfeWJhZHRXdzdsYmhZQUNHbnoyRjFPSGRqZ0VOOE9XNjR4MUczNEdQakxtVjV2UUNraTdZNzd2WFJBNzFnZ1VWdHBPZEkzN0xTVGZ6cE5BTnB4eTdZSzlXVXNHQzhXSlE1TjRJQ1oxNlIxXzRJa1RrNWlaNGVnbHJ2X1Z1MWRvcVBvOWxrdmZaakUxWENOMDVRQXRDbzB0V0U5QmI4RlRhWWpMc3dLX2p3UGRjYnRBZXkxeW1hUG9ndUMtNjlxZXdsMXVEdEFvdWR5VjhyQXVSNG1XR2hhTGVpQW9CLXQwbmFQSGdsVktaTmdUT2Frd2hnTzRDalpBUGpVOGlzTnpyT0dmdVoydHRDU1c5clhuRUw2elRIQ3U5LUo5N1lHNTZXbnNWOGlnUFhobXZfUExYZzUxanlnUFFrV0dRbHVIUmR1S3JCa3BtRHd0Q25DUWxqNFVBZ191ekgtV1g3aWtqVVY2N093WVVqSGpILUV3cHhxV0RMcXhaOXMyU1d4eGMwVjl1MnhwcnItWDhTN0RleFE1T284NVRBeWk0eVBnYUZNZmZzVUoyR2tBM25BWmcyVzc2UFp6MFNsTzNhRGRCdjRXYjRLZUY3R0gyNUtBbWZ5MGV0enIzaDJ3M3dQZ2FwV09PeGpadFhHcWhpMWdBdVNwVFhKQVQ2SVlsc2dtNVlfMExVZFl3UlRlN3dsZ19CQ0xwTWhUaHRWUVNwN2VzLXhDY0JPQnFBRHNyS09PcnA0TUZJOHNZa1RfNms3T2NHODhxQXdjSGg2MFNmSTRmYTJTVWVGaXM4UGw4NmtCOFp6Q3RVbDUxT2Z2aTRXUXZtdlJFOWNxQXd3Tm5mVlQ0anlpb0ZFVW1hM21FbEYzUXJ0LWt1UzdJdkpKd3JmRXR6bWczejg5YUY3eUdwenJoemVJdVRHajlvVWZrdlpfcGpuaDdvZlJQdHp3S1RIS21EZ1VqWHFGQXYxSjNXVHF6VDN3SFNDWm5vb29pMFhsamdGY0o1a1RCUFQ4V0dYTi1CSFBCTGlhQVhiak5HN3VuN3pnSXBYQ0tiS2RFdE1MQ1lUcmpVY01ienV4aVE4UDFxNDRnT3J4UlA3RUdnU081SnNOS0ZiMDlNdGdkOUpEUEg3UHFpcDQyZGI5VGdRcmVJMDdPVjdPS0FZb29qajRBbTAxcUxCaFhnS3RMeGJkcXd2LXpMX3FsbTE5QlVJcDU0OEhaYkZnTC1fYVFrRU5ESGpRZml5cXFaMmxSeTgzUjhGQ2pfVlowdjRmejVOTE1KNE5fMjhBVHI3Y3kxaGw3NHRicEJBNDk4dzNoOVd1SERTZTRHR3czYVZWal9VUl83eW1PT19BM0dMMWlRbnQwbWR4SVlubFEwTE53U1ZUZnFPVmVQVkN4ZExlS2dPTHIzUHJveGh5ZExzUDNkeU9ZaXQwa19lb2t2bTVMSVFtcDM1OWwtRXdWWmtMSUItRnk2WU5GZ1hVSUg4LVV4dS1fR0EwZkRjNkpNSDg1ay1lb2VJamxSRHp3S2xnYzQteFVjUUUyaEJsVDJlU0syWWVJMEEyNHQ2MmVLRkEzaHhlSEJUTGlnb0Zxa05lMFBjN0F5ZTZud0swUU1raENXU0FDWURkUEhUWENDcWJyWTE0ZFBWTUw0S21KVHFtcjNEMjJNTElvaV9fcXdaNEUyNFEtUXBUbzQtUjJaRVhoQjktbUhPS3E3aUh0Sk1EMDI2bmdWbXJUanZDbzlfcERsV0VMNWF3NXNhSVN1U1hRLW91bVFFSXJrb2M5bThjbDFiM3JqTlZXWXB5M2daMlJsMEdLVG9kVF9NMjBWalpmWmRKeU0zSnRMc2xGZ1RYa1NmRGtzcXBMSmdma2QxRHpjYjdKYk5pNnFZWUhBRGhLZTU2Ql9ycElyVTB1YTVMRkpsZFByaGp1M3R3R0tUWlJ2b2xEQnBMejZqRVh3WEtZNk1keDdNcG5RelpFYk9sejFpVDJqdGUwZ1hMN0JVaXI2WFFtc1pZaTY0TXdUcFBrVWFtaEdvWE9JOFBaSFUyMU1wNGpaTEFQUEU0WGFnU2d3dEFUb0xWZ3F2d1BEVWw3V1dIVXdEOGo3cW9FSVp4NTlKV2UxUVZhOEpyY0N5Mnp2RUsyMEZCYnk5OURjZGZFMklsaVg3blU2YUdGdzdLdnQyamZiT1ZoanNfUnVnLTA0YnQwdTRKbmVjR2dtd3pnODRaQjduMG5nWnBYOV82WmZoSFF6M1FXc1Zydjd3dmxJc3dzX0lyVkFIZlZzWUUtNEVGUF9kQ25uWXZxSEZUTFpHWTVBSTJ6SWVMdmQxRXpnNUZIcGJ5M0ptNUxDRkZYSHoyaVFkbGlURXppU0g1eUpPUEV6b3dkX0pBY3JyUGREakE2TzljRDhBS01FdHF0ajY3Xzhod2xpS3hKWWpUNGxaOFNybXpyVEc3MFlBWlVzLTdlcndIUTlKUEJMVEtUQTZhR0ZtWFFKcXBCcmhSX0dHd0ljbVB1YlVuUnZIREJXMFFSdW5WQ2k0c2pyU3JfRlZhb3hvS1l6dHNDaGI0ekFpbElpWklmcWZYUGlZWXZWel9PNTFrUlFNSmo3R0YxR1VRLWFiNWozQnlHa0RoTzIySEVIY2lXSEItOVV0UmJ5RlhINXlLU2kxcEpHQU42RzNzd29kU2FmeV9Xd05JN3U4UVBzSHU3ZzlMZXpBc0sydUZ3ODBQazBFTVo1cnEzMl82MzROTnl5VkVMZkFrN3ByS1FfREM1TlluSlk2VE5nOHdBMFhwSFBPRjlRanIwT050Ykhlc3Q1RzZ3OEtGQVA4bzJPY1pzMjhhSGp2MU9TS2prY0RESHlDMlNQdFkyUTMzMll2RWI5RlhjWmNmbVVOZ0pvMlhBWVhTbG9sNGpCZVlKTFdqNEFsWlRtTGM0MkxYUXNLUmJndlFWMGRUcjZIbVpqUG9SeGpySUt4WXFRcGx4OW1vNldyNTc3cUdvcmZaSUlyb3NZQ2prQ19faWM1M2N2WjMzaVpQRU1ueWRJMTRCZm9sUXVFVG5SeGJwUTBuM1VrT1l6Vm9TMGRJUEtSRVQ5RDNwdGJMOVN6YmthYV8waUZad01ybTZRRmFJamJ0aXZ6NXlTekZlMVVHS0l3OUxFWWNjUkVZSGpQYmc2WE5zZ2k4Z3Q4VGsxZzRCRkdCRUEzeUFLTGI3VkJLaHFQY2hjWFhPTlB2MTJzX01PeFNCZXE2YV9BMTJLWC1tSmQ0bHVSR2w3M0xMOTdiZldoUWJnMDh4WDRWTHJ3QTA1YktsM3VZbXlZc1VBN3ZMeGhyQjFtVnJPaUtodHBVSjhJVGZIakdZOWRhTXBNYnhLZ1pzRFRPT3FwaEJqV2FtQXFzcllla1ZGbnVxWGV2eWNxMVg5ZWp6eU9RcWZ1NGhCU2FsRDR4WUVkQTdMeUx3UERCYXh5ZjNyQWVwd21seWlLQjc2NlcwN3Noa1lKbXJGM0c1SUl2TmpzczVLdDhFaVQtcmxvUW9nTDB5NHpxaUdBUXYxQ3RHaDlrejJzbUF1MzZ4YmgzbEZadHM0bHZKalJLcmJrQm9wd3RsTUlaUjgyNERqNGVNcnhobE9PdGpvS2RwMFhrMF9ORjQyMFQzZWxqTnVDcWstdmlhbjJGWWk3WmJtVkwzanc2NVhRMVhwcmNpVEJaT2FMZG1jbnh5Uk5tQzdHT1U0Q1NSU1F1UzRsUlM5STM1VXJpbUxOMnBMR2ZaaGFLOUhleV9xMVBwQUY4d0tSUTBVaEI5WkJNTU1NSnl4b1E3bHVZcGxIWHVONmhlN3ZDZ3ZsOXpLTU9CeGJUc0t4ZHpXV01sMVlVVElUVDNWNnF5Uk80aDNaSjJLaWNQM1VCNC16Z280ZzIwUmx6RUltZURPMHY0aURCRWk3OXljYnpzYVJ2SEVSNXhCLUpsamk2c3hNVHNNSGQtYl9mMFVBMlVOTXNJTVgxS01rLUdEMDV3cmUzQWJjTXk4QVI4bFdyZGczYy0zc1dsV1c3b09JTEZiWjJNS1RTNU9YU2JyR3k0clpUaWdmbkRUclFpVWZwLS1uT0VoVHc2TGoxNzF0WEpPVUhWWEk2bHJrLWtVMFYydnZXYjZZbkFBdjhWUUhRTFVQYll1YkNIMnRlX0h6dG9KUExrWUdOU1FjNUhKTk9DNjlyVm92bHpiTlRmUzFxNTJpNTZ5cEk3ZE5qOFpWRHBsaEZ2aXZGd01QOTJlNmRpeEUyTFF1SWNNQUJkRlZ0SXlyUTFEUDFOTTNQRGJiS25LZkxXWkJOd0o0YkdNdmZLWUNUX1dZZ1RpRzJHSEUzOXY2MHFDQmFWTl9mcFowVDR5SDl6bDdGZDNGR3B6SFB3Tmw2di1UZHhFNm42OUZEU29JWEU4ZlpUazFpYk4zSU5jaHAzMnJlUnVHYVFvcDVjeHlzeHpSMHQ3NktmN3k1WHVPSW9pLTVGMEwzY3RQdEhRYllnYUJ3b1N3bUplZVZKR0FYTFUyYVJZV250Q3hVeXNMcXhveDl6UjQwR2dRMVhfR240ZE5jY2xSNThVb192TjEwd240cHZOTk9iZWZJR2xUdUJuVXNKZThTX3p0QkhuYlp5cVBjSFlhWF9Db09jaVF2Uk5RbmxMU25FZ2hOY0ZfeGxQc3VyTkoyZzJwSHJZSEZyUHFiYVV4cmoxeG8yVVJ1RTNQdXlfRVo5LTBCWTJLSDhDdHhMbkpudjg5ekx4MldYWF9rTGh0WDhHZGNoT0x5YUc5SmhpcXQ5YmlGSUtMWVI0ZXFMemprMkV5OUVObkFoTm43emg2OHZTR2NVd1U2eGZzVXNSMFVvNzU2czNMMG5XWl92eXEtTXVtT0o0OVlsWEJzQlpBdHI5U0NGTkRfaVhaUzhPRVg2bzFlQksyb1hLZGZKaUVxVEZuQWxmb19RTmUyNDNjUzhkdzV1REFtRWdSalRGUElBUWo0djBVOG9rOGxEakhPdWhUeEFnLWxUQzlkc0NEV1NIcExzZkdhOXg3N1NsX1Q0dWh2ZWFRYmZQRDFuci01MG90ekFVSGhocWI4UkxwOUVBZTI5Y2dnZkZLWDQ4c24xMC1JOHdacXBmLWtsUVcyOXkzVFU3WlcwXzB3VG1aVWh3WW9XaURpdFV1NkJOaDN6SGFQc3JhMm1rOHlsLWRXVy1kR3lxc1hrR3l1aDNKS0NhR1dGNG9nRlp0bWxWYndremVRMmxlN2hMSUpqeWZmcDJFWDhxRGd5X09aVGdIY3kwRm5RaXZJMHNtZEpvWVNPWVVlZ1F4bkVxczZFajZfeDZtbUxjZnN4bktOTm1tMDVWd2YxNlFQcE5SYXZ2bGxfSUxiS09lalBaeUlDUUtKa3VWSlVUTlQ0TlUwbUotaFFlM09GM1JuLVc0bHg0UGtKUklpRUNHWEVZVVU1SWREX1dUa2l1czJTcDg1dVViYktZTXNSNUt2NXYxMTNoVnhlRGZSdERwNGZjSHl6ZXI5cEt6SVpHS2EwMnpoTkJQMjhSdENHeDdFMFlyVnFxRDRJRmx5WFBJNkhYc3JRa3BGZEVfTk9ubVRHT2p6VzR3cmVMMzYyRHJGYkhycWZMWDE2aDRxOHAxdnRGNHF5U2V6YW5fU1M1LWZoSEc1ZlBnTVU0NU9oQlBuRXhzZzAxbS1WcEhCdDFJUHdZYWhzVi05Y09uQkZOd0pHbWJ0U1cxTzNKRGZBR0IxVFlwdnZNbktIQzNaaEJuYklsQWF2b3E5dEplMGhjTkFCaDdpMm9hdVdLZTZsbUFUVDNQbHhHbTVrLUxNVk16cTRlRkw1c2gyeVVVX0tRc1o0SWdNMmZQMEF0U1c4SkhIXzZISWhONWFlWm8wY0dwNnJ2UnpxMGxveWNfSDlWZGJpaHJ2OGlHODQ5bjc3cU9LT3gzemJVQ1NReE96ekVUdzlkN2pMZnh6T0RCRGdnVTMyWno4bWFNTTlXaWY5Q1ZJLTdhSmZqemoyZEp0UGJlODViS2RqZERiY3d1RGdVdFhEOXRSY0xTOW5saW1TYzBTc245TjI0NTJFSzhFVVp4QkRjZUtibVFxdm9hWXllRkhWS09RdkFPTElGWTNlQkdQUnVWd0ZzT2s2OXZGTGNIVldKNUt6SzBFTFdkRW5YcTVESVNoRFMzdEdEejNTTFlNWkRaT1FwREhNRUNnampsWmYyekpaMFExMkZ1emVweDY0LWVlNk9RZHdEcXpOb1ZzWlN3X3BJdWdseDA3eC1tN3FnU3FTWG9GTUtNZDBzT1VaOExHcHFBVGxjTnFqb1hZZlpvYWRKamRYVlJaZGJyblhPU1JnZkttX21tNjVsZ0lnMnZwTm9RTkpJRDNyUVVlREVmOG1HRWx4ZFRvd3ZqRW5uSm5LRGR0YkhtZFJZSmk4TmNFLTE1SHZEa1RPa0JtNEt5cjJYai1Wd2hTNzhvUkppelBhd3otYkV1LUh1T2FtTlVWNzZtUEpPSVFGeWhYeWZpTm1YaEFaSkE5bXhYNG9ROE9JMlFTM3NOQjBNRlN6X19hV01ZblBOTzBBSU1PV200dEhqOGJneVI3QnFBNTFlQ1RXdFJCSTFHTTdpRkwyX0Z6dl9jcG9OdjFOakZZbTdITFJBUmUtcTQwWTd5YS14RmFwc1JfTGlzUkNWNGhLR1Y0SXltUVJWNzhQWVAxNHN2Sl9PNG95M21HalRaQkZIWTN4NFhLUjdncTNuS0hqdUZvMHZrY0h4TnpHU0dHZkdIcWNxdU83UDNYaUI1Y1dHWWMzTkN2YzVNX0EyVng3SWV6T2dLcmFRdUI1LUYzeDMxWkFlYk12N1FVTnc5Qk1hRnBxejR3MXpIbTZmUWVTczA2N2VhRUR3NjVyRjNmcEY0VC02MmpHUVNHUS1ZdDBVSDBGMzY1TllXSnVOM0loaW13WkVoT2VGZk95VnJJNG5qWjk1eUZoWGxER3NrZGJWcnRqSHJVcU1ZU2tNcExZOTdkRV9FdDlwelBMMGFTNmR6Q1ZZLWlFODZsa0ZZUFNvTGViaUJzeWdnUWlUMmVpMm9lSC1NUnVSUVJsNi0zTGIyR0ZXaUgwM1RBMWdJXzRISHRXTUpKa1NaUzlQVmhHMWx5c1FUNHBYVUg3ZWJuVlJvaEh1cmlDMzRRYlBULVlpeUNENGRvQ0VOS2VjVS0xcDJEM3FhcW5jTE5mMm03NERfTHRkWnpPWGV4WTFIZlBSVUo5RTJ1NDVkLWk2SWxzNU1PZjBmZjhNTC1KTU5GSWlRVmFvcDFuSGFxRlhVSXdqSmVpMDA3c1gtR2pSSUNNZ2d5aVZfRnk3SzVlZlktcmc5aFZFd0xsM3QtYjdhOTE0N1ZmNFFIMmd0cWw0ZG9uS2pwMnRCQV9ETnN4ZzE5cU13TWlDTnBfamdoZ3pzMm40Q2xFcHVXSU5Ec0IyOUxOZ0tHemJRbjEySGN4bm0xblNLc0VPcnNuZldjMWlCVWNNMDdLMmM5b3l6THNqNjFTUDhTM3M1SkpIS0djX1ktNjdoTlBlcFl4d1lQaElNcTdRVDBBMkJ5b3pmc2E1eHRkMDVfN0VZYUszeXFwMl9TUkRHRVd2WVdLUld4LU5MSFVfZDNDT3FQWC1EdXVFM3pzMDViOEZvOG1YeVpMbV9kLUhhd01zeU90VVU5U3NQWGJCcklFMkJNQ1VvWVlNakFYeUJmbGQ1VWM1WjU1aS1wVVFaSHQtZEluN1dGbk9jM1VKM1NQdDFMZkRtOEx0THFTbFpfb0JWN2FsVnM4UjVZRkZyRGphWmxYRHB0Tk5iOWI1RTNPTmp1b1VPbDg5RFhfV0ZNNU9pektRWFVXRWZ1XzFiU2RCY2ptaVl6UUkwT2IxbWRfLVdpVEVlMEZVWVRreWlmRzIxMl9ockJkMEVRV08xaTJ1RUhHbHlBcG4ybFZOYTU3YmRiUWtxeE5lal9CdjhiTUVfVWd4U3pmSW1JdnZydHMtemdkb2hGaFI5UVNpV1JFSFVYODY0d01adERmX1htbGdLeWF2MmVGUzZTcGhrZm5IaV93cEhsMXpqa2NtbHBwcVotRllMVkhfSUNuT0U3NzlETzlvSi1oeW5YRXpvc2pTaFgxVHBLMmJkdFJMZ2VSWTFDZzZjVGVZUzBhWUNVT3B6LTNyLVdwdWJlUFRPOWM2bjNIanZLNXg1YjI2ZktwMnpSRnpZcXc4NGdGSkltUnNhRjdtMXZCVlZGQXl5QVdLamlGSEk2T042THlLQXRJODNuQW5URjFIaXQ0Z2xsYS00bF93VlZFZXJ4T21DVndTTmF5U2ZmaTNZR1hvVzF0UURpRFFlWkR2TFB2ckJmY2htcVFZRTRWZ3ZXWkVLQVV1d2VWdmR3em84QWFlNnFxakZNc2o4bF82MlpnZm1FTWVUaUtBd0Q2MkZPWVVwaklFUWRaN3g2RVlDN244WEpLZHZhS29VMWQzRXRPVE1acUdETVZFU2ViZUlLRlVWU0tfVnpJSklXel9PaW5YSC1GbW9GUDRDVkdLWWM3ckRYTWdRZGE3LTNlYTFqRk13dHEtRWdnS1ZCa0RxU0pOS1JrWmFYZ1FBTmt3ckxyVGdkMEdRdkktTTZwSEhDZ0pqYjdpOWxqX1BFVjNkcW9sV1VUWWdwRWF5OGZnbnpwc0tfN0F1TzRDTVVoSXIxOWhiNG5rNmc5eG16aEI5Z01CWjJjZG1mYU5NSzF2NjAyR3owWTIxWHpQd01ONGZ5em5wcmZYNXZ6b3NmQzV2bC1jQ1ZxX1VnU3JSLTJoUjJ5cnFNeEhYZXIxc2J5NzdPbXk5aGdtYjdBekstSFFLVnVERThLZ1EwUmlYd1M3UmliNjVsRTNBVjh2TGhiOFJ6Zmo2NXBkOXRUTmViQnhiUHZpdVIzMzVXZzZSREpRMTBKYTF1ZzAwWERTNGV1TmFqOE5rdUgzcVpCaHp0dlNZWTZaWUgtZUFjODJwRXN6bEk3b0IyLU1NU2NVYmJ1d0FTRGxKNmNycURhZVctaFF6SFZzazNvOUtaQ0FWdjZ1OENJaTc5MDFUQWozRGNzUzN3STFyM1NuNUpKRklRUklkLThSSjl4WWlXZUNidVB2OEhqeVozVmpHVDZMY3FPdG9HOVJMTXNNX3JqRkdRQkVka2J2YlMzbVRYbUZVRGpESkhVR2FudkFwWk9Lci10Q0E2UVJPSEppY1A2ekVrZ2lFMjJvMmlXQnI2TmpqeXhwQU96SWx6UXJPVm1pSzhWUF8wOV81RUhPd244bFhFakx2UldiZFhqR1JGZllmRmVRT0JvbDlRVC14NE94WTB1U0dkWTJVNFZYalhuMnpZMDAwQ1FheEJnUUdrTnNVVDVGdGo4QkVOWWZmcnAzMnZ4NDRidEk4WTFVN1NPdXdrN0R0czBLbjgzTDh4cFFaUXRTODBsSE5JRXpPNDVNUGlyVk1WcHpYZ1ZCMFJRMFRaZFFDcU1RemFPZEdSLTZyQlRQc2NnNGd5anE2ejJjVTBuVzU3bWhBb1NWQW5DQjRBZVhnNzdoejlMR3M3d0RvMFpQWXdWLWlJS2h0VGVZNnU4QU9Cdmt0dm1BVzJyZ190NkVpVndKNWh0OEp4QTVqSWZmV1d0SG9lUW9YNFFka09KX05fa2Zqek54UThJREhhZDVmb1h1Y2FEOFBsZ05obS1vT0x2UDZDTzh4UmpHSTJGd0xtNUZ3Z0ZNbjJLX1pzclBHUHlxaHBmSFpyWG1SMGdCY0R1V2c3OFpBbzNhOFU3RXEyNWVVdDBndGw0bWZVeTR3WWRtdUYxV2U4R1JnYWxfWTQ0d2RVc2tIYjJuaFJvMzhmQU5sUGt5UW1HNzZiU253dG5uQmNiUjAwNk1PYk5ZRzhhakwwMk5PdjdaUXdESnpHZGZnU0pGZUkxd1pQeUlZcUNaUkFqZTZEblphSHhCbWN6UUJVZ25yZ25MNnVTdmRVQ18yNWRQYzh5LXVNdkxCYjhobFhCR0V3Zk11UUUxMlBQSGYwaHRCVEJ2UjdmeDV2c01BeHJmM2xiYmRJTDctZG5xM2VYc3V4YUxuZXloOXRSRjNxN24xUTd6VFdOUTJkVHdlclhSOEhTenRCTGYxOXE4V3llSTdEZjFhN2w1Y3dfamc4Q25OQW5SSERzeWtVSW5oMTdGMGlKamhWQ1UxbDEzZVRoNjZRNE5WdFdzaUNxUEx5eDRENDFZWnRnSFNxZXFDOWZKU3JCdE85Q29Zd2w3czVMU0RfeTJ6VENvQVJPTUR6R2NYa19WMEtXalZNX0FDZmZ6Y1JoVU5uWTRhbEZ1c0VPZE1FOTlKdlJxQ3h5TXlJX2hGNTRRV0JjeGM1NzAzNzBQeGpkS2JUSnN0RTlaLUdoOTVxZVJ3aWJDcUVLR3k3VjBjLWNYdzI0SVRyczk1YTdLc05FYkxqaVAzOS1hbmZVNzhsNlJYUEFvM212MVF1aDY4bExQVUVGNFE3SWluVEZEb01hQXFYWlAtSUdWYmo5ZlVyOU9Tck9MRGNtSzhkNFhWaV9zeGF5aTNTMmxZaFE5Zm1Md095dGRoVmd2TVFKMWRXd3B0YWFmaU0xMEJQd0dNdWlCSm1wLUtUN29WaUphYjNLU0QxQkNGSTliMzlpLV9zZkVMS0Q3TUJIZmhiOTJOcVY1U3hwenMwQVdtQ0hmelpFc3RNMVc0aGZMYmJXVHdXd2lWSVhacEh4ZmRBYXVWNWk1bHd5alRIRHdrbFVtNmxleW5yekYzSW9JLTl1Q3pqZFN0aE1zY3ZCdWF1ekhydHNZaThoaG5ublNnbzNUX2RrWG1vUmJ3Rk5XQnUwSHo4YnF5Qi1nR1FXcnN1UFRIOUJkMjQzZ0g1MFphSzJHa2FWRWU3UGQ0bjhsWl8wNjJXR3c4bnZKSG1tbmdadTF0SldLd1U5REFTNFlnZUlpUG5KU1VQSUU3aDk2WXpGeGxUb2RRNnVEQXJhVTUwOGZqZzN5V0JacE5QdkEwUndhN3N1TWE0WHFlSldRZy15eTVLRG51ZmZuQ0FrZDVZb3JWOUxWVkhTRXZCbWJkT2F3R0lfd3N3Y0xJNkdNNGZDY0YzWVhzLUxyenZiSUpSbTJDcEJnNXBXU2dhUTNTNU1jLWpURG5wM25kQkxlWTRETVE2OVJQdmRkdzZVdktjODFTS0FwZUtBQVFnbzNYcVF5aEpYR29rN0NCWlYwNkZPRmwxeHpMNU9vZXNNSTczOGxDMzQ0ZTkxcXVUMXBOOUlrUFd3bzFFajVieFVUdmlPTDRPWDhQTUtleTJKWmpEVGZrZ3F4Q2llZ2E3VFQtQ1ltdk1JYXh2UEZzTmNxV0xOYW9jSHZpNDVJb1RLV29vV3FLRG9fd09TVkJLOXIzVE9pWWxvVlBMcVRGQkxET2I2MlJQczBrdzVTbzF5S1l5NUF5UzdOc09hTldHV19GVDNhd042YjlMRjdOOUJUd1RfSk9NWTNvNUFqSDFOOXFLZzJoc2EzTXNpMkNxTlBQUHBPeXNuRk54OF9QSUNYa1hYcm92SlAzMm5YSnlwdEszZkI0MkNTQXJWMTVlcklETU5hSVdYdmNxUTFfdURRQzh0N1BwVGFwX3U3enRfWkNjdlpFSUx4Z29TNWg2U29CMzNuU3Z1Ni1TcXF3cGpBZHR5QXQxc3RFSXdfeWh6T3JUbmhSeHduUEdfc1ZMOTBmbFd5TUNJbW5ILXZTZUpUVGNWbWp3MVFqeWQxRm1oNDRaUUpxRldzekNYQnZqUUFIYW1hOURBcW16cmRsRU5FblplakpkRFQzUEw0ZzlHcHBjaTg1T2JsMGN6aUJlT3Z3NC1MMVNCd3RwMG1yZlJuTWtMSlVSWFZOYWozc0s5RGFOOXEtbU8tVEZxS3BlZloteDBqenUwSURvTXRVdW52c1MwSnZBbmNLZkRlSG1TbFVFUzlOaldLWUIxM1ZtV3lZR180cm9QSFo3a1FJSm0wYm96dlpRQmZCYkhGWUo5Y0tLdE9LTWhBdmhrZlNwTDFxSS0tV2IzNVZwbTU4Rzd5Y1BiV1lFcVI1cEpMTkFEYkl3Y3dSd2w0Y3dqVDNmS3hESnRORFNja0Y3ZnNEZ25ONW5BUzN1NEpyOEZ5MWp5dWxUbjdOUUdVekVfb3AzTlNkUmhBV3ZLNmJjQk5raUY3SFE4X0xCejVNcXRGWXdwYzlaUlo5RUQwN091aHU2elNtTmhNcXppSUxrQkMwOU1CY0pGUUdkdnV1bGgzM1BBSlRSdGxrVGJYTlFTRmJ6aV9xYnlDT1FCSkVWdlZxaHlhRlF3dUZiLVUtN0w3N2pVVEFUZlVoTEFHM2V3Rk5HM3BoQUdOUjFPS3VnenNhSXRxSGZGb212UHpfSEdwTjJfQ0lVWTJlcHBFaVMtNTNLbnloWFJ3VmU0OUF5Y2VxRFAwa0dWSWVhcXFYVEJkOF9qN2c4Z2RrS0I4SXRQREREcjdEanVtOUtpVHlGaGlndlp5VDFDYXQyN0JfYVpGTHNYQk92V2RoTUFLVVp2NTRZZ3h1cnUxVTh3SUxGV21vc0U0RVRwUTZvMDd3T2FtTkdMbFFEMVJ3VDNWRVJWM3ZMX2tRMlJJU3dPZHgwbGpjZk15ZkdqUVgwQmlWOW5LUGFsZXpDYThaLTVQT3VHVkhJUmtJaVBBck5ocjNQNXNtdWQ5NkFhWGkzQTdQaXNXdmttWGhLMHh4WWdWcHRUMGlRcEstUDF1bklOXzUzMnM5N3p6UnRtdWpBXzZPNkx6RmJaZzc1WGctNDV6TG5hWTlrMHYtQTNZalN5NDgxNk9BcnZwMk95eUFFLVowOHU3UUxST1ZadkZwWVhhMDk1aDB0MWt2UC1RWXFEMjBXMFhPT19kNUxpa2ZtUnVMekFnSzZlbExqZlc5c2xZZkZlUGFxcXgzRlNwSzh1cHpBYUFqRFFHLUhlT1k3SzhTNHFDNk9Qb3VmWFRRbU5yem5RbkJDWm40RjhvX0JlV25YWHJCcjRVenpfY0RZZ091NFNWaU1meUxRR1IyTGJlZ1RUdzYzZFJUQWtTWTA0bndnQ2VSbGxYSkZ1WTE4VmZZTHBJdjBXQ2RTNGdCNFFpa190VmpBdTdyUTRDVEhCS3dsVzN4RE1abDhTM1ByWWFOMmhDa0MzYmQ4WUdXUVZVbFZ0WGo5X2hBZ2V2Z1ZfUHpnNkMwVmRVTXdWVzcwWGl3VkpxNnlPX3VQREwyMjRfaldncHZud1FUZXpuS05hdkI0SkdjTWl5RF9tZkQwb3lSRW1KYzN5TEF5bXVSdUZwOGVJVmFxcmo4NU45dW5MNklzMHUzZmxTZGZaanlYbTBYQ2hZU251YUthZ1k2UzBPZnVQNTUzcUozcnpMN1hXQm1WNEJ3WDU4N3AxV29FYk9rMDhvZllNNmQwMjcwbWZLWTVfTGV0aEl4OWpJTEpRWkZla0lfd1FJU251aExKOGlKZXVFbkZseVZmSjhZSjZJUEpSWmtBaS1jWVZPMGxyVGhQTnp4SU1EUEJnTVNKbDFLdFExTUQxVnh1bENtQmVvMlZ0c2o4aHRsWjhiZk13UlZ5a2dWcnRRQ3U4MXJPaHFfYWNtb3NnR2JkRkxSZjFQV0ZvWTBKX1pPRnVOZE5IRnlxenpLZGNZU1Z2NGF6UUY2cVlYM2lSOG5VTG91WkEwVkdiZXpzSzRGVkRZVkNjVllLTmFJYW9DNU5RYTZDNkpvcTV2UjNQQWFIUzdVS2dYbmdKeURRTU9Xd1ZiMWNoTDVJc2s0RXVhQ3E2ckNDWEtkZThOT1BCMklUTVdJd3Y4VFVqRE42WGJNYXlJSzEzaGFfSjV0TEFXRWVLeUZpdDhJWUZ0WV9JMWtnb2tGcnNPaHdqLXNmcVZMSjduQlN6NWJ6bVE5c1BVc2diZUFpNmhXRFVwU1FUdFk2MzFyOG9mT05lWm1EMFYyRDJheDVBc2ROSWFHb3Uzd25leTdUaGxMaXJXV3dwbU1GU2dKX3ZpdU5VLXd3VlhOSFhibGVjYjRwX1M4dUFraHV5WEhqdzVzek1NSkphdmR0M0lkdm9rcE42dkRCSDRhRm1NTjhGV3FYQVo1cHZIeHVmSkxtVTFsbVFtSHEyeWl0amVCb1NzRlNoYjNLRFVMRHdGZG5ZTFI0MmEwZmkzNVdtRTRjVFVGb2IzWmNXZEhpdndvRHdmc0hfb3NJeWF6aDRQRVI5VXdmTTV4Qk8xZmhHV1ppZXpZemhTTzdtZllkY3BNUktPRDVPbFJVSm9WS2FnX0M4UnB0bzdYQW5Qb0hWTVB5Yko2RTExOUVkb3BpWXgtb2k4NEdZU2VKN1ZXRjh5Q1RCc3F2ak9UOUc5UnBUWlBQa2xGVDFobVhKY1FTWUdRRGlFb3NhTWtiRjJUTUlkYk4zMTQ0STVDRi1QTnlsMkdSbllvelhEdUFOaVlSbFFlLXRtQU1meE9vNWJROEVQbWZWOUN2OTE1UW5kVTV0WWpnS2FLSXNqZXJJYXBOUFJTLWdBNnlFcVJMcnJJQm5vQjFWQ0czOU5zOWY1bExsS0hkbkQzQU9lMk1OTFdSTzhnRTNLVFBadjlORlBsWnFIb1lWaGxrM0dSYmdLQlRndnlBakI2V0VfbnlBOWZoWTBIeXF0Y0JMNXN3YkhJQ1BqSUl4a05paW1yNUZ3ZUplNVhKd1NHOWRmZlBjT3FQTXVWbFVzU2ZqVTJrTl9CQ1N1Nl9xLUlaMndSaVJHdklXcG5vMWQyc0F6dFZRbV9PVUJqYzdQem9GZ2xuQjNSVzhwSDFraHFDUmgySlhKNzJWemY1bWRFbVRWXzZ2V01CX2NqQkwxOGp3aFdMaklJR1JLOV93Nkk3am9nVDBwUkoxZFZpSzlpdmZrQmpxbnBZa3gtb3hJVzIteWFtUjNSX0VtcV9RaVVzVVRhOUw3WVpJQmgwQUpmZnQ5c3RkcVR5RloyYXBvRFcxaGppUG5WV1B6ZzZMMGZFSzhyN3dXUEZiaXA2ZFZSZWVmeTJaMVpVQU04amlyampYSFM3dEs4R2FHdDFSTEJ2ZFNURHczRHhOVXpuRVlIYm5PdDJpNlhPT3FWdFRjZXp1M2hRZ29CQWlTNGFKRnRQTmZJcVVpbVNXMGhqdmh0TzJDMDVmdThOSk1nYlBNT25IV250VkRYbG5UMEVPQjZEWVg4SktWczVPUEt3M2JWeUoyY2pxak5Qa0pBd0xpSTgxaW1DcVRSNGF2UEZFM2QwTjBXSFc3bFFVcTdEdElkRHZMSTVDa1FJbXhvRDQxcFEyb2wzRU81WWQzR2VYTUJJdGVpYVJjZ21raG1ORHVlUXZpelI4UTBHcDR6aXozY0JkX1NITUxSS3Z6MlE4U0UxajZVLTlYblJKdGxVUk5iTTN5UFRyWXg3dXVId3ZOSE1xMlNDZC1CLVk0Qm9HOFZKSTJfV0I2ekljODlIVDR3RnVCOGs2SGFEdWFVMGFJa0xWUTJIaGdfNXQ0V0RSYVR4VERvUmlKYVBEeU42LWs4S1F4anc2TjNGX0NpbUFUNEtUbmVqdG9jaVpCcmk4VDNCOXRpUVFJdEZLbnpNa2Q4ODZUbElNWmJNaG1teUEwRVJ2OVAyNk1PUDBRT0xzZmNiR09tdFZwWndmX2lHcm1wVjg0Q2ExRDRDWlFuMlZGUlNtRGVXbDFFMEtzQXZlYVlXMEhIVVl6TXNXWUIyQ3RwenQzWUx4ZWV3eEE3b1ZMYW40c3d6dHVEV1h1M0Jja3BPMWREV1ppYk04ZVozbmRMQzVXcXRoa2ZsaEZnTmRlTVB4NGVoWXppN0FTVHQ3VEUycjFuQ2xsMDN2ZHZzMnQtZzJoZDgwMTlfU0p0T1NHM2lCZGxOSlV2dGFlRGlCU3pRbXRtYXdnc1BYXy16UFFUZVdQdTlaaGNxY19ldjFNX1FmTThXWTdNV01DSDNoMjJ3bWE4eEhGRF9VNURoQS03bHRwZDY4WEhSVlZJSmVDallPdlpiZlNwVWFuVEptMHBpQUJTVFBLZmtvSXFNdURlMEc3QlB4ZndFWmVLLXp6SjVvcFBkUmFvVTNJSHltdFA5WWJfb3lXb002RFJYaE9JOGFfMDJGTkplUjRkWTlRaVFoOS1pdzFVVk5JZkliRnN3Y3d3alRZdXlFV2lYVzdXbk1ZYUJJOHdnQmtEOEhId2lkQlRPTVRndUdtcW9ObGFMaG5neDQ1aXpPY09pcUhCcXN3b3hza09hdTJoVFRpWi1iWU02elhSeGtHT1hqeUJjSDRXSEFFVUdrSm9xbW1PczZzWEN2N2pucXFVQ2l0ZVRjb1YxM3hETUNHUmZyVVhBUmVHeXZTS3RLQmFieWl5aVBtVmtZMW9RQzdSN1c3REp5VmQ5bVZYS0VDZVI4SldjWVl0aC1CQVZNZTdCWnlFOHpsUkdVZ2RsWEdEX210ZGYwMmlMUzd6TlhjaTV1LVlXTW9tUmpFc3BNOVRETGdETE5pblYwMFJhS2tvVGRlQVRCVEZiNmFxanZsbGVRb3phWWJMa3djSmc3NkVlUkh6SnI5UkwwRWVGTGowX1NzZEpDc3R1Zmd4eU5WMmhJakxucWhrYUVkdjRRNWFER0d1MzJBNFhpR05IOFU4Wkd2b1Q1elR1d2lGckNEdUJtQ3MySGlZUTI4WVk4XzExc2xORzlMenZaN05Sb1FPUkpPZllCTENmMXpkclVrbXZIWnF0VkJ4cERZRlN5S2lKd2pqVDkxcFlFeUV0TnU3QkQ2N2k2UFJLZ1htRDBGMXMzQk5kUk1VY1JDcG1ma0xsLW1CbEtGbHZWcTJJNWpvVzF1U2pIbzVPUGtjQldoWVF2aGttRUc0MW85SG9rb3pNSVRscXBjUk5LcjBUQW5kNlR1Y051RjdkLWQtRkNuS3JUTjdtUy1VSkIyTU9wM1c3NVdhUEZ5Yk9nZTNWMnNmWW9fTmZsZEstb3RVVkZ5RXQ1eVhkX0hnM2s4TGdmSXhvRDFoTnlrellpU1BmOFFUMmZGbFRRYmlici0tdGVybVlHRUxpbzVCaXBPWHdrYlhManQ3akM1RUh2bDF0a2k5a2ZrMDE1bDJQUUdfUnpwV2RibF9lVDJULWN4R2ZhTlYyc2F1VTZsSGZEbUdYVTVTLWlvM1dpUHFKMWVmVUVQMWlxWm5YT2FWZFpTcEN4WFVHVDdVdU9kYm5tV01MVU5jb0pGT042NENKeERCZ0wtZnZIYnlSODlqRlNMSXRuX19ucjZGelNHQl9STEsxMEZEck5jLUVSZkV5eGVKR1AxV1ZhX0dXeTFQLUdGX1VSVi16YXZZOS1vdzA0ZnktZmVkWVZXYjZJb1BwMkl4QlBqTEpUUzdUaU0tQ0ZMR2NNcFN0MXVZblJuNU9PTkk0N3ZoZ2xHMnhBOEZkOWgtdXl5WEN3WEtVcU84bHljZVU3ZDM3RUlzM1V2dXFYenFGVzhNMXVoRWtNUkpFMXVkZTRQLXJOUHZGRlpXV1duM2g5UzBuTW11OUJfRXd2TTlNU0MzaDRjWXZENl9HVWhxak5BcmZmM3JnWFdfVzFFbWRSdzlXWW1uWEVyQU8xdnpiYnRiTlJlZnd5QVNfSVFVY1Z6REd1MEJvZ3QtaTB3Y2QzbVI1UnlkYlpoVHVheGVBdjg5Z3MxQURqNTJZbEt5VXVYakhqNjhLZW9sSHdRdnlqZDgyRENaeTBvNDl1Ym5udkZ1YjBZTGRQTU9hZXpFMHVfSE9iSU82bHRsN3Fhc0d4SFFGSVAtemJQR0tPUjlxQ0VobVdwYmVZM2JlbkJQSW1KZFhMcThCWFlyYnk5NkRzVzlmazFFTGVRbm42bW9YS3JoUGg1am4xTmZkWnREcEt0VzRMWkdYWWIteS1heVJrQTlpU3gxVGlLMVFMd1U0WjRkZXh4LXNHbTdfSWI1MEtNU1NOLU80Q0s3R092SWh6SjVmNmxMTzYwb2dwQmJPWVI5cUF0TzMzTWhwOXFuYWYwcFpHNVY3aFFEeUNlU3B2Q3BDUWVRQlYyM1czSEJoRDNhUFBmaFBLV1NneXJYaTFCNWgwbUVBOWxfU0U1YW5meHoweGRwXzlQWEo0SlZIdWkxVjQzNVVDLTdINkloYTViRkhsaGJDUkN3dzdSblF0YVI2bWpzWmxzYW9sLW1HeC1yM2kxQXZOOHd3UkpZWjd1UDlnazZZZkdET2JqLVBTVDFjZHF5UEtEc2RaV0NKa1JxLU54YXdacGFPam5FQWJIc0N0d1VJN3FPQndWMXZkVWJjV2Z6Z1N5dVpOU1dKMUt1ZExmQmZWeXV6ai1VMThZcDNOWVMzN0l1ZGZoMEIxTS1QSEE2Y0ZXVXhsc3JtNG9kMlY3WkRiY1F1MThMQ0dCX0NlYU0yOGpyTlRGeXA0SEhILUJTNDZzZFJ3TVJQWC1nNzJRY28xLVpScVdLRGQ2bVNwbHZYMEhtd1g3ZmhieFBiNlB5MmZ4dHJqY0NhR0dEdldjU0FBZmFEVVMxVS1LcjMtX18zQ3VsdVBHYVRZTmF3RmgwbG9KRnBBdzM2ZnhRV0toMGxaMzlCQlE5MG9Wa0lScGNoRG5saGotVXdvYjlvNVFEbmRlWHRLVzE5dWU3OTQtbHczYnBQVWhUbWIwVkpuSG1YbURoTjFyQ09mbXV4bDNMQ0ppaDcyYzVzRExkSXNMTUJ3WTFMNHBKWVRoYVdFTVZzWlhLWHJlbkpUWFpRUWVsenVuQjFwVUZlUUtNSURFYUpyR3ZmT1hpRTRZMzJqdTZfMmVPTFp3M3pubFpkYUR0ZDBucDdKdk5wd2tXeWNNQnVxZmw0OS1wb2lpRExzX0M3S3JhdzdEOUlKUzlXaW5aLVJCYzQzbktITHRzZjBnODNZX3lBaktCMkE3MmxVY3N2WVhpeXVTRXR6cVRvdTZwOWtESzdnNXFhLXBiNW5yNkcwQWVFVE1PbUF4N0lxT1gtT3Z3d2p6S29sN1JXczZNbTVBOEtHNlVYU3dUeXpOQlo1bUFyOTlMWnR0RWxfdDhOVHNHZ3NmWndXb0xBWnRjVWJoX3htVFNzOG9SRFNpSy0wek1HV3g5SVlIMzVIdThIT1hPUTV5LWFXTkZyRHQ2bkh3ZFNUN051dWN0YS1USnpPUENWbmNzV2J2RlBnVDd3a3k0Z254eU1ORFJZWlRFX05PdkZQYVRxSVE5b2U4Ri1HdkZua0RWRml0cGJXamtVbDZ6S3VBUW9rRk1pcGJMcEx3NElrRXNRYW9yNDcwV0xLQ2pJbnNhVGo4N1B5c1dFZG90OU1ZQlgwUWRfSzRfVzJtUW5VZ2s1cmlXQ3RxN1pGTU14alZTSWgzLWp3eFhGSDBpaVZRV3J4NlJDNnlFZUgwVFFlZHQ0c1ZyeG9BQ2I4aklWRzlMTTZ5eUR5Y3dOZGtKOGN1ZlRUVFdsanV0SWNDWGFaYUpCbVNudVA5dno0MHpzWTdzWkd3SktQMHcyTlJRN2dqUVRMNVZxR3VSRE5mbnNrdWNPdE1SYlk4aXlDYzRSaUNHUUxwMFRTbXYzSFVaOGRIWjhlZFR0NXNZZkVPd3NvRG5vNUFabjRRMUlfeWxHd21YYkhyTkVidFlTS1VtWU4wV0pZMWJtS0VBbk5HajN0WTlaR19ta2dCSWMybWZXZGlVZndQOTRUeDVYcGI5SmpOLUFRUGRCSG1BN0Nxclc1Ni1vX1JiNmNPNHlRcmdrU01BRlBEeWVQeVRTTzFfb3lZcUZ4a1NqODR4WGdPYUlPSXdhZjJtRkU0cldnLVZoUkFPZEFfUmNxOTR1UWthTi1IYXZJbGVpMHZ0NDRORjNmSnFxMDFFMGIzVFNFbklUb1JuZDJZOUN4OUpfLTJVNnBYWjVRNTNLV1VZaTJzTTZLSnRvZi0yMk9vV3BFR0R5MWY3ejZPMnRqOFJiTE9wRWNUQUFPRTFiQzVaN1BWYU5objR6QmdrdktmR1d1MU9KVURKcFpTQ1NsRzZwUkd1bXo5V0xoUmRHSnUxcm1vckU3bkhuM2dESU5Wc3ZCWTZENWtMZU1fZzRuVlVEOW9TYWZ3NHg3RnV0NkhoTm9tQW5scWJ5R3VKSm51UjNJMTV3TXVRLXRMLUJyaVVrSGJycFFpRnVXaTVuaWNCa29CWjA4clRtTG1Md25lV0dMVlhfanV3OVVjcXVEN3V5ZkhURUo5TUVOUXdGdHNhcFdlS3RBNVU2SjRZNGxWaTFsTERXenNYNXhSSlc1YV9pQ3VVLUx3WEI3V0czSDFUWG9xQ3djb0NQeGRfX1IyMXVXTHc5TW1uRWJ1Z3VEbkhoZDFqZ2ozX0kwSUFuMjV2cUlSTkpqWHNZUEdjVVIwejRvRGNmWEJQbWlZWU9GVjEwYmFvSkJ3ZDVsZFVfNWlRMFdDMGJLRTlHSmFZOGVoaHlXQjBwRE9yV0RuaDliOXhSMHp5Tlp2eEt4VC1EcGRHTDlxVi03S0NtNDY1SW9QZkFQZzNxWjNiUmhOVl9ROU1zMlRFV3VXNVRMTlJ3bkFnOVhHekEtSklYM0dDNS1PVEIzdWhRZHhIaVRVcEdXX010YUNXY29fUEhSS0w1VFVuUk1ZRkRvYXZCUnEwX1lSN3FSU21YYkptekk5LXFCWDRnRWM2NE12QzVyMlBjdzZXa2dEdGFGVWVKenVjUmpnYVRwQWhhZG1GQmNZaXY2RmY0YXJyLU9IczNjRzYxdkU0NUxDVEdHYVpSeGx2SXhCNm1MdXFFbmU1LURpWHA4S1luSXdYRy1rTnY4MkxkeW81VHlYMWJQYzlXcHpuclBkUXpySU1TZ1FRQWhiOHJ0aTJmZGFHVFNhLWtKazE2R0tZcWhTTGZyLTZVSXRvdmN5TXVIYU9raHNXVlgtUzdXREZxenMzQ05aQTdJUTRTWHNsbGNaRG1MbHFUazdKNm4xVWpkQlVMLWRzNTZZNUR0My1nZFNUbFBTMGtwVUZzaWtkazhqNE5KTUpDcU0xd3VkNHZiRDBVTnVNRFdDT1RMRkpmR3ZjUFNhZlZjT3VPMzZtdi1IRFIzd090Y2xlRTVVSVBWN3VxbjdmazV3ZXFXWjZwTUpHcHRUY0NxVWxMOTZzWUFOVFhOZlQ4eEJOQVdqeDk5T3VWTzFyd3oyRUhHQjRjZ2k5ak1RcVo0bXduR3JWTTdwZTZrcTVXX3F4ci1wVzN3eHdfU0VZVkE5NHZwRGozYkR5bHlpRjdsWVk3aXloQ2J3MmNuakM3YWxVaDVDTVk5R3NYM2lvVzVISU5xdmJxNVJoWkg1RTVOUnJmQm5JVV9YU2lZcnU5QV9pUDRHcVJMQVpDakd3ak44Y2RBd1o3VzRPZENkOS10M3FwY1RuNldZbTM2UVlBX2RMc014T19TVzVMVFBBUUk1YnJiOHQ5TjdHVGR1ZTR4dWk2SGhNSkw5UktySUFUZ0RmWDJqQjFSRUREQ3Q0SVBpNld4RHJkRldsSGo2SjlGOUFtcDdpYVk5aEZfeXFiWVZnRW0zUzZSazQ3Z095T2lXRHIzekhqbVh4OVhPWXo0SUllQVo3d0JvSlVxSDBHTGJCdzJ0LXRxN215LUc4MU1DUnBaWVlNZDhVQ0xqMExqdW9QdlZuV1RBTHU5LXNEd195X2g5OTVCbU5vcUk4WFpQTlNaczFUYjQzWG1RRGFQYXlQNHBsRjFVQ09MMlZPd01EQmdtemlKR3FXRDBSd29TU3loZmxYWVdqNzZiREJId0FnejBFRkZmX0FsMEFxdXV2dm05N1BYLVREaVRHVGttbWFub0h2SUJuanJYVjJKaW9XZ0F3eE81YnBGenZpVWNiRzBaSHBUVF9iMFJfVDJTMWVDbkt5Rk82WVBkbklKTmVhLU52Z3hKcFphVG9uWVVMcndPb0tiZGdYZ3ZyeXJ6SmVSZUtKYk53aXhWX3ZwdnZEenFyNW10MFcxS0lTOHFiR3J4V2RGcnFZbU83SWJibkQwQnQxNUJvdGZiTDZxM2dzOHNQRmJyXzdDWUR4N0hxTmxLakltamlkNER2T1Zabm9KWTlGTXZoSTEwTFdKTGNSb1RWNlJBUmpSR0V4RXIzTm5na3JlRzNQTS1jQVI1cnFXX3lNM2tGd0hrT0xGUjh0ZkNmQ19qU1RKd3NqZkZJZmR1NnU1Y3J3cUpHOVFMWTBIbzlXX3lOLURnZmd6ZDBVaVJ3RjJXZ1BVenR4azZ1Wjk3cDZsaXVyWWJzUWVQN01iSFJscG1ySjgtQUFrWDBYeHowd192LTlTUUxQMDlxMEV6ZTFLUWJYRl9rMWRiNzF2VlE2Nkhaa3NxSDA2ZHhleFViSjl2eXJjTUVCeDE3VTNIMXdXY3ZINEY3NUdPY1RNUTNwY1dBWFNKMnJaU3NRTy14MkhxRjYzVGlFeFR6eUo3T2xVaGVoTEd3YnpXWHU5a045VWNLVXNiUzk2TjUyM0RZTmxxSnFxZWtDQlB0Qi10UmdlRU5QWXo0WWMzdlc5cUJocm5tQlZhMUlpQXhyUFZsdUxnMEoteW9zMDBaNWpHZm1US3Q0ZDAwQkpYa1ZQLUFnb01tMzNxRy1CekI5Y25McVhrMUVCUXFJLVdVTFpwMjl2VEdvc0s2ay01X0RtZlk2ZUFHcXZ0ZGttRUkzenR4TWptelFkdFcwWlM3TlZsdVZYdkJCWUowcWd4dWltejdiTldiN1hrTEtHSHhGLWlkcHZXT0pYUGZQSVlMNzJUTkVMOG1MRXB1R3lELUVWLTY1U3cwUlBWX1MtaDU2UXVmbVZGTlRlNzRyRkhQS094X2o4TDFKeGFzTE1uTWRJVnQxejVNbUxUeWJsSjJOU0FlVEd5NHg2ekNXNXhwd0IyYzVTM09VcElkR0hFZlBiczluUnlhUjJEMm0yaUluTHZvd2JVSkttT3hKQUpadHpFbEZhb2xhTnB0ajlLS1JCNHVyVmc3WkVENTJ4Rk12Q0F2c3RlZ0ZoQUl4UnhIeUYyckhoNXFmbzBzeTlDbWpBbEN2UllPSVBRWmc5UGpDMWJWWWQ4NjFtc0JXNFJaXzExQXJNWTVxU0ZweVZiVUVMSTZCZVJISWVqTmViWDFGRzhEUGl1R1BjamZZVy0yWkhfZlNJbFNGemhiZzRaRFB5cWFMd09PSEtzSDZiZUswMkxBQXlxUVpkYU5kdDZFalNqVGtIcndfU1pDUGhUdjVZQkZfRDRXM2ZHUnZFZi1DWUpfX2VUR3h6SjBFZHR2dFJmUWJTS2NjaHkwa3ZsV01FMXlaUWVjU0NFTXdQSmljam5ucHZtN2ozR1gxRGRCcG5iUXhHaVd4UG1qbXptWFk4S2IycFh4RnVSY3p5bjlXNUpYX2M5d2UzVHJJbmN2QnFsc0pKdnZ6LVdJc19nSE9YVEwwcVFlMjdYb3F1S1hXdGlyUXVSdHAtcEdoSU1nUU9WZFJpLVh3WmNsVHE3LWIwbE81VXdKQmFDUUpLWXVmQ3U2eUY2NkZiZU1vM1liTzd5NDBvUDB1Ui1TOWQ4a0d0ZU9ObVFFQlBoa1djVlY2SWJHeEFBVEhYWlFYTFNhZ2VDOG1XZjBDZ3N6YTVaYTJrU1hySFk1bkNQT2dwaWJQOEpwa1N3R0lPZGdQNnZVTzN6akpvaDNBTmhVdXJNTW1jLVRBTTk1aWt4UDVqNXZ5RVBnbFFhZUpDbFdIUVplNWMyU25XazdRRENUdFgzQ1ItazhPbk5SUDg2bWlaU0p4OC1lUDljejd1U01KOHltWTVyXzF0eWRMNXNPVGtiYlM5eVRkSk9SS2lINGFwX25RenhGV09GTTFfWUxXME8wVlQ2bl80bG5LTlhMY0V2bWREb3FaamFQV01LczIzVjRIaURhZHRiU2JVM1pzamptSHhYMDNyZTVBSXVvZmM1VWtMOWgwUHZRaU9qcGo5Um13bnhzTWlrUHMxU1N6X3Z3OU1OclVUTk5tYUtwNktBZWl1SnFrM2g1czlhRmRnckJfdl9JN0FqUW1BdldWelVfUWdNdi13M0Jub3ozT2V1V3g3QzIwTDJZNFoyTVRyU0w3Y29tNV9sd09GS2ttc0EtZTBVZlVxeUJvWEcwY3k1dFJ4Z19JT1c0dzE2SWkxa2N5em1wV093dDNjWHB3S2M2b1pDY3Q1QTJFVjh2dVo4Y2JXbmlzb2ZUTzlPQVNNbUgxNmdvRTdybFBRVEVnWUtIcjlzcjRkbTBTdzBJeEp0MVNUdkNHTjhLOHdfc3pTUFJfOXVWNmxSNDdEY0NsQnYxYkRtc1dxM3RhY3dNdmRZSzdDSmNJVmhmQzJmMXRIRVJjWEJBbGZXeHBvWERxbkhSbEZ0NmY0cmpMeURLdW5EMnREdThLNzF1bHBDcEVRb3NiZjF5ODU2UERmbmFVREpmQTFwVmJVVGxEZWJUVFdxaENIZ1pQMnFrODdvSUhDT1ZjV0FlZ2pJaTB3UjdWLUJZZDQxN2RDUk9oRGpPWW5vTUtSaGVlWmhMMDFPbFZtTGFaUk5EWlFGYklSQ2lhd1FnbkJFNHlfclM4TTNNQ1M0aHh4MnZZX3dyanJvaWtRc3BNbkN1bVMweW5CbWhram9SQ2tzSklCNFhlaWZGM0Rjb2RueWxqMmgyakUtWUNZYnQyY0Z2TjladERZcVZOcnd2WlRObFF4czJLb3NER0wybU9Kb3UydzBBV1NpYWxRLTJrYXFLQlhHczY1TXotUzNMYS1FYV9RZG5oRDJCeGd5VFFGRDJqV25pcHgzVGQzRGlEcE5tcHB3WkJyNEZXaGo0VjN0OW5OeUNRVlFIRkhGRWczSTdfd2kxRzhVMzlOdGxVQmNwdWUwOXFjOC1scXdoZVBURFlRYjYxeHlDYmJna0YtMm9ncHA1cTF2b0c3RXhTWmVpUmNGdEZLb0VlRExfUXNpVzhhTzJMZG45MDdQbDR2T2N4ZFJLaG1FOWZMeHhUNzhDUXNtRTNkdkZOeVVQbFplNENUVTRVSEN6ald5aGNHMnFUZlVEWWlrbEotMUtvWjBJY2RGYllwaFVWSW5adG1uQ0YxQWpmTHdveGFmbVNLNkhZRTRDU2tZakZaM0tVaXJvRWFpVmo1YWNtS0VhV2JNSkpYNmR6V21GdDZmZEJuWnBNSnZMOGRCbk5Kb1QwQlY3WVZtUTZnVlBYbGhXTkZXYzRQLVZpc0dZLVFKaDdVRnBBNTlDN05OZG1CM2xYM3pRRjcxUDhqX2lOb2l4eTBoT0NUMUxmdjJRemhYcXVHS01MV1VsaTh0RVl2QVdNVzlqaXd2LWM5MUpMeDZYWHBhUllnemllbjhBdW9wbnFVbU1aWmZQTUhKel9FOWxIWGl4RVFIUzl2S29MczJKdkl0Q194U2htYVdMSXdiT3ZNdmRoN21ZN2Y5WUxHdk8tTnZKdE5xd05WTXFjdjllcHpobGRMNWoyZXlIWDJRVjZJa29rcUhlY0ZFX1ozNHRaMHZiZUZacksya0F1THpyYXhDemZUZWNXcUU0MkZocm9vakJCRWN2SkZKY01IX2JLUEFZa3ZTZUFkV1RNZmxDdkJiemgzOFpZenNNUmFBV3dHbzhwcC1haC04VUE1MkFjbkZJTEw4cjltcS00aGpqT08wMWlUVWk3eXRfcjhncFB5V0dCVnc5WTZkNDZPVVJDQUlxSWdLTTR1SGFtSFVBY1R5eVJOS0JQWGNxZnBhQTMyX0dpN3J4LVNUbEU1TjNNQUZqWXVUS3Q0bXB3RHpNbjl4ZXhFUVBzY0FyazVtTUdBaTdZeTg3VkdKb2NILV82Yjg2SG12S2NLRElCZXdURjZWUHFLU0dBa0E0aHk3bU9jdDFTU2FVYzVRbkg2bXVianF0OVpIdk15Z3dJaUp3bi10dmJKYUQzdXZFQnVHWkN3UHZJZVBwaFBCd2h2eUZnbkFOcWRxejdKcm9BaXZTVWlUV2RiNUNPZG9oLWRiR3N0bXBWVzl6VW5qY19lT041cC03cW9CZFJFYUlrU0hPTEN3dTNVc0NtRmFWTzlJT1ZXRDZVTHRYcEF5eVJ4d0ZhQ18zdTRNMDhyaVlJR2JoRy1RbFFuUmRaQ3RhemlEd3FmamJFTEhvSVBUWjkzVVh6LXY3X1BsUWhBM2pGOTVuclJIMDFveWZSdk81N3JkZHhkZkdySHpMQ3BQenMyV0wyN1V4M1ZiWThaZzB3NjZfdUtVLVJmVlQxaWRvbU9GcGM1S05wdkhZVmRoWTFYZ0pNc2EtNlE4NF9oTmFiTmUxYnZqT2pBV19hVUxyU2c2RzFVMmRLVU04aDhyU1JCVjViTEhuVWpPTFgzVUZ5d0d4WmtnSzBtN25rY2lpYVNXT3hhOE5fWjFvZUx0SzhsMHFTSHdrWGpMZWdrNWhhTlZ6Z0k1M2k3d0kxbnJkbDdUTmZISUFELWFVRmpJZFg0TGp3N2ZJRTJwYjVEeWJpaVIxZVNHNVUzX3h3cUZDeHYxY0Y4R0dlbGxaaG8yX0Z4OUlkYm0taHJJZl9CU1RCRG9teGY1bWd6XzBuTWJyMEdlSXlHczF1dWc2MUg1TW1YYkMyeFlUc0xOQjdnSXN0SnZOaUFIcXd4ZFdKS1JIX3JHUy1CczA2U1JMaWIzcGR5dDJzamFscGt1bzBoZHl4X1VjNnhoVjQyNmpLaUFpS29GaC1sdGdudDZWUUhwVmN2djlhNFNnMXZLYjVnaEo3NXNKLUEzNm9jWTljWDBYT2Z1ckVuRnNPNUxfeWRCc194clEzVmd0blRPblFCS1UwcDljNVI3VVQ4ZkdVSUR5RXBmNmJZYlFENFhhdl9VSDVlT29HYUVGSnJUQkg1Zk9JMWZrN0k2eXlDdHB5OEF1eDdDN1hjdDZIM2RCUjBySUlsYVRncW4wWGJ0ZFJaVEtGSHA0aDRzbkJCME5TeG84RnZac01QUWVvTFkyd1VmVDZ6LVd2QXNHeVNPZ3RzTzhyUnVQZllURmlOZF95ampadm9UR293MHZJYkU2aGFhZkZSWnVuMlJIQ2taU0NadTNQUXlocFdNRnJ6Qkk1bHRlR0hoSVNueElWeDlsZUgwUHZkOVJuNXZpU1R0Vzh4OGk5djZXQktDek9LMGNreWV6UU5WQ2lYN0xuSkZGWk5FQ3lSOTVaVWYyWVp4aTNRQWJaMUd0T2h2RENVaTdBNU1PTDRkWjVmc1o5U0tSalAzTXlpZDVyNmh2RzFVXy1hRF9paUdVVDVDQ19ua0plcVZVUDM1SFlaU0VfY09RYWJIemQ1MlpGbmswSUlrZmtBaE9YN3RIOUZELXN4dlZLUU5PMlpxNGtoUmJsQjRGVUU1OEsxVzh6V212eTFyRjNrLU1XNGF0OTJHUXpqVzE0d2VuTU5zTmpKaEVyc1VsaVliUHhkbXdMTjJjaFlra2RTeEZqMmFTMUVaMGc2THdNamdmQ1A1RDV2dy1JNjA5X2JuNkEyOW9HOW1FNEFDdTVzVXp1UmdSUzE2UmVsaHh4NFBTdEVrLTRWc0VQZG9OZXpwZ3JKNERZRE8xRjF6UDhYQ1lkQXJMUnhXVXZKbVBFZHc2Z24xdzU1cVVhQ01GYU9OdENEOFlUdDFwSm9aLTA3Ny1xbElNb1ZqVUJUeFZVRElxVXVvU25sOEpyVU5CM3c1SkYzZUlNcS1VVU5fVElEUmVyVE5TWGVyRzdEVHZiSElvcXMwTE1BR3NxTndSQTBjNVFEeGRFQTVRUnFUVkEzUVk1QTN0TVozQU9mVldXYXROTkYxRjBsUkVZbmNYTFpyQjRYb2pEM3Nna3hzOFJHaXljU3JHcGNIeFlQZmY1Ylo5bkdJd2hmTzJBVDkySXRDcXZ0YWdrWUZ4aUIwR2tqMU5CNHBIYnl2eDk0ZFp0VjRrRXhMTVc0WEZZLTdKWmhCbmI1YThodkhoSlZ6ZXFVVnNJTno2QTFub3h1ZG5XeFd0S2k1eFBOYXNsRFI4bXlMVE5pRXJ2cVF3ZUlGZXlSb1dUeHlVTGZLSDFxYmU0RmRhMUFNbDE1SUFiYTlTaWdtWk5PalE5UFdhQk52QWlieXRxTkw4LVhCQ0NjNlZZZTlFcUJaaWpEQUtxanBLeE9GZ2w4V2FFRXFsdU1GeEwyUnlRYk9JTFUwQjROVEo1bV9FMjNMamJvQTM5dmdDQUFDQXBhOWJseURRbzhNT1U5OERab0dWek5YQTJuQ1JiNjNtN2NJZ2hfcS03V2xIVGlUelBfV0xmREJIaF9Sa3l2RUxqTjNxNlFEa2d1WEIzTDkxa3I0d1NzVndmQkF5N01DMV9zVU1EajRuLTZpZGctelVHQXBIaDhIYjZhX2l5aVZrZnYzZVY1VENxMGMzTndvbTNyUnNqcXN5NEd6cmdPN1BHcFhCVFVrdkI2ZExDdWFMMnIwY2k4MzR5TEh2SkVDMjVqRU05TTVzeWxQWTdNVURYWkprTm5ub0RqLU9LWlRKRVU4NDlFUG1zb3ZhMmRtcmNDVGpabHhfd1VMSmRqR1dVTVdzdEY4NHVKUTdfSGY5Mmw5WHhsNnVzTUEwWEpDZG40bnU5QXpmN0llTGJROGQ4NE1DWldTTlp4SzZQUEdncU5EOEdhSm9qN1pkeGxmRmtkSFdveW9ackRRSmxwYjVwUkJyWHRYWTk1cHptMVpzUG93SWFmVF9iYTJta1ZCYlJlT3dkR3NjZHg4ajd5WnYzVzNQOEhCMzJvZkp6V3pfc3FpcnVNN3FOMWgtWFFHZDlpZVpHRUp3TlQ2d1gtZXhrdjZzSy00WF9MOGRnQ3Jpa3lsQkxJYlEyZEQ1dEhua25wVVRyZEZINnAxekJfSlB1OXh1SVNHNHlvak1KWndMOU9aZldPYzJtLVFTSFUtSnZNRHVuT09RYjBTTXBnMnF3d2tjdVR2SDJ0NFpEZnN0NnNoUEw0TlRZSzc1MHZuZFNvRm9FRTVmQS16MlJyMFB5YVI4TVl2WTRpekN1SWp0U010MlcxQzhKZC0wQk5PcUlhdndETFU2akNEa0pyQ21XTGVPZzRoTVZxMm14R1NOSmlzUTg1Ty1GcGJZTHltbUpvLTN3T2o1QldkYmFoaU91NkhZeTc5bHhubmZqaTZVT2ZucmxlWE1kN0ZlX2JRbnhXbmpYcXhlbWpHdDFLbmxzVzQ3R2RsTk9RZlVWWFVINXlrc05yTFZUSEp0d1dqb1pPWjI3V2tEWHlzSFdjTkJfbENsYWd4Tm1FVVRsWHhpN1dSTDkwNGpYNHZob0RRaDhzalhYSHdKSVdZLWh2MExvclM4X1p4QUNGNjI5c3RiVTJyRzJ1VEppREJ0ZEtWeVl1OXRKYkVxTVg4ZGNEcUNOdmF4SGlabHRsT2dYMHBwcVRsRnVyYTdIS09LelU1MjJDdUI2RVdFbUZSZnB5SlNkTXpCZEhqdHhLRjZfSm01RzNyT1ZSQnBvYlRGNS1xUmdPd3hWaGUtM0plVFJXVzg0d3c0MmV0OFVTX295R0pQZjFtUElqWFhRRmltczhXcjFuUm1rZ0F3U21EUDRXVzBlQ3JBRHlxMzlMSi1XWmlnV2RtdUg3OHFpR21BUU1ZR1RoOGU1MGZzY1BtTC1OVTNQRlhfUWlQWndOSVIzTXgwa1c0SnRUVHNoLWxud1BLX19UcGtMWHZ6WHd0aUF3NktMQXZlbEpEZXpKQWhLT3Ztd3UtNVl4Vzl6cUJMR3ZCaUwwMGVhX25zZDMwb0o4c0dLalVBdDVpbGFCQjF5alpOSjFGNWJJdEZwYVc4Nzc4M2ZKTE9Cam90dTA1cm9weV9lQklpTmg0OXVUaXVLaVBCQ1k5RFhrYnVhUW5zMEpFWU9FNWdXeFJuenN6dUtwTW1KMUg2aHdfbVoxOVhTRWhad2JKaHI3aGhYX2treHJUeWRNME03a0duQTVCZVZyQ1UwZDBQVDZXejNwLUpSWXZiSURwZF9iYVpZaEhTZjdyOG10VXd3NnNtbGpQQ3VhMDJTSldRQTMtT3V2VV9PeDd0UGg2Z1l1dTdoMGh2Um5nYko2T1ZtSzdjRnJGdkRmendpeFpKNHNJYnlqZEdKVGMzemVSZjFuOXdubFZzSW5UWmNBZURWZllxYTVxakNPSVdWYmNhNXR4TzNTWUI1VzdXTFNHSHliU01FVVVuTU5DeC16ZnpTdWF5aVBpZ1duc1Rtd3EwaFRabEhqZGd0by10bUlOSFFkZ2pIZUdpOE53WnBSRnk3emJDQmJMUUZUZmxDSGdNVGc4YTZCcGg4TFQtc2dPbVlwd0hYTjhfNTBYYVFLRS1ocFhqWWRwTVVFc3IzZ1F0NUlfN2EwLUJuUjFwUlVKTGdQS1luTFZySVlpNDhEMGptcS1GVHhYd2txZ196S0ZMYUJ3VXZ3a2NSZVFrLXo0R3Y2UHFRal9BMkQ2Rno3ZW1JZk5lY2xpMmE4eHR4NEZaUTgwa0c5SXFOYTZkM2FDeDJDQzZ5MUZ6X0RIVVFwREQxUVBRRDdYZWY1bHRGcUpiUUdtamUzX3hCNG1JMWlBeTQ1bDdjWGduX3Y1UDNhN3FqV0dvUDZRREFfNFpLZjY1eE1GZmppUTdCbDBDVVF3Qk02a1htSlhzTHNvRjhKUDZqRmtMY0NYc09IdW1ZZDhVeXk0ZUFlWlRKLW9sdmtPUlV1c1ZRSk82djZnU3NNYmk2bTJZc3RmRk4teXBGbzRMLU9Ndkd1QXZ2Y1Bzd1J0ZWtFalBiZ29CZlYyOXU1ZlhQZmw4d3VnNHo5WFlnTmRwQ2tXM2dGRlZjV2wxUVIxRGozVGlZTkw5RUNqQWxjcmVQRDVlWlFqVU9rZkVzTlRwc2Z1bW9iWHllWndtTjNKaFViSnlxXzlra3p0SmhqR3BQTy1RT3hqd1FMaC1aMDBYaHJjWlNpektBMHZ3YlVjRzN2am56cE5vZkV1WVc0ajFzWTdBMjNDY09WaHk4SEVaWkRwc1JMVUVDeEZkcG83Y0ljU2Y2MXRoZUNzNS1iUG5DbEpIMVcxMUJpRkxXdGQ0ak4tQ19LOGVLYktUVC1UOER3NGVYbExmRE43MkZvTHBxQ2EwM2U4TE1leklvOXROS1o3eEtORW5QRnllSHF2RTc0bHhLYzRHTXhXREhyY0JvRnpwcUk5MGJOdDUzdEFrY25rQ1Z3NGNPbzFDZlk0UVZKR042OWJab2luR0FuNjJuYXIxLTRsUEdLN3VoLVdsUklCSjNOU01LN2UwVjNKdUtON0FpbXIwV2E2dGU0MjJ6aTZmOVpYNUhYdGFESF9ERkxiY2tRdmtjRDAtSVdDZTVZZ3U0dHROUjNqUkUwWldFOHFZM0RqZ2FjODZjQkpyTDhLdmZXTF9wSXNuQm96QUJPVzFhWm84WmQ2c0dBV0F3LXU5dzBFSE1sMXJGMHBRVkh3WGtUY0kyYW1tRTE1aFJPY2JtZjVaM0RLSXBnRXViaVA5VmFJUVQ3VnNucFVPX0hpX2tUY2tqbHg4aW5DTDJaT09xZGRrcVFOd0EtaUw5OERTREpkYmVIckJ5ZzMteUZxQW9wc2c2dnZxUy1zVEpQY05sUmtrTVR0SUhpcTM5TEdrUkZXVjRpMExfNFpwQTlqY0lwdTJ4WmNMa3Y3ZHlPUnYxNjNWZ2dnNy1xaEdpVEdYeEVHS21CYlE2cW9ld3V6T3IyeEIzaEM2QmZ3M0I1Wm9YUUFSR1dJbkVmV3d6X1NnMFB1S2JSOFNMb2YyUXF5b2Z4MWVvemZNLWJPTE1CU2hqQzF2bHU5NTBtVlgxc05ZeXZqR1M0UEV4MFVsNXRqMDlXNjdYNGhETDZSYlZTb2d1VjQza1JlcUt4dWdjWFBITHhqN0J2Z3RQbC1jUjh1Uzh6cl9NRDdMVDZKLV9Oc1BjN1dhRFJRUk9uYnpwUnFfSFJzaGVMaUtsU2xPcnpLNldFUXJ5MTBrYno0OEVmQVVwMTc0R0FyTVFHUTF6dTVLclVBcHF1QWxSNEN0d1cxOUpTYnF6aDhDenhzV3R6eHdhbGRuaXlLSkJKV3ZTUXh0dHVoUTltM1hNejRpMm91Ny0waEVJcnkzR0pDOVVkdWxBTlZxeVJCbjBVV3g0NTF0cnp3eWlFZG01UEwtY3FISGZoclJfcHZQZkZSR0d0Sy05WkZ6d0Y5cmhKNF9GUEZTVjloTnhLTjhsYktjTTdmc3ozaGpQb1kxYW54S1pyU0hkSlA5WF9LNEZKWkphNko3eDE1ZDJxVVVtRFNXeVZNcldqckRQNWxNTW9NeXlyV0ZraUpLeHNOQkp4ZDZnVGJBa3NLalhUaE1hNUJIMHlSczVWeHI5clI4b1FIdTNRNTFadzgyLWJwTHdldXE2TFFuSS1rekZmXzFjRnZMZVkxQTE5eXFNSTd2em1iSC14Qnp5RG5vcUlRMV8xX1JOZTZfOUhrc2REdnItRFdMZFUwcndTcDV1WmlMQ0pTN2VaTEJqOUJNcF93WDFfcWluaThxODlsY09RVFduTW5TOFpCVkFWYlJPYVk5M0ZReHBGaloxVjM1UTRjS09acnBPX291MDhlVlVZOWExdUtsQ1p4NXFFQ1hFbFVJRUlsT2NBaV8tWjdkVlhCVDZybkV4eXBqM0lFQWZXWlJHbVRyb0JhbXduVjJYSTBzcGVaeEtaOEZmWm5XTUV3UF92NUZZSTBYcThjR3VraWNQcFA3c0pUall2bUdwdS1BeGVpamZReEFEQXFXX2NWZXBmblV3N1V0STZVSGpxaEZzd3ZYRGdoeVpBaVJuXy1sQm9IbnczWVBQNU1wcDlHcUZDOGIxckl5YUlvblJ0T05jYW9wMVU0NWM2M2FISGk4V1NxT3NsYmFhNGY0UlhCVlVVVF9tZ1ZsZFYyZDE5aFlfUlZzcklRM3kzaDhMNlIwWGtSeTZHaGIxRWhLVS1YUHFmT3B5S0plNDhHVFBXUXUxNmJyaEZzMDhKREhtcUFabExEZWNkQXdZRnFldFRoMXhyUEtEWW5MRmhsYTQ4VGMxZkt4RHZDZm9feUU1bGxobnZaMVUtZzJVMk8wTGUtdjdBOGdoWl9jN1dtMXBPU2ZTbnVDNGhjM3ltZ1lXbHBPYjJaS0dTU3hVMEszZVpjMXkzS29OM0szMWtTbS1jMENDbzNQYlZISER0NTVUQ3IzZEpUZG1aaWZpR2V0MXVxZWZZV2FOLXU0MHdrdWlOU0RDUzFZZlRYRThUcW52MndkaV9Mb1pzRXZBOUl1QmxMQXRRaVR2akk4SkR6ZkJfYkZ5dkt5UExsNHdBMWtqSUJiUzJ2dDNTaXYxZFNHSkI0VktRMUYzUnkyeEZaSUdJVmV0Wko4Yzl1RkZDZlRQNHlHV1lXNDVlV01ZNzVveWttMGx5Q3N0NDlVUGFVVXQwMXRpNDRoQ082RS1Wdld5WDlueXgxMnZrYmpHUXp4SDRYS0xFZ1ZsUjA0RVNOZTd3OGlnSjRWQXZIMWZ0UWZlX1h6WU1hWnM2OFVqdzhyU2dPY1NNLWdPZ1RQZURlYjk2UGtoYUxNeFpTX2JWODJNa040VnBUNzBnWDFRbFgtY2d5Slo3NmZYT2EzcjhGX0ZJLXQtVkZRanR3MjBOQ0UySEMtbktkRXQ4Y09BTEtreEtGcjI5LXBjSkZwR1M0VFpfOGZUTF9sR2pERmhEZ2VTcFlKM2U1eFNHUW1xMlYxNERPbmpMbDZvVzZrODA1R2wwc2lRMkhyMTBmVXdyTlFWdncwVEQ4M0kyVGRFbDFtQUI2QWVoMlFsQjUzRE5zNXJPeDZxZ19sWFhWOWw0S3VoY0QtR25QS2dIOGVWX2Y5MXBEaEFoMVdvRWN3OFVDVURNOGZRWm1DRkluOGFTc2M5SU9oNFRuT1hkeDZuUTBuc1ZJb0ZXekduZjJ2dlNnejhHazdrNHlNSGNodWFPTlJiZVNPQmlBRVBFT19zQW1RZjVDUFhVR1A2TjVFQURjbWJmTHNERjRfX3VhbkVRY2JOanBoVm56WjJWLTAxVE5Xd2RWT2lTSDVOc0tiRS03NGVfcXFZZFM0R1Z6WFlEVkJoTzNFNExzYmtIc3l1QlZMeTdoU25rSjlqMVpBNDFBcTk1SGFJS0VlbTI3TlkxS29xZzc4b1g1cFpwaDMwWjNfZVk5a0h2bmNIcEl3UzR6UjRraUtjUC1xOTZRRmVyS2dkcVoydGoweXg5RVp1SlpLM3FJOGxFQUhuOW90T09INXVCVzRSWTdpNFBmelZ3azJTMjhNYmhwY0pUNmxDVFh5ZFRHbElmN3VMQldJUW5WLUd1WThldXlETnFSeXNvV3F6d2RGdS1Dbm1iU2hVeHAwT29SUU1YMFpycnRFVnhsM0hCLUpMYXp0cDRIbC11MG54VllSY3JMM0JlSXFnaUYxeUhxanB3UXNkeTJwX3VMeWtCNlUxbkpVZWMyNnNxcUVOdUlUWEtxb01Wa3NJRkZEN2trc2F5M0l5M3B1SHFNdlcwZGZKSHlqaVRxa2pIbzRrR0VRellPZ0VOZ3FuWDhZX2tyYnVCV2RhQ29FRzFRT2xRa3prb3NVUFZxeFBKWE1wSzZ6RGN5cHozbjh2UmxjczR1S25MVlpGNE1pSk5GMlRkeGY2UFppQV8tWW5wbnpoQzNULTIxU3pLM3pxcW95VWU2clRvT19RME1jcG1GbTBaRnBoVEw1THVieFhHTHVwUFc1SGFTaFJqZjF5Znhkc2lXWlp6eklQdTJsd2JIdkxxaER5dTVpdU1BN3RiRWFWRVVycnVLUVM0MG1GWDZRcWRnNkZKaHVFbWtNYkdldDFLUXpLVkxCaXozZGtidzI1b3M5RkZQYnlqZlVGYjdQeXByb0x6YkNieWRiNjZqUWRiR1lkWTJ3Y0E5dFBPQ3laZnZHMVpBbnNHSjJ4Ymc2dE1NYjQyX2FjXzMzMk1VRnFWSXc0bE0tTUEwX1JnUXBYSEVKLTBNUUpzR2NEQ2NRekdRY2V2bFIyNVlBLWZkVmVTU01sa05Kcl92cjg4c29neWJEY3EyOWN2YnJqZDlsR1BBeklkcjlOaGRjTDZuVUhjTms0V1pCZHF0RkktREpmSnRHMHhzV3hGVHlBTHN6ZFU5ZEhaamJlcjh6a0hTRTdwbmdNRldVd2lyel9BUk1TV0pEajQ3bDU2SDZMYVlzU01ycEdWRlpha3V5RUVKdmhxbEVNMnBfU1lBNEZvNFBkMURHMzZhUzR3T3BsUFl5MXM0aFVVOW9GQ2tuVk16ZjNVRHAxYUJyOWRXRUFJTFdjR1FrQXh0TDZIendiUE0xcE9NeDRIYkl5Q2FWM0w1MjdxTFppZVMzUDJmWmNMc3VKb3JYblVnY2ZuUTdEQVd6aTZDTjJLU2x6WWdTRGx6U0RiMlEwOEJDenRZaFVIZnFvcEZPVkJQUUZiZ0xGZ051d1FfV3pCLUp3Q1Bjb3NEU3NMUHVFY3dEUVRsZFBhWkVXX2lVYWNWQmFMN0s0LXRsSDNLU0dRbnlZbGZQOFU3N250TlJ5N2dBSGR4R1ctNTViSjNWeFYzNFVEZTJqWmxCR1JGeVhfN1BHUTRyTXZ6eXFhSVBmUGVqTDZkTUpMcXNQd21ZR1QtdkpqZk5NUEZoMHJxd1NtTFdRcnUxNjRvek1RclhzOVhIem51TzVFcEdXYnZzdHpLLXlvUllDQlJhYVl4cGktTTNiOW9ZRW43WTFpeURJRFNpTjVTVWZEajJGT3RHNEt1ZWlNcTdWQ3hlc2FNZ2Z6OUFxWnkzaHJ3ZlVWeUg3YXE0NnlhZmRRcTVQRDBNSnd3MkVPbXRKbGNCSmhsUW1pUFhZVmtYVFZRaFJHdndib09LZkdvTk5QTy1NQ01jNlA0aktpUXNYYkFMUU9vc25JUzFXamtmdHRUTUEyVGxLbTFHVDZvS1FLMGJEQXhLNVlxclpaUTkzWkMxN2hNZEw4UlE5TjdGTUJILXg3UmJVZFpfZUFXVDNla0dfY0toUEs1TFJwRjZYWURJbUJlZXdVdDBRYVhyUjlkRGF4T2ZnMnVTRHVzS0sta2UyRUxrak0telJmR0Q2dEUtc0JERTgzNjBDQ2ZScU44YV9yREFGRThVU05BTjg1SGFHTHBIZzV5a2w1VlBYSmFTRklmY0dtRW1fWXo5ZVduS0cyMWVFbmNVMVNXVV9Cdm04d1V4bnRiZnQ3UE0zdTh1aXlnTEVlWHhBSzRsektzVkpRUmNhU2RlZzFIanNPeFRYWHU1SGpBU0RiTm0xVFh0alZoV1pOS1gzRVRVR0tKbDZlaThIWkk4djlFY0F6TW1laWpHVVVxcFN0SmNJTWV3YTJDZHNHaEtrSFZ6UVN4Y2xGc0h2UkRWNUJ0ZmJSc1czaTlCM21jN1ZLcVMzbmlzWTFHZmY5bEFwV1YwTndzaF9OckE3RnhCaHdvcV9OLXQxNDc1T2tOR2gzazYwN2JNZUR2Vm9OVEwweDRGU1dOeUd0R1BHSnVjbVh4a2YzN0ZqMXZldjlCWWF5MTlQT21LUnlUbTNwV2lCNFktNTVxbjVQNGhkLU9kT3VFcmtleEpQcDFtX1VsTHl0V1Z6Xy1FNHhkWlJpNTBWZzd5aDYzQmlzQTJ6Vll6YkkxX0lkQUpFb24yOW9ETVZNTGhvMU4tTU9mSHV5NkF4elBhNVBlREVEX05SQ3gwc0VjcUNRNzFscDJvUDhFbUFScTJWT1JCeXBqd1Jra0lJaHR4ZnpCd1RFOEctYUtYa3Rkdzd0bnNhZjRqM1lnVWE3NGNHeUZBeFRON1JHdjNLaTlXVGNOdGhkYlFhanZmR0NhcGZNaU5DcUVtN2hsNUpDOHVUOU05b2NlRFdsdlp1ME1ZWmVSUjRRdTNESDZGbkg0bXpqeFA5eDZYTWNsS3NNR0k4YnZ0YkxMZTFaVS05UkV6QjFwckhUcHZxdk5xSWhnNWJ4UlJMdm5hUldxQWNLQl9zc2ZDalNTNXFzZVE0N0s1cVk0ZGJSNEI0RkxUQjRLYTdETkFYdWdHLWZ1LXZ6SjVtTTN3TGZNZEl2TTZhOTNwLXQ5ZDRESEJLd3FrcTRNSkhpZEhmbVRnWWRtNWtjQnF2ZmIxZVBaLXhwS3JGaW1oNWw0OVMweTBXdjNVMnRqQWpScGFnVWZwQTFwbWdub21FMkVlSVFoOTR2SVFlLUNHNDNjaWZ6UGZaa25KNWYxMFJiSzJuOEJUb0pKUERvc2VacWlOUmpLQjIwbjhpbXk4M1JRY1BSS0RPVUJRSW9qbWNINmlqUERXd1MzLXZBQVVUeHFXOE5NdHp2UHNueEd6Z3RXUExybGVyN2VLc1Y1dmZhZUZfYjY1WDJYZU54ZUdCY1F2d1ZhcEFHal8tWmJpVzJJVHdDd1NaVkthOTB6VFRCaUFZOEtURGJGM2xzQ0NoZHZHVFV3Z29aV2tXeWhOQkhEcHBEdTg0TmZhV1gzbTJLSlFzY1d5QjdvRjJrakRBQ1BNX1RVai1lT2pjX3E0c0ZXbWdvVU1SYWxuZ2Jxd0R4SjR1bFRtQVlKYzdESC1CTUV3bHhGbEx2cmFPZnRkZjRSeWdYaXNZc1Zhb01fT0Y2VURtRm9HT2JWTzhUOGpnMUE0OC1oNEV6enZIQW1UaVdOQ01DTDJ6SGNwMXV5anpubFJ4cFJWdEthTUZGTE15YmNad3Rwd1NadjhlaHlGZklIaFl5WXlRdzlKX0w0eDY2Ykw5V29zRl83c0lpeUtVSjhKbXMtaWpVdEw0Q2NCYzItMTZNQWY0VmplVnpHdE1mTTdWb1B4d1V2X3ZRcl81aV8xbTZqVHkyamU5SGd2UjZoVXhrSnkwNlRIdUlzZS12VjBjMUVfMnAxMkE0UUxVM1FLSGpJRDJlSE54TzNPeUt5YWJCMkVDaVlqUWRxbC1qaC1GbTFaYnhNR0FDRzNIUnEzVFZ0U0JsSTZrLVNmakI5NENERk5jT2trX3VBZzNpUDZsX2VpRnlITDFtcUR0NlFDbEZSNGRaaE83aG0tWFF6TERncE9xbmxzUjZzeVFKN2k1NGtHTE5FSmFTYTBiUlJhVDRYZVRteHVsTUZLMjdhTE55TS11WjZRdzFlVTRSOFJQV2pXYmtqSTVRckpwc1hBdUlKRlpZb3d2UTMzamhYOXNyMGxJMmJuWWZySzdRdjE2bVp6SGVLZ2xJUUhyVGJ4bEtoLW1FVE1VSmhpNk5Ia3BsRmF2UFRIeVltR2dhQlVvYkdGWXJ5a2REWk42VzJ3WHRTTHBKQVNVcERIZHJhejZqX19DWng1NjNsbWlvQzZzYWJkLTIwN294X2lwNDBXM0ptVTBEVEdHOGc4RHdTOVA4YzRKZUEweEIxTUNIbUZnTVFLZU0xRXptVjRXdjFzR25jWmVKZmx3MUw0XzIxY1BWNU1OYnd5Z2U2bmxjYU90bGZjelpxeW5CNTVPbktwaE9MWjNhc01ORXpWeC1WRGFXX1BJSDloZXh1LVZCM21jSmRYMWlNd09mNThhOUJMLWZtVWtRTWlRengzRVBhWHZ4bXZlMnNWY1BXQVlFU3FYWkpqZy1KblNWaWtVV0RXWDZFdThrX3RDb1ZpaHFnVTFQcFA2eEFNaWJCbGE5c1JBOWN3RzZCT1dEbHo4cVlwTVRKNkJ0V3prbkFuOEJjLTl0MEhXdDVXamR5WkxMV0NCdW1xUk45VDhtTGVLYUhlUGh5VEc1M3lJNHIxaVZQNDRud2hlWEQ2aktuV3NFZjJEWmRxc21aR3dHUTdHQ1hCdUFuMjlOQklRYU5sOV95RDlSZkJZTE1WdzhiXzJmeUxLdXpwYlFKVlYzdl9XcWcyenJvRllrak52NVdUc0VjTks1d2g3SU5rczIydmJmOEthUXNaV0Y5YzBVRUUyWWtCa1BLX2JCNUgzbFZENnlsWndBcHltLUZCdkFPV05qMTRlME9xUGxEN01kUmNhTDd1WHA3dnZFdzRXX05EeU5NYkVGWWtfSC1QdUpYYzBZNUNNcmdpVXlIdUt3SHVJVjRYb2xhMl9MOUJRYVk2S29yZTZUYVVxYmVLM0F2ZGlYc1VFQi16UWFtbjd4eEl3VVMzc0ZiTHhncEVLa1o0RzZiVTVrb0NVWHczajFvd2EzTGE2STdvTUJwSnJXTndNWDlWb3BaRm9YN21GZUR1cGZUZm1DTW9JbkpxVGM2YVppbENWYU11d3QySkJPOU1Ibm5kZktvZXc1UTJ1NUFoV3hseFRIZTNwTThvbi1QalA5OWJQQzVDNUJNWG52cmVFTnJpUUxnVmRTNFFrejZZNUdnRktYbDM3Zmk4UGN5enhHVVJ1ZW1mLVV3MXNDY0pOcHhELWhWZkxGU25Fbi1GaWFKX3E5UU42dFdPVzRKUEkyMFpjZ0xscW1TYVdFVXdPRERDbXJWeTlmam1LZ1pURXE1VFpSTFFFdl9aYkVodDBoT21EUlRYekJSaUhjY2ZReWw1WmR1emRuTkh4QmlRM19CUExmdUFFRkNXMmx5NERJV0ZvQldJUmEtek43Q0p3ME5OMFNxaGxreHJpZUpUeWFKYnZqWTNENjBublFuTjBXTV9YanVKcDJwT3dVc2pudnFpcFZ0QVl1NjUyT3c0WkwxNHJrSnBnS05FaEVyd2VXaWtLcnZqTGlxMnRKN1RYaElueXNlODYwSFJSQzgyNUVKOWVTOHRJMXFFZ0h6aTZWUDFnY19WQzZNNnJmaHh0YTJCMU9tQms5R1lWeXJJajJRb3pNUXlSdHdZNjJJSVJKR2tEWURuWG9iamVieVVnbG1DMkhPeGR1Sk8wZXRRcWM4bUJHVEUwd1M1OF9JbFRXcTY3eGpKeHR1SE85enVFR0VieWx2MFpyUWNKY3VDWk5Ud0RCUGlxV01NdHJ3UW1NNFUzUy1zUzVFVWFLTzRIRDI1WWxldEd3QnVIRUVSN0hpUnhvd0NMQ2RkNUJzdHJaM3RqX3VwZWEwcm15T0l1aU1rRW5fWDNRRFV3TVlnS2xiVDRDN3pWZWdYVUc1QjUtZ01RR2JZc3drc3VrSktZU3J3b1BMNFF3SkgxaVJRVFNwSzlwN1JUak5JbVN6Y0ptclMxcEFoblFXZDZ2aTJyRU9Ibms5MFEzWVRuVEhkMEtwQWpvRjBXRmh6NjJNYW4wcEFhaWVFRFN1TTd1VTRtOU9lV2h4NkIycFdVeHpUcUJBeDhZUjFCOFNPcDc0NTRZZU9iTmx1NFdXak9rQnFnT3U5UU9oN1BVWW9RX283NFphc1ZVWXIyd1dwdDhhX1prSXU4TENwd2tSR01naFA1XzRyQXhqaFRLWWRHQmZrUWRFX3o4UGtJR2VESlQtYzhNdzZjbGN4bjE2LWlzMzI0aUZ0V3R4S2did2FMYWhWOWVzaXZHSkg0ZE9Nd1kxQ0gyWUR3RGhDN0J4MzFkdTFYalZIN19ZWDdMbm5xSFptdExGSmxENWw3WkUyQnpzaWkzemVha2VURWRTZmRFbmNWeVU3UTF2UjJtVUNmZ0Fyc0FOdWFrelhGSmJmREFaZGFNYnRMSkZrMkI3cXdndWM4MGY3UzVGSlE3aU0tT0RhUEs2ZmxQckFxODJhQWp0SnhjRVFlWXVrLTNfSEFlVTNYckNJUWIzM253eXczTlY3RmJpZzZPeXRmWUNTUnRCRlRTa3haTTFCQnpjRmdGNUVIdFBkR2xRRDNTamEzWDc0Ymh5dXZCb3JKNFNMSmtMT2tZbGRFelNJbGtfNDFBU3RnTVZRYWotdllYY01wSlhXbkJNeWF5NnpDS1RPV2o4TGJkTjcyeHNOV1dGNkQwdDE3cEpiRVNjTGxSTXF1WGVjaFRESmRBaEtwM3pyTnE3M1FTUXNfLVozYUN5ODZNT3pMVUZBb1U1c29tOEtjRVBJdW9DRnNEbXJNNXlpdF8xc2FwaktEUThwSEQtVktUdl9XSi1EUVNCbWZZX0ZmeUJrNG9oZGhQWU56TUZKemFNWi1RSDBzb2ZEc1ZGYXA5Y21wUGM5YmNfUXRUZlZ6NXoySUwxRGpVQ2ZoZVpvSzJtWE5sNVgtdXhFMVJoeDhGcmZmWjVYWEVGSC1ETzRiNTYzeFFVMHJXTVhhdUhCMkFmSzRic2ZGd0xUWHdVa2lzSVhyWkRtVVlCd2VBWThpZTV5bDZ1TlNfLjJRNWxHQWNIZ0dQSW51Y3BlcmpVdnciDQp9.rv-xMWrYBAIWl2UnDnXkQkhMbUn4BJvTby8vLao33B5HCuSAOAfFtsFqNj1CNQ5iQayVP7yT4wd5Ws2lGQTnbpSDdT2fK4QGzZFFH7PEDkXWpkT18_VO0GGK-5RlPAcRp60nlmSoXbUcBLvQ0u-dtm-gBP7VGZaIBW-eXSZNWqqiXDgEJ5UupaxPIzzpbgjoSMrxxiKY-Ih_umXKFlPJKqRc0hfQI6OKDlVwNyl4-FNR9M9_GEcK6CplJMdb--z76Tv0lCLJ8GnhjivHuNOAp1Hj9q5fN6FH083bMkYru8aD-AbF4jgkm-_qpMJkSl4lh-Ny__daDvBlrJTowqkViw"
 }
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json
new file mode 100644
index 000000000..8fef32927
--- /dev/null
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json
@@ -0,0 +1,6 @@
+{
+  "v": 10,
+  "respID": "2LVPaGlWAwzxURkrcTQX",
+  "inResponseTo": "_63ff9ef67370024c4d2d8b9bfd380578",
+  "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAicmVzdWx0Ijogew0KICAgICJFSUQtSURFTlRJVFktTElOSyI6ICJQSE5oYld3NlFYTnpaWEowYVc5dUlFRnpjMlZ5ZEdsdmJrbEVQU0p6ZW5JdVltMXBMbWQyTG1GMExVRnpjMlZ5ZEdsdmJrbEVNVFV5T0RnNE1ESTJORE0wTURJNU5EVWlJRWx6YzNWbFNXNXpkR0Z1ZEQwaU1qQXhPQzB3TmkweE0xUXhNRG8xTnpvME5Dc3dNVG93TUNJZ1NYTnpkV1Z5UFNKb2RIUndPaTh2Y0c5eWRHRnNMbUp0YVM1bmRpNWhkQzl5WldZdmMzcHlMMmx6YzNWbGNpSWdUV0ZxYjNKV1pYSnphVzl1UFNJeElpQk5hVzV2Y2xabGNuTnBiMjQ5SWpBaUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qRXVNRHBoYzNObGNuUnBiMjRpSUhodGJHNXpPbkJ5UFNKb2RIUndPaTh2Y21WbVpYSmxibU5sTG1VdFoyOTJaWEp1YldWdWRDNW5kaTVoZEM5dVlXMWxjM0JoWTJVdmNHVnljMjl1WkdGMFlTOHlNREF5TURJeU9DTWlJSGh0Ykc1ek9tUnphV2M5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU1pSUhodGJHNXpPbVZqWkhOaFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU01pSUhodGJHNXpPbk5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0krQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblErQ2drSlBITmhiV3c2VTNWaWFtVmpkRDRLQ1FrSlBITmhiV3c2VTNWaWFtVmpkRU52Ym1acGNtMWhkR2x2Ymo0S0NRa0pDVHh6WVcxc09rTnZibVpwY20xaGRHbHZiazFsZEdodlpENTFjbTQ2YjJGemFYTTZibUZ0WlhNNmRHTTZVMEZOVERveExqQTZZMjA2YzJWdVpHVnlMWFp2ZFdOb1pYTThMM05oYld3NlEyOXVabWx5YldGMGFXOXVUV1YwYUc5a1Bnb0pDUWtKUEhOaGJXdzZVM1ZpYW1WamRFTnZibVpwY20xaGRHbHZia1JoZEdFK0Nna0pDUWtKUEhCeU9sQmxjbk52YmlCemFUcDBlWEJsUFNKd2NqcFFhSGx6YVdOaGJGQmxjbk52YmxSNWNHVWlQanh3Y2pwSlpHVnVkR2xtYVdOaGRHbHZiajQ4Y0hJNlZtRnNkV1UrZEhGRFVVVkROeXRCY1VkRlpXVk1Nemt3VmpWS1p6MDlQQzl3Y2pwV1lXeDFaVDQ4Y0hJNlZIbHdaVDUxY200NmNIVmliR2xqYVdRNlozWXVZWFE2WW1GelpXbGtQQzl3Y2pwVWVYQmxQand2Y0hJNlNXUmxiblJwWm1sallYUnBiMjQrUEhCeU9rNWhiV1UrUEhCeU9rZHBkbVZ1VG1GdFpUNU5ZWGc4TDNCeU9rZHBkbVZ1VG1GdFpUNDhjSEk2Um1GdGFXeDVUbUZ0WlNCd2NtbHRZWEo1UFNKMWJtUmxabWx1WldRaVBrMTFjM1JsY20xaGJtNDhMM0J5T2taaGJXbHNlVTVoYldVK1BDOXdjanBPWVcxbFBqeHdjanBFWVhSbFQyWkNhWEowYUQ0eE9UUXdMVEF4TFRBeFBDOXdjanBFWVhSbFQyWkNhWEowYUQ0OEwzQnlPbEJsY25OdmJqNEtDUWtKQ1R3dmMyRnRiRHBUZFdKcVpXTjBRMjl1Wm1seWJXRjBhVzl1UkdGMFlUNEtDUWtKUEM5ellXMXNPbE4xWW1wbFkzUkRiMjVtYVhKdFlYUnBiMjQrQ2drSlBDOXpZVzFzT2xOMVltcGxZM1ErQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1VnUVhSMGNtbGlkWFJsVG1GdFpUMGlRMmwwYVhwbGJsQjFZbXhwWTB0bGVTSWdRWFIwY21saWRYUmxUbUZ0WlhOd1lXTmxQU0oxY200NmNIVmliR2xqYVdRNlozWXVZWFE2Ym1GdFpYTndZV05sY3pwcFpHVnVkR2wwZVd4cGJtczZNUzR5SWo0OGMyRnRiRHBCZEhSeWFXSjFkR1ZXWVd4MVpUNDhaSE5wWnpwU1UwRkxaWGxXWVd4MVpUNDhaSE5wWnpwTmIyUjFiSFZ6UG5sMlIwMVFSRFZaYWtobVpXOHhkbHBoU0VGNFEwWkNNeXRCUW0xaVlWQnpjRE5HTVhGRGRHY3ZaWFpsVVZSSWNsQnlSVXhPVDJaT1VuWTBhV0V3WlhjNFRsQnlaVFpRUjJKRFZHTU5DbnBrT1ZGdVZqSmlSRE5yVFhCa1VqUlRjMlpRVFVnd2VGQkdXRFV4T0dsUlZEQTFUWHBhT1dRM01WVnpiRGxzZHpack1HcHdTMjFGVlVWMlpWcGpRVVZKTVhGa00ySjNTWEJVTURnTkNtRjZabG8xTDFCa1JUWlpSVmcyVlhwUE5FSk1VbHB3ZUdOTlJtTXdhRGxaYW5vclZ6QktjRVYxVTFKUE0xZFFjRVpvY2xZeVZVOUtVU3R4ZUhrdk5EWklZek5JVERkTlFsRlNWMm9OQ2twVU9XUndlV0l2T0dSbFpWQkRialJGTldoTFRWSlRjblZGUjJwaGFFOVlMMHcwTTNWSFVVOU5VRVZ4V1hCTFNIZzRhazlTTDBsUE16WnJTSFZWWm5GT1RuVlhiRWhDYlVzMldFME5DbmN3TUZsclYyTkRVRUkwYW1KUk5URTBSVk16UjFJMlJIQkpNbGRVVVRCaFRGbHRWR1YzUFQwOEwyUnphV2M2VFc5a2RXeDFjejQ4WkhOcFp6cEZlSEJ2Ym1WdWRENUJVVUZDUEM5a2MybG5Pa1Y0Y0c5dVpXNTBQand2WkhOcFp6cFNVMEZMWlhsV1lXeDFaVDQ4TDNOaGJXdzZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzT2tGMGRISnBZblYwWlQ0OEwzTmhiV3c2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwUGdvSlBHUnphV2M2VTJsbmJtRjBkWEpsUGdvSkNUeGtjMmxuT2xOcFoyNWxaRWx1Wm04K0Nna0pDVHhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekV3TDNodGJDMWxlR010WXpFMGJpTWlJQzgrQ2drSkNUeGtjMmxuT2xOcFoyNWhkSFZ5WlUxbGRHaHZaQ0JCYkdkdmNtbDBhRzA5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU55YzJFdGMyaGhNU0lnTHo0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGVlNTVDBpSWo0S0NRa0pDVHhrYzJsbk9sUnlZVzV6Wm05eWJYTStDZ2tKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrOFpITnBaenBZVUdGMGFENXViM1FvWVc1alpYTjBiM0l0YjNJdGMyVnNaam82Y0hJNlNXUmxiblJwWm1sallYUnBiMjRwUEM5a2MybG5PbGhRWVhSb1Bnb0pDUWtKQ1R3dlpITnBaenBVY21GdWMyWnZjbTArQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdElFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkyVnVkbVZzYjNCbFpDMXphV2R1WVhSMWNtVWlJQzgrQ2drSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1R4a2MybG5Pa1JwWjJWemRFMWxkR2h2WkNCQmJHZHZjbWwwYUcwOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREF2TURrdmVHMXNaSE5wWnlOemFHRXhJaUF2UGdvSkNRa0pQR1J6YVdjNlJHbG5aWE4wVm1Gc2RXVSthVXN6TW10cmJVNWtVelZIV2xSemJHOHhTbVJDWVdsRFRsVnJQVHd2WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDRLQ1FrSlBDOWtjMmxuT2xKbFptVnlaVzVqWlQ0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGUjVjR1U5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU5OWVc1cFptVnpkQ0lnVlZKSlBTSWpiV0Z1YVdabGMzUWlQZ29KQ1FrSlBHUnphV2M2UkdsblpYTjBUV1YwYUc5a0lFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkzTm9ZVEVpSUM4K0Nna0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDQ0TWtadVlVeGxja2x6YVVOM1RFRlhVVEZYUVVjcmJVUlVWVTA5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRazhMMlJ6YVdjNlVtVm1aWEpsYm1ObFBnb0pDVHd2WkhOcFp6cFRhV2R1WldSSmJtWnZQZ29KQ1R4a2MybG5PbE5wWjI1aGRIVnlaVlpoYkhWbFBnb2dJQ0FnY1UxMU1uTXJkV2xwVlhVMk0zRmpOWEZhYmxWWFpVeEZSREpuVm5GRFkwTmtRMGN4ZHpFMVoxSkdTV3Q0UzNOWVZGRlRRVE5LVjBoRFJYaHhjams1ZDBjMFYwMXRjRTF0U21oaFR3MEtkRGc0TjJOUlRtOUdURFJaYTBzMVRXcEhOR28wUjI1Q1ZHZFRhRVpXY0c0MWRXaFBkblpITUZsd1lVSlhNMlYyYVdSYVRYWkllV0psV1VSSVZHeHBia2sxVWtaU1pVaEdXRU5zVGcwS1dGQmhUMWxWTHpVek5GRnhaMWhLU1hrMFpXdHVkRFJ2UXk5TE0xRnVaVWhoU1VKbmVrSjFkMlpIUjIxbGEwVnlPVGROUkV0NllXWjBhMDVwTVVSS1dFNDRkMkZJVmtWTVdubHRPUTBLUjJGM1JraExjRUpGY2s5aGVqQXZVRVpxZUZGUVpsQkRaVW93UzJoNGRqbFFWVmh5YUZkUlMySkhZWEp1VlU1MUx5dFRNVEZqUzA5eGMzQmpiR2htUzFac2QxUlNhQzlXVkdsaFZBMEtSbUU0THpoYVMwSTVNM2cyV21SSVQwMHlZblY1VERaMVRqQTFjblpMWW05d1ozcG5ObEU5UFFvZ0lEd3ZaSE5wWnpwVGFXZHVZWFIxY21WV1lXeDFaVDQ4WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2xnMU1EbEVZWFJoUGp4a2MybG5PbGcxTURsRFpYSjBhV1pwWTJGMFpUNU5TVWxHZFhwRFEwSkxUMmRCZDBsQ1FXZEpSRWRUYTJWTlFUQkhRMU54UjFOSllqTkVVVVZDUWxGVlFVMUpSMlpOVVhOM1ExRlpSRlpSVVVkRmQwcENEUXBXUkVaSlRVVlpSMEV4VlVWRFozY3ZVVk14VldOdVZucGtRMEpJV2xoTmRVbEhXWFZKUms1d1dUSm9iR050YUd4aFdGSjZZek5zZW1SSFZuUmFVMEp3RFFwaVUwSnNZa2RXY21SSVNYVkpSVkpvWkVkV2RXUnRWbmxoTWxadlkybENTR0pYU2tsTlUwbDNTVUZaUkZaUlVVeEVRbXhvVEZoT2NGb3lOSFJaTWpsNURRcGpSemw1V1ZoU2JFeFhlSEJhTW1nd1RGUkJlVTFUU1hkSlFWbEVWbEZSUkVSQ2JHaE1XRTV3V2pJMGRGa3lPWGxqUnpsNVdWaFNiRXhYZUhCYU1tZ3dEUXBNVkVGNVRVSTBXRVJVUlRGTlJHTjVUMFJGTVU1RWEzZE9WbTlZUkZSSmQwMUVZM2xQUkVWNlRrUnJkMDVXYjNkbllsbDRRM3BCU2tKblRsWkNRVmxVRFFwQmEwWlZUVkkwZDBoQldVUldVVkZMUkVKV1JWbFlVbXhpYms1cVlVaFdNR1Z0ZEhaaVZ6RndZek5PY0dJeU5IaEpha0ZuUW1kT1ZrSkJjMDFIVms0d0RRcFpWekYwWlcxR2IySklTbXhhTW14NlpFZFdlVmx0Vm05aU1sWjVXa2RWZUV4cVFYTkNaMDVXUWtGTlRVcFdUbkJhTWpWb1pFaFdlV015Vm5sa2JXeHFEUXBhVTBKRldWaFNiR0p1VG1waFNGWXdaVzEwZG1KWE1YQmpNMDV3WWpJMGVFWlVRVlJDWjA1V1FrRlZWRVJFVFhsT1ZHdDVUMFJOZVUxNmF6VlBSRVZqRFFwTlFtOUhRMU54UjFOSllqTkVVVVZLUVZGM1RscElUbkpSUjFKNllYazFibVJwTldoa1JFTkRRVk5KZDBSUldVcExiMXBKYUhaalRrRlJSVUpDVVVGRURRcG5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVNHJaRUpUUlVKSGFqSnFWVmhKU3pGTmNETnNWbmhqTDFwaEszQktUV2w1UzNKWU0wY3hXbmhuV0M5cGEzZzNEUXBFT1hOamMxQlpUWFEwTnpOTWJFRlhiRGxqYlVOaVNHSktTeXRRVmpKWVRrNWtWVkpNVFZWRFNWZ3JOSFpWVG5NeVRVaGxSRlJSZEZnNFFsaHFTa1p3RFFwM1NsbFRiMkZTU2xFek9VWldVeTh4Y2pWelYyTnlZVGxJYUdSdE4zYzFSM1I0THpKMWEzbEVXREJyWkd0NFlYZHJhRkEwUlZGRmVta3ZVMGtyUm5WbkRRcHVLMWR4WjFFeGJrRmtiR0o0WWk5a1kwSjNOWGN4YURsaU0yeHRkWGRWWmpSNk0yOXZVVmRWUkRKRVowRXZhMHRrTVV0bGFrNVNORE50VEZWemJYWlREUXA2WlhaUWVGUTVlbk0zT0hCUFVqRlBZV05DTjBsemVsUldTbEJZWlU5RllXRk9Xa2h1YmtJdlZXVlBNMmM0VEVWV0x6TlBhMWhqVldkalRXdGlTVWxwRFFwaFFraHNiR3czTVZCeE1FTlBhamxyY1dwWWIyVTNUM0pTYWt4Wk5Xa3pTM2RQY0dFMlZFMURRWGRGUVVGaFQwTkJaVlYzWjJkSWFFMUNSVWRCTVZWa0RRcEVaMUZMUWtGb1RVTkJObVZIZGxNeGRXcEJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkNURUYzUkdkWlNFdHBaMEZEWjBWSVFWRlJSRUZSU0M5TlFrMUhEUXBCTVZWa1NYZFJUVTFCY1VGRFJXdGpWMFJ3VURaQk1FUk5RV3RIUVRGVlpFVjNVVU5OUVVGM1JrRlpTRXRwWjBGRFowVkNRVkZSU2tSQlpFTlZNRWwwRFFwU1JrNU1UVWc0UjBORGMwZEJVVlZHUW5kRlFrSklUWGRqVkVKSFFtZG5ja0puUlVaQ1VXTjNRVzlaTm1GSVVqQmpSRzkyVEROa00yUjVOV2hNV0ZKNURRcGtXRTR3VEcxR01Fd3lUbXhqYmxKNlRESkZkR015Ykc1aWFURnFZak5LZDJJelNtaGtSMVYwWWtkc2JtRklVWFJOUkVwb1RHMU9lV1JFUVc1Q1oyZHlEUXBDWjBWR1FsRmpkMEZaV1dKaFNGSXdZMFJ2ZGt3eU9XcGpNMEYxV1ZNeE1HTnVWbnBrUXpWb1pFTTVkbGt6VG5kTlJsRkhRVEZWWkVsQlVrNU5SWE4zRFFwVFVWbEhTMmxuUVVWUlJWTk5SRGgzVUZGWlNVdDNXVUpDVVZWSVFXZEZWMDFYYURCa1NFRTJUSGs1TTJRelkzVlpVekV3WTI1V2VtUkROV2hrUXpsckRRcGlNazU2VERKT2Qwd3lSWFJqTW14dVlta3hRbUpZVW5wak1teHVZbTFHTUdSWVNYZG5XalJIUVRGVlpFaDNVMEpzYWtOQ2EzcERRbXRMUTBKcVlVTkNEUXBwYjJGQ2FESjRhMWxZUVRaTWVUbHpXa2RHZDB4dFJYUmtTRW94WXpOUmRWbFlVWFppTTFVNVdWTXhlbUZYWkhWTVYwNTJZMjVDZG1OdFJqQmFVekZ6RFFwaFYyUnZaRU13ZDAxcGVIWlFWVVYwVmtoS01XTXpVWE5aZWpGQ1ZrUTVhbHBZU2pCaFYxcHdXVEpHTUZwWVNteGtiVGxxV1ZoU2NHSXlOWE5oV0U0d0RRcFFNa3BvWXpKVkwySXlTbkZhVjA0d1dUSjRhR016VFRsYVYyeHJVVEpXZVdSSGJHMWhWMDVvWkVkc2RtSnJSakZrUjJoMlkyMXNNR1ZVUVU1Q1oydHhEUXBvYTJsSE9YY3dRa0ZSVlVaQlFVOURRVkZGUVVoUk0xcERUWFJCWW1GNlpVMUliVmRCTW5wb1dXeEljVWhuUzFadlkxWllSVVJuYlU1dFYweEhjVVpsRFFvNFJVRkVSa2x6T0hWSGNtdDBRbTFYUTFWSldHSlljemRVU0dObWVITXlTalEzZGtoMVkyOXdjMlJyWVdKT2JGaEZhbnB1WkZKbWJtTXJNVlpKYm1KdkRRcDZUWEpaWkRkcVpVUk9WRXN2ZEVscWFVOUZXV1J5ZVVsd1pXdFdPVU5tWVhjM2VYVTJiV1ZtVFhwbGRURmhRWGRtTjBKdVN5OW9kV2wzU2xkdVpXNXdEUXBDTjJsRUwxQjJXaXR0ZW5WRE4xSk9aa3BtUmlzclUzUnBRbFI0YVROV1dYaE9SMDFxVFRGalZUaEhkemxXVjJNd1VqTkZkV3BQWVZoWFowTkRPR2sxRFFwR1IyaFdkazlaYUU1WVpuTjRTbGhpVG5obGQwVkRhbkJCVEhaRWJFWk1UQ3RwUXpRNVJ5dEJSRk52VW5Zd1UyczVNVTlRZFN0alNXMURhak55Y3pOUkRRcDBZWE5KTDNBNVRGbGhZMGMyWXk5blNUTjBSVEJwYUhGbk9WSmljMHRJV0ZGc00xQlBka1ZTU2tFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBnb0pDVHhrYzJsbk9rOWlhbVZqZEQ0S0NRa0pQR1J6YVdjNlRXRnVhV1psYzNRZ1NXUTlJbTFoYm1sbVpYTjBJajRLQ1FrSkNUeGtjMmxuT2xKbFptVnlaVzVqWlNCVlVrazlJaUkrQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrSlBHUnphV2M2V0ZCaGRHZytibTkwS0dGdVkyVnpkRzl5TFc5eUxYTmxiR1k2T21SemFXYzZVMmxuYm1GMGRYSmxLVHd2WkhOcFp6cFlVR0YwYUQ0S0NRa0pDUWtKUEM5a2MybG5PbFJ5WVc1elptOXliVDRLQ1FrSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrOFpITnBaenBFYVdkbGMzUk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF3THpBNUwzaHRiR1J6YVdjamMyaGhNU0lnTHo0S0NRa0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDV0TWpWR056UXZOMWRMVlV4QmIwVXlWemRDYzBneVdVWlFUelE5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRa0pQQzlrYzJsbk9sSmxabVZ5Wlc1alpUNEtDUWtKUEM5a2MybG5PazFoYm1sbVpYTjBQZ29KQ1R3dlpITnBaenBQWW1wbFkzUStDZ2s4TDJSemFXYzZVMmxuYm1GMGRYSmxQZ284TDNOaGJXdzZRWE56WlhKMGFXOXVQZz09IiwNCiAgICAiRUlELUNJVElaRU4tUUFBLUxFVkVMIjogImh0dHA6Ly9laWRhcy5ldXJvcGEuZXUvTG9BL3N1YnN0YW50aWFsIiwNCiAgICAiRUlELUNDUy1VUkwiOiAiaHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvIiwNCiAgICAiRUlELUFVVEgtQkxPQ0siOiAiUEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpSUhOMFlXNWtZV3h2Ym1VOUltNXZJajgrUEhOaGJXd3lPa0Z6YzJWeWRHbHZiaUI0Yld4dWN6cHpZVzFzTWowaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRnpjMlZ5ZEdsdmJpSWdTVVE5SWw4Mk0yWm1PV1ZtTmpjek56QXdNalJqTkdReVpEaGlPV0ptWkRNNE1EVTNPQ0lnU1hOemRXVkpibk4wWVc1MFBTSXlNREU0TFRBMkxURXpWREUzT2pRMk9qQTVLekF5T2pBd0lpQldaWEp6YVc5dVBTSXlMakFpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0krUEhOaGJXd3lPa2x6YzNWbGNpQkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcHVZVzFsYVdRdFptOXliV0YwT21WdWRHbDBlU0krYUhSMGNITTZMeTkzZDNjdVlTMTBjblZ6ZEM1aGRDOTBiMlJ2UEM5ellXMXNNanBKYzNOMVpYSStQR1J6YVdjNlUybG5ibUYwZFhKbElIaHRiRzV6T21SemFXYzlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURBdk1Ea3ZlRzFzWkhOcFp5TWlJRWxrUFNKemFXZHVZWFIxY21VdE1TMHhJajQ4WkhOcFp6cFRhV2R1WldSSmJtWnZQanhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk5VVVpOHlNREF4TDFKRlF5MTRiV3d0WXpFMGJpMHlNREF4TURNeE5TSWdMejQ4WkhOcFp6cFRhV2R1WVhSMWNtVk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU055YzJFdGMyaGhNalUySWlBdlBqeGtjMmxuT2xKbFptVnlaVzVqWlNCSlpEMGljbVZtWlhKbGJtTmxMVEV0TVNJZ1ZWSkpQU0lpUGp4a2MybG5PbFJ5WVc1elptOXliWE0rUEdSemFXYzZWSEpoYm5ObWIzSnRJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2VkZJdk1UazVPUzlTUlVNdGVITnNkQzB4T1RrNU1URXhOaUkrUEhoemJEcHpkSGxzWlhOb1pXVjBJSGh0Ykc1ek9uaHpiRDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TVRrNU9TOVlVMHd2VkhKaGJuTm1iM0p0SWlCbGVHTnNkV1JsTFhKbGMzVnNkQzF3Y21WbWFYaGxjejBpYzJGdGJESWlJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02YzJGdGJESTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUGp4NGMydzZiM1YwY0hWMElHMWxkR2h2WkQwaWVHMXNJaUI0Yld3NmMzQmhZMlU5SW1SbFptRjFiSFFpSUM4K1BIaHpiRHAwWlcxd2JHRjBaU0J0WVhSamFEMGlMeUlnZUcxc2JuTTlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5MekU1T1RrdmVHaDBiV3dpUGp4b2RHMXNJSGh0Ykc1elBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDNob2RHMXNJajQ4YUdWaFpENDhkR2wwYkdVK1UybG5ibUYwZFhJZ1pHVnlJRUZ1YldWc1pHVmtZWFJsYmp3dmRHbDBiR1UrUEhOMGVXeGxJRzFsWkdsaFBTSnpZM0psWlc0aUlIUjVjR1U5SW5SbGVIUXZZM056SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FKQ1FrSkNTNXViM0p0WVd4emRIbHNaU0I3SUdadmJuUXRjMmw2WlRvZ2JXVmthWFZ0T3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRa0pMbWwwWVd4cFkzTjBlV3hsSUhzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lHWnZiblF0YzNSNWJHVTZJR2wwWVd4cFl6c2dmUW9KQ1FrSkNRa0pDUzUwYVhSc1pYTjBlV3hsSUhzZ2RHVjRkQzFrWldOdmNtRjBhVzl1T25WdVpHVnliR2x1WlRzZ1ptOXVkQzEzWldsbmFIUTZZbTlzWkRzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lIMGdDZ2tKQ1FrSkNRa0pMbWcwYzNSNWJHVWdleUJtYjI1MExYTnBlbVU2SUd4aGNtZGxPeUI5SUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtDUWtKQ1FrSkNRa3VhR2xrWkdWdUlIdGthWE53YkdGNU9pQnViMjVsT3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRazhMM04wZVd4bFBqd3ZhR1ZoWkQ0OFltOWtlVDQ4YURRZ1kyeGhjM005SW1nMGMzUjViR1VpUGtGdWJXVnNaR1ZrWVhSbGJqbzhMMmcwUGp4d0lHTnNZWE56UFNKMGFYUnNaWE4wZVd4bElqNUVZWFJsYmlCNmRYSWdVR1Z5YzI5dVBDOXdQangwWVdKc1pTQmpiR0Z6Y3owaWNHRnlZVzFsZEdWeWN5SStQSGh6YkRwcFppQjBaWE4wUFNKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUXZjMkZ0YkRJNlFYUjBjbWxpZFhSbFcwQk9ZVzFsUFNkMWNtNDZiMmxrT2pJdU5TNDBMalF5SjEwdmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVXBJajQ4ZEhJK1BIUmtJR05zWVhOelBTSnBkR0ZzYVdOemRIbHNaU0krVm05eWJtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakl1TlM0MExqUXlKMTB2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVaUlDOCtQQzkwWkQ0OEwzUnlQand2ZUhOc09tbG1Qang0YzJ3NmFXWWdkR1Z6ZEQwaWMzUnlhVzVuS0M5ellXMXNNanBCYzNObGNuUnBiMjR2YzJGdGJESTZRWFIwY21saWRYUmxVM1JoZEdWdFpXNTBMM05oYld3eU9rRjBkSEpwWW5WMFpWdEFUbUZ0WlQwbmRYSnVPbTlwWkRveExqSXVOREF1TUM0eE1DNHlMakV1TVM0eU5qRXVNakFuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTa2lQangwY2o0OGRHUWdZMnhoYzNNOUltbDBZV3hwWTNOMGVXeGxJajVPWVdOb2JtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhlSE5zT21sbUlIUmxjM1E5SW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMM05oYld3eU9rRjBkSEpwWW5WMFpWTjBZWFJsYldWdWRDOXpZVzFzTWpwQmRIUnlhV0oxZEdWYlFFNWhiV1U5SjNWeWJqcHZhV1E2TVM0eUxqUXdMakF1TVRBdU1pNHhMakV1TlRVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU2tpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SFpXSjFjblJ6WkdGMGRXMDZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNDFOU2RkTDNOaGJXd3lPa0YwZEhKcFluVjBaVlpoYkhWbElpQXZQand2ZEdRK1BDOTBjajQ4TDNoemJEcHBaajQ4ZUhOc09tbG1JSFJsYzNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNHlOakV1T1RBblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGxadmJHeHRZV05vZERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25SbGVIUStTV05vSUcxbGJHUmxJRzFwWTJnZ2FXNGdWbVZ5ZEhKbGRIVnVaeUJoYmk0Z1NXMGdic09rWTJoemRHVnVJRk5qYUhKcGRIUWdkMmx5WkNCdGFYSWdaV2x1WlNCTWFYTjBaU0JrWlhJZ1pzTzhjaUJ0YVdOb0lIWmxjbWJEdkdkaVlYSmxiaUJXWlhKMGNtVjBkVzVuYzNabGNtakRwR3gwYm1semMyVWdZVzVuWlhwbGFXZDBMQ0JoZFhNZ1pHVnVaVzRnYVdOb0lHVnBibVZ6SUdGMWMzZkRwR2hzWlc0Z2QyVnlaR1V1UEM5NGMydzZkR1Y0ZEQ0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BDOTBZV0pzWlQ0OGNDQmpiR0Z6Y3owaWRHbDBiR1Z6ZEhsc1pTSStSR0YwWlc0Z2VuVnlJRUZ1ZDJWdVpIVnVaend2Y0Q0OGRHRmliR1VnWTJ4aGMzTTlJbkJoY21GdFpYUmxjbk1pUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SlpHVnVkR2xtYVd0aGRHOXlPaUE4TDNSa1BqeDBaQ0JqYkdGemN6MGlibTl5YldGc2MzUjViR1VpUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKMmgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblF2YzJGdGJESTZRWFIwY21saWRYUmxXMEJPWVcxbFBTZG9kSFJ3T2k4dlpXbGtMbWQyTG1GMEwyVkpSQzloZEhSeWFXSjFkR1Z6TDFObGNuWnBZMlZRY205MmFXUmxja1p5YVdWdVpHeDVUbUZ0WlNkZEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxLU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGs1aGJXVTZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5hSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpHY21sbGJtUnNlVTVoYldVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0lnTHo0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BIaHpiRHBwWmlCMFpYTjBQU0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2RvZEhSd09pOHZaV2xrTG1kMkxtRjBMMlZKUkM5aGRIUnlhV0oxZEdWekwxTmxjblpwWTJWUWNtOTJhV1JsY2tOdmRXNTBjbmxEYjJSbEoxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VwSWo0OGRISStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1UzUmhZWFE2SUR3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJaTl6WVcxc01qcEJjM05sY25ScGIyNHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFUzUmhkR1Z0Wlc1MEwzTmhiV3d5T2tGMGRISnBZblYwWlZ0QVRtRnRaVDBuYUhSMGNEb3ZMMlZwWkM1bmRpNWhkQzlsU1VRdllYUjBjbWxpZFhSbGN5OVRaWEoyYVdObFVISnZkbWxrWlhKRGIzVnVkSEo1UTI5a1pTZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhMM1JoWW14bFBqeHdJR05zWVhOelBTSjBhWFJzWlhOMGVXeGxJajVVWldOb2JtbHpZMmhsSUZCaGNtRnRaWFJsY2p3dmNENDhkR0ZpYkdVZ1kyeGhjM005SW5CaGNtRnRaWFJsY25NaVBqeDBjajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUVZWFIxYlRvOEwzUmtQangwWkNCamJHRnpjejBpYm05eWJXRnNjM1I1YkdVaVBqeDRjMnc2ZG1Gc2RXVXRiMllnYzJWc1pXTjBQU0p6ZFdKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTlBU1hOemRXVkpibk4wWVc1MExEa3NNaWtpSUM4K1BIaHpiRHAwWlhoMFBpNDhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMRFlzTWlraUlDOCtQSGh6YkRwMFpYaDBQaTQ4TDNoemJEcDBaWGgwUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSnpkV0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOUFTWE56ZFdWSmJuTjBZVzUwTERFc05Da2lJQzgrUEM5MFpENDhMM1J5UGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1VmFISjZaV2wwT2p3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJbk4xWW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMMEJKYzNOMVpVbHVjM1JoYm5Rc01USXNNaWtpSUM4K1BIaHpiRHAwWlhoMFBqbzhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMREUxTERJcElpQXZQang0YzJ3NmRHVjRkRDQ2UEM5NGMydzZkR1Y0ZEQ0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGljM1ZpYzNSeWFXNW5LQzl6WVcxc01qcEJjM05sY25ScGIyNHZRRWx6YzNWbFNXNXpkR0Z1ZEN3eE9Dd3lLU0lnTHo0OEwzUmtQand2ZEhJK1BIUnlQangwWkNCamJHRnpjejBpYVhSaGJHbGpjM1I1YkdVaVBsUnlZVzV6WVd0MGFXOXVjMVJ2YTJWdU9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDBCSlJDSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKM1Z5YmpwdmFXUTZNUzR5TGpRd0xqQXVNVEF1TWk0eExqRXVNall4TGprd0oxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo0S0NRa0pDUWtKQ1FrSkNRbFdiMnhzYldGamFIUmxiaTFTWldabGNtVnVlam9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0NU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhkSElnWTJ4aGMzTTlJbWhwWkdSbGJpSStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1JHRjBZVlZTVERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25aaGJIVmxMVzltSUhObGJHVmpkRDBpTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcERiMjVrYVhScGIyNXpMM05oYld3eU9rRjFaR2xsYm1ObFVtVnpkSEpwWTNScGIyNHZjMkZ0YkRJNlFYVmthV1Z1WTJVaUlDOCtQQzkwWkQ0OEwzUnlQang0YzJ3NmFXWWdkR1Z6ZEQwaUwzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBEYjI1a2FYUnBiMjV6TDBCT2IzUlBiazl5UVdaMFpYSWlQangwY2lCamJHRnpjejBpYUdsa1pHVnVJajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUJkWFJvUW14dlkydFdZV3hwWkZSdk9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDNOaGJXd3lPa052Ym1ScGRHbHZibk12UUU1dmRFOXVUM0pCWm5SbGNpSWdMejQ4TDNSa1Bqd3ZkSEkrUEM5NGMydzZhV1krUEM5MFlXSnNaVDQ4TDJKdlpIaytQQzlvZEcxc1Bqd3ZlSE5zT25SbGJYQnNZWFJsUGp3dmVITnNPbk4wZVd4bGMyaGxaWFErUEM5a2MybG5PbFJ5WVc1elptOXliVDQ4WkhOcFp6cFVjbUZ1YzJadmNtMGdRV3huYjNKcGRHaHRQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEx6RXdMM2h0YkMxbGVHTXRZekUwYmlNaUlDOCtQQzlrYzJsbk9sUnlZVzV6Wm05eWJYTStQR1J6YVdjNlJHbG5aWE4wVFdWMGFHOWtJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOHdOQzk0Yld4bGJtTWpjMmhoTWpVMklpQXZQanhrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQbXBoTUhSSlVEQkJVVEU0ZGk4NFpsVmpOR1kxYVhsSGNIWXhXVGhFYWpGUGJDODVNa2RTU0V0Q2EyYzlQQzlrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQand2WkhOcFp6cFNaV1psY21WdVkyVStQR1J6YVdjNlVtVm1aWEpsYm1ObElFbGtQU0psZEhOcExXUmhkR0V0Y21WbVpYSmxibU5sTFRFdE1TSWdWSGx3WlQwaWFIUjBjRG92TDNWeWFTNWxkSE5wTG05eVp5OHdNVGt3TXlOVGFXZHVaV1JRY205d1pYSjBhV1Z6SWlCVlVrazlJaU5sZEhOcExYTnBaMjVsWkhCeWIzQmxjblJwWlhNdE1TMHhJajQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrTVZGVWFXNTBPR1Y1UXpsNFVFbExXR0ZxYzJ0cmVUWmlMM2MzY20xV1JEUldZMjQwUjFkMVJrMVZjejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5a2MybG5PbEpsWm1WeVpXNWpaVDQ4TDJSemFXYzZVMmxuYm1Wa1NXNW1iejQ4WkhOcFp6cFRhV2R1WVhSMWNtVldZV3gxWlNCSlpEMGljMmxuYm1GMGRYSmxkbUZzZFdVdE1TMHhJajVLT0ROMFdUUnhUMWhGWVhWNWMxVXhMM1pUZWtzMk1EbDBNRWRKUm5sQlJUZFVkR05LYmpsRmNXZGFXa3RHTmxNMWVVRllURTlzZEhsc1JVdFBZV015TW1zMUsxaHlaRlZ0ZFV0NGFtNHdMekZQWTNwSFJqRTNlR1pYYXpORWFtbHdUMDlqZFVOM2VYQlZTV3BWTW5KVEt6RldkMnhxVUU4NGNIY3hTSGR3VEZaa1JtbFJjVzkzZVU5NFRGTkJlV05VUlV4Ukx6bHhRVTFaTm05UFpscFBiMEZhVTNaVFpXOVJVazVhVFN0YUwyTjZOalZDZUhwdFZrUklkMjgwYmxkemJTOXdVWEpSYmtkblVGQTFORmRNVWpSc1YyOXZWV2xqU1ZkdVEyMW5ZbVV6WVdkUVoybFBNVTlITVV4SWNuTkVNbXBrY0VKeGJITkJjWGR2Y0U1Qk5ta3dXbkE1Y3pFNVNEWk1VbWxsTjBKNE9EUnpSbmxLWlhNMU5qWTFaRkp4WlhoWFpub3ZOVGhaU0ZndmMzWkdOWEpDZUhjMVVHcEtZbGhYYmxKNlptcHpORXM0YzBSeVdsQmFhSEZSU0hwQ1Zub3pTV2M5UFR3dlpITnBaenBUYVdkdVlYUjFjbVZXWVd4MVpUNDhaSE5wWnpwTFpYbEpibVp2UGp4a2MybG5PbGcxTURsRVlYUmhQanhrYzJsbk9sZzFNRGxEWlhKMGFXWnBZMkYwWlQ1TlNVbEdNV3BEUTBKTU5tZEJkMGxDUVdkSlJWRnpNVEpxVkVGT1FtZHJjV2hyYVVjNWR6QkNRVkZ6UmtGRVEwSnZWRVZNVFVGclIwRXhWVVZDWjNkRFVWWlJlRk5FUWtkQ1owNVdRa0Z2VFZBd1JYUldTRW94WXpOUloxSXlWbnBNYVVKdFRHbENWR0ZYVG05YVdFcHZXbGRzTUdNelRqVmpNMUpzWWxkVloyRlhNR2RhVjNoc1lUTlNlVXhwUWtWWldGSnNZbTVhYkdOdGRHeGhTRWxuVWpJeGFWTkVSV3BOUTBWSFFURlZSVU4zZDJGWlV6RjZZVmRrZFV4V1FubGFWekZ3WkZjd2RGWkhWbnBrUXpGVVlWZGpkRTFFU1hoSmVrRm9RbWRPVmtKQlRVMUhiVVYwWXpKc2JtSnBNVkZqYlZaMFlWaFdkRXhXVW14ak0xRjBWVEpzYmt4VVFYbE5RalJZUkZSRk5FMUVXWGhOZWtFMFRsUmpNVTlHYjFoRVZFbDZUVVJaZUUxNlFUUk9WR014VDBadmQxbEVSVXhOUVd0SFFURlZSVUpuZDBOUlZsRjRSbnBCVmtKblRsWkNRVTFOUkdzeGFHVkRRazVrV0U0d1dsaEtkRmxYTlhWTlVrMTNSVkZaUkZaUlVVVkVRWEJPWkZoT01GcFlTblJaVnpWMVRWRjNkME5uV1VSV1VWRnhSRUZPVGxsWVozaEdWRUZVUW1kT1ZrSkJWVTFFUkZWNFRVUmpNVTFFV1RCUFJFMTRUVlJEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUWEo0YWtSM0sxZEplRE16Y1U1aU1sZG9kMDFSYUZGa0wyZEJXbTB5YWpkTFpIaGtZV2R5V1ZBemNqTnJSWGcyZWpaNFEzcFVibnBWWWl0SmJYUkljMUJFVkRZemRXcDRiWGRyTTAwelpsVktNV1J0ZHprMVJFdFlWV1ZGY2toNmVrSTVUVlI0Vml0a1prbHJSVGxQVkUweVpsaGxPVlpNU21aYVkwOXdUa2syVTNCb1JrSk1NMjFZUVVKRFRtRnVaREk0UTB0Vk9WQkhjek15WldaNk0xSlBiVUpHSzJ4TmVuVkJVekJYWVdOWVJFSllUa2xtVjBrNEwyeDBRMkZTVEd0clZIUXhhalpTV1dFeFpHeEVhVlZRY1hOamRpdFBhRE5PZUhrcmVrRlZSVlp2ZVZVdldHRmpiUzh2U0ZodWFuZHdLMEpQV1ZOcVJWVnhOMmhDYnpKdlZHd3ZlU3RPTjJoclJHcEVlRXR0UzFOb09HWkplbXRtZVVSMEszQkNOMnhJTm1wVVlteHdVbmRhYVhWc2VrMU9Ua2RLUm01QmFuZGxTVEl3VDJSbFFrVjBlR3RsWnpaVFRteHJNRTVIYVRKS2F6TnpRMEYzUlVGQllVOURRV3hSZDJkblNsRk5TVWRFUW1kbmNrSm5SVVpDVVdOQ1FWRlNNMDFJVlhkU1VWbEpTM2RaUWtKUlZVaE5RVXRIVDFkb01HUklRVFpNZVRrelpETmpkVmxUTVRCamJsWjZaRU0xYUdSRE9XcGFXRW93WTNrNWFFeFlUbkJhTWpSMFkwaEtiR0pYYkRGaVV6RjBZakpLY0dKSFZYUk5SRTVvVEcxT2VXUkVRWE5DWjJkeVFtZEZSa0pSWTNkQldWbG5ZVWhTTUdORWIzWk1NamxxWXpOQmRHUkhWbnBrUXpWb1RGaFNlV1JZVGpCTWJVWXdUREk1YW1NelFYZEZkMWxFVmxJd2FrSkJkM2REYjBGSlVtZGhabXByUjA5R1lqQjNZMmRaU1V0M1dVSkNVVlZJUVZGTlJWcHFRbXROUVc5SFEwTnpSMEZSVlVaQ2QzTkRUVUZuUjBKblVVRnFhMWxDUVZSQlNVSm5XVVZCU1RWSFFWRlJkMFYzV1VkQ1FVTlBVbWRGUjAxQmEwZENkMUZCYW10WlFrSm5SWGRNVVZsSFFrRkRUMUpuUlVaTlEwMTNTVkpaWW1GSVVqQmpTRTAyVEhrNU0yUXpZM1ZaVXpFd1kyNVdlbVJETldoa1F6bDNXa2hOZGtWM1NrWlVha0ZTUW1kT1ZraFJORVZEWjFGSlVqWjRPRVZqYzNGUGVITjNSR2RaUkZaU01GQkJVVWd2UWtGUlJFRm5Za0ZOUVd0SFFURlZaRVYzVVVOTlFVRjNXVUZaUkZaU01HZENSbXQzVm5wQlNVSm5XVVZCU1hOM1FWRkZkMU4zV1VkTGFXZEJSVkZGVlUxRlJYZFFkMWxKUzNkWlFrSlJWVWhCWjBWWFRUSm9NR1JJUVRaTWVUa3paRE5qZFZsVE1UQmpibFo2WkVNMWFHUkRPV3RpTWs1NlRESk9kMHd5UlhSak1teHVZbWt4ZDJOdFZuUmhXRlowVEZjeGRsbHRiSE5hVkVOQ2NtZFpSRlpTTUdaQ1NVZHRUVWxIYWsxSlIyZHZTVWRrYjBsSFlXaHZSMWhpUjFKb1kwUnZka3d5ZUd0WldFRjBaRWRXZW1SRE5XaE1XRko1WkZoT01FeHRSakJNTWpreFVGZEZkR015Ykc1aWFURlJZMjFXZEdGWVZuUk1WbEpzWXpOUmRGVXliRzVNVkVGNVNVTm9WRk5GUlhSTmFsVXlTMU40ZGxCVlJYUldTRW94WXpOUmMxbDZNVUpXUkRscVdsaEtNR0ZYV25CWk1rWXdXbGhLYkdSdE9XcFpXRkp3WWpJMWMyRllUakJRTWtwb1l6SlZMMkl5U25GYVYwNHdXVEo0YUdNelRUbGFWMnhyVVRKV2VXUkhiRzFoVjA1b1pFZHNkbUpyUmpGa1IyaDJZMjFzTUdWVVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGTk1GQkVMekl6U20xUE16Wk5Uazk1SzNwYVFpOVVUSE5oUmpjNE1HMXRUMHRxY0dzeFdITllRWHBWVGt0YU5sTnlkQ3R0TUhVcksybFhiemxNT0VoR0wyeHllRk5FT0VkWVNtTkVURmxYUm1aNE56QnlORW81ZDFVNFN6ZHdSRWt4YmpsRmNXSkJjekJTSzNaWlZtNU1OVlZXVUM5MVZWRmxkekpYYkhBMU9GQkdjR2RCV0N0VUwxTkZNR05sWlV0NVRUaFlSVzVZVTNwbFRpOUZVM1JzUml0S1EyRkJPSFZ0Y1dwdFJFVnVZV1V6Y1hWeFUxVnNLMHhsYTFCVk9HazRSME56YmpVNWRYaDBibFZ1ZUVsTlMzY3paR2N2TjBRM1dUaE1ObFoxTkU1WE5FeGpiemRtYVRsRGNtRklRelJTVEV4MFpIaFliSFpQZGxGcFJWbHZSU3Q1TVRkbk1Ia3ZRemhPTkVSelkyaGFhWHBaZDNBd2NFOVNUMkpqWmt0V1RuQndWWFZMZFhOTmFIUnRVMnBzTUZaeEx5OWhkamhVVlhGU2NEVkdlalpYWTNwMFVFZEhVM2N3Um1WbGRsVkxSRzlETDBFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2s5aWFtVmpkQ0JKWkQwaVpYUnphUzF6YVdkdVpXUXRNUzB4SWo0OFpYUnphVHBSZFdGc2FXWjVhVzVuVUhKdmNHVnlkR2xsY3lCNGJXeHVjenBsZEhOcFBTSm9kSFJ3T2k4dmRYSnBMbVYwYzJrdWIzSm5MekF4T1RBekwzWXhMak11TWlNaUlGUmhjbWRsZEQwaUkzTnBaMjVoZEhWeVpTMHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGQnliM0JsY25ScFpYTWdTV1E5SW1WMGMya3RjMmxuYm1Wa2NISnZjR1Z5ZEdsbGN5MHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGTnBaMjVoZEhWeVpWQnliM0JsY25ScFpYTStQR1YwYzJrNlUybG5ibWx1WjFScGJXVStNakF4T0Mwd05pMHhNMVF4TlRvME5qb3dPVm84TDJWMGMyazZVMmxuYm1sdVoxUnBiV1UrUEdWMGMyazZVMmxuYm1sdVowTmxjblJwWm1sallYUmxQanhsZEhOcE9rTmxjblErUEdWMGMyazZRMlZ5ZEVScFoyVnpkRDQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrYW1WQmJFcHdTVEZIWkV0WlVXMVNOM1pRY25KVWNrZFdPVWRNT1M5MVdXeExNM0JyU1ROUWVtNHpiejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5bGRITnBPa05sY25SRWFXZGxjM1ErUEdWMGMyazZTWE56ZFdWeVUyVnlhV0ZzUGp4a2MybG5PbGcxTURsSmMzTjFaWEpPWVcxbFBrTk9QV0V0YzJsbmJpMVFjbVZ0YVhWdExWUmxjM1F0VTJsbkxUQXlMRTlWUFdFdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TEU4OVFTMVVjblZ6ZENCSFpYTXVJR1l1SUZOcFkyaGxjbWhsYVhSemMzbHpkR1Z0WlNCcGJTQmxiR1ZyZEhJdUlFUmhkR1Z1ZG1WeWEyVm9jaUJIYldKSUxFTTlRVlE4TDJSemFXYzZXRFV3T1VsemMzVmxjazVoYldVK1BHUnphV2M2V0RVd09WTmxjbWxoYkU1MWJXSmxjajR4TVRJd056WXhORGcxUEM5a2MybG5PbGcxTURsVFpYSnBZV3hPZFcxaVpYSStQQzlsZEhOcE9rbHpjM1ZsY2xObGNtbGhiRDQ4TDJWMGMyazZRMlZ5ZEQ0OEwyVjBjMms2VTJsbmJtbHVaME5sY25ScFptbGpZWFJsUGp4bGRITnBPbE5wWjI1aGRIVnlaVkJ2YkdsamVVbGtaVzUwYVdacFpYSStQR1YwYzJrNlUybG5ibUYwZFhKbFVHOXNhV041U1cxd2JHbGxaQ0F2UGp3dlpYUnphVHBUYVdkdVlYUjFjbVZRYjJ4cFkzbEpaR1Z1ZEdsbWFXVnlQand2WlhSemFUcFRhV2R1WldSVGFXZHVZWFIxY21WUWNtOXdaWEowYVdWelBqeGxkSE5wT2xOcFoyNWxaRVJoZEdGUFltcGxZM1JRY205d1pYSjBhV1Z6UGp4bGRITnBPa1JoZEdGUFltcGxZM1JHYjNKdFlYUWdUMkpxWldOMFVtVm1aWEpsYm1ObFBTSWpjbVZtWlhKbGJtTmxMVEV0TVNJK1BHVjBjMms2VFdsdFpWUjVjR1UrWVhCd2JHbGpZWFJwYjI0dmVHaDBiV3dyZUcxc1BDOWxkSE5wT2sxcGJXVlVlWEJsUGp3dlpYUnphVHBFWVhSaFQySnFaV04wUm05eWJXRjBQand2WlhSemFUcFRhV2R1WldSRVlYUmhUMkpxWldOMFVISnZjR1Z5ZEdsbGN6NDhMMlYwYzJrNlUybG5ibVZrVUhKdmNHVnlkR2xsY3o0OEwyVjBjMms2VVhWaGJHbG1lV2x1WjFCeWIzQmxjblJwWlhNK1BDOWtjMmxuT2s5aWFtVmpkRDQ4TDJSemFXYzZVMmxuYm1GMGRYSmxQanh6WVcxc01qcERiMjVrYVhScGIyNXpJRTV2ZEVKbFptOXlaVDBpTWpBeE9DMHdOaTB4TTFReE56bzBOam93T1Nzd01qb3dNQ0lnVG05MFQyNVBja0ZtZEdWeVBTSXlNREU0TFRBMkxURXpWREU0T2pBeE9qQTVLekF5T2pBd0lqNDhjMkZ0YkRJNlFYVmthV1Z1WTJWU1pYTjBjbWxqZEdsdmJqNDhjMkZ0YkRJNlFYVmthV1Z1WTJVK2FIUjBjSE02THk5bGFXUXVaM1l1WVhRdmJXOWhMV2xrTFdGMWRHZ3ZjMnd5TUM5a1lYUmhWWEpzUDNCbGJtUnBibWRwWkQwME9UYzFOelUxTXpjNE16azBNRFF4TkRnMlBDOXpZVzFzTWpwQmRXUnBaVzVqWlQ0OEwzTmhiV3d5T2tGMVpHbGxibU5sVW1WemRISnBZM1JwYjI0K1BDOXpZVzFzTWpwRGIyNWthWFJwYjI1elBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbEJXVUMxV1JWSlRTVTlPSWlCT1lXMWxQU0oxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eE1DSWdUbUZ0WlVadmNtMWhkRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T21GMGRISnVZVzFsTFdadmNtMWhkRHAxY21raVBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0I0Yld4dWN6cDRjMms5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01ERXZXRTFNVTJOb1pXMWhMV2x1YzNSaGJtTmxJaUI0YzJrNmRIbHdaVDBpZUhNNmMzUnlhVzVuSWo0eUxqRThMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsUGp3dmMyRnRiREk2UVhSMGNtbGlkWFJsUGp4ellXMXNNanBCZEhSeWFXSjFkR1VnUm5KcFpXNWtiSGxPWVcxbFBTSlFVa2xPUTBsUVFVd3RUa0ZOUlNJZ1RtRnRaVDBpZFhKdU9tOXBaRG94TGpJdU5EQXVNQzR4TUM0eUxqRXVNUzR5TmpFdU1qQWlJRTVoYldWR2IzSnRZWFE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaGRIUnlibUZ0WlMxbWIzSnRZWFE2ZFhKcElqNDhjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VnZUcxc2JuTTZlSE5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0lnZUhOcE9uUjVjR1U5SW5oek9uTjBjbWx1WnlJK1RYVnpkR1Z5YldGdWJqd3ZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1UrUEM5ellXMXNNanBCZEhSeWFXSjFkR1UrUEhOaGJXd3lPa0YwZEhKcFluVjBaU0JHY21sbGJtUnNlVTVoYldVOUlrZEpWa1ZPTFU1QlRVVWlJRTVoYldVOUluVnlianB2YVdRNk1pNDFMalF1TkRJaUlFNWhiV1ZHYjNKdFlYUTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoZEhSeWJtRnRaUzFtYjNKdFlYUTZkWEpwSWo0OGMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVWdlRzFzYm5NNmVITnBQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEwxaE5URk5qYUdWdFlTMXBibk4wWVc1alpTSWdlSE5wT25SNWNHVTlJbmh6T25OMGNtbHVaeUkrVFdGNFBDOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaVDQ4TDNOaGJXd3lPa0YwZEhKcFluVjBaVDQ4YzJGdGJESTZRWFIwY21saWRYUmxJRVp5YVdWdVpHeDVUbUZ0WlQwaVFrbFNWRWhFUVZSRklpQk9ZVzFsUFNKMWNtNDZiMmxrT2pFdU1pNDBNQzR3TGpFd0xqSXVNUzR4TGpVMUlpQk9ZVzFsUm05eWJXRjBQU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WVhSMGNtNWhiV1V0Wm05eWJXRjBPblZ5YVNJK1BITmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxJSGh0Ykc1ek9uaHphVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOVlUVXhUWTJobGJXRXRhVzV6ZEdGdVkyVWlJSGh6YVRwMGVYQmxQU0o0Y3pwemRISnBibWNpUGpFNU5EQXRNREV0TURFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Vlc1cGNYVmxTV1FpSUU1aGJXVTlJbWgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FpSUU1aGJXVkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcGhkSFJ5Ym1GdFpTMW1iM0p0WVhRNmRYSnBJajQ4YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVZ2VHMXNibk02ZUhOcFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4TDFoTlRGTmphR1Z0WVMxcGJuTjBZVzVqWlNJZ2VITnBPblI1Y0dVOUluaHpPbk4wY21sdVp5SSthSFIwY0hNNkx5OWlhVzVrYVc1bkxtOWxjM1JsY25KbGFXTm9MbWQyTG1GMEwyRjFkR2d2YzNBdlRXVjBZV1JoZEdFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Um5KcFpXNWtiSGxPWVcxbElpQk9ZVzFsUFNKb2RIUndPaTh2Wldsa0xtZDJMbUYwTDJWSlJDOWhkSFJ5YVdKMWRHVnpMMU5sY25acFkyVlFjbTkyYVdSbGNrWnlhV1Z1Wkd4NVRtRnRaU0lnVG1GdFpVWnZjbTFoZEQwaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRjBkSEp1WVcxbExXWnZjbTFoZERwMWNta2lQanh6WVcxc01qcEJkSFJ5YVdKMWRHVldZV3gxWlNCNGJXeHVjenA0YzJrOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREV2V0UxTVUyTm9aVzFoTFdsdWMzUmhibU5sSWlCNGMyazZkSGx3WlQwaWVITTZjM1J5YVc1bklqNUNhVzVrYVc1bklGTmxjblpwWTJVZ1pzTzhjaUJ2WlM1bmRpNWhkRHd2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzTWpwQmRIUnlhV0oxZEdVK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbE5sY25acFkyVlFjbTkyYVdSbGNpMURiM1Z1ZEhKNVEyOWtaU0lnVG1GdFpUMGlhSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpEYjNWdWRISjVRMjlrWlNJZ1RtRnRaVVp2Y20xaGREMGlkWEp1T205aGMybHpPbTVoYldWek9uUmpPbE5CVFV3Nk1pNHdPbUYwZEhKdVlXMWxMV1p2Y20xaGREcDFjbWtpUGp4ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTQjRiV3h1Y3pwNGMyazlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURFdldFMU1VMk5vWlcxaExXbHVjM1JoYm1ObElpQjRjMms2ZEhsd1pUMGllSE02YzNSeWFXNW5JajVCVkR3dmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUStQQzl6WVcxc01qcEJjM05sY25ScGIyNCsiDQogIH0NCn0.WgPyI2KiVzp2DzbC6AfbDlQbXEYk-hL78-bfzj_b_IXwyHmuENwHA8MslDHOe1bYd3mlSTnoAUE20igmXM6gnFOe4pQes2i5d8YAnYRspbwhj86sn5_vMyGfHtBsApP3MqjcSHL24vo6DHqKYqN85FMGq6GnPub9HGbeIgMAvECuH0ZCqY5MDWj4FI2OA5Jrn2fyBY1CebF5NdTSUeBJMjG_q-cpTnWmkcELKXTNJg9ihkHR8FkBjt8xh2YWh9Opk_0RrUIZI5U9YC4Xc-Hgj7C7YplA4Pr0_SUHdqH_86xF7GcMMuC5Bs8EU22lejxhxwz0BzPPg2Ws0LJ8RGAm0A"
+}
\ No newline at end of file
-- 
cgit v1.2.3


From bc6ebce79bdd07a0a1bbe9a956e7d49512ff9e57 Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Tue, 26 Jun 2018 10:30:18 +0200
Subject: read noAuth header value from configuration

---
 .../moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
index 853d1b6a4..0b7b674a4 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java
@@ -51,6 +51,7 @@ public class BKAMobileAuthModule implements AuthModule {
 	@Autowired(required=true) private AuthenticationManager authManager;
 	
 	private List uniqueIDsDummyAuthEnabled = new ArrayList();
+	private String noAuthHeaderValue = null;
 	
 	/* (non-Javadoc)
 	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
@@ -71,6 +72,9 @@ public class BKAMobileAuthModule implements AuthModule {
 	@PostConstruct
 	public void initialDummyAuthWhiteList() {
 		String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID");
+		noAuthHeaderValue = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0");
+		Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue);
+		
 		if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) {
 			uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier));
 			
@@ -105,7 +109,7 @@ public class BKAMobileAuthModule implements AuthModule {
 					return "BKAMobileAuthentication";
 					
 				} else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) 
-						&& MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) {
+						&& MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals(noAuthHeaderValue)) {
 					Logger.info("Find dummy-auth request for oe.gv.at demos ... ");
 					return "BKAMobileAuthentication";
 					
-- 
cgit v1.2.3


From ad0c0ab639d4717a22d8d92769eb32746c4e4e6f Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Tue, 26 Jun 2018 10:37:00 +0200
Subject: update SL2.0 jUnit test for A-Trust result

---
 .../modules/sl20_auth/EIDDataVerifier_ATrust.java    |   6 +++---
 .../modules/sl20_auth/dummydata/DummyAuthConfig.java |   2 +-
 .../src/test/resources/sl20.jks                      | Bin 9986 -> 12069 bytes
 3 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
index 0e6c96f8d..7022fe6b7 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
@@ -29,14 +29,14 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest {
 	
 	@Before
 	public void init() throws IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException, SL20Exception {
-		String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json")));
+		String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust2.json")));
 		JsonParser jsonParser = new JsonParser();		
 		JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject();
 		
 		//JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true);
 		VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true);		
-		//JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true);
-		JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true);
+		JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true);
+		//JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true);
 		
 		eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
 		if (eIDData == null || eIDData.isEmpty())
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
index 88924500b..9ed8f06e9 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java
@@ -94,7 +94,7 @@ public class DummyAuthConfig implements AuthConfiguration {
 			return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN";
 		
 		else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key))
-			return "/src/test/resources/prod_sl20.jks";
+			return "/src/test/resources/sl20.jks";
 		
 		else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD.equals(key))			
 			return "password";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks
index 4413b8c8a..47752e0f1 100644
Binary files a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks differ
-- 
cgit v1.2.3


From c5837064bb5037c5a2b0f5e6bd2a504b37ad55e2 Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Tue, 26 Jun 2018 13:02:31 +0200
Subject: update interface implementation

---
 .../config/ELGAMandatesRequestBuilderConfiguration.java           | 8 ++++++++
 .../config/FederatedAuthnRequestBuilderConfiguration.java         | 8 ++++++++
 2 files changed, 16 insertions(+)

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index 6954b9feb..719629936 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.elgamandates.config;
 
+import java.util.List;
+
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@@ -298,6 +300,12 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
 		
 				
 	}
+
+	@Override
+	public List getRequestedAttributes() {
+		return null;
+		
+	}
 	
 		
 }
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index 6cbe558e7..e9c3115fe 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -22,6 +22,8 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.federatedauth.config;
 
+import java.util.List;
+
 import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
 import org.opensaml.saml2.core.NameID;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -207,5 +209,11 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque
 		return null;
 	}
 
+	@Override
+	public List getRequestedAttributes() {
+		return null;
+		
+	}
+
 	
 }
-- 
cgit v1.2.3


From 1f17c6819cb036d2cbd91f9d391bd8f6412364ac Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Mon, 2 Jul 2018 18:07:27 +0200
Subject: add Annotations to AttributeBuilder

---
 .../moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java   | 9 +++++++--
 .../protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java | 1 +
 .../protocols/eidas/attributes/builder/eIDASAttrFamilyName.java  | 1 +
 .../protocols/eidas/attributes/builder/eIDASAttrGivenName.java   | 1 +
 .../protocols/eidas/attributes/builder/eIDASAttrLegalName.java   | 1 +
 .../eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java | 1 +
 .../attributes/builder/eIDASAttrNaturalPersonalIdentifier.java   | 1 +
 .../attributes/builder/eIDASAttrRepresentativeDateOfBirth.java   | 1 +
 .../attributes/builder/eIDASAttrRepresentativeFamilyName.java    | 1 +
 .../attributes/builder/eIDASAttrRepresentativeGivenName.java     | 1 +
 .../attributes/builder/eIDASAttrRepresentativeLegalName.java     | 1 +
 .../builder/eIDASAttrRepresentativeLegalPersonIdentifier.java    | 1 +
 .../eIDASAttrRepresentativeNaturalPersonalIdentifier.java        | 1 +
 13 files changed, 19 insertions(+), 2 deletions(-)

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
index 1b1b15567..200215308 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/utils/eIDASAttributeBuilder.java
@@ -39,6 +39,7 @@ import at.gv.egiz.eaaf.core.impl.data.Pair;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egovernment.moa.id.data.IMOAAuthData;
 import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.IeIDASAttribute;
+import at.gv.egovernment.moa.id.protocols.eidas.attributes.builder.eIDASMetadata;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 import eu.eidas.auth.commons.attribute.AttributeDefinition;
@@ -67,8 +68,12 @@ public class eIDASAttributeBuilder extends PVPAttributeBuilder {
 			while (moduleLoaderInterator.hasNext()) {
 				try {
 					IeIDASAttribute modul = moduleLoaderInterator.next();
-					Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName());
-					supportAttrList.add(modul.getName());
+					if (modul.getClass().isAnnotationPresent(eIDASMetadata.class)) {
+						Logger.info("Loading eIDAS attribut-builder Modul Information: " + modul.getName());
+						supportAttrList.add(modul.getName());
+						
+					} else
+						Logger.trace(modul.getName() + " is not an eIDAS metadata attribute");
 					
 				} catch(Throwable e) {
 					Logger.error("Check configuration! " + "Some attribute-builder modul" + 
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java
index 1f00af765..2f42cc43e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrDateOfBirth.java
@@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.BirthdateAttributeBuilde
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrDateOfBirth extends BirthdateAttributeBuilder implements IeIDASAttribute {
  
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
index 50b270765..9505a0a62 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrFamilyName.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrFamilyName implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
index 3b83a9793..7307b4f2a 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrGivenName.java
@@ -31,6 +31,7 @@ import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrGivenName implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
index 63a4e89d5..1ac4560b0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalName.java
@@ -29,6 +29,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
  *
  */
 @Deprecated
+@eIDASMetadata
 public class eIDASAttrLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
index 7f18c21cb..66359e240 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrLegalPersonIdentifier.java
@@ -36,6 +36,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  *
  */
 @Deprecated
+@eIDASMetadata
 public class eIDASAttrLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
index 5a8fcb846..76ca3a94d 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrNaturalPersonalIdentifier.java
@@ -40,6 +40,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrNaturalPersonalIdentifier implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java
index 43d2f96c2..ed86d6e4b 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeDateOfBirth.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeDateOfBirth extends MandateNaturalPersonBirthDateAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java
index 924a275b1..5db88e71e 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeFamilyName.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeFamilyName extends MandateNaturalPersonFamilyNameAttributeBuilder implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java
index 2de585918..0a7c514aa 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeGivenName.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateNaturalPerso
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeGivenName extends MandateNaturalPersonGivenNameAttributeBuilder implements IeIDASAttribute{
 
 	/* (non-Javadoc)
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
index 92456d202..638b01bb1 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalName.java
@@ -28,6 +28,7 @@ import at.gv.egovernment.moa.id.protocols.builder.attributes.MandateLegalPersonF
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeLegalName extends MandateLegalPersonFullNameAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
index 6c65872e4..fd245c3eb 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeLegalPersonIdentifier.java
@@ -35,6 +35,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeLegalPersonIdentifier extends MandateLegalPersonSourcePinAttributeBuilder implements IeIDASAttribute {
 
 	@Override
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
index 1176ba251..f7e135bae 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASAttrRepresentativeNaturalPersonalIdentifier.java
@@ -42,6 +42,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@eIDASMetadata
 public class eIDASAttrRepresentativeNaturalPersonalIdentifier extends MandateNaturalPersonBPKAttributeBuilder implements IeIDASAttribute{
 
 	/* (non-Javadoc)
-- 
cgit v1.2.3


From 5acd1d23f3702d8899f531e823da68cd9fccaaa4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Mon, 2 Jul 2018 18:08:04 +0200
Subject: update auth. module for central eIDAS node connection

---
 .../moa-id-module-AT_eIDAS_connector/pom.xml       |  59 ++++
 .../EidasCentralAuthConstants.java                 |  93 ++++++
 .../EidasCentralAuthModuleImpl.java                |  92 ++++++
 .../EidasCentralAuthSpringResourceProvider.java    |  63 ++++
 .../EidasCentralAuthMetadataConfiguration.java     | 355 +++++++++++++++++++++
 ...idasCentralAuthRequestBuilderConfiguration.java | 262 +++++++++++++++
 .../EidasCentralAuthMetadataController.java        | 133 ++++++++
 .../EidasCentralAuthSignalController.java          |  67 ++++
 .../tasks/CreateAuthnRequestTask.java              | 164 ++++++++++
 .../tasks/ReceiveAuthnResponseTask.java            | 272 ++++++++++++++++
 .../utils/EidasCentralAuthCredentialProvider.java  | 124 +++++++
 .../utils/EidasCentralAuthMetadataProvider.java    | 345 ++++++++++++++++++++
 ...iz.components.spring.api.SpringResourceProvider |   1 +
 .../resources/eIDAS_central_node_auth.process.xml  |  17 +
 .../moaid_eIDAS_central_node_auth.beans.xml        |  41 +++
 .../eidas/attributes/builder/eIDASMetadata.java    |   5 +
 .../ELGAMandatesRequestBuilderConfiguration.java   |  13 +-
 .../FederatedAuthnRequestBuilderConfiguration.java |  13 +-
 id/server/modules/pom.xml                          |   1 +
 19 files changed, 2118 insertions(+), 2 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
 create mode 100644 id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
new file mode 100644
index 000000000..c340f90c9
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/pom.xml
@@ -0,0 +1,59 @@
+
+
+  4.0.0
+  
+    MOA.id.server.modules
+    moa-id-modules
+    ${moa-id-version}
+  
+  moa-id-module-AT_eIDAS_connector
+  moa-id-module-AT_eIDAS_connector
+  http://maven.apache.org
+  
+    UTF-8
+    ${basedir}/../../../../repository
+  
+  
+  
+        
+            default
+            
+                true
+            
+            
+                
+                    local
+                    local
+                    file:${basedir}/../../../../repository
+                
+                
+                    egiz-commons
+                    https://demo.egiz.gv.at/int-repo/
+                    
+                        true
+                    
+                
+            
+        
+    
+  
+  
+  	
+  		MOA.id.server
+  		moa-id-lib
+  	
+  
+  
+  	
+		org.springframework
+		spring-test
+		test
+	  
+    
+     	junit
+      	junit
+      	test
+    
+  
+
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
new file mode 100644
index 000000000..e8694383f
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -0,0 +1,93 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthConstants {
+
+	public static final String MODULE_NAME_FOR_LOGGING = "eIDAS central authentication";
+	
+	public static final int METADATA_VALIDUNTIL_IN_HOURS = 24; 
+	
+	public static final String HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION = "useeIDAS";
+	
+	public static final String ENDPOINT_POST = "/sp/eidas/post";
+	public static final String ENDPOINT_REDIRECT = "/sp/eidas/redirect";
+	public static final String ENDPOINT_METADATA = "/sp/eidas/metadata";
+
+	public static final String CONFIG_PROPS_PREFIX = "modules.eidascentralauth.";	
+	public static final String CONFIG_PROPS_KEYSTORE = CONFIG_PROPS_PREFIX + "keystore.path";
+	public static final String CONFIG_PROPS_KEYSTOREPASSWORD = CONFIG_PROPS_PREFIX + "keystore.password";
+	public static final String CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.password";
+	public static final String CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "metadata.sign.alias";
+	public static final String CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.password";
+	public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias";
+	public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password";
+	public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias";	
+	public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additinal.attributes";	
+	public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId";
+	public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl";
+	public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";	
+	
+	
+	public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_QAA_HIGH;	
+	public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = 
+			Collections.unmodifiableList(new ArrayList>() {
+				private static final long serialVersionUID = 1L;
+				{	
+					//add PVP Version attribute
+					add(Trible.newInstance(PVPConstants.PVP_VERSION_NAME, PVPConstants.PVP_VERSION_FRIENDLY_NAME, true));
+					
+					//request entity information
+					add(Trible.newInstance(PVPConstants.GIVEN_NAME_NAME, PVPConstants.GIVEN_NAME_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.PRINCIPAL_NAME_NAME, PVPConstants.PRINCIPAL_NAME_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.BIRTHDATE_NAME, PVPConstants.BIRTHDATE_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.BPK_NAME, PVPConstants.BPK_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.EID_SECTOR_FOR_IDENTIFIER_NAME, PVPConstants.EID_SECTOR_FOR_IDENTIFIER_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, PVPConstants.EID_CITIZEN_EIDAS_QAA_LEVEL_FRIENDLY_NAME, true));
+					add(Trible.newInstance(PVPConstants.EID_ISSUING_NATION_NAME, PVPConstants.EID_ISSUING_NATION_FRIENDLY_NAME, true));
+				}
+			});
+	
+	public static final List DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES = 
+			Collections.unmodifiableList(new ArrayList() {
+				private static final long serialVersionUID = 1L;
+				{	
+					for (Trible el : DEFAULT_REQUIRED_PVP_ATTRIBUTES) 
+						add(el.getFirst());
+				}
+			});
+}
+
+
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
new file mode 100644
index 000000000..f1bec9dac
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthModuleImpl.java
@@ -0,0 +1,92 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth;
+
+import java.io.Serializable;
+
+import javax.annotation.PostConstruct;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.gv.egiz.eaaf.core.api.idp.auth.modules.AuthModule;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egovernment.moa.id.moduls.AuthenticationManager;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthModuleImpl implements AuthModule {
+
+	@Autowired(required=true) private AuthenticationManager authManager;
+	
+	@PostConstruct
+	protected void initalCentralEidasAuthentication() {
+		//parameter to whiteList
+		authManager.addParameterNameToWhiteList(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION);
+		
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+	 */
+	@Override
+	public int getPriority() {
+		// TODO Auto-generated method stub
+		return 0;
+	} 
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		Serializable paramObj = context.get(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION);
+		if (paramObj instanceof String) {
+			String param = (String)paramObj;
+			if (StringUtils.isNotEmpty(param) && Boolean.parseBoolean(param)) {
+				Logger.debug("Centrial eIDAS authentication process selected ");
+				return "centrialEidasAuthentication";
+				
+			} else
+				Logger.trace(EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION 
+						+ " is empty or has value: " + Boolean.parseBoolean(param));
+		
+		} else
+			Logger.info("Find suspect http param '" + EidasCentralAuthConstants.HTTP_PARAM_CENTRAL_EIDAS_AUTH_SELECTION 
+					+ "' of type: " + paramObj.getClass().getName());
+		return null;		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:eIDAS_central_node_auth.process.xml" };
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java
new file mode 100644
index 000000000..beaaee619
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthSpringResourceProvider.java
@@ -0,0 +1,63 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthSpringResourceProvider implements SpringResourceProvider {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad()
+	 */
+	@Override
+	public Resource[] getResourcesToLoad() {
+		ClassPathResource federationAuthConfig = new ClassPathResource("/moaid_eIDAS_central_node_auth.beans.xml", EidasCentralAuthSpringResourceProvider.class);					
+		
+		return new Resource[] {federationAuthConfig};
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan()
+	 */
+	@Override
+	public String[] getPackagesToScan() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName()
+	 */
+	@Override
+	public String getName() {
+		return "MOA-ID Auth-module 'central eIDAS Authentication'";
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java
new file mode 100644
index 000000000..aad1244f1
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthMetadataConfiguration.java
@@ -0,0 +1,355 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.core.NameIDType;
+import org.opensaml.saml2.metadata.ContactPerson;
+import org.opensaml.saml2.metadata.Organization;
+import org.opensaml.saml2.metadata.RequestedAttribute;
+import org.opensaml.xml.security.credential.Credential;
+
+import at.gv.egiz.eaaf.core.exceptions.EAAFException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Trible;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPVPMetadataBuilderConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthMetadataConfiguration implements IPVPMetadataBuilderConfiguration {
+
+	private Collection additionalAttributes = null;
+	
+	
+	private String authURL;
+	private EidasCentralAuthCredentialProvider credentialProvider;
+	private IPVP2BasicConfiguration pvpConfiguration;
+	
+	public EidasCentralAuthMetadataConfiguration(String authURL, 
+			EidasCentralAuthCredentialProvider credentialProvider,
+			IPVP2BasicConfiguration pvpConfiguration) {
+		this.authURL = authURL;
+		this.credentialProvider = credentialProvider;
+		this.pvpConfiguration = pvpConfiguration;
+	}
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataValidUntil()
+	 */
+	@Override
+	public int getMetadataValidUntil() {
+		return EidasCentralAuthConstants.METADATA_VALIDUNTIL_IN_HOURS;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildEntitiesDescriptorAsRootElement()
+	 */
+	@Override
+	public boolean buildEntitiesDescriptorAsRootElement() {
+		return false;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildIDPSSODescriptor()
+	 */
+	@Override
+	public boolean buildIDPSSODescriptor() {
+		return false;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#buildSPSSODescriptor()
+	 */
+	@Override
+	public boolean buildSPSSODescriptor() {
+		return true;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityIDPostfix()
+	 */
+	@Override
+	public String getEntityID() {
+		return authURL + EidasCentralAuthConstants.ENDPOINT_METADATA;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEntityFriendlyName()
+	 */
+	@Override
+	public String getEntityFriendlyName() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getContactPersonInformation()
+	 */
+	@Override
+	public List getContactPersonInformation() {
+		try {
+			return pvpConfiguration.getIDPContacts();
+			
+		} catch (EAAFException e) {
+			Logger.warn("Can not load Metadata entry: Contect Person", e);
+			return null;
+			
+		}
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getOrgansiationInformation()
+	 */
+	@Override
+	public Organization getOrgansiationInformation() {
+		try {
+			return pvpConfiguration.getIDPOrganisation();
+			
+		} catch (EAAFException e) {
+			Logger.warn("Can not load Metadata entry: Organisation", e);
+			return null;
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getMetadataSigningCredentials()
+	 */
+	@Override
+	public Credential getMetadataSigningCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPMetaDataSigningCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getRequestorResponseSigningCredentials()
+	 */
+	@Override
+	public Credential getRequestorResponseSigningCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPAssertionSigningCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getEncryptionCredentials()
+	 */
+	@Override
+	public Credential getEncryptionCredentials() throws CredentialsNotAvailableException {
+		return credentialProvider.getIDPAssertionEncryptionCredential();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSOPostBindingURL()
+	 */
+	@Override
+	public String getIDPWebSSOPostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPWebSSORedirectBindingURL()
+	 */
+	@Override
+	public String getIDPWebSSORedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLOPostBindingURL()
+	 */
+	@Override
+	public String getIDPSLOPostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPSLORedirectBindingURL()
+	 */
+	@Override
+	public String getIDPSLORedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServicePostBindingURL()
+	 */
+	@Override
+	public String getSPAssertionConsumerServicePostBindingURL() {
+		return authURL + EidasCentralAuthConstants.ENDPOINT_POST;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAssertionConsumerServiceRedirectBindingURL()
+	 */
+	@Override
+	public String getSPAssertionConsumerServiceRedirectBindingURL() {
+		return authURL + EidasCentralAuthConstants.ENDPOINT_REDIRECT;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOPostBindingURL()
+	 */
+	@Override
+	public String getSPSLOPostBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLORedirectBindingURL()
+	 */
+	@Override
+	public String getSPSLORedirectBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPSLOSOAPBindingURL()
+	 */
+	@Override
+	public String getSPSLOSOAPBindingURL() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleAttributes()
+	 */
+	@Override
+	public List getIDPPossibleAttributes() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getIDPPossibleNameITTypes()
+	 */
+	@Override
+	public List getIDPPossibleNameITTypes() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPRequiredAttributes()
+	 */
+	@Override
+	public Collection getSPRequiredAttributes() {		
+		Map requestedAttributes = new HashMap();
+		for (Trible el : EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTES)
+			requestedAttributes.put(el.getFirst(), PVPAttributeBuilder.buildReqAttribute(el.getFirst(), el.getSecond(), el.getThird()));
+		
+		if (additionalAttributes != null) {
+			Logger.trace("Add additional PVP attributes into metadata ... ");
+			for (RequestedAttribute el : additionalAttributes) {
+				if (requestedAttributes.containsKey(el.getName()))
+					Logger.debug("Attribute " + el.getName() + " is already added by default configuration. Overwrite it by user configuration");
+
+				requestedAttributes.put(el.getName(), el);					
+				
+			}			
+		}
+		
+		return requestedAttributes.values();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.builder.AbstractPVPMetadataBuilder#getSPAllowedNameITTypes()
+	 */
+	@Override
+	public List getSPAllowedNameITTypes() {
+		return Arrays.asList(NameIDType.PERSISTENT);
+		
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#getSPNameForLogging()
+	 */
+	@Override
+	public String getSPNameForLogging() {
+		return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING;
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAssertionSigned()
+	 */
+	@Override
+	public boolean wantAssertionSigned() {
+		return false;
+	}
+
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPMetadataBuilderConfiguration#wantAuthnRequestSigned()
+	 */
+	@Override
+	public boolean wantAuthnRequestSigned() {
+		return true;
+	}
+
+	/**
+	 * Add additonal PVP attributes that are required by this deployment
+	 * 
+	 * @param additionalAttr List of PVP attribute name and isRequired flag 
+	 */
+	public void setAdditionalRequiredAttributes(List> additionalAttr) {
+		if (additionalAttr != null) {
+			additionalAttributes = new ArrayList();
+			for (Pair el : additionalAttr) {
+				Attribute attributBuilder = PVPAttributeBuilder.buildEmptyAttribute(el.getFirst());
+				if (attributBuilder != null) {
+					additionalAttributes.add(
+							PVPAttributeBuilder.buildReqAttribute(
+									attributBuilder.getName(), 
+									attributBuilder.getFriendlyName(), 
+									el.getSecond()));
+										
+				} else
+					Logger.info("NO PVP attribute with name: " + el.getFirst());
+				
+			}			
+		}		
+	}
+	
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
new file mode 100644
index 000000000..ebbe08588
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
@@ -0,0 +1,262 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config;
+
+import java.util.List;
+
+import org.opensaml.saml2.core.AuthnContextComparisonTypeEnumeration;
+import org.opensaml.saml2.core.NameID;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.xml.security.credential.Credential;
+import org.w3c.dom.Element;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+
+/**
+ * @author tlenz
+ *
+ */
+public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnRequestBuilderConfiguruation {
+
+	private boolean isPassive;
+	private String SPEntityID;
+	private String QAA_Level;
+	private EntityDescriptor idpEntity;
+	private Credential signCred;
+	private String scopeRequesterId;
+	private String providerName;
+	private List requestedAttributes;
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#isPassivRequest()
+	 */
+	@Override
+	public Boolean isPassivRequest() {
+		return this.isPassive;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAssertionConsumerServiceId()
+	 */
+	@Override
+	public Integer getAssertionConsumerServiceId() {
+		return 0;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getEntityID()
+	 */
+	@Override
+	public String getSPEntityID() {
+		return this.SPEntityID;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy()
+	 */
+	@Override
+	public String getNameIDPolicyFormat() {
+		return NameID.PERSISTENT;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getNameIDPolicy()
+	 */
+	@Override
+	public boolean getNameIDPolicyAllowCreation() {
+		return true;
+	}
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextClassRef()
+	 */
+	@Override
+	public String getAuthnContextClassRef() {
+		return this.QAA_Level;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnContextComparison()
+	 */
+	@Override
+	public AuthnContextComparisonTypeEnumeration getAuthnContextComparison() {
+		return AuthnContextComparisonTypeEnumeration.MINIMUM;
+	}
+
+	/**
+	 * @param isPassive the isPassive to set
+	 */
+	public void setPassive(boolean isPassive) {
+		this.isPassive = isPassive;
+	}
+
+	/**
+	 * @param sPEntityID the sPEntityID to set
+	 */
+	public void setSPEntityID(String sPEntityID) {
+		SPEntityID = sPEntityID;
+	}
+
+	/**
+	 * @param qAA_Level the qAA_Level to set
+	 */
+	public void setQAA_Level(String qAA_Level) {
+		QAA_Level = qAA_Level;
+	}
+
+	/**
+	 * @param idpEntity the idpEntity to set
+	 */
+	public void setIdpEntity(EntityDescriptor idpEntity) {
+		this.idpEntity = idpEntity;
+	}
+
+	/**
+	 * @param signCred the signCred to set
+	 */
+	public void setSignCred(Credential signCred) {
+		this.signCred = signCred;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getAuthnRequestSigningCredential()
+	 */
+	@Override
+	public Credential getAuthnRequestSigningCredential() {
+		return this.signCred;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getIDPEntityDescriptor()
+	 */
+	@Override
+	public EntityDescriptor getIDPEntityDescriptor() {
+		return this.idpEntity;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameID()
+	 */
+	@Override
+	public String getSubjectNameID() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSPNameForLogging()
+	 */
+	@Override
+	public String getSPNameForLogging() {
+		return EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDFormat()
+	 */
+	@Override
+	public String getSubjectNameIDFormat() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getRequestID()
+	 */
+	@Override
+	public String getRequestID() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectNameIDQualifier()
+	 */
+	@Override
+	public String getSubjectNameIDQualifier() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationMethode()
+	 */
+	@Override
+	public String getSubjectConformationMethode() {
+		return null;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.config.IPVPAuthnRequestBuilderConfiguruation#getSubjectConformationDate()
+	 */
+	@Override
+	public Element getSubjectConformationDate() {
+		return null;
+	}
+
+	@Override
+	public List getRequestedAttributes() {
+		return this.requestedAttributes;
+		
+	}
+
+	@Override
+	public String getProviderName() {
+		return this.providerName;
+	}
+
+	@Override
+	public String getScopeRequesterId() {
+		return this.scopeRequesterId;
+	}
+
+	/**
+	 * Set the entityId of the SP that requests the proxy for eIDAS authentication
+	 * 
+	 * @param scopeRequesterId
+	 */
+	public void setScopeRequesterId(String scopeRequesterId) {
+		this.scopeRequesterId = scopeRequesterId;
+	}
+
+	/**
+	 * Set a friendlyName for the SP that requests the proxy for eIDAS authentication
+	 * 
+	 * @param providerName
+	 */
+	public void setProviderName(String providerName) {
+		this.providerName = providerName;
+	}
+
+	/**
+	 * Set a Set of PVP attributes that a requested by using requested attributes
+	 * 
+	 * @param requestedAttributes
+	 */
+	public void setRequestedAttributes(List requestedAttributes) {
+		this.requestedAttributes = requestedAttributes;
+	}
+	
+	
+
+	
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
new file mode 100644
index 000000000..4898c8f1e
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthMetadataController.java
@@ -0,0 +1,133 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import com.google.common.net.MediaType;
+
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractController;
+import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPVP2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPMetadataBuilder;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthMetadataConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class EidasCentralAuthMetadataController extends AbstractController {
+	
+	@Autowired PVPMetadataBuilder metadatabuilder;
+	@Autowired AuthConfiguration authConfig;
+	@Autowired EidasCentralAuthCredentialProvider credentialProvider; 
+	@Autowired IPVP2BasicConfiguration pvpConfiguration;
+	
+	public EidasCentralAuthMetadataController() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() 
+				+ " with mappings '" + EidasCentralAuthConstants.ENDPOINT_METADATA 
+				+ "'.");
+		
+	}
+	
+	@RequestMapping(value = EidasCentralAuthConstants.ENDPOINT_METADATA, 
+					method = {RequestMethod.GET})
+	public void getSPMetadata(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		//check PublicURL prefix
+		try {
+			String authURL = HTTPUtils.extractAuthURLFromRequest(req);		
+			if (!authConfig.getPublicURLPrefix().contains(authURL)) {		
+				resp.sendError(HttpServletResponse.SC_FORBIDDEN, "No valid request URL");
+				return;
+				
+			} else {
+				//initialize metadata builder configuration
+				EidasCentralAuthMetadataConfiguration metadataConfig = 
+						new EidasCentralAuthMetadataConfiguration(authURL, credentialProvider, pvpConfiguration);
+				metadataConfig.setAdditionalRequiredAttributes(getAdditonalRequiredAttributes());
+				
+				
+				//build metadata
+				String xmlMetadata = metadatabuilder.buildPVPMetadata(metadataConfig);
+				
+				//write response
+				byte[] content = xmlMetadata.getBytes("UTF-8");
+				resp.setStatus(HttpServletResponse.SC_OK);
+				resp.setContentLength(content.length);
+				resp.setContentType(MediaType.XML_UTF_8.toString());
+				resp.getOutputStream().write(content);
+
+			}
+			
+		} catch (Exception e) {
+			Logger.warn("Build federated-authentication PVP metadata FAILED.", e);
+			handleErrorNoRedirect(e, req, resp, false);
+			
+		}
+		
+	}
+
+	private List> getAdditonalRequiredAttributes() {
+		Map addReqAttributes = authConfig.getBasicMOAIDConfigurationWithPrefix(EidasCentralAuthConstants.CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST);
+		if (addReqAttributes != null) {
+			List> result = new ArrayList>();
+			for (String el : addReqAttributes.values()) {
+				if (MiscUtil.isNotEmpty(el)) {
+					Logger.trace("Parse additional attr. definition: " + el);
+					List attr = KeyValueUtils.getListOfCSVValues(el.trim());
+					if (attr.size() == 2) {						
+						result.add(Pair.newInstance(attr.get(0), Boolean.parseBoolean(attr.get(1))));
+						
+					} else
+						Logger.info("IGNORE additional attr. definition: " + el
+								+ " Reason: Format not valid");
+				}				
+			}
+			
+			return result;
+		}
+				
+		return null;
+	}
+		
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java
new file mode 100644
index 000000000..1486ef841
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/controller/EidasCentralAuthSignalController.java
@@ -0,0 +1,67 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.controller;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.text.StringEscapeUtils;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractProcessEngineSignalController;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Controller
+public class EidasCentralAuthSignalController extends AbstractProcessEngineSignalController {
+
+	public EidasCentralAuthSignalController() {
+		super();
+		Logger.debug("Registering servlet " + getClass().getName() 
+				+ " with mappings '" + EidasCentralAuthConstants.ENDPOINT_POST 
+				+ "' and '" + EidasCentralAuthConstants.ENDPOINT_REDIRECT + "'.");
+		
+	}
+	
+	@RequestMapping(value = {	EidasCentralAuthConstants.ENDPOINT_POST, 
+								EidasCentralAuthConstants.ENDPOINT_REDIRECT
+							}, 
+					method = {RequestMethod.POST, RequestMethod.GET})
+	public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException {
+		signalProcessManagement(req, resp);
+		
+	}
+	
+	public String getPendingRequestId(HttpServletRequest request) {
+		return StringEscapeUtils.escapeHtml4(request.getParameter("RelayState"));
+		
+	}
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
new file mode 100644
index 000000000..7fb6fb4f8
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks;
+
+import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.opensaml.saml2.core.Attribute;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.ws.message.encoder.MessageEncodingException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("CreateEidasCentrialAuthnRequestTask")
+public class CreateAuthnRequestTask extends AbstractAuthServletTask {
+ 
+	@Autowired PVPAuthnRequestBuilder authnReqBuilder;
+	@Autowired EidasCentralAuthCredentialProvider credential;
+	@Autowired EidasCentralAuthMetadataProvider metadataService;
+	
+	//@Autowired(required=true) ILoALevelMapper loaMapper;	
+	//@Autowired(required=true) MOAMetadataProvider metadataProvider;
+	 
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try{
+			//check if eIDAS authentication is enabled for this SP
+			if (!Boolean.parseBoolean(pendingReq.getServiceProviderConfiguration().getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, String.valueOf(false)))) {
+				Logger.info("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+				throw new MOAIDException("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), null);
+				
+			}
+						
+			// get entityID for central ms-specific eIDAS node 
+			String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+					
+			if (MiscUtil.isEmpty(msNodeEntityID)) {
+				Logger.info("eIDAS authentication not possible -> NO EntityID for central eIDAS node FOUND!");
+				throw new MOAIDException("NO EntityID for central eIDAS node FOUND", null);
+				
+			}
+						
+			//load metadata with metadataURL, as backup
+			String metadataURL = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_METADATAURL);
+			if (MiscUtil.isNotEmpty(metadataURL)) {
+				Logger.warn("Use not recommended metadata-provider initialization!"
+						+ " SAML2 'Well-Known-Location' is the preferred methode.");
+				Logger.info("Initialize 'ms-specific eIDAS node' metadata-provider with URL:" + metadataURL);				
+				metadataService.addMetadataWithMetadataURL(metadataURL);
+				
+			}
+			
+			//load IDP SAML2 entitydescriptor
+			EntityDescriptor entityDesc = metadataService.getEntityDescriptor(msNodeEntityID);											
+			if (entityDesc == null) {
+				Logger.error("Requested 'ms-specific eIDAS node' " + entityDesc 
+						+ " has no valid metadata or metadata is not found");
+				throw new MOAIDException("Requested 'ms-specific eIDAS node' " + entityDesc 
+						+ " has no valid metadata or metadata is not found", null);
+				
+			}
+			
+			//setup AuthnRequestBuilder configuration
+			EidasCentralAuthRequestBuilderConfiguration authnReqConfig = new EidasCentralAuthRequestBuilderConfiguration();
+			authnReqConfig.setIdpEntity(entityDesc);
+			authnReqConfig.setPassive(false);
+			authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
+			authnReqConfig.setSPEntityID(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA);			
+			authnReqConfig.setQAA_Level(
+					pendingReq.getServiceProviderConfiguration().getConfigurationValue(
+							MOAIDConfigurationConstants.SERVICE_AUTH_STORK_MINQAALEVEL, 
+							EidasCentralAuthConstants.CONFIG_DEFAULT_LOA_EIDAS_LEVEL));
+
+			authnReqConfig.setScopeRequesterId(pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+			authnReqConfig.setProviderName(pendingReq.getServiceProviderConfiguration().getFriendlyName());
+			authnReqConfig.setRequestedAttributes(buildRequestedAttributes());
+			
+			//build and transmit AuthnRequest
+			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
+
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+						
+		} catch (MetadataProviderException e) {
+			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", e);
+
+		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
+			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
+			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			
+		}
+	}
+
+	private List buildRequestedAttributes() {
+		List attributs = new ArrayList();
+		
+		//build EID sector for identification attribute
+		Attribute attr = PVPAttributeBuilder.buildEmptyAttribute(PVPAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME);
+		EAAFRequestedAttribute reqAttr = SAML2Utils.generateReqAuthnAttributeSimple(
+				attr , 
+				true, 
+				pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());	
+		attributs.add(reqAttr );		
+		
+		return attributs;
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
new file mode 100644
index 000000000..f9686029f
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -0,0 +1,272 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.tasks;
+
+import java.io.IOException;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.transform.TransformerException;
+
+import org.opensaml.saml2.core.Response;
+import org.opensaml.saml2.core.StatusCode;
+import org.opensaml.ws.message.decoder.MessageDecodingException;
+import org.opensaml.xml.io.MarshallingException;
+import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PVPSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EAAFURICompare;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.exception.BuildException;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Component("ReceiveFederatedAuthnResponseTask")
+public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
+
+	@Autowired private SAMLVerificationEngineSP samlVerificationEngine;
+	@Autowired private EidasCentralAuthCredentialProvider credentialProvider; 
+	@Autowired(required=true) EidasCentralAuthMetadataProvider metadataProvider;
+	
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {		
+		InboundMessage msg = null;
+		
+		try {
+			
+			IDecoder decoder = null; 
+			EAAFURICompare comperator = null;
+			//select Response Binding
+			if (request.getMethod().equalsIgnoreCase("POST")) {
+				decoder = new PostBinding();
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_POST);
+				Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using POST-Binding.");
+				
+			}  else if (request.getMethod().equalsIgnoreCase("GET")) {
+				decoder = new RedirectBinding();
+				comperator = new EAAFURICompare(pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_REDIRECT);
+				Logger.trace("Receive PVP Response from 'ms-specific eIDAS node', by using Redirect-Binding.");
+				
+			} else {
+				Logger.warn("Receive PVP Response, but Binding (" 
+						+ request.getMethod() + ") is not supported.");
+				throw new AuthnResponseValidationException("sp.pvp2.03", new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
+				
+			}
+			
+			//decode PVP response object
+			msg = (InboundMessage) decoder.decode(
+					request, response, metadataProvider, true,
+					comperator);
+			 
+			if (MiscUtil.isEmpty(msg.getEntityID())) {
+				throw new InvalidProtocolRequestException("sp.pvp2.04", 
+						new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING},
+						"NO configuration for SP entityID: " + msg.getEntityID());
+				
+			}
+
+			//validate response signature
+			if(!msg.isVerified()) {
+				samlVerificationEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+				msg.setVerified(true);
+								
+			}
+			
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
+			
+			//validate assertion
+			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
+			
+			//validate entityId of response
+			String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			String respEntityId = msg.getEntityID();
+			if (!msNodeEntityID.equals(respEntityId)) {
+				Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
+				throw new AuthnResponseValidationException("sp.pvp2.08", 
+						new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING,
+								msg.getEntityID()});
+				
+			}
+									
+			//initialize Attribute extractor
+			AssertionAttributeExtractor extractor = 
+					new AssertionAttributeExtractor((Response) processedMsg.getResponse());
+															
+			getAuthDataFromInterfederation(extractor, pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));	
+							
+			//store pending-request
+			requestStoreage.storePendingRequest(pendingReq);
+			
+			//write log entries
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);				
+			Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()); 
+											
+		} catch (MessageDecodingException | SecurityException e) {
+			String samlRequest = request.getParameter("SAMLRequest");			
+			Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e);
+			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", e);
+
+		} catch (IOException | MarshallingException | TransformerException e) {
+			Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+			
+		} catch (CredentialsNotAvailableException e) {
+			Logger.error("PVP response decrytion FAILED. No credential found.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", e);
+
+		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
+			Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());			
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+									
+		} catch (Exception e) {
+			Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e);			
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			
+		}
+
+	}
+	
+	private void getAuthDataFromInterfederation(AssertionAttributeExtractor extractor, IOAAuthParameters spConfig) throws BuildException, ConfigurationException{		
+		try {																		
+			//check if all attributes are include
+			if (!extractor.containsAllRequiredAttributes() 
+					&& !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) {
+				Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
+				throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
+				
+			}
+			
+			//copy attributes into MOASession
+			Set includedAttrNames = extractor.getAllIncludeAttributeNames();
+			for (String el : includedAttrNames) {
+				String value = extractor.getSingleAttributeValue(el);				 				
+				pendingReq.setGenericDataToSession(el, value);				
+				Logger.debug("Add PVP-attribute " + el + " into MOASession");
+				
+			}
+												
+		} catch (AssertionValidationExeption e) {
+			throw new BuildException("builder.06", null, e);
+			
+		} catch (EAAFStorageException e) {
+			throw new BuildException("builder.06", null, e);
+			
+		}
+	}
+	
+	/**
+	 * @param executionContext
+	 * @param idpConfig
+	 * @param message 
+	 * @param objects 
+	 * @throws TaskExecutionException 
+	 * @throws Throwable 
+	 */
+	private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, Throwable e) throws TaskExecutionException {
+
+		if (idpConfig != null && idpConfig.isPerformLocalAuthenticationOnInterfederationError()) {
+			Logger.info("Switch to local authentication on this IDP ... ");
+		
+			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION, true);
+			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, true);
+		
+			executionContext.remove(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH);
+			
+		} else {
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			
+		}
+		
+	}
+	
+	/**
+	 * PreProcess AuthResponse and Assertion 
+	 * @param msg
+	 * @throws TransformerException 
+	 * @throws MarshallingException 
+	 * @throws IOException 
+	 * @throws CredentialsNotAvailableException 
+	 * @throws AssertionValidationExeption 
+	 * @throws AuthnResponseValidationException 
+	 */
+	private PVPSProfileResponse preProcessAuthResponse(PVPSProfileResponse msg) throws IOException, MarshallingException, TransformerException, AssertionValidationExeption, CredentialsNotAvailableException, AuthnResponseValidationException {
+		Logger.debug("Start PVP21 assertion processing... ");
+		Response samlResp = (Response) msg.getResponse();
+
+		// check SAML2 response status-code
+		if (samlResp.getStatus().getStatusCode().getValue().equals(StatusCode.SUCCESS_URI)) {				
+			//validate PVP 2.1 assertion
+			samlVerificationEngine.validateAssertion(samlResp, true, 
+					credentialProvider.getIDPAssertionEncryptionCredential(),
+					pendingReq.getAuthURL() + EidasCentralAuthConstants.ENDPOINT_METADATA,
+					EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING);
+
+			msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+			return msg;
+				
+		} else {
+			Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() 
+				+ " from 'ms-specific eIDAS node'.");
+			throw new AuthnResponseValidationException("sp.pvp2.05", 
+					new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue()});
+					
+		}
+								
+	}	
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java
new file mode 100644
index 000000000..f2f8530f6
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthCredentialProvider.java
@@ -0,0 +1,124 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("EidasCentralAuthCredentialProvider")
+public class EidasCentralAuthCredentialProvider extends AbstractCredentialProvider {
+
+	@Autowired AuthConfiguration authConfig;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStoreFilePath()
+	 */
+	@Override
+	public String getKeyStoreFilePath() throws ConfigurationException {
+		return FileUtils.makeAbsoluteURL(
+					authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTORE), 
+					authConfig.getRootConfigFileDir());
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getKeyStorePassword()
+	 */
+	@Override
+	public String getKeyStorePassword() {
+		return authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD).trim();
+
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyAlias()
+	 */
+	@Override
+	public String getMetadataKeyAlias() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getMetadataKeyPassword()
+	 */
+	@Override
+	public String getMetadataKeyPassword() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyAlias()
+	 */
+	@Override
+	public String getSignatureKeyAlias() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getSignatureKeyPassword()
+	 */
+	@Override
+	public String getSignatureKeyPassword() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyAlias()
+	 */
+	@Override
+	public String getEncryptionKeyAlias() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getEncryptionKeyPassword()
+	 */
+	@Override
+	public String getEncryptionKeyPassword() {
+		return authConfig.getBasicConfiguration(
+				EidasCentralAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD).trim();
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.protocols.pvp2x.signer.AbstractCredentialProvider#getCredentialName()
+	 */
+	@Override
+	public String getFriendlyName() {
+		return "eIDAS centrial authentication";
+	}
+
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
new file mode 100644
index 000000000..5cee90658
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/EidasCentralAuthMetadataProvider.java
@@ -0,0 +1,345 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils;
+
+import java.net.MalformedURLException;
+import java.util.List;
+import java.util.Timer;
+
+import javax.xml.namespace.QName;
+
+import org.apache.commons.httpclient.HttpClient;
+import org.apache.commons.httpclient.MOAHttpClient;
+import org.apache.commons.httpclient.params.HttpClientParams;
+import org.opensaml.saml2.metadata.EntitiesDescriptor;
+import org.opensaml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml2.metadata.provider.ChainingMetadataProvider;
+import org.opensaml.saml2.metadata.provider.HTTPMetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataFilter;
+import org.opensaml.saml2.metadata.provider.MetadataProvider;
+import org.opensaml.saml2.metadata.provider.MetadataProviderException;
+import org.opensaml.xml.XMLObject;
+import org.opensaml.xml.parse.BasicParserPool;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IDestroyableObject;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.MetadataFilterChain;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.SimpleMetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
+import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
+import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
+import at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata.MOASPMetadataSignatureFilter;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+
+@Service("EidasCentralAuthMetadataProvider")
+public class EidasCentralAuthMetadataProvider extends SimpleMetadataProvider
+	implements IDestroyableObject {
+	@Autowired(required=true) AuthConfiguration moaAuthConfig;
+		
+	private ChainingMetadataProvider metadataProvider = new ChainingMetadataProvider();
+	private Timer timer = null;
+	
+
+	public EidasCentralAuthMetadataProvider() {		
+		metadataProvider.setRequireValidMetadata(true);
+		
+	}
+
+	public void addMetadataWithMetadataURL(String metadataURL) throws MetadataProviderException {
+		internalInitialize(metadataURL);
+					
+	}
+	
+	public void destroy() {
+		fullyDestroy();
+		
+	}
+	
+	
+		
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#requireValidMetadata()
+	 */
+	@Override
+	public boolean requireValidMetadata() {
+			return metadataProvider.requireValidMetadata();
+			
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setRequireValidMetadata(boolean)
+	 */
+	@Override
+	public void setRequireValidMetadata(boolean requireValidMetadata) {	
+			metadataProvider.setRequireValidMetadata(requireValidMetadata);
+					
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadataFilter()
+	 */
+	@Override
+	public MetadataFilter getMetadataFilter() {	
+			return metadataProvider.getMetadataFilter();
+			
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#setMetadataFilter(org.opensaml.saml2.metadata.provider.MetadataFilter)
+	 */
+	@Override
+	public void setMetadataFilter(MetadataFilter newFilter) throws MetadataProviderException {
+		Logger.fatal("Set Metadata Filter is not implemented her!");
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getMetadata()
+	 */
+	@Override
+	public XMLObject getMetadata() throws MetadataProviderException {		
+		return metadataProvider.getMetadata();
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntitiesDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntitiesDescriptor getEntitiesDescriptor(String name) throws MetadataProviderException {
+		return metadataProvider.getEntitiesDescriptor(name);
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getEntityDescriptor(java.lang.String)
+	 */
+	@Override
+	public EntityDescriptor getEntityDescriptor(String entityID) throws MetadataProviderException {
+		try {
+			//search if metadata is already loaded
+			EntityDescriptor entityDesc =  metadataProvider.getEntityDescriptor(entityID);
+			
+			if (entityDesc != null)
+				return entityDesc;
+			else
+				Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ...");
+						
+		} catch (MetadataProviderException e) {
+			Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+			
+		}
+
+		//(re)initialize ms-specific eIDAS node
+		internalInitialize(entityID);
+				
+		//search again after reload (re)initialization
+		try {
+			EntityDescriptor entityDesc = metadataProvider.getEntityDescriptor(entityID);
+			if (entityDesc == null) {
+				Logger.error("MS-specific eIDAS node Client ERROR: No EntityID with "+ entityID);
+				throw new MetadataProviderException("No EntityID with "+ entityID);
+			}
+			
+			return entityDesc;
+			
+		} catch (MetadataProviderException e) {
+			Logger.error("MS-specific eIDAS node Client ERROR: Metadata extraction FAILED.", e);
+			throw new MetadataProviderException("Metadata extraction FAILED", e);
+			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName)
+	 */
+	@Override
+	public List getRole(String entityID, QName roleName) throws MetadataProviderException {
+		try {
+			//search if metadata is already loaded
+			List role = metadataProvider.getRole(entityID, roleName);
+			
+			if (role != null)
+				return role;
+			else
+				Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ...");
+						
+		} catch (MetadataProviderException e) {
+			Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+			
+		}
+
+		//(re)initialize ms-specific eIDAS node
+		internalInitialize(entityID);
+		
+		//search again after reload (re)initialization
+		return metadataProvider.getRole(entityID, roleName);
+	}
+
+	/* (non-Javadoc)
+	 * @see org.opensaml.saml2.metadata.provider.MetadataProvider#getRole(java.lang.String, javax.xml.namespace.QName, java.lang.String)
+	 */
+	@Override
+	public RoleDescriptor getRole(String entityID, QName roleName, String supportedProtocol)
+			throws MetadataProviderException {		
+		try {
+			//search if metadata is already loaded
+			RoleDescriptor role = metadataProvider.getRole(entityID, roleName, supportedProtocol);
+			
+			if (role != null)
+				return role;
+			else
+				Logger.info("No ms-specific eIDAS node: " + entityID + " Starting refresh process ...");
+						
+		} catch (MetadataProviderException e) {
+			Logger.info("Access ms-specific eIDAS node: " + entityID + " FAILED. Reason:" + e.getMessage() + " Starting refresh process ...");
+			
+		}
+
+		//(re)initialize ms-specific eIDAS node
+		internalInitialize(entityID);
+		
+		//search again after reload (re)initialization
+		return metadataProvider.getRole(entityID, roleName, supportedProtocol);
+	}
+	
+	private synchronized void internalInitialize(String metdataURL) throws MetadataProviderException {
+		
+		//check if metadata with EntityID already exists in chaining metadata provider
+		boolean addNewMetadata = true;
+		try {
+			addNewMetadata = (metadataProvider.getEntityDescriptor(metdataURL) == null);
+						
+		} catch (MetadataProviderException e) {}
+
+		//switch between metadata refresh and add new metadata		
+		if (addNewMetadata) {
+			//Metadata provider seems not loaded --> Add new metadata provider
+			Logger.info("Initialize PVP MetadataProvider:" + metdataURL + " to connect ms-specific eIDAS node");
+		
+			String trustProfileID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_TRUSTPROFILEID);
+			if (MiscUtil.isEmpty(trustProfileID)) {
+				Logger.error("Create ms-specific eIDAS node Client FAILED: No trustProfileID to verify PVP metadata." );
+				throw new MetadataProviderException("No trustProfileID to verify PVP metadata.");
+			}
+		
+			//initialize Timer if it is null
+			if (timer == null)
+				timer = new Timer(true);
+				
+			//create metadata validation filter chain
+			MetadataFilterChain filter = new MetadataFilterChain();
+			filter.addFilter(new SchemaValidationFilter(true));
+			filter.addFilter(new MOASPMetadataSignatureFilter(trustProfileID));
+		
+			MetadataProvider idpMetadataProvider = createNewSimpleMetadataProvider(metdataURL, 
+					filter, 
+					EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING,					
+					timer,
+					new BasicParserPool(),
+					createHttpClient(metdataURL));
+			
+			if (idpMetadataProvider == null) {
+				Logger.error("Create ms-specific eIDAS node Client FAILED.");
+				throw new MetadataProviderException("Can not initialize 'ms-specific eIDAS node' metadata provider.");
+			
+			}
+		
+			idpMetadataProvider.setRequireValidMetadata(true);
+			metadataProvider.addMetadataProvider(idpMetadataProvider);	
+			
+		} else {
+			//Metadata provider seems already loaded --> start refresh process
+			List loadedProvider = metadataProvider.getProviders();
+			for (MetadataProvider el : loadedProvider) {
+				if (el instanceof HTTPMetadataProvider) {
+					HTTPMetadataProvider prov = (HTTPMetadataProvider)el;
+					if (prov.getMetadataURI().equals(metdataURL))
+						prov.refresh();
+										
+				} else
+					Logger.warn("'ms-specific eIDAS node' Metadata provider is not of Type 'HTTPMetadataProvider'! Something is suspect!!!!");
+								
+			}			
+		}
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.IDestroyableObject#fullyDestroy()
+	 */
+	@Override
+	public void fullyDestroy() {
+		Logger.info("Destroy 'ms-specific eIDAS node' PVP metadata pool ... ");
+		
+		if (metadataProvider != null) {
+			metadataProvider.destroy();
+			
+		}
+		
+		if (timer != null)
+			timer.cancel();
+		
+	}
+	
+	private HttpClient createHttpClient(String metadataURL) {					
+		MOAHttpClient httpClient = new MOAHttpClient();		
+		HttpClientParams httpClientParams = new HttpClientParams();
+		httpClientParams.setSoTimeout(AuthConfiguration.CONFIG_PROPS_METADATA_SOCKED_TIMEOUT);
+		httpClient.setParams(httpClientParams);
+		
+		if (metadataURL.startsWith("https:")) {
+			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
+				MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
+						PVPConstants.SSLSOCKETFACTORYNAME, 
+						moaAuthConfig.getTrustedCACertificates(),
+						null,
+						AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
+						moaAuthConfig.isTrustmanagerrevoationchecking(),
+						moaAuthConfig.getRevocationMethodOrder(),
+						moaAuthConfig.getBasicMOAIDConfigurationBoolean(
+								AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
+				
+				httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
+
+			} catch (MOAHttpProtocolSocketFactoryException | MalformedURLException e) {
+				Logger.warn("MOA SSL-TrustStore can not initialized. Use default Java TrustStore.", e);
+				
+			}
+		}
+		
+		return httpClient;
+				
+	}
+}
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 000000000..5954455a4
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthSpringResourceProvider
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml
new file mode 100644
index 000000000..02bf7bcad
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/eIDAS_central_node_auth.process.xml
@@ -0,0 +1,17 @@
+
+
+
+	
+	
+		
+
+	
+			
+		
+	
+		
+				
+	
+	
+
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
new file mode 100644
index 000000000..9c6ee3c67
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/resources/moaid_eIDAS_central_node_auth.beans.xml
@@ -0,0 +1,41 @@
+
+
+ 
+
+
+	
+
+	
+				
+					
+	
+	
+	
+	
+	
+	
+	
+
+	
+				
+	
+																								
+
\ No newline at end of file
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
new file mode 100644
index 000000000..db072203d
--- /dev/null
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/attributes/builder/eIDASMetadata.java
@@ -0,0 +1,5 @@
+package at.gv.egovernment.moa.id.protocols.eidas.attributes.builder;
+
+public @interface eIDASMetadata {
+
+}
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
index 719629936..6548f9fcf 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/config/ELGAMandatesRequestBuilderConfiguration.java
@@ -40,6 +40,7 @@ import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
@@ -302,10 +303,20 @@ public class ELGAMandatesRequestBuilderConfiguration implements IPVPAuthnRequest
 	}
 
 	@Override
-	public List getRequestedAttributes() {
+	public List getRequestedAttributes() {
 		return null;
 		
 	}
+
+	@Override
+	public String getProviderName() {
+		return null;
+	}
+
+	@Override
+	public String getScopeRequesterId() {
+		return null;
+	}
 	
 		
 }
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
index e9c3115fe..50da5187b 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/config/FederatedAuthnRequestBuilderConfiguration.java
@@ -30,6 +30,7 @@ import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.xml.security.credential.Credential;
 import org.w3c.dom.Element;
 
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPVPAuthnRequestBuilderConfiguruation;
 import at.gv.egovernment.moa.id.auth.modules.federatedauth.FederatedAuthConstants;
 
@@ -210,10 +211,20 @@ public class FederatedAuthnRequestBuilderConfiguration implements IPVPAuthnReque
 	}
 
 	@Override
-	public List getRequestedAttributes() {
+	public List getRequestedAttributes() {
 		return null;
 		
 	}
 
+	@Override
+	public String getProviderName() {
+		return null;
+	}
+
+	@Override
+	public String getScopeRequesterId() {
+		return null;
+	}
+
 	
 }
diff --git a/id/server/modules/pom.xml b/id/server/modules/pom.xml
index a9aed2d24..06c9a341a 100644
--- a/id/server/modules/pom.xml
+++ b/id/server/modules/pom.xml
@@ -36,6 +36,7 @@
 		moa-id-module-bkaMobilaAuthSAML2Test
    		
    		moa-id-module-sl20_authentication
+    moa-id-module-AT_eIDAS_connector
   
 	
 	
-- 
cgit v1.2.3


From 56ae5a8050fa116061eb00be9057abefd0428521 Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Tue, 3 Jul 2018 15:36:46 +0200
Subject: rename eIDAS LoA constants

---
 .../EidasCentralAuthConstants.java                 |  2 +-
 .../tasks/CreateAuthnRequestTask.java              |  2 ++
 .../data/SSOTransferOnlineApplication.java         | 23 ++++++++++++++++------
 3 files changed, 20 insertions(+), 7 deletions(-)

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
index e8694383f..55864f3c9 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -61,7 +61,7 @@ public class EidasCentralAuthConstants {
 	public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";	
 	
 	
-	public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_QAA_HIGH;	
+	public static final String CONFIG_DEFAULT_LOA_EIDAS_LEVEL = EAAFConstants.EIDAS_LOA_HIGH;	
 	public static final List> DEFAULT_REQUIRED_PVP_ATTRIBUTES = 
 			Collections.unmodifiableList(new ArrayList>() {
 				private static final long serialVersionUID = 1L;
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index 7fb6fb4f8..08ae845cb 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -158,6 +158,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 				pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());	
 		attributs.add(reqAttr );		
 		
+		//TODO: add mandate information if mandates are used!!!!
+		
 		return attributs;
 	}
 
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
index 8c024e79c..611771188 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java
@@ -40,6 +40,11 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
  */
 public class SSOTransferOnlineApplication implements IOAAuthParameters {
 
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+
 	public SSOTransferOnlineApplication() {
 		
 	}
@@ -405,12 +410,6 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return false;
 	}
 
-	@Override
-	public String getMinimumLevelOfAssurence() {
-		// TODO Auto-generated method stub
-		return null;
-	}
-
 	@Override
 	public List getTargetsWithNoBaseIdInternalProcessingRestriction() {
 		// TODO Auto-generated method stub
@@ -465,4 +464,16 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters {
 		return false;
 	}
 
+	@Override
+	public List getRequiredLoA() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getLoAMatchingMode() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 }
-- 
cgit v1.2.3


From 9ea5b40077c2336f3fb347bc6b20ef0b15c980c0 Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Mon, 9 Jul 2018 12:29:15 +0200
Subject: update jUnit test and add new method to SL20 extractor

---
 .../auth/modules/sl20_auth/sl20/SL20Constants.java | 41 ++++++++++++++++++++--
 .../sl20_auth/sl20/SL20JSONExtractorUtils.java     | 33 +++++++++++++++++
 .../modules/sl20_auth/EIDDataVerifier_ATrust.java  |  8 ++---
 .../src/test/resources/tests/eIDdata_atrust.json   |  6 ++--
 4 files changed, 78 insertions(+), 10 deletions(-)

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
index 658384578..645b043ce 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java
@@ -91,7 +91,11 @@ public class SL20Constants {
 	public static final String SL20_COMMAND_IDENTIFIER_CALL = "call";
 	public static final String SL20_COMMAND_IDENTIFIER_ERROR = "error";
 	public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID";
-	public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig";
+	//public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig";
+	
+	public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate";
+	public static final String SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES = "createCAdES";
+	
 	
 	public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey";
 	public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert";
@@ -106,6 +110,7 @@ public class SL20Constants {
 	public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY = "key";	
 	public static final String SL20_COMMAND_PARAM_GENERAL_DATAURL = "dataUrl";
 	public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE = "x5cEnc";
+	public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK = "jwkEnc";
 	
 	//Redirect command
 	public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL = "url";
@@ -134,14 +139,44 @@ public class SL20Constants {
 	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME";
 	public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE";
 	public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+	public static final String SL20_COMMAND_PARAM_EID_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK;
 	public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK";
 	public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK";
 	public static final String SL20_COMMAND_PARAM_EID_RESULT_CCSURL = "EID-CCS-URL";
 	public static final String SL20_COMMAND_PARAM_EID_RESULT_LOA = "EID-CITIZEN-QAA-LEVEL";
 	
 	//qualified Signature comamnd
-	public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
-	public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+//	public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+//	public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+	
+	
+	//getCertificate
+	public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_KEYID = "keyId";
+	public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+	public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+	public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK;
+	public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_RESULT_CERTIFICATE = "x5c";
+	
+	//createCAdES Signture
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId";	
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL = "cadesLevel";	
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL;
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE;
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK;
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_RESULT_SIGNATURE = "signature";
+	
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC = "cAdES";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_T = "cAdES-T";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_C = "cAdES-C";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_X = "cAdES-X";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L";
+	public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A";
+	
+	
 	
 	//create binding key command
 	public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID";
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
index 6d0a349f4..759d9c838 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java
@@ -1,9 +1,11 @@
 package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20;
 
 import java.io.InputStreamReader;
+import java.util.ArrayList;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.Iterator;
+import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 
@@ -106,6 +108,37 @@ public class SL20JSONExtractorUtils {
 		}		
 	}
 	
+	/**
+	 * Extract a List of String elements from a JSON element
+	 * 
+	 * @param input
+	 * @return
+	 * @throws SLCommandoParserException
+	 */
+	public static List getListOfStringElements(JsonElement input) throws SLCommandoParserException {
+		List result = new ArrayList();
+		if (input != null) {
+			if (input.isJsonArray()) {			
+				Iterator arrayIterator = input.getAsJsonArray().iterator();
+				while(arrayIterator.hasNext()) {
+					JsonElement next = arrayIterator.next();
+					if (next.isJsonPrimitive())
+						result.add(next.getAsString());											
+				}
+				
+			} else if (input.isJsonPrimitive()) {
+				result.add(input.getAsString());
+				
+			} else {
+				log.warn("JSON Element IS NOT a JSON array or a JSON Primitive");
+				throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive");
+				
+			}
+		}
+		
+		return result;
+	}
+	
 	/**
 	 * Extract Map of Key/Value pairs from a JSON Element
 	 * 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
index 7022fe6b7..35f1d0052 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java
@@ -29,14 +29,14 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest {
 	
 	@Before
 	public void init() throws IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException, SL20Exception {
-		String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust2.json")));
+		String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json")));
 		JsonParser jsonParser = new JsonParser();		
 		JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject();
 		
 		//JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true);
 		VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true);		
-		JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true);
-		//JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true);
+//		JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true);
+		JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true);
 		
 		eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result);
 		if (eIDData == null || eIDData.isEmpty())
@@ -46,6 +46,6 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest {
 
 	@Override
 	protected String getSl20ReqId() {
-		return "_63ff9ef67370024c4d2d8b9bfd380578";
+		return "_2ac94139a4451f7ef0893a5b823aff16";
 	}
 }
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
index 5f0be5407..221ab5351 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json
@@ -1,6 +1,6 @@
 {
   "v": 10,
-  "respID": "EK3d4E7SpVhzuq4mrQHb",
-  "inResponseTo": "_ef45ddc4a2a44392d81e5626d6290ace",
-  "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIl92cGVPcTItZDlzNzVKV21RS1B2WFBRR2pldTBoUWhsNFJ6VkR5N0V5UHciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAiZW5jcnlwdGVkUmVzdWx0IjogImV5SmhiR2NpT2lKU1UwRXRUMEZGVUMweU5UWWlMQ0psYm1NaU9pSkJNalUyUjBOTklpd2lZM1I1SWpvaVlYQndiR2xqWVhScGIyNHZjMnd5TGpBN2NtVnpkV3gwSWl3aWVEVjBJMU15TlRZaU9pSktXRTlKVVhnNFRrUjJkWHBLTjBGb2FEUjJPREJuYldOd1dVNVhZblZOZURaVFkyNVpVVlJTTURadkluMC5pS1BjUjk4bDU3ekpzZmw5ZmRjRjE1MF80blFianIydVdzMlZMMmI5RXZrS08yVXphNDE1MEtkRkRSM050d2V2Rk1Jbm8xVXBMX28xTVlQTnU5dzZIM2ZvYW4yaDFMYnlNcldlZnBqaTgyVWNteE12YlpqcFRUUGxQWktpQ0ZTMUxhWnhLQ09OOUN5SDFnMHY1amkxbkpfYXlGVUJ3d1ZQR0h1UU1rSDFVWUdVVjFZRUJUdnVqdDNsVTdISEdzbDI0bFk3U1d4ODhJS1VmVlJDTWZ2OGZiOVBjRjhaTDRoRnpVWTRyVWVFM2htWkxCeDdVYjZGNEV0dDI0d3JTVWhNRGVIWUJQRTVBT3BHSHJKZHoxQzJmZWJqejczLXJIRFN6UGhibEkwSzVLaE9JcEd1UjdtUHpRUFBFWFhxRGNaSU5LZHZtRkYyM0xFUnVmOGVIckg2VVEuajdQRTZPLV9pWVZDbFRHQzUxa1BWTi1NbzAxcVh2WEFQQVhwaTVCTmxLTS5nekJuUktzczJ1c0FyeXNzZHF5alhxZDh0R3hxODFZM0FGNVFkZWNETWZtTU42NVMyOVlvSkRsTGl1TE5Yc3gyd1FNOFp0T3lMTDNpN3pvRzVLcmRneUlfQU1ITkVOWHd4aHU0NWNieGJnZC1Ld21rTjZaRVh2YklvMlF4d1pHcDgzSkF5ckEwX3RKVlktOU5TUWQ0RmxITUFXR2pqckxNR2ZtSVZUd0xnbWZKZ0ZtWnM1cEtzVGFiTkhTNW1NWTFUN2didmMxSlF6ZmtxRHVTa0FSYTJQYnkySl9lQmtRaXVIcHl2S1lvaWZmWEpiamszaDloblJoNGtLYXZQSG1GMDZxZlMwTUI4bTd1Q3hRTUQ2V1hoQW9GZWNDRmQya0RsYnpBLS0xUG1aRWYxd1E0R2Q0bWJncXRlSGg5SWVzaXFNQ05naUZOaTQ4MUZjbWpmMDRuLUk4al9TZzhwR1dOcDR4Ni10ckQ4dVNfN1lQMlZsb0pZRUotYUZ4MmhkMlB1d3draTE5dG1KRE8zLW13eDJ3OHNqQ294Z3JCNkgzNHJmRlQyd1JHTUZOUTVQUUhONHg1X3pmRVVSczVBRDlXMGcyUF9pRkduTlYxRVJmUW04ZEFDOXlGRWhXaks3UC1jSTRheEVQUk5GV1hoYmpwN0ZmUUdQM3hfc2JrSDItNzFMZ2lJdFFZcVNCWGhxQ2ZfWlowb2l5UVZkbk10eTk2OFBzaEFNYjlHZjVzNUJRVmFRWko5TFJzNjhqNFlXWWJKamEzTlZQUGFpdFE5RHA5M1NvWkIxeEZMNEY2alA2NnZhQVk0amJUU2hXRnpPRmx3bGZCOGQzd1pLbnRid0xkMGtQWFJMblBNQ3E0TFhwNExwd1k2dmxCbHhOYzVtVGtWZmZDaC0teGtxOHNQMFZpZGZRWG1kQXVXQXZpaEpZTktsNGVlZTZaMEotLWxQVzZBZnpCZ25FQnZrWU5wYVVobkRqTTY0ZlNhanN3eEh5QmtrVXVuZFFCZ29HQmRLcWc2bERXYWs5aG1vNGVzTGZEZ1N3TnB4aWdVNThNckFEUFlwNzFmUU5POWM5VFFwNmktME9BYzR0bTZFTHV4S1VNbnN0c0ZtcWV3VXdHM2xFOU9QOGdsem5GTU1TVENfZlAtempGV2RnbUVFYklFUHlvVFVCSldLOEo3aWIzMUxRSHZXak83NjJvOVRaYTNyUmN6WnR0OFZmckItQ1R1NDh0YmxfN1d3Mmlhc3ZjWFloTE5vaVFIZl9iSnp3MTZZUFJOY0VYaWNiRFp6SzRmcDlRQnBPaks4cWNlMU1CTVRMN2VEdHpTUnI1RmJGaFNydW85N194Q1JGd19abHd0dFVlQlJ3ME5IcFpRaFR2Rk83a0taOG5LbE5paE1rWGE5ZFpRRVIyZUxGWEJUOEJWMXdjTnZNa0ZxQUtPTFhsTV9tcXZ2eEsxbXNHdHVYWTZLZkJ5dWU0R1hwNXVCQkRmd1M4bzhfV1QtcHNxcnhzQjBrMVQxZ3E0OHYxZ21wZUdrT1N2QTl1LTJqUVFPR0pTZnJmeVBWVnFSRmVOd3JYZV9ZX0NLWE1Kd1FfZjNqN0lCWlQ4WWpKaW5Sd1l6di04ZGU0S1RRdmJYMU5pRFpLdVdCcjU0Q3pBbnhnYUJRQ3R0NHUzMnF0RjEydzRMSUtDV3hSY3RPX0RRTkdFMHQwaDJzRlIxSGp5N3hsZWFob1h0UWdtWEZKMms2T2YyVUNLd0NXLVZmZTBMNkhNLVVOX3ItdEg0QWVlQVRIWE04N21nYmQwbFBVMEpXLUVXZ3dtaXhkQUxBcDNSSUhiQjVfYmJnTV9KRXFaUlVqd3FzUFlObE53SkRzM0dDMXpianZETzgxU3Bmb05iTjlvX1VLTnp4dEpScGY3MG9sSXFVQmRnenlEOTJNa3cyaW9WZm9qTF9FSjVuV1VjQVhvbnNZSnJiWEpaYjY0eTZ3NXI5SFdrbVFqWF9BZ21yNjBPbXBNNlhVWENXZG50U3ZHTnhla3MwX3RpUHlXR0hWODYtVXhMSmNvYWRWSWJOZVhCTUM1ekJjMzJOQnkzVGx4bmtieU1RYUVsRFNESnllUlJBOXVnVHhfX2JRUnRzUHVqYTVrS1BvSG1PVWRtS0trV19idHpRS2Z6WWtCcjhVaUtXT3QxTU5HZ0F5cmttb2YyQVFOR0RtT0VSaXFRT2pfSTNLcThsc25ydXlBOHprNG03ZjFxLTVaUkY5SW1wYVk4Vm9seGxRQWNXU1kyODJma24yTHB6ZDJ5MjZrMFB4MGR5ZDZHMkNrRDQ5VjdfaGMzM1ZuY3huWTR0eFZZVDVDV2VPbTVBN3VYMzhza0ZBdFFGRmh5bGNtbHBWdGk5NF9yWFdnZFBpcWxJbEdsVnZieXFqcTREYnNUbElhdl9kNThYWElud01EbVZjalFhQWpPVVotR2wwcXNIQWtJdllMcXl2VjAwNVRpdVBhUUJqLUtzbm9JaEJVYV9nVVRoR2M1aG8weXp2SEI1bVVWMVBuc0RiR0xLYUxFbTB0LUVxaFpjX1VleGg1MGhCTjhHbkhqUVRlaTQwWXhVTlFwUTc0QWdWM19uYzdRRTBjemZfMzd1S1BYWUFZaGNJcmVsWERnYktxWTZhbGEwb3Y2NW5VeElSUGJJMXQzYjNDR0hpMWJJWl9WODNBcEZpaHpJVmdZV3dfc2g0ckh3Nk9GcEdvOVNELU55OTBGZThuS0pWQnJoM21KMFZ5Ty1MTWw0aENMUUpkallDaWhZa3VHcTBUcTJKU2IxN2dOMmM3WFB6LXdjTGV0UEpnYnI5bFdHZnVhM3YzSGNHbFcwdHhNamNkQ0Q0S3hpaWhlOWx1OWI3VkgwUndSRWJsUXFwWEpGbkRZN2pvelZENUJCamRuWWdKRkdpb0sxdkJVOTNudUJ5LXhCNmNCUXJNOXYtWFJLd1Y5al9VOXR3WThuTjRIOGZsWUNTUmNXQ1FFT1hfSXNrdzdjOGV6OGNESFFMdzBUVWIzQ1MzSC1fX2E3Mkdobmt5d1hOTjhtT1ZwcGRzcEY5cW5qMnU2UHlFRkJQNUF4UmZrR08yMGVYSnRkMkxRTE9kMWJTVU9PZzQ0UUlaS084MEt0d1VmTVUtNDNSbnllaUlfMVAybjZRWmxXakk1MzladHd4eGV4S2dJZXF6VU1fVXFrTUFFTnJlbkZKN1lZNnFTSTZkWTBESkNEak8zLTRoUjZzT0xvdWJ3MG9MTHI3dzJLVGNnYjVfeWJhZHRXdzdsYmhZQUNHbnoyRjFPSGRqZ0VOOE9XNjR4MUczNEdQakxtVjV2UUNraTdZNzd2WFJBNzFnZ1VWdHBPZEkzN0xTVGZ6cE5BTnB4eTdZSzlXVXNHQzhXSlE1TjRJQ1oxNlIxXzRJa1RrNWlaNGVnbHJ2X1Z1MWRvcVBvOWxrdmZaakUxWENOMDVRQXRDbzB0V0U5QmI4RlRhWWpMc3dLX2p3UGRjYnRBZXkxeW1hUG9ndUMtNjlxZXdsMXVEdEFvdWR5VjhyQXVSNG1XR2hhTGVpQW9CLXQwbmFQSGdsVktaTmdUT2Frd2hnTzRDalpBUGpVOGlzTnpyT0dmdVoydHRDU1c5clhuRUw2elRIQ3U5LUo5N1lHNTZXbnNWOGlnUFhobXZfUExYZzUxanlnUFFrV0dRbHVIUmR1S3JCa3BtRHd0Q25DUWxqNFVBZ191ekgtV1g3aWtqVVY2N093WVVqSGpILUV3cHhxV0RMcXhaOXMyU1d4eGMwVjl1MnhwcnItWDhTN0RleFE1T284NVRBeWk0eVBnYUZNZmZzVUoyR2tBM25BWmcyVzc2UFp6MFNsTzNhRGRCdjRXYjRLZUY3R0gyNUtBbWZ5MGV0enIzaDJ3M3dQZ2FwV09PeGpadFhHcWhpMWdBdVNwVFhKQVQ2SVlsc2dtNVlfMExVZFl3UlRlN3dsZ19CQ0xwTWhUaHRWUVNwN2VzLXhDY0JPQnFBRHNyS09PcnA0TUZJOHNZa1RfNms3T2NHODhxQXdjSGg2MFNmSTRmYTJTVWVGaXM4UGw4NmtCOFp6Q3RVbDUxT2Z2aTRXUXZtdlJFOWNxQXd3Tm5mVlQ0anlpb0ZFVW1hM21FbEYzUXJ0LWt1UzdJdkpKd3JmRXR6bWczejg5YUY3eUdwenJoemVJdVRHajlvVWZrdlpfcGpuaDdvZlJQdHp3S1RIS21EZ1VqWHFGQXYxSjNXVHF6VDN3SFNDWm5vb29pMFhsamdGY0o1a1RCUFQ4V0dYTi1CSFBCTGlhQVhiak5HN3VuN3pnSXBYQ0tiS2RFdE1MQ1lUcmpVY01ienV4aVE4UDFxNDRnT3J4UlA3RUdnU081SnNOS0ZiMDlNdGdkOUpEUEg3UHFpcDQyZGI5VGdRcmVJMDdPVjdPS0FZb29qajRBbTAxcUxCaFhnS3RMeGJkcXd2LXpMX3FsbTE5QlVJcDU0OEhaYkZnTC1fYVFrRU5ESGpRZml5cXFaMmxSeTgzUjhGQ2pfVlowdjRmejVOTE1KNE5fMjhBVHI3Y3kxaGw3NHRicEJBNDk4dzNoOVd1SERTZTRHR3czYVZWal9VUl83eW1PT19BM0dMMWlRbnQwbWR4SVlubFEwTE53U1ZUZnFPVmVQVkN4ZExlS2dPTHIzUHJveGh5ZExzUDNkeU9ZaXQwa19lb2t2bTVMSVFtcDM1OWwtRXdWWmtMSUItRnk2WU5GZ1hVSUg4LVV4dS1fR0EwZkRjNkpNSDg1ay1lb2VJamxSRHp3S2xnYzQteFVjUUUyaEJsVDJlU0syWWVJMEEyNHQ2MmVLRkEzaHhlSEJUTGlnb0Zxa05lMFBjN0F5ZTZud0swUU1raENXU0FDWURkUEhUWENDcWJyWTE0ZFBWTUw0S21KVHFtcjNEMjJNTElvaV9fcXdaNEUyNFEtUXBUbzQtUjJaRVhoQjktbUhPS3E3aUh0Sk1EMDI2bmdWbXJUanZDbzlfcERsV0VMNWF3NXNhSVN1U1hRLW91bVFFSXJrb2M5bThjbDFiM3JqTlZXWXB5M2daMlJsMEdLVG9kVF9NMjBWalpmWmRKeU0zSnRMc2xGZ1RYa1NmRGtzcXBMSmdma2QxRHpjYjdKYk5pNnFZWUhBRGhLZTU2Ql9ycElyVTB1YTVMRkpsZFByaGp1M3R3R0tUWlJ2b2xEQnBMejZqRVh3WEtZNk1keDdNcG5RelpFYk9sejFpVDJqdGUwZ1hMN0JVaXI2WFFtc1pZaTY0TXdUcFBrVWFtaEdvWE9JOFBaSFUyMU1wNGpaTEFQUEU0WGFnU2d3dEFUb0xWZ3F2d1BEVWw3V1dIVXdEOGo3cW9FSVp4NTlKV2UxUVZhOEpyY0N5Mnp2RUsyMEZCYnk5OURjZGZFMklsaVg3blU2YUdGdzdLdnQyamZiT1ZoanNfUnVnLTA0YnQwdTRKbmVjR2dtd3pnODRaQjduMG5nWnBYOV82WmZoSFF6M1FXc1Zydjd3dmxJc3dzX0lyVkFIZlZzWUUtNEVGUF9kQ25uWXZxSEZUTFpHWTVBSTJ6SWVMdmQxRXpnNUZIcGJ5M0ptNUxDRkZYSHoyaVFkbGlURXppU0g1eUpPUEV6b3dkX0pBY3JyUGREakE2TzljRDhBS01FdHF0ajY3Xzhod2xpS3hKWWpUNGxaOFNybXpyVEc3MFlBWlVzLTdlcndIUTlKUEJMVEtUQTZhR0ZtWFFKcXBCcmhSX0dHd0ljbVB1YlVuUnZIREJXMFFSdW5WQ2k0c2pyU3JfRlZhb3hvS1l6dHNDaGI0ekFpbElpWklmcWZYUGlZWXZWel9PNTFrUlFNSmo3R0YxR1VRLWFiNWozQnlHa0RoTzIySEVIY2lXSEItOVV0UmJ5RlhINXlLU2kxcEpHQU42RzNzd29kU2FmeV9Xd05JN3U4UVBzSHU3ZzlMZXpBc0sydUZ3ODBQazBFTVo1cnEzMl82MzROTnl5VkVMZkFrN3ByS1FfREM1TlluSlk2VE5nOHdBMFhwSFBPRjlRanIwT050Ykhlc3Q1RzZ3OEtGQVA4bzJPY1pzMjhhSGp2MU9TS2prY0RESHlDMlNQdFkyUTMzMll2RWI5RlhjWmNmbVVOZ0pvMlhBWVhTbG9sNGpCZVlKTFdqNEFsWlRtTGM0MkxYUXNLUmJndlFWMGRUcjZIbVpqUG9SeGpySUt4WXFRcGx4OW1vNldyNTc3cUdvcmZaSUlyb3NZQ2prQ19faWM1M2N2WjMzaVpQRU1ueWRJMTRCZm9sUXVFVG5SeGJwUTBuM1VrT1l6Vm9TMGRJUEtSRVQ5RDNwdGJMOVN6YmthYV8waUZad01ybTZRRmFJamJ0aXZ6NXlTekZlMVVHS0l3OUxFWWNjUkVZSGpQYmc2WE5zZ2k4Z3Q4VGsxZzRCRkdCRUEzeUFLTGI3VkJLaHFQY2hjWFhPTlB2MTJzX01PeFNCZXE2YV9BMTJLWC1tSmQ0bHVSR2w3M0xMOTdiZldoUWJnMDh4WDRWTHJ3QTA1YktsM3VZbXlZc1VBN3ZMeGhyQjFtVnJPaUtodHBVSjhJVGZIakdZOWRhTXBNYnhLZ1pzRFRPT3FwaEJqV2FtQXFzcllla1ZGbnVxWGV2eWNxMVg5ZWp6eU9RcWZ1NGhCU2FsRDR4WUVkQTdMeUx3UERCYXh5ZjNyQWVwd21seWlLQjc2NlcwN3Noa1lKbXJGM0c1SUl2TmpzczVLdDhFaVQtcmxvUW9nTDB5NHpxaUdBUXYxQ3RHaDlrejJzbUF1MzZ4YmgzbEZadHM0bHZKalJLcmJrQm9wd3RsTUlaUjgyNERqNGVNcnhobE9PdGpvS2RwMFhrMF9ORjQyMFQzZWxqTnVDcWstdmlhbjJGWWk3WmJtVkwzanc2NVhRMVhwcmNpVEJaT2FMZG1jbnh5Uk5tQzdHT1U0Q1NSU1F1UzRsUlM5STM1VXJpbUxOMnBMR2ZaaGFLOUhleV9xMVBwQUY4d0tSUTBVaEI5WkJNTU1NSnl4b1E3bHVZcGxIWHVONmhlN3ZDZ3ZsOXpLTU9CeGJUc0t4ZHpXV01sMVlVVElUVDNWNnF5Uk80aDNaSjJLaWNQM1VCNC16Z280ZzIwUmx6RUltZURPMHY0aURCRWk3OXljYnpzYVJ2SEVSNXhCLUpsamk2c3hNVHNNSGQtYl9mMFVBMlVOTXNJTVgxS01rLUdEMDV3cmUzQWJjTXk4QVI4bFdyZGczYy0zc1dsV1c3b09JTEZiWjJNS1RTNU9YU2JyR3k0clpUaWdmbkRUclFpVWZwLS1uT0VoVHc2TGoxNzF0WEpPVUhWWEk2bHJrLWtVMFYydnZXYjZZbkFBdjhWUUhRTFVQYll1YkNIMnRlX0h6dG9KUExrWUdOU1FjNUhKTk9DNjlyVm92bHpiTlRmUzFxNTJpNTZ5cEk3ZE5qOFpWRHBsaEZ2aXZGd01QOTJlNmRpeEUyTFF1SWNNQUJkRlZ0SXlyUTFEUDFOTTNQRGJiS25LZkxXWkJOd0o0YkdNdmZLWUNUX1dZZ1RpRzJHSEUzOXY2MHFDQmFWTl9mcFowVDR5SDl6bDdGZDNGR3B6SFB3Tmw2di1UZHhFNm42OUZEU29JWEU4ZlpUazFpYk4zSU5jaHAzMnJlUnVHYVFvcDVjeHlzeHpSMHQ3NktmN3k1WHVPSW9pLTVGMEwzY3RQdEhRYllnYUJ3b1N3bUplZVZKR0FYTFUyYVJZV250Q3hVeXNMcXhveDl6UjQwR2dRMVhfR240ZE5jY2xSNThVb192TjEwd240cHZOTk9iZWZJR2xUdUJuVXNKZThTX3p0QkhuYlp5cVBjSFlhWF9Db09jaVF2Uk5RbmxMU25FZ2hOY0ZfeGxQc3VyTkoyZzJwSHJZSEZyUHFiYVV4cmoxeG8yVVJ1RTNQdXlfRVo5LTBCWTJLSDhDdHhMbkpudjg5ekx4MldYWF9rTGh0WDhHZGNoT0x5YUc5SmhpcXQ5YmlGSUtMWVI0ZXFMemprMkV5OUVObkFoTm43emg2OHZTR2NVd1U2eGZzVXNSMFVvNzU2czNMMG5XWl92eXEtTXVtT0o0OVlsWEJzQlpBdHI5U0NGTkRfaVhaUzhPRVg2bzFlQksyb1hLZGZKaUVxVEZuQWxmb19RTmUyNDNjUzhkdzV1REFtRWdSalRGUElBUWo0djBVOG9rOGxEakhPdWhUeEFnLWxUQzlkc0NEV1NIcExzZkdhOXg3N1NsX1Q0dWh2ZWFRYmZQRDFuci01MG90ekFVSGhocWI4UkxwOUVBZTI5Y2dnZkZLWDQ4c24xMC1JOHdacXBmLWtsUVcyOXkzVFU3WlcwXzB3VG1aVWh3WW9XaURpdFV1NkJOaDN6SGFQc3JhMm1rOHlsLWRXVy1kR3lxc1hrR3l1aDNKS0NhR1dGNG9nRlp0bWxWYndremVRMmxlN2hMSUpqeWZmcDJFWDhxRGd5X09aVGdIY3kwRm5RaXZJMHNtZEpvWVNPWVVlZ1F4bkVxczZFajZfeDZtbUxjZnN4bktOTm1tMDVWd2YxNlFQcE5SYXZ2bGxfSUxiS09lalBaeUlDUUtKa3VWSlVUTlQ0TlUwbUotaFFlM09GM1JuLVc0bHg0UGtKUklpRUNHWEVZVVU1SWREX1dUa2l1czJTcDg1dVViYktZTXNSNUt2NXYxMTNoVnhlRGZSdERwNGZjSHl6ZXI5cEt6SVpHS2EwMnpoTkJQMjhSdENHeDdFMFlyVnFxRDRJRmx5WFBJNkhYc3JRa3BGZEVfTk9ubVRHT2p6VzR3cmVMMzYyRHJGYkhycWZMWDE2aDRxOHAxdnRGNHF5U2V6YW5fU1M1LWZoSEc1ZlBnTVU0NU9oQlBuRXhzZzAxbS1WcEhCdDFJUHdZYWhzVi05Y09uQkZOd0pHbWJ0U1cxTzNKRGZBR0IxVFlwdnZNbktIQzNaaEJuYklsQWF2b3E5dEplMGhjTkFCaDdpMm9hdVdLZTZsbUFUVDNQbHhHbTVrLUxNVk16cTRlRkw1c2gyeVVVX0tRc1o0SWdNMmZQMEF0U1c4SkhIXzZISWhONWFlWm8wY0dwNnJ2UnpxMGxveWNfSDlWZGJpaHJ2OGlHODQ5bjc3cU9LT3gzemJVQ1NReE96ekVUdzlkN2pMZnh6T0RCRGdnVTMyWno4bWFNTTlXaWY5Q1ZJLTdhSmZqemoyZEp0UGJlODViS2RqZERiY3d1RGdVdFhEOXRSY0xTOW5saW1TYzBTc245TjI0NTJFSzhFVVp4QkRjZUtibVFxdm9hWXllRkhWS09RdkFPTElGWTNlQkdQUnVWd0ZzT2s2OXZGTGNIVldKNUt6SzBFTFdkRW5YcTVESVNoRFMzdEdEejNTTFlNWkRaT1FwREhNRUNnampsWmYyekpaMFExMkZ1emVweDY0LWVlNk9RZHdEcXpOb1ZzWlN3X3BJdWdseDA3eC1tN3FnU3FTWG9GTUtNZDBzT1VaOExHcHFBVGxjTnFqb1hZZlpvYWRKamRYVlJaZGJyblhPU1JnZkttX21tNjVsZ0lnMnZwTm9RTkpJRDNyUVVlREVmOG1HRWx4ZFRvd3ZqRW5uSm5LRGR0YkhtZFJZSmk4TmNFLTE1SHZEa1RPa0JtNEt5cjJYai1Wd2hTNzhvUkppelBhd3otYkV1LUh1T2FtTlVWNzZtUEpPSVFGeWhYeWZpTm1YaEFaSkE5bXhYNG9ROE9JMlFTM3NOQjBNRlN6X19hV01ZblBOTzBBSU1PV200dEhqOGJneVI3QnFBNTFlQ1RXdFJCSTFHTTdpRkwyX0Z6dl9jcG9OdjFOakZZbTdITFJBUmUtcTQwWTd5YS14RmFwc1JfTGlzUkNWNGhLR1Y0SXltUVJWNzhQWVAxNHN2Sl9PNG95M21HalRaQkZIWTN4NFhLUjdncTNuS0hqdUZvMHZrY0h4TnpHU0dHZkdIcWNxdU83UDNYaUI1Y1dHWWMzTkN2YzVNX0EyVng3SWV6T2dLcmFRdUI1LUYzeDMxWkFlYk12N1FVTnc5Qk1hRnBxejR3MXpIbTZmUWVTczA2N2VhRUR3NjVyRjNmcEY0VC02MmpHUVNHUS1ZdDBVSDBGMzY1TllXSnVOM0loaW13WkVoT2VGZk95VnJJNG5qWjk1eUZoWGxER3NrZGJWcnRqSHJVcU1ZU2tNcExZOTdkRV9FdDlwelBMMGFTNmR6Q1ZZLWlFODZsa0ZZUFNvTGViaUJzeWdnUWlUMmVpMm9lSC1NUnVSUVJsNi0zTGIyR0ZXaUgwM1RBMWdJXzRISHRXTUpKa1NaUzlQVmhHMWx5c1FUNHBYVUg3ZWJuVlJvaEh1cmlDMzRRYlBULVlpeUNENGRvQ0VOS2VjVS0xcDJEM3FhcW5jTE5mMm03NERfTHRkWnpPWGV4WTFIZlBSVUo5RTJ1NDVkLWk2SWxzNU1PZjBmZjhNTC1KTU5GSWlRVmFvcDFuSGFxRlhVSXdqSmVpMDA3c1gtR2pSSUNNZ2d5aVZfRnk3SzVlZlktcmc5aFZFd0xsM3QtYjdhOTE0N1ZmNFFIMmd0cWw0ZG9uS2pwMnRCQV9ETnN4ZzE5cU13TWlDTnBfamdoZ3pzMm40Q2xFcHVXSU5Ec0IyOUxOZ0tHemJRbjEySGN4bm0xblNLc0VPcnNuZldjMWlCVWNNMDdLMmM5b3l6THNqNjFTUDhTM3M1SkpIS0djX1ktNjdoTlBlcFl4d1lQaElNcTdRVDBBMkJ5b3pmc2E1eHRkMDVfN0VZYUszeXFwMl9TUkRHRVd2WVdLUld4LU5MSFVfZDNDT3FQWC1EdXVFM3pzMDViOEZvOG1YeVpMbV9kLUhhd01zeU90VVU5U3NQWGJCcklFMkJNQ1VvWVlNakFYeUJmbGQ1VWM1WjU1aS1wVVFaSHQtZEluN1dGbk9jM1VKM1NQdDFMZkRtOEx0THFTbFpfb0JWN2FsVnM4UjVZRkZyRGphWmxYRHB0Tk5iOWI1RTNPTmp1b1VPbDg5RFhfV0ZNNU9pektRWFVXRWZ1XzFiU2RCY2ptaVl6UUkwT2IxbWRfLVdpVEVlMEZVWVRreWlmRzIxMl9ockJkMEVRV08xaTJ1RUhHbHlBcG4ybFZOYTU3YmRiUWtxeE5lal9CdjhiTUVfVWd4U3pmSW1JdnZydHMtemdkb2hGaFI5UVNpV1JFSFVYODY0d01adERmX1htbGdLeWF2MmVGUzZTcGhrZm5IaV93cEhsMXpqa2NtbHBwcVotRllMVkhfSUNuT0U3NzlETzlvSi1oeW5YRXpvc2pTaFgxVHBLMmJkdFJMZ2VSWTFDZzZjVGVZUzBhWUNVT3B6LTNyLVdwdWJlUFRPOWM2bjNIanZLNXg1YjI2ZktwMnpSRnpZcXc4NGdGSkltUnNhRjdtMXZCVlZGQXl5QVdLamlGSEk2T042THlLQXRJODNuQW5URjFIaXQ0Z2xsYS00bF93VlZFZXJ4T21DVndTTmF5U2ZmaTNZR1hvVzF0UURpRFFlWkR2TFB2ckJmY2htcVFZRTRWZ3ZXWkVLQVV1d2VWdmR3em84QWFlNnFxakZNc2o4bF82MlpnZm1FTWVUaUtBd0Q2MkZPWVVwaklFUWRaN3g2RVlDN244WEpLZHZhS29VMWQzRXRPVE1acUdETVZFU2ViZUlLRlVWU0tfVnpJSklXel9PaW5YSC1GbW9GUDRDVkdLWWM3ckRYTWdRZGE3LTNlYTFqRk13dHEtRWdnS1ZCa0RxU0pOS1JrWmFYZ1FBTmt3ckxyVGdkMEdRdkktTTZwSEhDZ0pqYjdpOWxqX1BFVjNkcW9sV1VUWWdwRWF5OGZnbnpwc0tfN0F1TzRDTVVoSXIxOWhiNG5rNmc5eG16aEI5Z01CWjJjZG1mYU5NSzF2NjAyR3owWTIxWHpQd01ONGZ5em5wcmZYNXZ6b3NmQzV2bC1jQ1ZxX1VnU3JSLTJoUjJ5cnFNeEhYZXIxc2J5NzdPbXk5aGdtYjdBekstSFFLVnVERThLZ1EwUmlYd1M3UmliNjVsRTNBVjh2TGhiOFJ6Zmo2NXBkOXRUTmViQnhiUHZpdVIzMzVXZzZSREpRMTBKYTF1ZzAwWERTNGV1TmFqOE5rdUgzcVpCaHp0dlNZWTZaWUgtZUFjODJwRXN6bEk3b0IyLU1NU2NVYmJ1d0FTRGxKNmNycURhZVctaFF6SFZzazNvOUtaQ0FWdjZ1OENJaTc5MDFUQWozRGNzUzN3STFyM1NuNUpKRklRUklkLThSSjl4WWlXZUNidVB2OEhqeVozVmpHVDZMY3FPdG9HOVJMTXNNX3JqRkdRQkVka2J2YlMzbVRYbUZVRGpESkhVR2FudkFwWk9Lci10Q0E2UVJPSEppY1A2ekVrZ2lFMjJvMmlXQnI2TmpqeXhwQU96SWx6UXJPVm1pSzhWUF8wOV81RUhPd244bFhFakx2UldiZFhqR1JGZllmRmVRT0JvbDlRVC14NE94WTB1U0dkWTJVNFZYalhuMnpZMDAwQ1FheEJnUUdrTnNVVDVGdGo4QkVOWWZmcnAzMnZ4NDRidEk4WTFVN1NPdXdrN0R0czBLbjgzTDh4cFFaUXRTODBsSE5JRXpPNDVNUGlyVk1WcHpYZ1ZCMFJRMFRaZFFDcU1RemFPZEdSLTZyQlRQc2NnNGd5anE2ejJjVTBuVzU3bWhBb1NWQW5DQjRBZVhnNzdoejlMR3M3d0RvMFpQWXdWLWlJS2h0VGVZNnU4QU9Cdmt0dm1BVzJyZ190NkVpVndKNWh0OEp4QTVqSWZmV1d0SG9lUW9YNFFka09KX05fa2Zqek54UThJREhhZDVmb1h1Y2FEOFBsZ05obS1vT0x2UDZDTzh4UmpHSTJGd0xtNUZ3Z0ZNbjJLX1pzclBHUHlxaHBmSFpyWG1SMGdCY0R1V2c3OFpBbzNhOFU3RXEyNWVVdDBndGw0bWZVeTR3WWRtdUYxV2U4R1JnYWxfWTQ0d2RVc2tIYjJuaFJvMzhmQU5sUGt5UW1HNzZiU253dG5uQmNiUjAwNk1PYk5ZRzhhakwwMk5PdjdaUXdESnpHZGZnU0pGZUkxd1pQeUlZcUNaUkFqZTZEblphSHhCbWN6UUJVZ25yZ25MNnVTdmRVQ18yNWRQYzh5LXVNdkxCYjhobFhCR0V3Zk11UUUxMlBQSGYwaHRCVEJ2UjdmeDV2c01BeHJmM2xiYmRJTDctZG5xM2VYc3V4YUxuZXloOXRSRjNxN24xUTd6VFdOUTJkVHdlclhSOEhTenRCTGYxOXE4V3llSTdEZjFhN2w1Y3dfamc4Q25OQW5SSERzeWtVSW5oMTdGMGlKamhWQ1UxbDEzZVRoNjZRNE5WdFdzaUNxUEx5eDRENDFZWnRnSFNxZXFDOWZKU3JCdE85Q29Zd2w3czVMU0RfeTJ6VENvQVJPTUR6R2NYa19WMEtXalZNX0FDZmZ6Y1JoVU5uWTRhbEZ1c0VPZE1FOTlKdlJxQ3h5TXlJX2hGNTRRV0JjeGM1NzAzNzBQeGpkS2JUSnN0RTlaLUdoOTVxZVJ3aWJDcUVLR3k3VjBjLWNYdzI0SVRyczk1YTdLc05FYkxqaVAzOS1hbmZVNzhsNlJYUEFvM212MVF1aDY4bExQVUVGNFE3SWluVEZEb01hQXFYWlAtSUdWYmo5ZlVyOU9Tck9MRGNtSzhkNFhWaV9zeGF5aTNTMmxZaFE5Zm1Md095dGRoVmd2TVFKMWRXd3B0YWFmaU0xMEJQd0dNdWlCSm1wLUtUN29WaUphYjNLU0QxQkNGSTliMzlpLV9zZkVMS0Q3TUJIZmhiOTJOcVY1U3hwenMwQVdtQ0hmelpFc3RNMVc0aGZMYmJXVHdXd2lWSVhacEh4ZmRBYXVWNWk1bHd5alRIRHdrbFVtNmxleW5yekYzSW9JLTl1Q3pqZFN0aE1zY3ZCdWF1ekhydHNZaThoaG5ublNnbzNUX2RrWG1vUmJ3Rk5XQnUwSHo4YnF5Qi1nR1FXcnN1UFRIOUJkMjQzZ0g1MFphSzJHa2FWRWU3UGQ0bjhsWl8wNjJXR3c4bnZKSG1tbmdadTF0SldLd1U5REFTNFlnZUlpUG5KU1VQSUU3aDk2WXpGeGxUb2RRNnVEQXJhVTUwOGZqZzN5V0JacE5QdkEwUndhN3N1TWE0WHFlSldRZy15eTVLRG51ZmZuQ0FrZDVZb3JWOUxWVkhTRXZCbWJkT2F3R0lfd3N3Y0xJNkdNNGZDY0YzWVhzLUxyenZiSUpSbTJDcEJnNXBXU2dhUTNTNU1jLWpURG5wM25kQkxlWTRETVE2OVJQdmRkdzZVdktjODFTS0FwZUtBQVFnbzNYcVF5aEpYR29rN0NCWlYwNkZPRmwxeHpMNU9vZXNNSTczOGxDMzQ0ZTkxcXVUMXBOOUlrUFd3bzFFajVieFVUdmlPTDRPWDhQTUtleTJKWmpEVGZrZ3F4Q2llZ2E3VFQtQ1ltdk1JYXh2UEZzTmNxV0xOYW9jSHZpNDVJb1RLV29vV3FLRG9fd09TVkJLOXIzVE9pWWxvVlBMcVRGQkxET2I2MlJQczBrdzVTbzF5S1l5NUF5UzdOc09hTldHV19GVDNhd042YjlMRjdOOUJUd1RfSk9NWTNvNUFqSDFOOXFLZzJoc2EzTXNpMkNxTlBQUHBPeXNuRk54OF9QSUNYa1hYcm92SlAzMm5YSnlwdEszZkI0MkNTQXJWMTVlcklETU5hSVdYdmNxUTFfdURRQzh0N1BwVGFwX3U3enRfWkNjdlpFSUx4Z29TNWg2U29CMzNuU3Z1Ni1TcXF3cGpBZHR5QXQxc3RFSXdfeWh6T3JUbmhSeHduUEdfc1ZMOTBmbFd5TUNJbW5ILXZTZUpUVGNWbWp3MVFqeWQxRm1oNDRaUUpxRldzekNYQnZqUUFIYW1hOURBcW16cmRsRU5FblplakpkRFQzUEw0ZzlHcHBjaTg1T2JsMGN6aUJlT3Z3NC1MMVNCd3RwMG1yZlJuTWtMSlVSWFZOYWozc0s5RGFOOXEtbU8tVEZxS3BlZloteDBqenUwSURvTXRVdW52c1MwSnZBbmNLZkRlSG1TbFVFUzlOaldLWUIxM1ZtV3lZR180cm9QSFo3a1FJSm0wYm96dlpRQmZCYkhGWUo5Y0tLdE9LTWhBdmhrZlNwTDFxSS0tV2IzNVZwbTU4Rzd5Y1BiV1lFcVI1cEpMTkFEYkl3Y3dSd2w0Y3dqVDNmS3hESnRORFNja0Y3ZnNEZ25ONW5BUzN1NEpyOEZ5MWp5dWxUbjdOUUdVekVfb3AzTlNkUmhBV3ZLNmJjQk5raUY3SFE4X0xCejVNcXRGWXdwYzlaUlo5RUQwN091aHU2elNtTmhNcXppSUxrQkMwOU1CY0pGUUdkdnV1bGgzM1BBSlRSdGxrVGJYTlFTRmJ6aV9xYnlDT1FCSkVWdlZxaHlhRlF3dUZiLVUtN0w3N2pVVEFUZlVoTEFHM2V3Rk5HM3BoQUdOUjFPS3VnenNhSXRxSGZGb212UHpfSEdwTjJfQ0lVWTJlcHBFaVMtNTNLbnloWFJ3VmU0OUF5Y2VxRFAwa0dWSWVhcXFYVEJkOF9qN2c4Z2RrS0I4SXRQREREcjdEanVtOUtpVHlGaGlndlp5VDFDYXQyN0JfYVpGTHNYQk92V2RoTUFLVVp2NTRZZ3h1cnUxVTh3SUxGV21vc0U0RVRwUTZvMDd3T2FtTkdMbFFEMVJ3VDNWRVJWM3ZMX2tRMlJJU3dPZHgwbGpjZk15ZkdqUVgwQmlWOW5LUGFsZXpDYThaLTVQT3VHVkhJUmtJaVBBck5ocjNQNXNtdWQ5NkFhWGkzQTdQaXNXdmttWGhLMHh4WWdWcHRUMGlRcEstUDF1bklOXzUzMnM5N3p6UnRtdWpBXzZPNkx6RmJaZzc1WGctNDV6TG5hWTlrMHYtQTNZalN5NDgxNk9BcnZwMk95eUFFLVowOHU3UUxST1ZadkZwWVhhMDk1aDB0MWt2UC1RWXFEMjBXMFhPT19kNUxpa2ZtUnVMekFnSzZlbExqZlc5c2xZZkZlUGFxcXgzRlNwSzh1cHpBYUFqRFFHLUhlT1k3SzhTNHFDNk9Qb3VmWFRRbU5yem5RbkJDWm40RjhvX0JlV25YWHJCcjRVenpfY0RZZ091NFNWaU1meUxRR1IyTGJlZ1RUdzYzZFJUQWtTWTA0bndnQ2VSbGxYSkZ1WTE4VmZZTHBJdjBXQ2RTNGdCNFFpa190VmpBdTdyUTRDVEhCS3dsVzN4RE1abDhTM1ByWWFOMmhDa0MzYmQ4WUdXUVZVbFZ0WGo5X2hBZ2V2Z1ZfUHpnNkMwVmRVTXdWVzcwWGl3VkpxNnlPX3VQREwyMjRfaldncHZud1FUZXpuS05hdkI0SkdjTWl5RF9tZkQwb3lSRW1KYzN5TEF5bXVSdUZwOGVJVmFxcmo4NU45dW5MNklzMHUzZmxTZGZaanlYbTBYQ2hZU251YUthZ1k2UzBPZnVQNTUzcUozcnpMN1hXQm1WNEJ3WDU4N3AxV29FYk9rMDhvZllNNmQwMjcwbWZLWTVfTGV0aEl4OWpJTEpRWkZla0lfd1FJU251aExKOGlKZXVFbkZseVZmSjhZSjZJUEpSWmtBaS1jWVZPMGxyVGhQTnp4SU1EUEJnTVNKbDFLdFExTUQxVnh1bENtQmVvMlZ0c2o4aHRsWjhiZk13UlZ5a2dWcnRRQ3U4MXJPaHFfYWNtb3NnR2JkRkxSZjFQV0ZvWTBKX1pPRnVOZE5IRnlxenpLZGNZU1Z2NGF6UUY2cVlYM2lSOG5VTG91WkEwVkdiZXpzSzRGVkRZVkNjVllLTmFJYW9DNU5RYTZDNkpvcTV2UjNQQWFIUzdVS2dYbmdKeURRTU9Xd1ZiMWNoTDVJc2s0RXVhQ3E2ckNDWEtkZThOT1BCMklUTVdJd3Y4VFVqRE42WGJNYXlJSzEzaGFfSjV0TEFXRWVLeUZpdDhJWUZ0WV9JMWtnb2tGcnNPaHdqLXNmcVZMSjduQlN6NWJ6bVE5c1BVc2diZUFpNmhXRFVwU1FUdFk2MzFyOG9mT05lWm1EMFYyRDJheDVBc2ROSWFHb3Uzd25leTdUaGxMaXJXV3dwbU1GU2dKX3ZpdU5VLXd3VlhOSFhibGVjYjRwX1M4dUFraHV5WEhqdzVzek1NSkphdmR0M0lkdm9rcE42dkRCSDRhRm1NTjhGV3FYQVo1cHZIeHVmSkxtVTFsbVFtSHEyeWl0amVCb1NzRlNoYjNLRFVMRHdGZG5ZTFI0MmEwZmkzNVdtRTRjVFVGb2IzWmNXZEhpdndvRHdmc0hfb3NJeWF6aDRQRVI5VXdmTTV4Qk8xZmhHV1ppZXpZemhTTzdtZllkY3BNUktPRDVPbFJVSm9WS2FnX0M4UnB0bzdYQW5Qb0hWTVB5Yko2RTExOUVkb3BpWXgtb2k4NEdZU2VKN1ZXRjh5Q1RCc3F2ak9UOUc5UnBUWlBQa2xGVDFobVhKY1FTWUdRRGlFb3NhTWtiRjJUTUlkYk4zMTQ0STVDRi1QTnlsMkdSbllvelhEdUFOaVlSbFFlLXRtQU1meE9vNWJROEVQbWZWOUN2OTE1UW5kVTV0WWpnS2FLSXNqZXJJYXBOUFJTLWdBNnlFcVJMcnJJQm5vQjFWQ0czOU5zOWY1bExsS0hkbkQzQU9lMk1OTFdSTzhnRTNLVFBadjlORlBsWnFIb1lWaGxrM0dSYmdLQlRndnlBakI2V0VfbnlBOWZoWTBIeXF0Y0JMNXN3YkhJQ1BqSUl4a05paW1yNUZ3ZUplNVhKd1NHOWRmZlBjT3FQTXVWbFVzU2ZqVTJrTl9CQ1N1Nl9xLUlaMndSaVJHdklXcG5vMWQyc0F6dFZRbV9PVUJqYzdQem9GZ2xuQjNSVzhwSDFraHFDUmgySlhKNzJWemY1bWRFbVRWXzZ2V01CX2NqQkwxOGp3aFdMaklJR1JLOV93Nkk3am9nVDBwUkoxZFZpSzlpdmZrQmpxbnBZa3gtb3hJVzIteWFtUjNSX0VtcV9RaVVzVVRhOUw3WVpJQmgwQUpmZnQ5c3RkcVR5RloyYXBvRFcxaGppUG5WV1B6ZzZMMGZFSzhyN3dXUEZiaXA2ZFZSZWVmeTJaMVpVQU04amlyampYSFM3dEs4R2FHdDFSTEJ2ZFNURHczRHhOVXpuRVlIYm5PdDJpNlhPT3FWdFRjZXp1M2hRZ29CQWlTNGFKRnRQTmZJcVVpbVNXMGhqdmh0TzJDMDVmdThOSk1nYlBNT25IV250VkRYbG5UMEVPQjZEWVg4SktWczVPUEt3M2JWeUoyY2pxak5Qa0pBd0xpSTgxaW1DcVRSNGF2UEZFM2QwTjBXSFc3bFFVcTdEdElkRHZMSTVDa1FJbXhvRDQxcFEyb2wzRU81WWQzR2VYTUJJdGVpYVJjZ21raG1ORHVlUXZpelI4UTBHcDR6aXozY0JkX1NITUxSS3Z6MlE4U0UxajZVLTlYblJKdGxVUk5iTTN5UFRyWXg3dXVId3ZOSE1xMlNDZC1CLVk0Qm9HOFZKSTJfV0I2ekljODlIVDR3RnVCOGs2SGFEdWFVMGFJa0xWUTJIaGdfNXQ0V0RSYVR4VERvUmlKYVBEeU42LWs4S1F4anc2TjNGX0NpbUFUNEtUbmVqdG9jaVpCcmk4VDNCOXRpUVFJdEZLbnpNa2Q4ODZUbElNWmJNaG1teUEwRVJ2OVAyNk1PUDBRT0xzZmNiR09tdFZwWndmX2lHcm1wVjg0Q2ExRDRDWlFuMlZGUlNtRGVXbDFFMEtzQXZlYVlXMEhIVVl6TXNXWUIyQ3RwenQzWUx4ZWV3eEE3b1ZMYW40c3d6dHVEV1h1M0Jja3BPMWREV1ppYk04ZVozbmRMQzVXcXRoa2ZsaEZnTmRlTVB4NGVoWXppN0FTVHQ3VEUycjFuQ2xsMDN2ZHZzMnQtZzJoZDgwMTlfU0p0T1NHM2lCZGxOSlV2dGFlRGlCU3pRbXRtYXdnc1BYXy16UFFUZVdQdTlaaGNxY19ldjFNX1FmTThXWTdNV01DSDNoMjJ3bWE4eEhGRF9VNURoQS03bHRwZDY4WEhSVlZJSmVDallPdlpiZlNwVWFuVEptMHBpQUJTVFBLZmtvSXFNdURlMEc3QlB4ZndFWmVLLXp6SjVvcFBkUmFvVTNJSHltdFA5WWJfb3lXb002RFJYaE9JOGFfMDJGTkplUjRkWTlRaVFoOS1pdzFVVk5JZkliRnN3Y3d3alRZdXlFV2lYVzdXbk1ZYUJJOHdnQmtEOEhId2lkQlRPTVRndUdtcW9ObGFMaG5neDQ1aXpPY09pcUhCcXN3b3hza09hdTJoVFRpWi1iWU02elhSeGtHT1hqeUJjSDRXSEFFVUdrSm9xbW1PczZzWEN2N2pucXFVQ2l0ZVRjb1YxM3hETUNHUmZyVVhBUmVHeXZTS3RLQmFieWl5aVBtVmtZMW9RQzdSN1c3REp5VmQ5bVZYS0VDZVI4SldjWVl0aC1CQVZNZTdCWnlFOHpsUkdVZ2RsWEdEX210ZGYwMmlMUzd6TlhjaTV1LVlXTW9tUmpFc3BNOVRETGdETE5pblYwMFJhS2tvVGRlQVRCVEZiNmFxanZsbGVRb3phWWJMa3djSmc3NkVlUkh6SnI5UkwwRWVGTGowX1NzZEpDc3R1Zmd4eU5WMmhJakxucWhrYUVkdjRRNWFER0d1MzJBNFhpR05IOFU4Wkd2b1Q1elR1d2lGckNEdUJtQ3MySGlZUTI4WVk4XzExc2xORzlMenZaN05Sb1FPUkpPZllCTENmMXpkclVrbXZIWnF0VkJ4cERZRlN5S2lKd2pqVDkxcFlFeUV0TnU3QkQ2N2k2UFJLZ1htRDBGMXMzQk5kUk1VY1JDcG1ma0xsLW1CbEtGbHZWcTJJNWpvVzF1U2pIbzVPUGtjQldoWVF2aGttRUc0MW85SG9rb3pNSVRscXBjUk5LcjBUQW5kNlR1Y051RjdkLWQtRkNuS3JUTjdtUy1VSkIyTU9wM1c3NVdhUEZ5Yk9nZTNWMnNmWW9fTmZsZEstb3RVVkZ5RXQ1eVhkX0hnM2s4TGdmSXhvRDFoTnlrellpU1BmOFFUMmZGbFRRYmlici0tdGVybVlHRUxpbzVCaXBPWHdrYlhManQ3akM1RUh2bDF0a2k5a2ZrMDE1bDJQUUdfUnpwV2RibF9lVDJULWN4R2ZhTlYyc2F1VTZsSGZEbUdYVTVTLWlvM1dpUHFKMWVmVUVQMWlxWm5YT2FWZFpTcEN4WFVHVDdVdU9kYm5tV01MVU5jb0pGT042NENKeERCZ0wtZnZIYnlSODlqRlNMSXRuX19ucjZGelNHQl9STEsxMEZEck5jLUVSZkV5eGVKR1AxV1ZhX0dXeTFQLUdGX1VSVi16YXZZOS1vdzA0ZnktZmVkWVZXYjZJb1BwMkl4QlBqTEpUUzdUaU0tQ0ZMR2NNcFN0MXVZblJuNU9PTkk0N3ZoZ2xHMnhBOEZkOWgtdXl5WEN3WEtVcU84bHljZVU3ZDM3RUlzM1V2dXFYenFGVzhNMXVoRWtNUkpFMXVkZTRQLXJOUHZGRlpXV1duM2g5UzBuTW11OUJfRXd2TTlNU0MzaDRjWXZENl9HVWhxak5BcmZmM3JnWFdfVzFFbWRSdzlXWW1uWEVyQU8xdnpiYnRiTlJlZnd5QVNfSVFVY1Z6REd1MEJvZ3QtaTB3Y2QzbVI1UnlkYlpoVHVheGVBdjg5Z3MxQURqNTJZbEt5VXVYakhqNjhLZW9sSHdRdnlqZDgyRENaeTBvNDl1Ym5udkZ1YjBZTGRQTU9hZXpFMHVfSE9iSU82bHRsN3Fhc0d4SFFGSVAtemJQR0tPUjlxQ0VobVdwYmVZM2JlbkJQSW1KZFhMcThCWFlyYnk5NkRzVzlmazFFTGVRbm42bW9YS3JoUGg1am4xTmZkWnREcEt0VzRMWkdYWWIteS1heVJrQTlpU3gxVGlLMVFMd1U0WjRkZXh4LXNHbTdfSWI1MEtNU1NOLU80Q0s3R092SWh6SjVmNmxMTzYwb2dwQmJPWVI5cUF0TzMzTWhwOXFuYWYwcFpHNVY3aFFEeUNlU3B2Q3BDUWVRQlYyM1czSEJoRDNhUFBmaFBLV1NneXJYaTFCNWgwbUVBOWxfU0U1YW5meHoweGRwXzlQWEo0SlZIdWkxVjQzNVVDLTdINkloYTViRkhsaGJDUkN3dzdSblF0YVI2bWpzWmxzYW9sLW1HeC1yM2kxQXZOOHd3UkpZWjd1UDlnazZZZkdET2JqLVBTVDFjZHF5UEtEc2RaV0NKa1JxLU54YXdacGFPam5FQWJIc0N0d1VJN3FPQndWMXZkVWJjV2Z6Z1N5dVpOU1dKMUt1ZExmQmZWeXV6ai1VMThZcDNOWVMzN0l1ZGZoMEIxTS1QSEE2Y0ZXVXhsc3JtNG9kMlY3WkRiY1F1MThMQ0dCX0NlYU0yOGpyTlRGeXA0SEhILUJTNDZzZFJ3TVJQWC1nNzJRY28xLVpScVdLRGQ2bVNwbHZYMEhtd1g3ZmhieFBiNlB5MmZ4dHJqY0NhR0dEdldjU0FBZmFEVVMxVS1LcjMtX18zQ3VsdVBHYVRZTmF3RmgwbG9KRnBBdzM2ZnhRV0toMGxaMzlCQlE5MG9Wa0lScGNoRG5saGotVXdvYjlvNVFEbmRlWHRLVzE5dWU3OTQtbHczYnBQVWhUbWIwVkpuSG1YbURoTjFyQ09mbXV4bDNMQ0ppaDcyYzVzRExkSXNMTUJ3WTFMNHBKWVRoYVdFTVZzWlhLWHJlbkpUWFpRUWVsenVuQjFwVUZlUUtNSURFYUpyR3ZmT1hpRTRZMzJqdTZfMmVPTFp3M3pubFpkYUR0ZDBucDdKdk5wd2tXeWNNQnVxZmw0OS1wb2lpRExzX0M3S3JhdzdEOUlKUzlXaW5aLVJCYzQzbktITHRzZjBnODNZX3lBaktCMkE3MmxVY3N2WVhpeXVTRXR6cVRvdTZwOWtESzdnNXFhLXBiNW5yNkcwQWVFVE1PbUF4N0lxT1gtT3Z3d2p6S29sN1JXczZNbTVBOEtHNlVYU3dUeXpOQlo1bUFyOTlMWnR0RWxfdDhOVHNHZ3NmWndXb0xBWnRjVWJoX3htVFNzOG9SRFNpSy0wek1HV3g5SVlIMzVIdThIT1hPUTV5LWFXTkZyRHQ2bkh3ZFNUN051dWN0YS1USnpPUENWbmNzV2J2RlBnVDd3a3k0Z254eU1ORFJZWlRFX05PdkZQYVRxSVE5b2U4Ri1HdkZua0RWRml0cGJXamtVbDZ6S3VBUW9rRk1pcGJMcEx3NElrRXNRYW9yNDcwV0xLQ2pJbnNhVGo4N1B5c1dFZG90OU1ZQlgwUWRfSzRfVzJtUW5VZ2s1cmlXQ3RxN1pGTU14alZTSWgzLWp3eFhGSDBpaVZRV3J4NlJDNnlFZUgwVFFlZHQ0c1ZyeG9BQ2I4aklWRzlMTTZ5eUR5Y3dOZGtKOGN1ZlRUVFdsanV0SWNDWGFaYUpCbVNudVA5dno0MHpzWTdzWkd3SktQMHcyTlJRN2dqUVRMNVZxR3VSRE5mbnNrdWNPdE1SYlk4aXlDYzRSaUNHUUxwMFRTbXYzSFVaOGRIWjhlZFR0NXNZZkVPd3NvRG5vNUFabjRRMUlfeWxHd21YYkhyTkVidFlTS1VtWU4wV0pZMWJtS0VBbk5HajN0WTlaR19ta2dCSWMybWZXZGlVZndQOTRUeDVYcGI5SmpOLUFRUGRCSG1BN0Nxclc1Ni1vX1JiNmNPNHlRcmdrU01BRlBEeWVQeVRTTzFfb3lZcUZ4a1NqODR4WGdPYUlPSXdhZjJtRkU0cldnLVZoUkFPZEFfUmNxOTR1UWthTi1IYXZJbGVpMHZ0NDRORjNmSnFxMDFFMGIzVFNFbklUb1JuZDJZOUN4OUpfLTJVNnBYWjVRNTNLV1VZaTJzTTZLSnRvZi0yMk9vV3BFR0R5MWY3ejZPMnRqOFJiTE9wRWNUQUFPRTFiQzVaN1BWYU5objR6QmdrdktmR1d1MU9KVURKcFpTQ1NsRzZwUkd1bXo5V0xoUmRHSnUxcm1vckU3bkhuM2dESU5Wc3ZCWTZENWtMZU1fZzRuVlVEOW9TYWZ3NHg3RnV0NkhoTm9tQW5scWJ5R3VKSm51UjNJMTV3TXVRLXRMLUJyaVVrSGJycFFpRnVXaTVuaWNCa29CWjA4clRtTG1Md25lV0dMVlhfanV3OVVjcXVEN3V5ZkhURUo5TUVOUXdGdHNhcFdlS3RBNVU2SjRZNGxWaTFsTERXenNYNXhSSlc1YV9pQ3VVLUx3WEI3V0czSDFUWG9xQ3djb0NQeGRfX1IyMXVXTHc5TW1uRWJ1Z3VEbkhoZDFqZ2ozX0kwSUFuMjV2cUlSTkpqWHNZUEdjVVIwejRvRGNmWEJQbWlZWU9GVjEwYmFvSkJ3ZDVsZFVfNWlRMFdDMGJLRTlHSmFZOGVoaHlXQjBwRE9yV0RuaDliOXhSMHp5Tlp2eEt4VC1EcGRHTDlxVi03S0NtNDY1SW9QZkFQZzNxWjNiUmhOVl9ROU1zMlRFV3VXNVRMTlJ3bkFnOVhHekEtSklYM0dDNS1PVEIzdWhRZHhIaVRVcEdXX010YUNXY29fUEhSS0w1VFVuUk1ZRkRvYXZCUnEwX1lSN3FSU21YYkptekk5LXFCWDRnRWM2NE12QzVyMlBjdzZXa2dEdGFGVWVKenVjUmpnYVRwQWhhZG1GQmNZaXY2RmY0YXJyLU9IczNjRzYxdkU0NUxDVEdHYVpSeGx2SXhCNm1MdXFFbmU1LURpWHA4S1luSXdYRy1rTnY4MkxkeW81VHlYMWJQYzlXcHpuclBkUXpySU1TZ1FRQWhiOHJ0aTJmZGFHVFNhLWtKazE2R0tZcWhTTGZyLTZVSXRvdmN5TXVIYU9raHNXVlgtUzdXREZxenMzQ05aQTdJUTRTWHNsbGNaRG1MbHFUazdKNm4xVWpkQlVMLWRzNTZZNUR0My1nZFNUbFBTMGtwVUZzaWtkazhqNE5KTUpDcU0xd3VkNHZiRDBVTnVNRFdDT1RMRkpmR3ZjUFNhZlZjT3VPMzZtdi1IRFIzd090Y2xlRTVVSVBWN3VxbjdmazV3ZXFXWjZwTUpHcHRUY0NxVWxMOTZzWUFOVFhOZlQ4eEJOQVdqeDk5T3VWTzFyd3oyRUhHQjRjZ2k5ak1RcVo0bXduR3JWTTdwZTZrcTVXX3F4ci1wVzN3eHdfU0VZVkE5NHZwRGozYkR5bHlpRjdsWVk3aXloQ2J3MmNuakM3YWxVaDVDTVk5R3NYM2lvVzVISU5xdmJxNVJoWkg1RTVOUnJmQm5JVV9YU2lZcnU5QV9pUDRHcVJMQVpDakd3ak44Y2RBd1o3VzRPZENkOS10M3FwY1RuNldZbTM2UVlBX2RMc014T19TVzVMVFBBUUk1YnJiOHQ5TjdHVGR1ZTR4dWk2SGhNSkw5UktySUFUZ0RmWDJqQjFSRUREQ3Q0SVBpNld4RHJkRldsSGo2SjlGOUFtcDdpYVk5aEZfeXFiWVZnRW0zUzZSazQ3Z095T2lXRHIzekhqbVh4OVhPWXo0SUllQVo3d0JvSlVxSDBHTGJCdzJ0LXRxN215LUc4MU1DUnBaWVlNZDhVQ0xqMExqdW9QdlZuV1RBTHU5LXNEd195X2g5OTVCbU5vcUk4WFpQTlNaczFUYjQzWG1RRGFQYXlQNHBsRjFVQ09MMlZPd01EQmdtemlKR3FXRDBSd29TU3loZmxYWVdqNzZiREJId0FnejBFRkZmX0FsMEFxdXV2dm05N1BYLVREaVRHVGttbWFub0h2SUJuanJYVjJKaW9XZ0F3eE81YnBGenZpVWNiRzBaSHBUVF9iMFJfVDJTMWVDbkt5Rk82WVBkbklKTmVhLU52Z3hKcFphVG9uWVVMcndPb0tiZGdYZ3ZyeXJ6SmVSZUtKYk53aXhWX3ZwdnZEenFyNW10MFcxS0lTOHFiR3J4V2RGcnFZbU83SWJibkQwQnQxNUJvdGZiTDZxM2dzOHNQRmJyXzdDWUR4N0hxTmxLakltamlkNER2T1Zabm9KWTlGTXZoSTEwTFdKTGNSb1RWNlJBUmpSR0V4RXIzTm5na3JlRzNQTS1jQVI1cnFXX3lNM2tGd0hrT0xGUjh0ZkNmQ19qU1RKd3NqZkZJZmR1NnU1Y3J3cUpHOVFMWTBIbzlXX3lOLURnZmd6ZDBVaVJ3RjJXZ1BVenR4azZ1Wjk3cDZsaXVyWWJzUWVQN01iSFJscG1ySjgtQUFrWDBYeHowd192LTlTUUxQMDlxMEV6ZTFLUWJYRl9rMWRiNzF2VlE2Nkhaa3NxSDA2ZHhleFViSjl2eXJjTUVCeDE3VTNIMXdXY3ZINEY3NUdPY1RNUTNwY1dBWFNKMnJaU3NRTy14MkhxRjYzVGlFeFR6eUo3T2xVaGVoTEd3YnpXWHU5a045VWNLVXNiUzk2TjUyM0RZTmxxSnFxZWtDQlB0Qi10UmdlRU5QWXo0WWMzdlc5cUJocm5tQlZhMUlpQXhyUFZsdUxnMEoteW9zMDBaNWpHZm1US3Q0ZDAwQkpYa1ZQLUFnb01tMzNxRy1CekI5Y25McVhrMUVCUXFJLVdVTFpwMjl2VEdvc0s2ay01X0RtZlk2ZUFHcXZ0ZGttRUkzenR4TWptelFkdFcwWlM3TlZsdVZYdkJCWUowcWd4dWltejdiTldiN1hrTEtHSHhGLWlkcHZXT0pYUGZQSVlMNzJUTkVMOG1MRXB1R3lELUVWLTY1U3cwUlBWX1MtaDU2UXVmbVZGTlRlNzRyRkhQS094X2o4TDFKeGFzTE1uTWRJVnQxejVNbUxUeWJsSjJOU0FlVEd5NHg2ekNXNXhwd0IyYzVTM09VcElkR0hFZlBiczluUnlhUjJEMm0yaUluTHZvd2JVSkttT3hKQUpadHpFbEZhb2xhTnB0ajlLS1JCNHVyVmc3WkVENTJ4Rk12Q0F2c3RlZ0ZoQUl4UnhIeUYyckhoNXFmbzBzeTlDbWpBbEN2UllPSVBRWmc5UGpDMWJWWWQ4NjFtc0JXNFJaXzExQXJNWTVxU0ZweVZiVUVMSTZCZVJISWVqTmViWDFGRzhEUGl1R1BjamZZVy0yWkhfZlNJbFNGemhiZzRaRFB5cWFMd09PSEtzSDZiZUswMkxBQXlxUVpkYU5kdDZFalNqVGtIcndfU1pDUGhUdjVZQkZfRDRXM2ZHUnZFZi1DWUpfX2VUR3h6SjBFZHR2dFJmUWJTS2NjaHkwa3ZsV01FMXlaUWVjU0NFTXdQSmljam5ucHZtN2ozR1gxRGRCcG5iUXhHaVd4UG1qbXptWFk4S2IycFh4RnVSY3p5bjlXNUpYX2M5d2UzVHJJbmN2QnFsc0pKdnZ6LVdJc19nSE9YVEwwcVFlMjdYb3F1S1hXdGlyUXVSdHAtcEdoSU1nUU9WZFJpLVh3WmNsVHE3LWIwbE81VXdKQmFDUUpLWXVmQ3U2eUY2NkZiZU1vM1liTzd5NDBvUDB1Ui1TOWQ4a0d0ZU9ObVFFQlBoa1djVlY2SWJHeEFBVEhYWlFYTFNhZ2VDOG1XZjBDZ3N6YTVaYTJrU1hySFk1bkNQT2dwaWJQOEpwa1N3R0lPZGdQNnZVTzN6akpvaDNBTmhVdXJNTW1jLVRBTTk1aWt4UDVqNXZ5RVBnbFFhZUpDbFdIUVplNWMyU25XazdRRENUdFgzQ1ItazhPbk5SUDg2bWlaU0p4OC1lUDljejd1U01KOHltWTVyXzF0eWRMNXNPVGtiYlM5eVRkSk9SS2lINGFwX25RenhGV09GTTFfWUxXME8wVlQ2bl80bG5LTlhMY0V2bWREb3FaamFQV01LczIzVjRIaURhZHRiU2JVM1pzamptSHhYMDNyZTVBSXVvZmM1VWtMOWgwUHZRaU9qcGo5Um13bnhzTWlrUHMxU1N6X3Z3OU1OclVUTk5tYUtwNktBZWl1SnFrM2g1czlhRmRnckJfdl9JN0FqUW1BdldWelVfUWdNdi13M0Jub3ozT2V1V3g3QzIwTDJZNFoyTVRyU0w3Y29tNV9sd09GS2ttc0EtZTBVZlVxeUJvWEcwY3k1dFJ4Z19JT1c0dzE2SWkxa2N5em1wV093dDNjWHB3S2M2b1pDY3Q1QTJFVjh2dVo4Y2JXbmlzb2ZUTzlPQVNNbUgxNmdvRTdybFBRVEVnWUtIcjlzcjRkbTBTdzBJeEp0MVNUdkNHTjhLOHdfc3pTUFJfOXVWNmxSNDdEY0NsQnYxYkRtc1dxM3RhY3dNdmRZSzdDSmNJVmhmQzJmMXRIRVJjWEJBbGZXeHBvWERxbkhSbEZ0NmY0cmpMeURLdW5EMnREdThLNzF1bHBDcEVRb3NiZjF5ODU2UERmbmFVREpmQTFwVmJVVGxEZWJUVFdxaENIZ1pQMnFrODdvSUhDT1ZjV0FlZ2pJaTB3UjdWLUJZZDQxN2RDUk9oRGpPWW5vTUtSaGVlWmhMMDFPbFZtTGFaUk5EWlFGYklSQ2lhd1FnbkJFNHlfclM4TTNNQ1M0aHh4MnZZX3dyanJvaWtRc3BNbkN1bVMweW5CbWhram9SQ2tzSklCNFhlaWZGM0Rjb2RueWxqMmgyakUtWUNZYnQyY0Z2TjladERZcVZOcnd2WlRObFF4czJLb3NER0wybU9Kb3UydzBBV1NpYWxRLTJrYXFLQlhHczY1TXotUzNMYS1FYV9RZG5oRDJCeGd5VFFGRDJqV25pcHgzVGQzRGlEcE5tcHB3WkJyNEZXaGo0VjN0OW5OeUNRVlFIRkhGRWczSTdfd2kxRzhVMzlOdGxVQmNwdWUwOXFjOC1scXdoZVBURFlRYjYxeHlDYmJna0YtMm9ncHA1cTF2b0c3RXhTWmVpUmNGdEZLb0VlRExfUXNpVzhhTzJMZG45MDdQbDR2T2N4ZFJLaG1FOWZMeHhUNzhDUXNtRTNkdkZOeVVQbFplNENUVTRVSEN6ald5aGNHMnFUZlVEWWlrbEotMUtvWjBJY2RGYllwaFVWSW5adG1uQ0YxQWpmTHdveGFmbVNLNkhZRTRDU2tZakZaM0tVaXJvRWFpVmo1YWNtS0VhV2JNSkpYNmR6V21GdDZmZEJuWnBNSnZMOGRCbk5Kb1QwQlY3WVZtUTZnVlBYbGhXTkZXYzRQLVZpc0dZLVFKaDdVRnBBNTlDN05OZG1CM2xYM3pRRjcxUDhqX2lOb2l4eTBoT0NUMUxmdjJRemhYcXVHS01MV1VsaTh0RVl2QVdNVzlqaXd2LWM5MUpMeDZYWHBhUllnemllbjhBdW9wbnFVbU1aWmZQTUhKel9FOWxIWGl4RVFIUzl2S29MczJKdkl0Q194U2htYVdMSXdiT3ZNdmRoN21ZN2Y5WUxHdk8tTnZKdE5xd05WTXFjdjllcHpobGRMNWoyZXlIWDJRVjZJa29rcUhlY0ZFX1ozNHRaMHZiZUZacksya0F1THpyYXhDemZUZWNXcUU0MkZocm9vakJCRWN2SkZKY01IX2JLUEFZa3ZTZUFkV1RNZmxDdkJiemgzOFpZenNNUmFBV3dHbzhwcC1haC04VUE1MkFjbkZJTEw4cjltcS00aGpqT08wMWlUVWk3eXRfcjhncFB5V0dCVnc5WTZkNDZPVVJDQUlxSWdLTTR1SGFtSFVBY1R5eVJOS0JQWGNxZnBhQTMyX0dpN3J4LVNUbEU1TjNNQUZqWXVUS3Q0bXB3RHpNbjl4ZXhFUVBzY0FyazVtTUdBaTdZeTg3VkdKb2NILV82Yjg2SG12S2NLRElCZXdURjZWUHFLU0dBa0E0aHk3bU9jdDFTU2FVYzVRbkg2bXVianF0OVpIdk15Z3dJaUp3bi10dmJKYUQzdXZFQnVHWkN3UHZJZVBwaFBCd2h2eUZnbkFOcWRxejdKcm9BaXZTVWlUV2RiNUNPZG9oLWRiR3N0bXBWVzl6VW5qY19lT041cC03cW9CZFJFYUlrU0hPTEN3dTNVc0NtRmFWTzlJT1ZXRDZVTHRYcEF5eVJ4d0ZhQ18zdTRNMDhyaVlJR2JoRy1RbFFuUmRaQ3RhemlEd3FmamJFTEhvSVBUWjkzVVh6LXY3X1BsUWhBM2pGOTVuclJIMDFveWZSdk81N3JkZHhkZkdySHpMQ3BQenMyV0wyN1V4M1ZiWThaZzB3NjZfdUtVLVJmVlQxaWRvbU9GcGM1S05wdkhZVmRoWTFYZ0pNc2EtNlE4NF9oTmFiTmUxYnZqT2pBV19hVUxyU2c2RzFVMmRLVU04aDhyU1JCVjViTEhuVWpPTFgzVUZ5d0d4WmtnSzBtN25rY2lpYVNXT3hhOE5fWjFvZUx0SzhsMHFTSHdrWGpMZWdrNWhhTlZ6Z0k1M2k3d0kxbnJkbDdUTmZISUFELWFVRmpJZFg0TGp3N2ZJRTJwYjVEeWJpaVIxZVNHNVUzX3h3cUZDeHYxY0Y4R0dlbGxaaG8yX0Z4OUlkYm0taHJJZl9CU1RCRG9teGY1bWd6XzBuTWJyMEdlSXlHczF1dWc2MUg1TW1YYkMyeFlUc0xOQjdnSXN0SnZOaUFIcXd4ZFdKS1JIX3JHUy1CczA2U1JMaWIzcGR5dDJzamFscGt1bzBoZHl4X1VjNnhoVjQyNmpLaUFpS29GaC1sdGdudDZWUUhwVmN2djlhNFNnMXZLYjVnaEo3NXNKLUEzNm9jWTljWDBYT2Z1ckVuRnNPNUxfeWRCc194clEzVmd0blRPblFCS1UwcDljNVI3VVQ4ZkdVSUR5RXBmNmJZYlFENFhhdl9VSDVlT29HYUVGSnJUQkg1Zk9JMWZrN0k2eXlDdHB5OEF1eDdDN1hjdDZIM2RCUjBySUlsYVRncW4wWGJ0ZFJaVEtGSHA0aDRzbkJCME5TeG84RnZac01QUWVvTFkyd1VmVDZ6LVd2QXNHeVNPZ3RzTzhyUnVQZllURmlOZF95ampadm9UR293MHZJYkU2aGFhZkZSWnVuMlJIQ2taU0NadTNQUXlocFdNRnJ6Qkk1bHRlR0hoSVNueElWeDlsZUgwUHZkOVJuNXZpU1R0Vzh4OGk5djZXQktDek9LMGNreWV6UU5WQ2lYN0xuSkZGWk5FQ3lSOTVaVWYyWVp4aTNRQWJaMUd0T2h2RENVaTdBNU1PTDRkWjVmc1o5U0tSalAzTXlpZDVyNmh2RzFVXy1hRF9paUdVVDVDQ19ua0plcVZVUDM1SFlaU0VfY09RYWJIemQ1MlpGbmswSUlrZmtBaE9YN3RIOUZELXN4dlZLUU5PMlpxNGtoUmJsQjRGVUU1OEsxVzh6V212eTFyRjNrLU1XNGF0OTJHUXpqVzE0d2VuTU5zTmpKaEVyc1VsaVliUHhkbXdMTjJjaFlra2RTeEZqMmFTMUVaMGc2THdNamdmQ1A1RDV2dy1JNjA5X2JuNkEyOW9HOW1FNEFDdTVzVXp1UmdSUzE2UmVsaHh4NFBTdEVrLTRWc0VQZG9OZXpwZ3JKNERZRE8xRjF6UDhYQ1lkQXJMUnhXVXZKbVBFZHc2Z24xdzU1cVVhQ01GYU9OdENEOFlUdDFwSm9aLTA3Ny1xbElNb1ZqVUJUeFZVRElxVXVvU25sOEpyVU5CM3c1SkYzZUlNcS1VVU5fVElEUmVyVE5TWGVyRzdEVHZiSElvcXMwTE1BR3NxTndSQTBjNVFEeGRFQTVRUnFUVkEzUVk1QTN0TVozQU9mVldXYXROTkYxRjBsUkVZbmNYTFpyQjRYb2pEM3Nna3hzOFJHaXljU3JHcGNIeFlQZmY1Ylo5bkdJd2hmTzJBVDkySXRDcXZ0YWdrWUZ4aUIwR2tqMU5CNHBIYnl2eDk0ZFp0VjRrRXhMTVc0WEZZLTdKWmhCbmI1YThodkhoSlZ6ZXFVVnNJTno2QTFub3h1ZG5XeFd0S2k1eFBOYXNsRFI4bXlMVE5pRXJ2cVF3ZUlGZXlSb1dUeHlVTGZLSDFxYmU0RmRhMUFNbDE1SUFiYTlTaWdtWk5PalE5UFdhQk52QWlieXRxTkw4LVhCQ0NjNlZZZTlFcUJaaWpEQUtxanBLeE9GZ2w4V2FFRXFsdU1GeEwyUnlRYk9JTFUwQjROVEo1bV9FMjNMamJvQTM5dmdDQUFDQXBhOWJseURRbzhNT1U5OERab0dWek5YQTJuQ1JiNjNtN2NJZ2hfcS03V2xIVGlUelBfV0xmREJIaF9Sa3l2RUxqTjNxNlFEa2d1WEIzTDkxa3I0d1NzVndmQkF5N01DMV9zVU1EajRuLTZpZGctelVHQXBIaDhIYjZhX2l5aVZrZnYzZVY1VENxMGMzTndvbTNyUnNqcXN5NEd6cmdPN1BHcFhCVFVrdkI2ZExDdWFMMnIwY2k4MzR5TEh2SkVDMjVqRU05TTVzeWxQWTdNVURYWkprTm5ub0RqLU9LWlRKRVU4NDlFUG1zb3ZhMmRtcmNDVGpabHhfd1VMSmRqR1dVTVdzdEY4NHVKUTdfSGY5Mmw5WHhsNnVzTUEwWEpDZG40bnU5QXpmN0llTGJROGQ4NE1DWldTTlp4SzZQUEdncU5EOEdhSm9qN1pkeGxmRmtkSFdveW9ackRRSmxwYjVwUkJyWHRYWTk1cHptMVpzUG93SWFmVF9iYTJta1ZCYlJlT3dkR3NjZHg4ajd5WnYzVzNQOEhCMzJvZkp6V3pfc3FpcnVNN3FOMWgtWFFHZDlpZVpHRUp3TlQ2d1gtZXhrdjZzSy00WF9MOGRnQ3Jpa3lsQkxJYlEyZEQ1dEhua25wVVRyZEZINnAxekJfSlB1OXh1SVNHNHlvak1KWndMOU9aZldPYzJtLVFTSFUtSnZNRHVuT09RYjBTTXBnMnF3d2tjdVR2SDJ0NFpEZnN0NnNoUEw0TlRZSzc1MHZuZFNvRm9FRTVmQS16MlJyMFB5YVI4TVl2WTRpekN1SWp0U010MlcxQzhKZC0wQk5PcUlhdndETFU2akNEa0pyQ21XTGVPZzRoTVZxMm14R1NOSmlzUTg1Ty1GcGJZTHltbUpvLTN3T2o1QldkYmFoaU91NkhZeTc5bHhubmZqaTZVT2ZucmxlWE1kN0ZlX2JRbnhXbmpYcXhlbWpHdDFLbmxzVzQ3R2RsTk9RZlVWWFVINXlrc05yTFZUSEp0d1dqb1pPWjI3V2tEWHlzSFdjTkJfbENsYWd4Tm1FVVRsWHhpN1dSTDkwNGpYNHZob0RRaDhzalhYSHdKSVdZLWh2MExvclM4X1p4QUNGNjI5c3RiVTJyRzJ1VEppREJ0ZEtWeVl1OXRKYkVxTVg4ZGNEcUNOdmF4SGlabHRsT2dYMHBwcVRsRnVyYTdIS09LelU1MjJDdUI2RVdFbUZSZnB5SlNkTXpCZEhqdHhLRjZfSm01RzNyT1ZSQnBvYlRGNS1xUmdPd3hWaGUtM0plVFJXVzg0d3c0MmV0OFVTX295R0pQZjFtUElqWFhRRmltczhXcjFuUm1rZ0F3U21EUDRXVzBlQ3JBRHlxMzlMSi1XWmlnV2RtdUg3OHFpR21BUU1ZR1RoOGU1MGZzY1BtTC1OVTNQRlhfUWlQWndOSVIzTXgwa1c0SnRUVHNoLWxud1BLX19UcGtMWHZ6WHd0aUF3NktMQXZlbEpEZXpKQWhLT3Ztd3UtNVl4Vzl6cUJMR3ZCaUwwMGVhX25zZDMwb0o4c0dLalVBdDVpbGFCQjF5alpOSjFGNWJJdEZwYVc4Nzc4M2ZKTE9Cam90dTA1cm9weV9lQklpTmg0OXVUaXVLaVBCQ1k5RFhrYnVhUW5zMEpFWU9FNWdXeFJuenN6dUtwTW1KMUg2aHdfbVoxOVhTRWhad2JKaHI3aGhYX2treHJUeWRNME03a0duQTVCZVZyQ1UwZDBQVDZXejNwLUpSWXZiSURwZF9iYVpZaEhTZjdyOG10VXd3NnNtbGpQQ3VhMDJTSldRQTMtT3V2VV9PeDd0UGg2Z1l1dTdoMGh2Um5nYko2T1ZtSzdjRnJGdkRmendpeFpKNHNJYnlqZEdKVGMzemVSZjFuOXdubFZzSW5UWmNBZURWZllxYTVxakNPSVdWYmNhNXR4TzNTWUI1VzdXTFNHSHliU01FVVVuTU5DeC16ZnpTdWF5aVBpZ1duc1Rtd3EwaFRabEhqZGd0by10bUlOSFFkZ2pIZUdpOE53WnBSRnk3emJDQmJMUUZUZmxDSGdNVGc4YTZCcGg4TFQtc2dPbVlwd0hYTjhfNTBYYVFLRS1ocFhqWWRwTVVFc3IzZ1F0NUlfN2EwLUJuUjFwUlVKTGdQS1luTFZySVlpNDhEMGptcS1GVHhYd2txZ196S0ZMYUJ3VXZ3a2NSZVFrLXo0R3Y2UHFRal9BMkQ2Rno3ZW1JZk5lY2xpMmE4eHR4NEZaUTgwa0c5SXFOYTZkM2FDeDJDQzZ5MUZ6X0RIVVFwREQxUVBRRDdYZWY1bHRGcUpiUUdtamUzX3hCNG1JMWlBeTQ1bDdjWGduX3Y1UDNhN3FqV0dvUDZRREFfNFpLZjY1eE1GZmppUTdCbDBDVVF3Qk02a1htSlhzTHNvRjhKUDZqRmtMY0NYc09IdW1ZZDhVeXk0ZUFlWlRKLW9sdmtPUlV1c1ZRSk82djZnU3NNYmk2bTJZc3RmRk4teXBGbzRMLU9Ndkd1QXZ2Y1Bzd1J0ZWtFalBiZ29CZlYyOXU1ZlhQZmw4d3VnNHo5WFlnTmRwQ2tXM2dGRlZjV2wxUVIxRGozVGlZTkw5RUNqQWxjcmVQRDVlWlFqVU9rZkVzTlRwc2Z1bW9iWHllWndtTjNKaFViSnlxXzlra3p0SmhqR3BQTy1RT3hqd1FMaC1aMDBYaHJjWlNpektBMHZ3YlVjRzN2am56cE5vZkV1WVc0ajFzWTdBMjNDY09WaHk4SEVaWkRwc1JMVUVDeEZkcG83Y0ljU2Y2MXRoZUNzNS1iUG5DbEpIMVcxMUJpRkxXdGQ0ak4tQ19LOGVLYktUVC1UOER3NGVYbExmRE43MkZvTHBxQ2EwM2U4TE1leklvOXROS1o3eEtORW5QRnllSHF2RTc0bHhLYzRHTXhXREhyY0JvRnpwcUk5MGJOdDUzdEFrY25rQ1Z3NGNPbzFDZlk0UVZKR042OWJab2luR0FuNjJuYXIxLTRsUEdLN3VoLVdsUklCSjNOU01LN2UwVjNKdUtON0FpbXIwV2E2dGU0MjJ6aTZmOVpYNUhYdGFESF9ERkxiY2tRdmtjRDAtSVdDZTVZZ3U0dHROUjNqUkUwWldFOHFZM0RqZ2FjODZjQkpyTDhLdmZXTF9wSXNuQm96QUJPVzFhWm84WmQ2c0dBV0F3LXU5dzBFSE1sMXJGMHBRVkh3WGtUY0kyYW1tRTE1aFJPY2JtZjVaM0RLSXBnRXViaVA5VmFJUVQ3VnNucFVPX0hpX2tUY2tqbHg4aW5DTDJaT09xZGRrcVFOd0EtaUw5OERTREpkYmVIckJ5ZzMteUZxQW9wc2c2dnZxUy1zVEpQY05sUmtrTVR0SUhpcTM5TEdrUkZXVjRpMExfNFpwQTlqY0lwdTJ4WmNMa3Y3ZHlPUnYxNjNWZ2dnNy1xaEdpVEdYeEVHS21CYlE2cW9ld3V6T3IyeEIzaEM2QmZ3M0I1Wm9YUUFSR1dJbkVmV3d6X1NnMFB1S2JSOFNMb2YyUXF5b2Z4MWVvemZNLWJPTE1CU2hqQzF2bHU5NTBtVlgxc05ZeXZqR1M0UEV4MFVsNXRqMDlXNjdYNGhETDZSYlZTb2d1VjQza1JlcUt4dWdjWFBITHhqN0J2Z3RQbC1jUjh1Uzh6cl9NRDdMVDZKLV9Oc1BjN1dhRFJRUk9uYnpwUnFfSFJzaGVMaUtsU2xPcnpLNldFUXJ5MTBrYno0OEVmQVVwMTc0R0FyTVFHUTF6dTVLclVBcHF1QWxSNEN0d1cxOUpTYnF6aDhDenhzV3R6eHdhbGRuaXlLSkJKV3ZTUXh0dHVoUTltM1hNejRpMm91Ny0waEVJcnkzR0pDOVVkdWxBTlZxeVJCbjBVV3g0NTF0cnp3eWlFZG01UEwtY3FISGZoclJfcHZQZkZSR0d0Sy05WkZ6d0Y5cmhKNF9GUEZTVjloTnhLTjhsYktjTTdmc3ozaGpQb1kxYW54S1pyU0hkSlA5WF9LNEZKWkphNko3eDE1ZDJxVVVtRFNXeVZNcldqckRQNWxNTW9NeXlyV0ZraUpLeHNOQkp4ZDZnVGJBa3NLalhUaE1hNUJIMHlSczVWeHI5clI4b1FIdTNRNTFadzgyLWJwTHdldXE2TFFuSS1rekZmXzFjRnZMZVkxQTE5eXFNSTd2em1iSC14Qnp5RG5vcUlRMV8xX1JOZTZfOUhrc2REdnItRFdMZFUwcndTcDV1WmlMQ0pTN2VaTEJqOUJNcF93WDFfcWluaThxODlsY09RVFduTW5TOFpCVkFWYlJPYVk5M0ZReHBGaloxVjM1UTRjS09acnBPX291MDhlVlVZOWExdUtsQ1p4NXFFQ1hFbFVJRUlsT2NBaV8tWjdkVlhCVDZybkV4eXBqM0lFQWZXWlJHbVRyb0JhbXduVjJYSTBzcGVaeEtaOEZmWm5XTUV3UF92NUZZSTBYcThjR3VraWNQcFA3c0pUall2bUdwdS1BeGVpamZReEFEQXFXX2NWZXBmblV3N1V0STZVSGpxaEZzd3ZYRGdoeVpBaVJuXy1sQm9IbnczWVBQNU1wcDlHcUZDOGIxckl5YUlvblJ0T05jYW9wMVU0NWM2M2FISGk4V1NxT3NsYmFhNGY0UlhCVlVVVF9tZ1ZsZFYyZDE5aFlfUlZzcklRM3kzaDhMNlIwWGtSeTZHaGIxRWhLVS1YUHFmT3B5S0plNDhHVFBXUXUxNmJyaEZzMDhKREhtcUFabExEZWNkQXdZRnFldFRoMXhyUEtEWW5MRmhsYTQ4VGMxZkt4RHZDZm9feUU1bGxobnZaMVUtZzJVMk8wTGUtdjdBOGdoWl9jN1dtMXBPU2ZTbnVDNGhjM3ltZ1lXbHBPYjJaS0dTU3hVMEszZVpjMXkzS29OM0szMWtTbS1jMENDbzNQYlZISER0NTVUQ3IzZEpUZG1aaWZpR2V0MXVxZWZZV2FOLXU0MHdrdWlOU0RDUzFZZlRYRThUcW52MndkaV9Mb1pzRXZBOUl1QmxMQXRRaVR2akk4SkR6ZkJfYkZ5dkt5UExsNHdBMWtqSUJiUzJ2dDNTaXYxZFNHSkI0VktRMUYzUnkyeEZaSUdJVmV0Wko4Yzl1RkZDZlRQNHlHV1lXNDVlV01ZNzVveWttMGx5Q3N0NDlVUGFVVXQwMXRpNDRoQ082RS1Wdld5WDlueXgxMnZrYmpHUXp4SDRYS0xFZ1ZsUjA0RVNOZTd3OGlnSjRWQXZIMWZ0UWZlX1h6WU1hWnM2OFVqdzhyU2dPY1NNLWdPZ1RQZURlYjk2UGtoYUxNeFpTX2JWODJNa040VnBUNzBnWDFRbFgtY2d5Slo3NmZYT2EzcjhGX0ZJLXQtVkZRanR3MjBOQ0UySEMtbktkRXQ4Y09BTEtreEtGcjI5LXBjSkZwR1M0VFpfOGZUTF9sR2pERmhEZ2VTcFlKM2U1eFNHUW1xMlYxNERPbmpMbDZvVzZrODA1R2wwc2lRMkhyMTBmVXdyTlFWdncwVEQ4M0kyVGRFbDFtQUI2QWVoMlFsQjUzRE5zNXJPeDZxZ19sWFhWOWw0S3VoY0QtR25QS2dIOGVWX2Y5MXBEaEFoMVdvRWN3OFVDVURNOGZRWm1DRkluOGFTc2M5SU9oNFRuT1hkeDZuUTBuc1ZJb0ZXekduZjJ2dlNnejhHazdrNHlNSGNodWFPTlJiZVNPQmlBRVBFT19zQW1RZjVDUFhVR1A2TjVFQURjbWJmTHNERjRfX3VhbkVRY2JOanBoVm56WjJWLTAxVE5Xd2RWT2lTSDVOc0tiRS03NGVfcXFZZFM0R1Z6WFlEVkJoTzNFNExzYmtIc3l1QlZMeTdoU25rSjlqMVpBNDFBcTk1SGFJS0VlbTI3TlkxS29xZzc4b1g1cFpwaDMwWjNfZVk5a0h2bmNIcEl3UzR6UjRraUtjUC1xOTZRRmVyS2dkcVoydGoweXg5RVp1SlpLM3FJOGxFQUhuOW90T09INXVCVzRSWTdpNFBmelZ3azJTMjhNYmhwY0pUNmxDVFh5ZFRHbElmN3VMQldJUW5WLUd1WThldXlETnFSeXNvV3F6d2RGdS1Dbm1iU2hVeHAwT29SUU1YMFpycnRFVnhsM0hCLUpMYXp0cDRIbC11MG54VllSY3JMM0JlSXFnaUYxeUhxanB3UXNkeTJwX3VMeWtCNlUxbkpVZWMyNnNxcUVOdUlUWEtxb01Wa3NJRkZEN2trc2F5M0l5M3B1SHFNdlcwZGZKSHlqaVRxa2pIbzRrR0VRellPZ0VOZ3FuWDhZX2tyYnVCV2RhQ29FRzFRT2xRa3prb3NVUFZxeFBKWE1wSzZ6RGN5cHozbjh2UmxjczR1S25MVlpGNE1pSk5GMlRkeGY2UFppQV8tWW5wbnpoQzNULTIxU3pLM3pxcW95VWU2clRvT19RME1jcG1GbTBaRnBoVEw1THVieFhHTHVwUFc1SGFTaFJqZjF5Znhkc2lXWlp6eklQdTJsd2JIdkxxaER5dTVpdU1BN3RiRWFWRVVycnVLUVM0MG1GWDZRcWRnNkZKaHVFbWtNYkdldDFLUXpLVkxCaXozZGtidzI1b3M5RkZQYnlqZlVGYjdQeXByb0x6YkNieWRiNjZqUWRiR1lkWTJ3Y0E5dFBPQ3laZnZHMVpBbnNHSjJ4Ymc2dE1NYjQyX2FjXzMzMk1VRnFWSXc0bE0tTUEwX1JnUXBYSEVKLTBNUUpzR2NEQ2NRekdRY2V2bFIyNVlBLWZkVmVTU01sa05Kcl92cjg4c29neWJEY3EyOWN2YnJqZDlsR1BBeklkcjlOaGRjTDZuVUhjTms0V1pCZHF0RkktREpmSnRHMHhzV3hGVHlBTHN6ZFU5ZEhaamJlcjh6a0hTRTdwbmdNRldVd2lyel9BUk1TV0pEajQ3bDU2SDZMYVlzU01ycEdWRlpha3V5RUVKdmhxbEVNMnBfU1lBNEZvNFBkMURHMzZhUzR3T3BsUFl5MXM0aFVVOW9GQ2tuVk16ZjNVRHAxYUJyOWRXRUFJTFdjR1FrQXh0TDZIendiUE0xcE9NeDRIYkl5Q2FWM0w1MjdxTFppZVMzUDJmWmNMc3VKb3JYblVnY2ZuUTdEQVd6aTZDTjJLU2x6WWdTRGx6U0RiMlEwOEJDenRZaFVIZnFvcEZPVkJQUUZiZ0xGZ051d1FfV3pCLUp3Q1Bjb3NEU3NMUHVFY3dEUVRsZFBhWkVXX2lVYWNWQmFMN0s0LXRsSDNLU0dRbnlZbGZQOFU3N250TlJ5N2dBSGR4R1ctNTViSjNWeFYzNFVEZTJqWmxCR1JGeVhfN1BHUTRyTXZ6eXFhSVBmUGVqTDZkTUpMcXNQd21ZR1QtdkpqZk5NUEZoMHJxd1NtTFdRcnUxNjRvek1RclhzOVhIem51TzVFcEdXYnZzdHpLLXlvUllDQlJhYVl4cGktTTNiOW9ZRW43WTFpeURJRFNpTjVTVWZEajJGT3RHNEt1ZWlNcTdWQ3hlc2FNZ2Z6OUFxWnkzaHJ3ZlVWeUg3YXE0NnlhZmRRcTVQRDBNSnd3MkVPbXRKbGNCSmhsUW1pUFhZVmtYVFZRaFJHdndib09LZkdvTk5QTy1NQ01jNlA0aktpUXNYYkFMUU9vc25JUzFXamtmdHRUTUEyVGxLbTFHVDZvS1FLMGJEQXhLNVlxclpaUTkzWkMxN2hNZEw4UlE5TjdGTUJILXg3UmJVZFpfZUFXVDNla0dfY0toUEs1TFJwRjZYWURJbUJlZXdVdDBRYVhyUjlkRGF4T2ZnMnVTRHVzS0sta2UyRUxrak0telJmR0Q2dEUtc0JERTgzNjBDQ2ZScU44YV9yREFGRThVU05BTjg1SGFHTHBIZzV5a2w1VlBYSmFTRklmY0dtRW1fWXo5ZVduS0cyMWVFbmNVMVNXVV9Cdm04d1V4bnRiZnQ3UE0zdTh1aXlnTEVlWHhBSzRsektzVkpRUmNhU2RlZzFIanNPeFRYWHU1SGpBU0RiTm0xVFh0alZoV1pOS1gzRVRVR0tKbDZlaThIWkk4djlFY0F6TW1laWpHVVVxcFN0SmNJTWV3YTJDZHNHaEtrSFZ6UVN4Y2xGc0h2UkRWNUJ0ZmJSc1czaTlCM21jN1ZLcVMzbmlzWTFHZmY5bEFwV1YwTndzaF9OckE3RnhCaHdvcV9OLXQxNDc1T2tOR2gzazYwN2JNZUR2Vm9OVEwweDRGU1dOeUd0R1BHSnVjbVh4a2YzN0ZqMXZldjlCWWF5MTlQT21LUnlUbTNwV2lCNFktNTVxbjVQNGhkLU9kT3VFcmtleEpQcDFtX1VsTHl0V1Z6Xy1FNHhkWlJpNTBWZzd5aDYzQmlzQTJ6Vll6YkkxX0lkQUpFb24yOW9ETVZNTGhvMU4tTU9mSHV5NkF4elBhNVBlREVEX05SQ3gwc0VjcUNRNzFscDJvUDhFbUFScTJWT1JCeXBqd1Jra0lJaHR4ZnpCd1RFOEctYUtYa3Rkdzd0bnNhZjRqM1lnVWE3NGNHeUZBeFRON1JHdjNLaTlXVGNOdGhkYlFhanZmR0NhcGZNaU5DcUVtN2hsNUpDOHVUOU05b2NlRFdsdlp1ME1ZWmVSUjRRdTNESDZGbkg0bXpqeFA5eDZYTWNsS3NNR0k4YnZ0YkxMZTFaVS05UkV6QjFwckhUcHZxdk5xSWhnNWJ4UlJMdm5hUldxQWNLQl9zc2ZDalNTNXFzZVE0N0s1cVk0ZGJSNEI0RkxUQjRLYTdETkFYdWdHLWZ1LXZ6SjVtTTN3TGZNZEl2TTZhOTNwLXQ5ZDRESEJLd3FrcTRNSkhpZEhmbVRnWWRtNWtjQnF2ZmIxZVBaLXhwS3JGaW1oNWw0OVMweTBXdjNVMnRqQWpScGFnVWZwQTFwbWdub21FMkVlSVFoOTR2SVFlLUNHNDNjaWZ6UGZaa25KNWYxMFJiSzJuOEJUb0pKUERvc2VacWlOUmpLQjIwbjhpbXk4M1JRY1BSS0RPVUJRSW9qbWNINmlqUERXd1MzLXZBQVVUeHFXOE5NdHp2UHNueEd6Z3RXUExybGVyN2VLc1Y1dmZhZUZfYjY1WDJYZU54ZUdCY1F2d1ZhcEFHal8tWmJpVzJJVHdDd1NaVkthOTB6VFRCaUFZOEtURGJGM2xzQ0NoZHZHVFV3Z29aV2tXeWhOQkhEcHBEdTg0TmZhV1gzbTJLSlFzY1d5QjdvRjJrakRBQ1BNX1RVai1lT2pjX3E0c0ZXbWdvVU1SYWxuZ2Jxd0R4SjR1bFRtQVlKYzdESC1CTUV3bHhGbEx2cmFPZnRkZjRSeWdYaXNZc1Zhb01fT0Y2VURtRm9HT2JWTzhUOGpnMUE0OC1oNEV6enZIQW1UaVdOQ01DTDJ6SGNwMXV5anpubFJ4cFJWdEthTUZGTE15YmNad3Rwd1NadjhlaHlGZklIaFl5WXlRdzlKX0w0eDY2Ykw5V29zRl83c0lpeUtVSjhKbXMtaWpVdEw0Q2NCYzItMTZNQWY0VmplVnpHdE1mTTdWb1B4d1V2X3ZRcl81aV8xbTZqVHkyamU5SGd2UjZoVXhrSnkwNlRIdUlzZS12VjBjMUVfMnAxMkE0UUxVM1FLSGpJRDJlSE54TzNPeUt5YWJCMkVDaVlqUWRxbC1qaC1GbTFaYnhNR0FDRzNIUnEzVFZ0U0JsSTZrLVNmakI5NENERk5jT2trX3VBZzNpUDZsX2VpRnlITDFtcUR0NlFDbEZSNGRaaE83aG0tWFF6TERncE9xbmxzUjZzeVFKN2k1NGtHTE5FSmFTYTBiUlJhVDRYZVRteHVsTUZLMjdhTE55TS11WjZRdzFlVTRSOFJQV2pXYmtqSTVRckpwc1hBdUlKRlpZb3d2UTMzamhYOXNyMGxJMmJuWWZySzdRdjE2bVp6SGVLZ2xJUUhyVGJ4bEtoLW1FVE1VSmhpNk5Ia3BsRmF2UFRIeVltR2dhQlVvYkdGWXJ5a2REWk42VzJ3WHRTTHBKQVNVcERIZHJhejZqX19DWng1NjNsbWlvQzZzYWJkLTIwN294X2lwNDBXM0ptVTBEVEdHOGc4RHdTOVA4YzRKZUEweEIxTUNIbUZnTVFLZU0xRXptVjRXdjFzR25jWmVKZmx3MUw0XzIxY1BWNU1OYnd5Z2U2bmxjYU90bGZjelpxeW5CNTVPbktwaE9MWjNhc01ORXpWeC1WRGFXX1BJSDloZXh1LVZCM21jSmRYMWlNd09mNThhOUJMLWZtVWtRTWlRengzRVBhWHZ4bXZlMnNWY1BXQVlFU3FYWkpqZy1KblNWaWtVV0RXWDZFdThrX3RDb1ZpaHFnVTFQcFA2eEFNaWJCbGE5c1JBOWN3RzZCT1dEbHo4cVlwTVRKNkJ0V3prbkFuOEJjLTl0MEhXdDVXamR5WkxMV0NCdW1xUk45VDhtTGVLYUhlUGh5VEc1M3lJNHIxaVZQNDRud2hlWEQ2aktuV3NFZjJEWmRxc21aR3dHUTdHQ1hCdUFuMjlOQklRYU5sOV95RDlSZkJZTE1WdzhiXzJmeUxLdXpwYlFKVlYzdl9XcWcyenJvRllrak52NVdUc0VjTks1d2g3SU5rczIydmJmOEthUXNaV0Y5YzBVRUUyWWtCa1BLX2JCNUgzbFZENnlsWndBcHltLUZCdkFPV05qMTRlME9xUGxEN01kUmNhTDd1WHA3dnZFdzRXX05EeU5NYkVGWWtfSC1QdUpYYzBZNUNNcmdpVXlIdUt3SHVJVjRYb2xhMl9MOUJRYVk2S29yZTZUYVVxYmVLM0F2ZGlYc1VFQi16UWFtbjd4eEl3VVMzc0ZiTHhncEVLa1o0RzZiVTVrb0NVWHczajFvd2EzTGE2STdvTUJwSnJXTndNWDlWb3BaRm9YN21GZUR1cGZUZm1DTW9JbkpxVGM2YVppbENWYU11d3QySkJPOU1Ibm5kZktvZXc1UTJ1NUFoV3hseFRIZTNwTThvbi1QalA5OWJQQzVDNUJNWG52cmVFTnJpUUxnVmRTNFFrejZZNUdnRktYbDM3Zmk4UGN5enhHVVJ1ZW1mLVV3MXNDY0pOcHhELWhWZkxGU25Fbi1GaWFKX3E5UU42dFdPVzRKUEkyMFpjZ0xscW1TYVdFVXdPRERDbXJWeTlmam1LZ1pURXE1VFpSTFFFdl9aYkVodDBoT21EUlRYekJSaUhjY2ZReWw1WmR1emRuTkh4QmlRM19CUExmdUFFRkNXMmx5NERJV0ZvQldJUmEtek43Q0p3ME5OMFNxaGxreHJpZUpUeWFKYnZqWTNENjBublFuTjBXTV9YanVKcDJwT3dVc2pudnFpcFZ0QVl1NjUyT3c0WkwxNHJrSnBnS05FaEVyd2VXaWtLcnZqTGlxMnRKN1RYaElueXNlODYwSFJSQzgyNUVKOWVTOHRJMXFFZ0h6aTZWUDFnY19WQzZNNnJmaHh0YTJCMU9tQms5R1lWeXJJajJRb3pNUXlSdHdZNjJJSVJKR2tEWURuWG9iamVieVVnbG1DMkhPeGR1Sk8wZXRRcWM4bUJHVEUwd1M1OF9JbFRXcTY3eGpKeHR1SE85enVFR0VieWx2MFpyUWNKY3VDWk5Ud0RCUGlxV01NdHJ3UW1NNFUzUy1zUzVFVWFLTzRIRDI1WWxldEd3QnVIRUVSN0hpUnhvd0NMQ2RkNUJzdHJaM3RqX3VwZWEwcm15T0l1aU1rRW5fWDNRRFV3TVlnS2xiVDRDN3pWZWdYVUc1QjUtZ01RR2JZc3drc3VrSktZU3J3b1BMNFF3SkgxaVJRVFNwSzlwN1JUak5JbVN6Y0ptclMxcEFoblFXZDZ2aTJyRU9Ibms5MFEzWVRuVEhkMEtwQWpvRjBXRmh6NjJNYW4wcEFhaWVFRFN1TTd1VTRtOU9lV2h4NkIycFdVeHpUcUJBeDhZUjFCOFNPcDc0NTRZZU9iTmx1NFdXak9rQnFnT3U5UU9oN1BVWW9RX283NFphc1ZVWXIyd1dwdDhhX1prSXU4TENwd2tSR01naFA1XzRyQXhqaFRLWWRHQmZrUWRFX3o4UGtJR2VESlQtYzhNdzZjbGN4bjE2LWlzMzI0aUZ0V3R4S2did2FMYWhWOWVzaXZHSkg0ZE9Nd1kxQ0gyWUR3RGhDN0J4MzFkdTFYalZIN19ZWDdMbm5xSFptdExGSmxENWw3WkUyQnpzaWkzemVha2VURWRTZmRFbmNWeVU3UTF2UjJtVUNmZ0Fyc0FOdWFrelhGSmJmREFaZGFNYnRMSkZrMkI3cXdndWM4MGY3UzVGSlE3aU0tT0RhUEs2ZmxQckFxODJhQWp0SnhjRVFlWXVrLTNfSEFlVTNYckNJUWIzM253eXczTlY3RmJpZzZPeXRmWUNTUnRCRlRTa3haTTFCQnpjRmdGNUVIdFBkR2xRRDNTamEzWDc0Ymh5dXZCb3JKNFNMSmtMT2tZbGRFelNJbGtfNDFBU3RnTVZRYWotdllYY01wSlhXbkJNeWF5NnpDS1RPV2o4TGJkTjcyeHNOV1dGNkQwdDE3cEpiRVNjTGxSTXF1WGVjaFRESmRBaEtwM3pyTnE3M1FTUXNfLVozYUN5ODZNT3pMVUZBb1U1c29tOEtjRVBJdW9DRnNEbXJNNXlpdF8xc2FwaktEUThwSEQtVktUdl9XSi1EUVNCbWZZX0ZmeUJrNG9oZGhQWU56TUZKemFNWi1RSDBzb2ZEc1ZGYXA5Y21wUGM5YmNfUXRUZlZ6NXoySUwxRGpVQ2ZoZVpvSzJtWE5sNVgtdXhFMVJoeDhGcmZmWjVYWEVGSC1ETzRiNTYzeFFVMHJXTVhhdUhCMkFmSzRic2ZGd0xUWHdVa2lzSVhyWkRtVVlCd2VBWThpZTV5bDZ1TlNfLjJRNWxHQWNIZ0dQSW51Y3BlcmpVdnciDQp9.rv-xMWrYBAIWl2UnDnXkQkhMbUn4BJvTby8vLao33B5HCuSAOAfFtsFqNj1CNQ5iQayVP7yT4wd5Ws2lGQTnbpSDdT2fK4QGzZFFH7PEDkXWpkT18_VO0GGK-5RlPAcRp60nlmSoXbUcBLvQ0u-dtm-gBP7VGZaIBW-eXSZNWqqiXDgEJ5UupaxPIzzpbgjoSMrxxiKY-Ih_umXKFlPJKqRc0hfQI6OKDlVwNyl4-FNR9M9_GEcK6CplJMdb--z76Tv0lCLJ8GnhjivHuNOAp1Hj9q5fN6FH083bMkYru8aD-AbF4jgkm-_qpMJkSl4lh-Ny__daDvBlrJTowqkViw"
+  "respID": "NavkR2BWuvroWkIKWhAQ",
+  "inResponseTo": "_2ac94139a4451f7ef0893a5b823aff16",
+  "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAiZW5jcnlwdGVkUmVzdWx0IjogImV5SmhiR2NpT2lKU1UwRXRUMEZGVUMweU5UWWlMQ0psYm1NaU9pSkJNalUyUjBOTklpd2lZM1I1SWpvaVlYQndiR2xqWVhScGIyNHZjMnd5TGpBN2NtVnpkV3gwSWl3aWVEVjBJMU15TlRZaU9pSlJkRjl5UjNKalRWQm1jamxmYWpsaWRFTndhVXAyUTFWMmFVSlFSbFZqYzJwbWRsaGhVWGhJYmpkdkluMC5RQ1BLOHZrZzlvSkprUk5OTmR2cVE4V0hvTk1Id3hrRExlMEVFcmN3UDJHTVROM3gtR0Y4MFVoQno0Z3VrOFVFcXpqaFM0S09XOXVVbEdkdEJ2eVdlczNPaUM0SUQ3eFNmVDF6Z3R4QnlDcHJLOFQyREZTa1VqS1JpVGpqOHoyUWlWXy1NbzJKOVJmVl9LMWNseVQyTTNFdnNjMUQtNWkyS0dzbW9tcWlsVkpqaFhZSlZkZllBRFZVQ0pycnJFTms3YUNwZWxTWU4wZ1hGU2VNRUNyRWp3Y0lkaHM2TW5fU2JiUnRJTnVSUmF6aEZEM1Fhb2lKcjFTdy0zS0JUV19fUThKTlhkQW9KdkFqcmFvUTlMNk9JTEhwOGlVQUMtbVVGbDJ6bmVQYnBoTnktSlNzV2NzVlBpVG5HYzdKNDNyaEtvZlJTWmZQUmVxWlRQYi1ncXZCS3cuazNqZUprWXJucEZMUmdfY3dZZ09zN2QzQWRVWnpmTjM3YTROeW9aY214MC4yWUg0M0lzTWNsVFBuTGZMVGc2TjVlcjVQSmdmMlFmRWE0bGg1dFdxSlJHdUdPRUw3TVVUMDZLMTVxUV9jTWZ6M01XVnRDV0lSNE8xOG5yMVZtN3M1cWZjRUlmQVpTRk52OWo2SXViNkVTeUtDeWk2YktaM0VDWURxbS1ZMjZETk1GWU4zeFMwOG9UV3ZPbWprR0Rqb21xdzBUcjB4RF9saHBRZlhReTJ1WWZZSDBlc21NY1BnS3lyRmF5NzZnV3VQeWxBS1lXbzd2WVB0UmxMR3AteWZ0eDFVMGFQU1BCbE5sOTlxb2Vzdm9BVTFrSXh1aU94Q1BYVTBqYWZJamF6MklDT253QW9qV2xrVlJWeDE2TENEUEF2d256Ty1vbHR3eUNBNmNzbXZYN1VvVlAydFZLdVVGVnJRUVFkNTFsOGc4dmxpb2pwMjlMV3ZSdjJTeDR5UG84TS1qOGw3UlV6SlhwZzNsZV96WGJfOFRfYUpra0d3YWE2UV9hV0ZDQl9ISkRGYkUzbDJzeEtBeHYtYUd0QzhwVVp4RnppNHB5YUVMd25QVUhpalE5UnpRUm0tY3RlTUpZM0NhMHlpMXl3eERudGRic3JSQzJvdG84aTMtRnIwWWo3R0t1THBvZ1hHT0RLX1p2X3FoNFdIZTBjRkxZUUNuLVNUSEJtaVo0SHBxTU8ydXlmeGpSYUxqN29KUXRSdXJ2NjNvMGJpeWxtNTVqMHg3eGhrSDlPR3liTUtaWVE3cE04bnYyblg3ejhJTXZRdkl4UU5heWNQVlJycWFtNERVMDJCQ1VlWVc2T0x2TEg1bmtMaTRmeUhoQXJtdXA5R3JFU1BHeGRlcW1PcTRYeTMyNlE3MUNNMU14TUN2ZXdoU3R6RzBWZnFnTHJjSHl2bndSdW9sRnE2SVlsZU9mZ0JMOVNUR2M1WWxuUU05UTJYS3RabVVkMUk2VVhMS0UwbzYzU0JIbFFHSVlJaVBYMy1VYnMwcEtLLWJfbGhMNkszT29Pdkw1V3Q1OGljV2FCbFJqb25VbEQ1eGR2b0dLTjNZVmRxWDVSZ3BIUnQxMHVHcDN3cER5S3RYTy1OTWJjaVVTUURQMVlNMFZScE9oZVN6Nk15Vmx5eEZhMWxKNEVpVXRhYk5jYWMwMHJUaHdqMkpSWkJRUGlvb01YVk9mTmxGN2xGdm5UN2liQWNVTTNJcHo5bW1XM3VEQzFxNEUyd1p1bWk0aWloenBlRkNjZTRPVkZWYU1pMGxNaW44VnZNejVYRW1QMFlISFNGRS1LaExuZVdMeXlFYlBzendhU0I3ODdXTUNkZ1JmRU9PakdLVHAtWkNQeE5jUXY0ODVFSElEOWpzV29nRVBxZERoU0czSWRhT1ViY2EwOXJ6a2xQaWlqaTlaeE1lVml5dUd6M3dkc001Y3pmalRHT3BXM0hQOHlwM2JuYUVLMTJBdDNuTTZvUkdGekJLNmc5RDl4eTl0c1BiMkF6MFozc1hzV2RpbzVJV2J5UjhNWk5PdGlNOWxmYU5MMFY4X21ueGlrdWxlSExIaXlQc1JIZUotb2NSOFE3YWh1ZGJfX3Rkb0dFN1R4dC16U0tPZHllcWtOUll5cVd2MFByZloxTFp1bkNCMFZqeEFtVUt6N3RrWGpxeVFQZlFsc2dmblJ1blBhMGVvZHJvZEkzV0dYQmlkSUVjWkxHbjM4bEZyUWVJUkdfNG1hMmpteGp4NURFdXN5OGdqcEl4TElvZkxGQTZXWEtvU1pwWV9sMUxVQzJ2RzkxWGt1R2o0ODB6Z1NzcWFyN2NUd3ZUWnh3M1hqamtJTVFuS1RKa0s4QnByNnpqdEdJTTF4VEc3Ti1iUklhYWE1VHFjbGhGc0dMTmJTU3Y0a21EU19TX0x2cF80cWFHcWNjTHJGZlh0eE8zTnRXaFNpdXZzX0tsN1VfQmxIemZYV0lNQ1lZNlI1SDI2dWpRZ0ZEenpkV1pQVTBxM1hVdlltY2FXUHdMV1JWU2IyTVFjZnd2NThYSl82cUVxLVhaQjU5NHRaR294SlI3TmQwRFhqV1l1dVVTNExTYXBubnZ3eHRpTUF6X0diMjBwTmNBS3UwbDJGb1Etb0ZwQno0LUNRdVlZbE9pUVZhRjQwN0xlVUpWSFR6cG1USWdlZV92Z0VTUmtqTjY3RUowbVBtZDJQU01mVnZwXzBmLTZYN2NRSDlCOUdET05COHJXUFJLZnJBYkNBNWxaZkFSZHFkMnUxTTA0TDZjNW52OGh6NmptdnpIMEExSjJIMWNpT2I2QldoM0daNzd2NTlKZUxEZ0hoRDh5ZjRSOUdNSEo2dHlFMmpsVmZTd2lSc1JjMVhQS0Q1WTl4aWRoZDdKYWV1MmptakgxVXk0aXNrN3BjTDItWkxTOS1rZ0tFNlBxUVliQmI0U1lqN044UXdMQmVodkM2RzVYYjAyaFlGWUNpUzhIV3Z4djRpZTBjb0RkZmR0QVEyZDFpQUt0VlBBTW1saVRCZ1g0RGU3bW9oeGRRRVpTbG4wY3RRRDJsTzV3RVIzRnlkejN6M0lLbW56eXBXZnNkSHh5ZF8zUWM2b0RDZnlSV1NJVW5BQmdhQmV4ZmI1RUhXQ3NOeDVXUFI0ZE9mdDdrTWdBay1NNGI0NnAwSE1ieDdYamZ4U1NnUVprZmZRalZraXFUR1FGajVXS2hNS3h4YlVpRHZKa0laeEVCbWJiYVBQeXNjRXVxUHZvc3J2VjFadWtiWU01TWpobV9qMmk3RHBJNzIxMXRZdG1VZWZ2Sy1jUmp5TU5rN0dxb1kzRFdobWE3WXhHN1FlMmY5U1paemhOZlJ2T2lSak9TX3ZrTXFjUnB2bnlhN1lsc3lYZi1fVi1TNDU2SkVKeHFKNm03UDdkS0ZKTVdxQnlEb0NLWkJBdjB2TXRWem5JamhPa0oyS1o2dW9VdjlWcXg4NXBUaU5XWGEtYjhZelB4TkFTVS1IWWh1bUxLZE9jS01veGt1UENzcURaMzY3d2xpS1g0NFJCbW5fTGpTWjFqSmxNelByQVJyMlh1ZUtHbTVBQkNDSjBWclNhX1QtM2lNT2IyV0RVOE9EUFo2MHFmRklzTGRkRHk2QXk1c0RqbDZFa1RKc2hqZmNacXN0Ti1rc0kyN3d1VDYxVEh4dXRnS2tNWHZ0NFhoM3B0VGgtdVJGdWJmYy13cm90M0JXdXRzMjFnaGpkbk44VDd5TWJRaFNxd0N4anlYSXZWZXJoVEtKWkZ3aWQtTUVFLXE1VVhKQTN2R2FoWmlSN19XalEzX0NjM2dWLUgxLVAxZDhidnI3dTJURlRRam5CV0l6YXFIVW1QbWRyMzJoX1lkYWtpelQyNVlJNGkwMzJweE53cmFzdG0zY1BWa0tacnJCX1llSE1La005dm1QaThiSkhicGFSOFBkUTVuQk1XSkJkaUVuUTdoYVpPazRrWEltNXNyelJNVWhhRGxJaHR2T3hFUVRpMVd0RXdzcjd0OGl3YVdyekRaTXpGRVY0Uy11WUsyanhJeTJleW5CRXFzd2lBMTBnWVo4ZXhCSjJDU0VXM3lQeUhUWFIxN2lBZTdXUkJpYUhoNElXUnBJalI4MHExRjlRd0hVeEhQenJoSEFXN0JFLUVBU0xEMG1YN3hCWi05a094S1E3VjNNSXBIOFFhck1qRmJRelJRX0Ftb1E4eDdCMUdZLXBUeGdzMWduOVFxLUpRTU5peFhZSWdhM2dJQnV2ZE9GQjlQZXl0V3FpT18wV2Z1dVpHb1dkcEY4NFBoNjZlMEdCa0NuYjRkVnZyaHlZNlRvRXVzbTNtTFR5SVB4UWNTd3NnR0VQSHN2eUpxclpwdzNHVkppXzVfNUZqakNuMjhwSTVQTllEVE85aFNGYmhNcDNqMEdBam40NXpJUEYwdTlCa1Fick9WTFZrS1VCbEdHaWd2N3lSNWlvd1F2UjRvX05BX1ZVYWxndV93SWxVRXZZVC1Ba2hodzZJSFp0Q3lJYTd1aHJ0eV94TEYyX3lHRG1zRnZkZFBfeG5jY1dZVF92LXdIYm03NDVObmtoN2xVMlhrRUxkMVQ3bkVfb2p3aFlwWmhyUVNjanBfbUdSRmFuU2ZxOFVYNU9rZVh3bm4yTEVRQmJFOWEwak13ZE92M1FnZU5zYjIxd1I1QVE2RC1pNnRhaGxqWHVDMjBSbVFaTWs5Y1JPRE5abFNYUVZBQzhqTTEwb2lpRFJzdklWTXZjQWp1ZnBLbGNzdFFHdnlXZmZlQjNKbkFtYTRueFUyeVlYeHFyMWRkZEpQbVZ6c01xek4xbWNnZHFLWERHX0R3dGdCMUNNczJVd0tGaVoxQ2lpSk5vN3hPOEdaT3M1TzZncFpKMFh6cjFudFU4UUpYNXhoQlZUM3BRVFU1bUZ6SFNwdExkTU5ueTFjS2RITmMzQVlyUi1CdEdUVXV1Qnc2eERKbS0tT1FjS0RqMUJxSkxmMG01ekpqNlBKNHFQTXpWOEFHSDRrRzcwRHQ2bHI0eEJrQTM2MkpoN3B1eGFsWWh2aHJoR2UtOUhHVWZPNzZwVUlTS2o1WlplQXFfUWp0aTVVdzZGWU55bUM3ZWVUeDFPQUtsN012V1lUaVJiLVlLVHlNck5yY3V5RTRXWGtlVjBhQTllX09JQncxeHNpU25SQkYwTVJtbnpuX3J2NC1kNWtSSWNGc0xWenlHbzZaNFUzNk1odTB2a1R2MlRIU0pYc1ZEdzhvSWpEVUg3UFo4UDZrdEFmSmlLZXZ4cnZZdWw0Y2daaGxhNFBnUDVNR1RmYXlZdGZJU2NBbHZ0TG5pNDA3OG1ITmNoVTcyc2dheGtndERsSUhiVUpqdDlpZEZFR2dPcmdvODllMV83N2VxWklYaFlPdUpoOGVfUlhRd1o2bThOQjdvV1lWeDg3bmx4X1VKdFplZ090dGxnYUhwNXRWVEdPTk5jeUdtZENMU3lvRzZ1c1VRd0VqeFBGc1NTSXU5V0FwMTliOERzTWMxdzN1cGxIZnRMUXlnUDBzUXNRUG1FdndxOEpZc00wcjRfRENPcTJkcENvS1pUTlRDQkx3X0V6N3NzXzZpY1ZkWWhHekRpbUdZTWNOanZXcGQ3Q3pNczdkV1RjN2ZVeHVDWmstTmRwMUhvajVXTGJQd3cxWnVNOTBHWTZUVU4wMmdsVXZObEJ3Z2tTa1doclhDMU8wOXlGMFQ3akZMV3g5akMzY0VZSmhzTmxVbWVSeWdXalROajJQeE9WTDRTdHNZTXBUOS1VemxnSEZEbTdxZ3lMdlZhVGcyM0lWLW9LT3lraUkyT1Y0RG9PcndfR0hlMTlsdEQ0b1ZsMXRrQ2h6WDlVR3h1TTJJM0o2b1Q2Z25kN0FNdmRscUgyZkFQb0NfVHUzSUNFM1dRQXAtTFBVTm5lUkdJbnduR1Z2aVZmb1dUVzQwVVRadUlPNkdwOEJDUF9lZVFEYUVnV0VCUC1pV2M5bjZ5dW05LWhCbDNHS09YVlhnOXJsaHJSdDY4RkE4Qmt0WE9NaWZud29pNXR6Ry0tMTFPZVFmakRGbmJNUlh1WEpoT1RSLWNVYXZLQlV3RmFFc3pZdGJjQURmdTVJeC1lWHY5ZlM5d1pkZElOcHpzT3ZZb0t2cEd6MjVnNktxTjRXelF6bjY3WEhvbGs0VVMzVmRjRnYtQ3g1ZmV5MXlpXzFDc05acVlPSVZYaXRHRk1wdHZ1aThPLVp4Z3dhRDV3Ymh3TnpBbS1FTkhKRFNyV2Y3X1pwYTl0RUI1ZGM0SjdGbnpwX2xVcTQ4RkxlZGRuSmVoNnJhMzkyckh3NlpyQTJDUktsc3hlWTBZdGJwM1lyMXd2RWlYY0xZYTF4OWhBMnozM0V1aGFhUXFqWnBJQ2lYdXVxc21ZeklnVGU1WVZ6ekhZOGVkVGFCUE11QWdrMkFZTHQxZHhETGdndlJ4MXN6cUE1c3RUNEpFZEtXbGs3ZnFIeHJIOGoxdTNwTjNCaS1LTXdNekJ4bjNEZERncTV1ZTFPY2g1d3VmLWlhVHhnZVdfNmV0eGkxNWJ3Uko2STRuSUxTVGk0bG9aUDFTa0ZCVkR4el9FODg3Q0I1ckN4ZnhjY0kxRGsxSmlRWEFqNGtEMF9mRWRxRkllbnpnMWZ3VzBETkN3U2R5ampiNWlmSlk0cVZ2Y0dBSHpoX1dBOUFlYmw1eHcteGpqTkloZGplTEwtbzZ1aHdwLVZBSXE2SEtWMVFIZl9QMWEyNjR3NnBTZENHdGdvYjEweHdpZTA1SFY2R3g2MnI2ak81TE9QUHpkVldvbWJxTEUtZVJ5bVM5eE1JOWl4RG94dWhjcXh6bUZ1cU1mLUxlMjU1d0g0ODEyemVBSi1QTDBjU3FTdjNfXzUwRGRQMldVVHRHMmR1aTNlcDR0VkNObkVINlZFUnY0bUd6QUNwX2stZjlVcWVHTnoyejR6QnRWUGhKWi1rVUEtZ29uUnhKSEFUcU1iOWd0dWFpV2hIWk9mcEZaQi1EZnRuMks1MXZRaXZWWWx0Y1UyRzRYSDRMekJhRldjUjBZMEdVWk10SGxsMXVWSmdqZWVXYnBMaFE3Q3B2Q1djVjhlNlhsQ19BeWEzX2NnV2VNb2M2OG9GV3FBa040TFJ2blhLb0E1M0syRWdmNmhYcXFFLWhMM1RDRW5VQWhaNUkwVWVENnN5X25ndDJsSGV5ekRNT0Q1ZEpuLVpZdm1GZWdEMFlmd0FyWDlETnhrVExfelhzT1hzNERMWlhJMmJxUG5RU1dtbXdmQ2xkNFU2VlZhYklTdFVhdDE5eTYtTjZzMzJTelAtNm9QQUMyYWNqOWQ3c2ZoWHowR1JzNlVEM2ltdlF5MmNWbzg3MVhyX085OENFNENTZEM3cUFNSEM4TE9vTVB0ZWtNaGpkN1dXdW9BUWtUb3FzUkdRUzlRNDQycWNjeEhtVWhMYm0tYUFIXzBBR0dKY0psY09ObmlZY3p2dzFTSHRtZERiWU1BUFBqQ0FHWXlFT2NBUDNueTZEeTd1Zzh4c1QtZkZHNnUwTnZ3Y2RXSndTVHI0R2Y2Y3BtbXkzQTRwYk9wS1ZpdWJoYVJiMkxRb0pOanlxa2h2aTZVMDU3UFIzTkZiSEhSS2xPT19SVWhCMEotenFvWnVPb3NTdjk2RjZNZl9HSlpCUVZVcTBrQWI0dkVlNU95ZXg1aEcwSFVSMWtYZXB5Y0p0RG9FbmdqcWZqUmp3YW9HcTdJLXgtaV9qZjV6NXlNV0FqRkpkOGhiblV1WnB3ZG5iVGhLX2pHRXhWeW9zby1TM3BNQUM1dnA5MzR5MS1zbVo1ZXA1UW5xUGg4YUV4V0pfcVF1NGU4cnEyMzVtRFNmVGJOd1B1TTFJVElhWHAyaTA1aUZ1UVZPcEliOGpuUGNMN1Jua0dLMHV0TkhQOERJLW9HSFpiM2dVQWV0VHRINmwxUk9xZ0FFRkktVHQzVXlxQmotSVZmZ3QwRGNDbmNoYWlQUFhiSExjMjJSYm1jR2JjTjk4UWpQSlRSZDNjRDEyN2hLQVZIS010YWtiS0x3cV9abmpCZjlqMDZuVnZvWi1fc1RMNEZZSkhSRWJpLXhOcmw2SHBqOFMtRFZRRUpNMXlLLVRBUWI0UDR2X05uWU51R1dVTlhYYUh3bmNOcVFseWM1N3pJYWVkdzFUdm5UR0gwUDR1end5MWFnZFlXVWFXODE5c01ISVhBNWJmTzNEZDFSZVlUUzJjZ1NTaGwyclUwSUtrY3NsRlJqX1BicUt4RzJYSXlNdE01ZG9Eb2FONENFNHFfQmxNZjhXTENvNG5WLVVSRll3eVM1bVdkVWtSZzJJMWhJcXA1UGJyaHptUGI0RFBSclE2dWlNd1hXY3oxN3lOa1daYTRNTThIUW1EeVRwTC00eUJlREU2MmZwQlMzWkZERWxKVE9UMThRaXQ3Ny1PdTFjODl1V3EtVmhkRmd6UTBhT0Z1T0RyY2RmSlpEclJ2M2NXeHBvSG80SHp5Y3lsYlpFd21PS1FxdmhQN2NDRGJYbEFObGlPV1ZkRzZYeTQ3QWRIS2luYUhELXN0eWJGRnVHUl9KLXVibi1BVmhsYzI3bVlzbDl1X2VDbVpSWGE0bkFTa2YyYWNONFd2em9YWTJlZzFrNi1Qbld2bnZDeEVLVW9iRi1kdS1EY09nQWxSdnZzcGlweFRTS3FaNGZpeHBfdUJxYnlDOWR0YkJZTnBLNUM5dU8xQ3JVaE9iQWlMbC1NNVgwWGt1TjNYVzJ4TEpZWFhaenhGbkh4d2w1VlFpQXZDWEVlZTZaTXd1N0NZNVNqOVpkeXJfQV9uUExyQldHX0hvUEtlV0laWEQ3a21nVWVJYWQ5dUxrOWUwbjl6Mmx1elowWEF1YlJEOTIyRUYxLTlpR1VGUjQxdE1qX0JldDRhQi1aTW9YVDZGNGxKd0gwT2lLaERkUmpDRDFBazF1aEhjLVZjTDQtMUJHN3U0cVE4VWtWcWlnMFlldmlNaVJOTFZxMkwzTU83ekZEUnN0SURXamVZSDZkRFNqcF9hZVFhWDZXR0owZW9nSmxPUGNTTUZldjRCZm5pSGFOMHp6RmFaNHJjQ01wTUZwUHZCcHMyVmhhRHo4NVdnSUpxV2lNM2UyWEt3YVEta3pqU2J0T0EyVmNhQ2VKMjc1UTVmUkVvTDZ3WkoyQUYwVGo2OURpdnRWNnVfVFpTbGNjSHg5OWNHWWdtYTFQWnJMRy0yVTJiYkFfMG03azRzSUdYVmlJb0VyU3dEUThEU2tYcG5ZNDRLQXdFVkQwMTJaT0s2dWlsSVpsSlFHQmRCWENDa3JOeXRfUDk2ZlpzckotQkQyNzJFYUdiVWZVSkJqNkc1NU1DZnFFQnFCV3hWSlR1M3Y3QVA4R1pWeEEzREgzTFB2TEU5OFkxYW1yZlNrdmxieHlCQTVmb3ZDQ3NUMUI5WUJlZlhDZ0JULXZ4SjE4NkluYnA2eFpZbWd4YTVCcE1vLWt0RmZTcnRyNXNGNlgxV2JIaDlmQUY2emNta29kQ05CNXNaZnhvRnJzNlB5YVc5dF9yMjZZcFJmYnpLUGl6SjZlOXlyQ0tucmRaU1BNaVdBcnJJamtzWURDeExQWGZEaGlES05wbms1emwtTGRXWGVvR1VncmxnZ1V4Sm0zYnRnZzVDdFZYUTVfN0lxVUVibk5oMldMc2tlRzNQbW9zWjFjRWp4UmRiZzNBcTRWU0c2ZkU4ajRRSmloM1ZzTWgyUDVlUmFuRlF3STFJeUQ0ZzY2T3dIcEZ6Q1ViSTk1WEZ1VjNRMFc0TjNxaUhMR3BPaTEtWFdEUWhQc2FwTnhadkpKbW5FcjhoOVZyNGYxNzhZelFCUnNXTUVkOEhtdkFJYjN3UkFXOWxMUFRNMVJkR0V6ekNPUDBCQ3VnaEcteVdGcFNEMG9tSzdVN0otRWJzVHVGSHVEX0NlaEd2U1RJUDV2bS1BeTJ5LXBFT0daaVBCSk5HeWlTYktuRVI2WkpQbW1PUXpBNTQ2ck9xaDFDTmo0OXBuZjByaldKM2xXSDRhaGxsemFweGtqSWhDMDdqM20wSlZZcl9ZNWFkS3VkbV9SSDA3bHpRRzJJRXY3YzZnT3JwR2pYeXVOeUUwWkFfMHVrT2xRVG1icENpS1BJNWprUzZ0MXNtNVItQk44TGJDTlR6QjlCSk9SZGt2WmRESWhMa3BUak9aRnU4Wk9raWFPZUx6cTZRNHVBZVhoYlo4MldVQnY3OC1NbDNIVzZiMkswREQ3cE9lZ19LOVBRZGxaVnFiRzAycXc0WDRwOXBiUmV6S2tQMFYxdzhXQnNMdkdkbWp5Y2h2RnBiSDJwZkZHNzJtdGhoeTVBVjg1dmRDVU5ZYldBd3RsSTFiM1Y5SVZoMzRzWEtjUHowYWhKdV80N0dmNm40ZDlsQVc0c0VRTWtoTDQ5NjZwTno4eGczeHdWZVBQUndTNU9SdWU0TGNCWEdzYXZ6cHFCYnVIQ182ZGJ5VFJSZlRBOEVObWNzUWJrMzBGenNXR1VLS0Rmb2N2WWx1bjR3amZ5cVlQWkE0Skhja1liUnNZS2llUnNFTTZVRUFrMGNOQkUzRVlueHZnU3JtRWtqdHJQR2lheE15U05QNWR4S19oVEVDZTJoNWxpSVVKaThJYUpSc1g5YWR1VHFGRVowMmdQamhwTFY5TU9JTjRYZ0d5S2hhMnhxdVFfM3A2RkxXaUljVlJiR1lTS1I3cDFIXzI0OGYwOVVnUGtuRV83ZlBrQWFnamFfQWxqV2xHX2F3UXhCOWpGTGNHNldIU2p2ckpWOTRZOFQyV3VDYU15WHpMZFUtaWhpeXBYajB6N0doRk1UUktUVlBqbGZ2UEtJMEVBdUM4U1J5dVFkYXd5MzVGbTVpSGFsbnNTY25TOU9GdENzeVRxamkwNWt0OURpRU92Y01qcldEOVFrQm1aUzJrNWg3QzZFS1dWR0sxeWVOZjQ4YmpqSGZMWmswTjlRQ0dIRDhFeVY3NHhmV1BWUWNfQmd4SzBRMDV0VUlYTFZOV1g1WlVySFh4MVFtVWc3RlhhejR2cmVCZUp4enhSSnJaZjBWWlEzNDFPNG95Sk5KN3ZWc2dVcU5Rc1Z5dFdKNkVKRC1pTWJBZVZkeXM4OTk2UmY1LU9XcVhsUUs3dVVJbVZmMjBxTDJpMHlVY3NmX3ctUFM3dDJnNVh6Vk1feUlXZmVSSE9obTJ4Mzh5UUY0dGROelBtMjNsSkNXc0VuOTBhSXBJdFBraVk2T2FCTG5tdzByNWNpNi1ZR2xocWk0cmxVSDI2TnFvTUZNeGRqQ29kVzFHb0VkdUw3T19VbzJib1dIaGUtTUF1YzVxR2R0RVhac3BCTGd6WG0wOVdpaWF3OXhWSUYzQU5DbE1pZXRobXRBQ0pRd2pNeC1rckdTZmtyX25ScmwweEh3ZlJwajIwX2VWdHdKX2xLcUh5Q1FzT0ZHemlLWU5tVDhDbXU0enV6dXhRc2sxVVZmbkJ5SVBGOTFNSEFPZUo0RGVaMHNyZjM5UFZLd0I1RjNpcW1QSmYxVE1jUXluZFlYbFpITzh4SnlIZWhRVWJDTlNoX0hMeHpCVF9CX3B5T2d0N3l5V2c5ZmNLTUtodUtJaTFhTXJsb2FNaTEwN2xXY09OTWdQbTdOSWJURjRyOUUySi1oU0lEWlFrb0tCQkoteno3TUpvRnMyTjh0OWxqSW1IRGFrUnhYV016TFFKWC1WMXhkbktaZS1zek1XaEdMRW9XckNMeHNOQXZzNzlSTHBBVV8tdmVfWld3bWJQN05jYm42V05aa2tUWXZuX2tuQzV4LWhkZTU2OUw5aXgwOHdTNllDTFNxb1JvRVdveE1pT0ltU0p6ZkZTMTFnWHdOcnZxOGtYSkhzMjI4OWlsckEzOG56LVhQSWVsaW9EN1Vfc2hSSXQyRmhsT1BlMVcyRWNSbGNvVm53NDh6UGpiTHBLNTNTNlB6V3NuV19GbU5aejVVWV9oY09NZnljZkNSenN1N0s2VHU4WWxKWXVTWTM5ZUdlVWpjaWI4OUE0OFRLQ0w4Ui1kQUJyY0QxaldCUWg3ekxxckJfMnkweGd0QkVWY1k4bjdmRkNNa1Jac2d6bV85cDhKRGdjM0tvZGFtVHRDTHUxRDNNNXBTWDMybXh5WUNReW5EZjBfdXpzZlBHcHpQZEhYSUdEQlRNcjdpOUU0RWgwSGhUaUowSFk3VUNPeW9WUjBrMDQxNUlVV0d3dXpUelY0MlhDS1NQazE0ZnhaeUNVR3M5LUtsOXNtaHpOajZrTTc0NkQxSGI5QkVLdU4xRDkwSUFHTnhucHFlMHl0OGJZQjlHcWc1NzJ4cGVpbVRCQVNkemh2aEVTZ1VoNUNwY2JXR2hsekVEcS1BazgzbUFyXzJDdFpnVlB3LXRqRzF6NkladnhfekVyUWh1REhyV0FvcjB4cWdSM053TzlJQVBYUDlNbVdFMEhsSzlmS1E1TWpISXZiSkZvdGFOUno4N2RVNkRPbkV5Q0syazFSRkRFekM5Q0drbjdSY2dDWDh3alZCdE9LcW1vNlpHTThjZW9BMjJ0TjlmT2dRWko1b2N3OVg3YkEzZDNhMlRsUHJSODZvVExrYzctNFdUYmVxTWdiZVBXUUgwQzZBNGJxN3VScF9qaVl1V1pZN09VWS1TcWpvdjd3UzAwT3drSVN2WWhhYTRqd3NKODVSNXR6UlZuT0JlTGs4YVU5QmhVMEY3RzRhMHZKTDlKSG50SFpiLVotMWR3U29MUHhjT1NfdXVhemlZdXlyQ3hvQ0dld3lKQVJ4dzJsazJjRmVaVFRxRV9DYmVZcHV2OHpOR2piVzM5dUZoOHYyXzd3X0tINUJvTm5ZU1VtcVZHOUF1b2dqbnVMakRfSzdIRF9hdnV2LTNrQnUwSDVuelJnaHZCLVZacUl0dTVNSjlNQ1h4aVcwYmZhOXduYk1KU0gtZ3pXX2NJY0hXWGRzUFlScE1JWHBCVUg5b0xRZ2Ruemx0ekpvVkJkdWlsWmR5NnFfb1RfRkJNV1N0N2N6NmZ5U3E1TXNQZTFkYVRqLXE2b2lvcDNBd3d5d1ZsOUhvUlpKUVF4Q29JN1F6SjhURlYzRGJ5aG1Bb0xScU5Oc1FOc2ZEMDBhZ05lc0d1a0xuN0hDNzFKdm9qWmZWWHBKRGdmdWFiTkkzTUxhR3VJSDB3a01aS1dQSE96SHlBbEJuaE5iRDM2U3NYcHdhdEVOX0k3U2VQbVFWR09fSE5fRjhZajFjYm1KLXY4VkdtT0pQM0xyRlF6d1hQb1piMmNZWmlOd09hMWJtOU8zdGdDYXFhS3p1ek4wQlV3NU9HdDBsNVAxZG5PMEs4V3F5V0Y5cG5Mc2dpQm9KbFQxYUpaVlI2djlDRFlreC1HRnJEejF0b0MtdDZmVWhFQl9ZaUN2cWJSYkJybzFhT2pMRWVsVUxVSGd1OVBzblNKTlQyTGczTW1kQWtDS3NrUldhVEt2QWl5OEdwenA2QXA4WFk2ZDdjQ0lKZ3ZOQXpkNlVPUF92TERjZXJ4UktRYUdDbTBWejVSWWZRcGM4T1lKUmhEM3MzNFBhMVoweFRBLU1uWjVkSDBMU21ZRTlDWkFXWFFzZ0s3dXROWUVBbUZWN3h5cFA1UENHemJieEt1ZFVaLWdJYnBXQ215WGVobGN6bFNmbXhiOHRqT1Q5Qkt6bDFpU01fZ0cxVmFjUFZTQWJhWWVmMjRVZHViOG9tRGkyWFBwN19MeHFXakJDS0JMa09Ec09WNm8tLThFd3k5UHVIcFVWSlRJWjdnaV9aRlJfMXUyMWt2aHB2bGF6OW5GeEV5a0JQYmxyWWVsekxrOWdGQ2FoUDNOQXFjWVp2d0xWb1VTQU56YTliRGdodThOYTN6a0JtaG1USlJmdTBTdnpqRGJZbnNMd3EwRDZjOG9MYjVqaExka3lBN09TSWlaWkdMeVBicDloUTdXU21kSjA5VmVTS2VweUJmLXdtSzB1VmU5MF9mdHNORGpQSU83djFkYVh0YXJpUWc0MXhGY1RsMmJ6WVphYXV3N09IYjEtZDlzdk1vNnBjMFU1TlZzY1B5TDUwLTVhVmtZZHlOcU5uV1hmU3VfOFB0MC15YnRBNU5Rd2ZSNll2MjhLeGpLTWh5THRvQl9lcUV6Y0lneGVCNUhsRkMwTlFwY2VXUU1UelM3V01wTjJ5VTNIcVlocXNESXoyV3UxVEFQMFBCYnM3MHdFUnR1R0dwRHhPdk1ZRmxKa0FkTXRlamJ1bkVsWVBNYzJHMHZFQXFvNUxPWEhJNVVEQzhVVHhHY010QUFJdGw2Z2llXzB5ZFFiRjhpUHdMYWEwUlJBemZzZ3lLdExFZkR2dVVNNmpvVmxoS2x2LVhiVVBvYTR6Ry1aWlRQTTFUdHU0dS1BRjlJUWtEcDlHeEpwU0hfd1l5aGFqWFp5UUF6M0NScFJPTXBRSmRmYnhuNTFMUDUxLXJwR2ZQamM5cG54OVc0OG9OSDFnbGVySmR5dXVOSUVNOXVkN0h6ZG5rWXJNZ1NDZGNVVzdCZnZjTnNWcFJPR1MtdmRhSm0zdjJ6QTJYLTNaRjFEMFVFVm9jbHBvbllYWDNIQnowTm5tZXc4U3l0TDJsa0tyeGhoX0dRcERNSGxOakttZzlZcFd0NktLM0NTQXJFX2ZDd0hpOHd4NElwal9teER3LXI0Q0dZYmlwcy1QRVMwc1V4eHRLMG5HZ2pORGpuUU9FSVdSLVNqdVhjZUhIZnQ1dTlVMzFXbTdRamxtQTFhNWdSTTd0Ul9XMl9iZFMyc01mYUtkR2wtVERIVm84UkxZSE1WVXoxTXNWTVEwV3NuTENhTElmT040YmxpYXN0WDJvakF2VVZkY29YUWNTVDBqVEhFNUk0el8yNXdiaUhwTW9mSkRRb2NiUi1Edks1TDNON1JHX2FYYUhGSDVIeEtrRWZBa0JSVjJmOXREV1ZxelNiTjVuOUl1aDE4YVV1SzhxYmV2aEp5T2p2M01ESUdMX1lkZ0R3TFFlU0tjRWFFSUpzamlTMGdIY2V0WDhua1RZYTEyMlFKYWpzY244OWszZVVZeVBkNDhrZ2FldjUtVXZ5NHJsQnRJeVZRaEk2OUVGOHB4ZDlWZWJYNkF1cFZuSGR4aDRTejFWU2x2NU5WRS1ycU83cWQxRGxwVXJIYzhTMkpybU8tSHAwLXpadjJUM1hRT1F3MXJTYy1KRHp5WWJ4dTVzWjI3VmFlSlFuU0Jzb3NSVUZtNktaY3JPdzVoMk5qVkR0b1laSjVhQm5sWmY0aVQ4RHBDSzhzTzhacXFaLWRueEpuQ3RQZ1FLLVAwdzU5ZjFVMXIzV3Y5bnoyS09XWC1wdEQ5ZnVNODhPYjZyNndpdTJsVW5qS0dlTExKUmFVYTFPU09LemduTVZCbHowVGU0RWhmVTFud0lxMWZybm5BaTBNcmlWSUtNZlhGQjVtNnF5RWpOSDVUWUtCMk9MSGxDajRlTklyeW9UdGZIWUxneHY2YTUxRlFGSXJTazBhWTQ5U1NpRW9LN2hsRlZod2tGYkloWVBFMVBkQ1dGb3phN0Z2eVZIUC1GbXBzNmlPV0EwWjFiQlVXVnlNRUpDNXJWMXhMYjdUNXljaEg4N1E1Wm1waFVpb1lMN2FHVEdoZjJvaGw1Vk5YcWNXSlpDbUtUTUI1aXJmdzBlajVtaDg3VUYySnZFVm5YUTVhY0xWaXdiZ3N0bnRpUkJSZUpSNWxfUzhjek5BZzRXcWR2OHd0ZmhQM0djQmJ5R1p6VkJsVzRmSHRJUjhMN1gtSVhlSDBQaEtvS3F2ZUFXN2xfUDlSaVVINTdha2xPLVU3dWR6SXhrWXQxMzVWdzYtS2sxMm9nUmlYaUpEcWtkSFE4ZHZaR0VqNEtIelFUQlVVamVnOFVYRWUzc3VzMzNNQ1ZNZHJNMG5ORnIzRXk5SHFFa01PcTFIbmlRaFdKb2FIcWlYLXFISzBLYWR5eTNueVp4TG5MSl9udXdkMUMzX2V2UEVxLUR2LW90TXBvYmt1QnR0eTd6NElGbGpHM2lOZVZFekk4M1FKNkJRZjNmWFZhclpta1N0eDh1b05jMXZPWWRCQkdiVmduUExidWFtSnFkd01ITjhKXzVPUHY5SW9vVFFjZ1YzLU1BalV3ZVpyVm9SbTF5V1FZVnBsRTFUUld0NENFQ2NoQ05jczZaVzZCUTVldkJ3TC13enNQSFVBTXVTcTB2N3VRSnJaT0cwd2hDXzFtRFJWMUlWeHk1TEw4SXQ2TDhTSXhhRC1yN19JSkpFYnk5c0dodHhpdFloN2pRNS1qb2V6Y1M0TEttcWtGemhVSVlYa1BWZ2pGQzdyYV9SbzNIdElhamVwWFkyV0p3OEo4QUxaSTk4Wl9TMGw5RF9BekY1UmZXWGdVdVFjY2NQTG05MXg4RDU1Q2F1bFJjb0tRTWZvR1plMDFGMXppR2t0U0RUSWJNa1BzU255a0tteGk5UDh1QXlncUZFVjJyRkRvaGx3TlJvN1JEOExTRXprbFhZOUFGWVlpdzNfLTI0d1oyS2tUeTI5Y2MyZUZVWlUtVHctQ05ONWFLLUdWMUNvU2NscEhoTDdRemJkVkl6NzhFU0VVY3UwS3V0QW12RzBZbUVTaDZnZnJYaVJzd1FZdzBiblVHdThKZHZsZjFFNnFhMk5MY0lwRnRtdXprbmxkMEgzUml2NXdTMjZGRDY3TlhvMFZkZ04xYWNCTDE5QjVWSVJaSENLeU9LMFBwN2w3OFhfcVl4T05OaDZYemZkYnBHWjZySG1fazhCM0xndW9lNlpxMU1IZFFlU29OWlNicmMzVDhtUmh0REhta1RBX00tMTVoMktaa3AteGtiVGE4SnVaUEZnY3djd1VNM2JTLW00V3JORDQtNVJ5NEFOOVZXVTRiN1hhWWc4d1FNODZ0bUk0QnRzSGVkb1QxTGNMSWJlQWtrNzB2U1o1U3JkMWtoNVdtQ2tNaHdsbnNrUGhhVEk1bkNGWEs4T3Q2em1GSkg1MGJLUFNucWlMaHVuODlkU2tJbzJCM19QOUMxcUpXaS0xdmphd3RSelBfdlcwaHBISlowWF94QVZrQ2pJbFU4OVoySHM3aWljUlpZdWstd282VDhXUm8tTHRBaW41bXRIbTFGOWhJNUNJczF0M2g3dWRRZ2xMdE8zd0RwNElCcVpyZ3M2UlhfTDdHX0E5SzNlT0lwREFxU3R0M3QxY3JFaWpjUmhQZzNORkRTeVFSZUtUYW5Jckl1NE4wQ0pSWUg1MnRxUE5IQ1I4NE1INDd4RGxKMkZzUC10aHpmWXdhSnJtVVdrS2hBNkFZSEx2VmdMcmJZdmZ0SEk0NmMxekp0NER5cjZ5XzFJVnd5eW5iUEZVM215cDJJeVpFOHFqQ1NRRmxjNUh1QzRxYmR6cW5xWTIxM3gxd19HZ3pUcEhPRnpRYnJlWk5qWjl0VGFDeF9vRXR3NXctcEFkbTJzOTlvUHdqaHJtYkJRQXllZ2xZUExwOWp0STZkY1JfLXBKSlhISTE0MzBXMnFPU0lkaVBmSHZRUzBiOUxENEhTaVZaN20tM0J1VlVEbm82SGh4bnV5MjV5T0drX2cteDR1OE9odU1KNEY3MGVYVTdNNUp6dGM2aXVfODBORUhwR0xxSWFyUWlWUWJnM18ybGMxVTlQVkhpWWQtSjF6MjlvVkc2RlBaTlRUWVpsQ25XMkEtVnB0YzI1a0RHdVpxSEo5cFRwVDctTTI1X0VLdGVmUjg0enRrTnEyV0ltTVZpV1JONlBkY2l6NW9qWmVrYWN0SXgtT2NCd0FiVXRkN05tRVNrMEVlc0FXQWp5cHNjWXZ6ODhQMF9ULWI4RG5KaGg0OUc0Z2dWTDhpek90bl9QU1d1Qm1LdTRJeWV1V05uZTZGR1RtQ2pyX0t0cmZvQ19NSUd2a3dHbFVvdWwtSWN0aUxZMG9CbkVKWGgxdVFDWVpmSWRwTG5nbHVpQms1ME9FYXlHZzMwdEpobmtkZzRYSUxqdENEeGNFQTlOa1hCMDRTV0QxNGNXaEFWVlRiY3p4ZFpvWWJnbEM0aUVONWRhWDEySFdKZlNSNVh1ZlVuQkpUYzFvbHFUN0VwemhTMXRLeGx4aUlzdm4xaVBOZ3ZFOEUwODJIcFBuOGoxcjBsVFF0OC1Fc2xfeTFnZlRiTEUzSXMtZ2NDNHd1bkMwR09MaEcyMkZST1NsRXNOQk9KV19nTFB2RW9nRHVoYkdmX2dmdHR5cHhnMmcxd25PdUREV1N1MURtY0ExaWdkQ0Q3MGNtOUVEX1REa3lJM20yelNhejZBTHFUQl84czFxSkEtakduOUJxdVpMRkNfdVUtUGt5cW9wLWJ6M0dyTmhhcmxtYTc2NlFoM1lIdkt3YjVvaGQ0OFNaOF9WWEI1T2xiOHRwdVdUZUFSMElybU9kZGs1QTFpYXFoUUpkZlNjLTV4aFBORmxIZ0hxYkMzcXI2dVhCZGhGNE1XMjVMdTN2U2xUczhuZ3N0SVZlNnQ4YkxOQmFpWjJTY25VR2UycXo0cjBzRy01Y1p5a1RKQUdsSjFwTmhfMHFhWDlEeF9qSmd3TnpqQ0FYaGRreWphVXhwZHN1dW02bkJKOFFUaHBnbDlVYVBfcFNtZzY2Sm5qSmJLeVRVUFBqZnF2aTJwQlZjOXV2ZXlocHdwdXpISGs5S3FiZHNPQkxGMEo1X1NBdVFQSllSdGg4ZDJTLXlGRVJsQ3ZoeHRMUTBOS2R2QldqV3V6Vmt1dmQ5N2tySVZuSWdaczk4V1V4TG11d3YxbDBJQ2FLNEpYVkszYTIzVktSeXBPZ3dGX29IMC1rVzlnSGpKZ05Xdk9XUzFUdzNqMUMtMDRhanB0ZFIyU3JnMFBKMnE0T19Dc3pCRGx5c1VnZ2ctV1dxeFJZdkhSWVloNXdqQmVmcVRWbjNESElEaGp3cjBXaG15WG1FQ2oxMW1UbFQ3VWRUMXVoYTY1cTZ2SWJCbnJ4cmZSM3kwaVA3Q1d4NWk1QWY5QVdfaHdnSGJLN042WlliLTEzODhWQ1dIcnZrQTFnM0ZOVE1nTDRVaHdNcGZkRlg0SGp0d2ZqRGlEVkxuVlZmSVZwMWNnRGNTMUVGV0pIZjVNSzlnZER2TlBsZVFudEYyTkU5QTJoVjhPenhJcktHTnpRVWYzQXdVZ05sZUduMl9VM2EzcUtGMzY3bWZwckltUDJ4ZGlfa0E1Mnd3VUF3VjN3alZHUndaX3RfSC1PaTdYMDZfcUoxSnNtUnJUN0stc2ZKNHRLWFdtemVCZVUzUGh4OGVyYzVHekE2R2xyTHlkSmhsWnZNdlJSRGR5MVc0SVRTMXo4R2EteUdNMlZvaURGUG1Sek9qa1B6MXpONEFpYzR2Q1JqQkFPVUJqb3J4VjYzbndzLUNkZm9rUDEwZjNCZEVKUk1tVkIyWU5NUU8wTmRRM2pPTU9GdE9fOEVyYU52WGtVTzJ5VGp5RUxkaEczZENCTWVxSU92Wm9NdVVNMkV2TjFfMjFrazN0VHNzZ1AyZW5oYTJQdi01dVpXZE1SNFdodTlfUlFTeTFtVUJIbXp5c3BfZVNDT3QtV2I5R2Y2c0RYZWZySXVhMURNUlE3bHhfa3otYkZtZ1E4WF9lZlhKeFE4WWVZMFQzNXNXVTQwZnVwTmo2N0tfYTU3UG83QllQT0lQMlBxS3ctRldLaUdLWl9NUGYyck4zQVRDXzJodC1Vd2dEcGJ0ZUY3ZENVU1haT0J5ZGVLcE5zRHd2c2EyRWVQZ1dLUjVtVlJxUUxuSEJxRllSVG1Vbm9QeUdRWDNXekRPNTVtRnY0TXBmOTZKeVdrMlgyUkFoUVNrcFl6MzlDX20yX09yeE90QWRVTFlJa0lqWlhEWTVzS21wS2lNYmk1U1pMUGpTMElBZFF6SXphdlI1TFBJWTdhenpodzZWM3dnVkszU0JiMXlhUzExRnEwT1VnaWpwaXI3TVo5OU5qNWlVLUtnS1JoZUNJZlRpRDRRcG9OV0F5REl6aXBnWlhZMFA2YnNRa3JkaTBaaXFiaDZQSHFwdlRYdWxTV2M2UDVUUlZUdWZ2Q212UUlOOVR4ZERKamVWWERjb29WSXlGVjFGYUJXRGl3SFU0NXZmTUpWTUpiUG5ZSWNUakdDeF9TQkllc2VXNGlNN2Q4Zld2MmlNbGY1bzZvVVNmNEtyM1RVdll4a2tXR1B6T3NGcWJXZ280aHB1NU9RTkdhR08weVZCMmpQcjBnMFYxTXMybHVwRWIwak9pWU9Mb05ueWkta3NQdDg1c3ptVWpwdXN6akxqU1pWX0NtRERiY2psZ0FFNXhaZGpQLXpCa1Q0Qm9XOEpEcFJubDA3V1JNT0JWaHd3WE1GeG5odDNjSzk5OExIU1VSR1RDZWxkUDAzZElzRlctbjA4WFlGakdMdTNSVERmOFVnMTBJajVlelE4a3JCaG5laDF5S0FHdzB6ZWdUblI1UjFGZFNlcldPRy1BTl9JZkFZQ1JHbllLb0pISWFwbjZqYXhicjRNNUgzY0Fydlk5Vi0tU3RXRDBRaHZVVXZpNkxRbHZGazJPeGhHM1Q5UGh3QjVYY1A0WDl3WkNmY0tfU25aMmRIWFd5SWY4NmxHUmp6N3dxalFFcFNvdUhfRXlYMGRNeGdYLVoyQWduZGxFR2h3TkR2U1BNaXZYb3VscWRpTFdSUmU2Zm0yZGMtdFlkM0lnQktoTDdJYURGRWx3Z0pHOW9pMFZ1R09wNG9TSFphZXFWVDYtWWtRRl9TU3JIZno4Wi1RU0t6UmJrZUNBZHowalRHSmw5MzdnS2tOdEc3WTQySTdfTGxpYWV3LUpkTEtYUFk1VHNRZHZWaTFZMjYyZFVCMExBU3RPdzM2SGJZNXI5UjlFanhVZl9XSkxObzd1a1gwZVJfZ2JIaFVqTG95LUhtSW5mekdHRm5QQWdFRmdtZjU0bEdjdEFIcERJVEZNYWUwam42Zm45NUJwejJsOW9iN3JCbEpLV29zTVluLU45M0t6c21ZSEZBMm11T2RtRHRkR2VmX2hwbG9MeWpYUmRVbk82R0pGODZqcGFxc1lTSGNtUXhLbi01NjBlT0UtSDI3SC1hM3VmOElrbTluQkZIc2ZJRG15ZzRwWkV1cTExNHpjSTFMX0M4NHc1bkE3Mlg1VHplZlBkTzlHNjhlYVpySUl2MS1LZ1YwMU0xanVVaEJ1YTV5R1I2Z3BEODVjRnBlZDVOOTd2ZDdKMF9nUlhrdjNBMldTWWc3akl2d0RIekNEVHlmeUowTXJWM0Q3RFpDUDZ6LURXMGhRUVhiUkdrRVVkNGxldmZuODdnRGhoQlFkSlNTS2NFeHMxOVFyM2xST2JmZjMwLURxdEF2Ym0yWlhBZ2UzODRBY0Vva19MNUVrem9LNW04dy1ySHRybFlwNU1HZmZKRGxPa3Q5amU2Q2QtSmY2MnFtSVhIbWpwN2p2NnlkamxObE5HYlRsRF9GMmpPcWVia295RFVJb2RmTzBCZGtlaGtnNGlVazZqdjYyRTE5MnF0YVlZOUgyaDF6UWRsLUxhU3JxOUhSX0Jfd0oxdTJmTmI2QkktUU9JM1lVLWFHMV9qY0hkb2NENWxtM0lEZDZJV25sZGRUd3ZPWmp1ZXBWQ2tKREpRWGV1UlRtM0E4bmJXem1GVVJLUEhkeTlWSXVNTWdHeUE3QW8waXlSR3dVS2gtNEE3ZGpxZHF2QmltdkRhTUNsSG9yTHRPVDRrV0xCTFJsZWZfa2dOOTJsdHF2cWZHYXNZQkVkS0xvLTB3XzVaZjk3a2lnWVU2SHdsYjhUYXU4d3pJSFV6a0lQVVJzbWZVbVBsTGMwRmdBOHdZaDEyeWo1M2NJdloySWxSTmxfZUJod24xT0I1UVVXUlhGaGYxdkJHOGx2N00zRnlYNGdUd21xVDg0Y0oyTmRRRkxFa2x6aXBlQU92NGZ4ZXFKbmJPUlRwaS1ibE5BMzlQMVIxV2JoS1V2eFZsMzJ5akRnVkNDMU10N20tR2pMVnhQZFdGNktCeGNtdXZZVFRGcTNmWHR2NUYyNElvNmloM2JxR2ZNeUpYaHVUOXBhVFNrc2QyZlczLTZESGl6SVdpVFdBZVptZi14ekJONjFoNHE0NFQzalpNc1g3RFR5cHVzU2xjUGhpTlFRdlMxOGRKSWYtNXBnVXlOa1Bjb24wUE1heXVpc3RBS3JGZDA5OWxjZ3hqeEpZUlIxcWc4WVF3VXY5a0NfbWduZ3g4UjlFMndHQml5YnJrWmtuV0Q3aGp6a1ZqMV9TR1hEb21QOE9FUmNENFE1d3dSVndLZmxfWWNySFZwSHh0ODhLdnlOUHhuT1hvN0F0Y0NZUUZPNUpKLVlsSVFHNXBkNHBxLWh4cEVuQ3NGdkJpSHBOLTBnQjBWNE00TFE1TjRCUmlDU2ZzTUlJcGZFcHYxa0s0dWRmam43SUoyOUlxdjA0ZExtSmMzRmFxQ25DWFh1cWVkeTVJeUJ1TExrYVkyQzhfb2xOakN4RkZEVXQwV0luNnNTdEdCR1NLa05KcVRzMFNkeV9vNDc4WFFCaDFnNkJQZTVKNGp0RldtaVhXR0tiMkFrQUw1VWxHYXBqem1McUdxT24yREtoR05ISEhaMkFYQnd6aEwtSHAxcTdERktRSmFLTE9SWEY3OEd4WHdvSUpfVjZ1bjhRZmxHek1EWTZ0OEhpQkpsYmxpWmlvX0JBZkNOOHY5LWVuNHJwQ29GVEZWbk1jVC1aVnFHNHhxaUpjTXdRRmVscS12QmN3LUlISzBRWkJlWU55S0RZN2ljdnZFWXhNcHlJM0MxZFBzTGhnQkVRa2kyc2RvMmVKMUxwZWRJRnV6QXpiR1BrczV0U3F0NmNpVTNNZ1pBUjZRQ3hLTW9rVWMxeUk2WjNUTmhuU09IQVFPbjUyTzF1M2VaS2ZQWEtWUEg1Y3FFTmJKZjVfUG82S0hueVR0el8xQTlUbERJWWd1NE1uMHV2TGNBNzlRM3JjU19VV0dyZy0zVlR4TDlYNVZuUy1oVEQ3dk5rd3pCcFR1eFI0R05YSy1SUWJNdGE3V25wdS1ULXFrMnpqZ0hNdmRRazliNnVhVm9LZFEydkNvaTMzMjlGM0ZRckozbUoxd1RBTXBqd1M2MkNwbi1pS0NqTENhd25IU3NtRGRSNjAwc1FHTGt2RXI3WDBZT1ZjR0ZZLUs4YURQNXRlcjNfd0dFeUdVWklFaG9tMEVUMVNKTy1TWGZtWDZOU0lEc2VYMVFyWjJ3TjVTT2x6WXBTNjVjZzAxSWZyUGZnX2dYY241V19aM3NBQnp0ckQ0MDlGcVYtS2JBN0p1VlNFT0hoUWNfSWwtUWxRNV82OHppbkl1aE9SZUV1cGZ0WmdRT0M3U2tNemRJRzZzcldfajQ1Z19nSkFWekladWUtdmstdXZnUDlmV3ZHVmthdVdOcEFTY3NSS2F3bWJUWnQwWXZpREZOZnJIbEpHX3ZwNEtQdmg5cHRyc2hTaVFKZGxqSEFCejlDTGp0TVFMRWI3UTlPcEV1M1pjcDZyam4ybkJQdnhtdWszQ1A1bmRIM0xoTjVwYThGd2ZSSlZreUp6SlNSYVExRlk2OXZ3b1IxY05sWW9tajZUVHJCM3MxMDdHamZjdFg4MEtXT0loanUzbTBRSWtWdVFEdUI5bE1OUTZaSDg5elUteGRxaFkxZGRvR05QM0dUSkZSSWxHYURqWFZXa1VGcmpRUEpvX1dNVFRpZ2U0bko2Mjd2ZjZxTEp5RkkzVno0SzBBbE9VMjVhelBSSFpxQWo1c1dBZ2RQQW1NY2hKY0RCV0RoSzB6UG9MLWN5dGJfOUVoU2ZDZmc1ZGFWYlhJNUkzREJSdXlKMnZ4RXlOMy15bDdod19FTkpCUmxmQW55MEhXc1U3UVVQVEx0aDlsRDhmWXFZeXQxLU5ZU1F5RFdmdlZxTkdoVTBXOG9mN3NqdHJYYkRBUWFSZDBBYVJMZnlxUG9kYndxbkt5NzM5Y044TmVCRkpvSTUxcEtZQkN6bTNSWFVVR01fX2RlYmUzMjlnOTVXWGhCcmVld0J3bXdPUV8wQVlDSzUzQUoxVHE0U3Y0aGRmSDRmYnJPOTRsZEJURGhmVjdIU29wNUIwN3VYTjEyWkF1VkI3OTQtYnFHbDMtSTkzS1NLU2hIY3huSUN1QWJDZFNGYnFhOTJvRVMyTlZCNk5SeGNHNHVPLUNMZXdUTEg5VHRZVE1zcUVaRWs5NkJibGJ0aTkwcTlhYUxOWFhQWWstTFR1SVdleC1SZE5GRXhZbDlpX1RPaDlOSGREZ2ZDWVZGeVprQWVRUzZsLW9QR1BZWHpleFdPbnZPZS00NTR3WC1LRFdEVlZJMHJzeDZRU19jLWZNdWppVDVBeC1KWlFtbkhMY1VUZlRJRnNqeHhsWm9uM2NLdTFSS3h5RURwa3BWdmVRNXJPbkNPZVZQQlZWdWJGU2hnb1N5aTVLdURoNldHZGJubDNpT3dobnluVnk3bnYtRXpxc01pbDlTNkk1NHc4RTVJLVYzRi1TNmFMM2ZwNEFhMkVHMEdXNHlGWTZCSzVjWU1sMzBWSGdhWjZmTnlzZmhoQ3FoTkk2WEU3ckc4UFJUUV9BZGpLMXE0R0l4anAtVUx1Rkh1Yll4Sk5PZzNMNlFjQmFUdTVCdlM4S2lrM0hpTEdaQUIyTWJrcDFCXy15R2NMeFhsN3FQVk5TQzIzZ0U5WEdzZXBxV1NUdWRJSkVzMlJfVHZuWEVCdTZMREM4bE1DTlpvYnY3Y1A2Q0xtbkMzRHk2akZhU1F0LTVpZjFTTVc4OXc1Uy1HVkVOV3ZkNU1hcm93d090SUtERlZ6TVE4alppdldydEV1ckVkM21LR1h0M2YzZXZKek9nMkZiekZJb19JYksza2hqOTRJeENkVGEwbnByRi1aTzVlT2NUS3BuRUNaSS1WX2Z0MGFpeEo1dkZ3bDh1OGNRelB0NUdhOXN2d3VMTDRnTHg5LVhvRHpqRjNrY3V4T3M2RXZ5VWlvOUExRC04dzc4OW1MbGhIWkdNX3BTMTQ3dlk3eFc5VnVucklrSUY1ZlhYOV8wZjBRMXJuZEktZ2FSM2h2Z2tMN3JPOVBoTnBUOHRkX3RNMWhrWk5yUWVFLWJHMWsza1NCM2Fmakh0SDJRREdFUHdpZ3RRb0VGTndnQ3lkekg1Qmx1UVJ3TjhsSXNHeThkLXg5ZVI5X09RZUNhcHRoNUM3UmxKMUstb01QVHNTbm5sbmVoNDJZcFoyOUh0Rk1CTVZvcVdtVk9DR0VxSHpkOVd3QXJ6YnJaQ1M5TjExellyNkxFcDRQblRkQ001Z2hWeEc0NmZCNjY2bFBDdWRnOEtCUzdGVHBSYkNtZW5uMFNsVzJfTVVsd3M5aUs0ODgzeTdXbmtFYllQSzlKSk1ZWFpEdXU5eHNmcXZvbC0zRGxfbjNkQzFUU3N0LW9GU2t2aUxoaHFscUI0YlhGUWxaaFdVT0FFTmJIR29SRHJrQnp0eW5JMVBJNkstcVdKdi1xMGtURUpZU2R5WU5jT2pYYXlMdU95UmFnaXdmQnpvOTJGUVJyX3piZ1RNQlE0c0pFdWRuVm16YlRodDhVR2JoaUh4Vmo3SFpFX1pGTUNHRWtHZG5CY2cxMUVsNnVQdlctRjRwSUVBZDdsanZXTnIxelhkVFpPTFNZell4VnFWWnVtLVNnNllZN3oyemh4UlN4NUttM1UwTTFrcUNwSHFqRWhobFZzalJwMFE3YkhKTTJBYVBKTGl1RjF2V19BVEdmcWFXZTNhbHgzb1VrZkdLNUJ1Wi1TcjZLLWxqX3czRDk4OEJSaEl5N0wza1RnR2RRaWp3NmcxTWlLT0RmZWtkbHN6YWRYN2FVTzgxam4zZXllbWYxUXRsenlyRUZCU2huYW9zVG5hTXo0RmdsY2lEeVpZLTVQX2ZOODFHc19ZUUxWZGVwYlJ3dGF4VWFkdkdLY2xzM1JGQlJZQmloTDNqcks4TElTd244Vkd2YVRiR0N3dUFTS2EwQ3lMNUJiZ19NQnI0SmdOYXE1cVVpZVExcjF3SjlNWkVZTzB6dXN4VHhyMlVBOHg2eVhmVVJGd0FONjVlVnJ0emFtWGhGbWZ5Y0tZME1RTkgxOHYyazJ3b0JFRkRud0hRaHRSMjEwMkd1bkFnMV9uMnZtUmktRmdtTW5ZTUk0ZmVUNDJMSW1PSXZja1VHN0dxSHV1dWZRc1dXS0lKNTAwNVFaS0NKS1hFdllzYUlIWHlDaVZPTGZ1cnk5RjBpS2EybWZrNjhUS3RHXzhma0REcUV1V1JzRE13eXVZZzY0NXNCSDJVUm9HUmR2bGhVcE1kenAxM3lnT3BSSTlqSG1pMVJXUkpoaVZydk5oM3pjUHlWdGxQbjdWNE1GUWtINXJkMl8zWVZkX1FCcnQ5Q1BKOGZEdmRjeTJQSTd2bFV5Y29MQlowQ2RlMUlJaWdlNVRFdTRvZ3Z6VUZaQVVfRVkzVVlIOGZIVFJQcjB6M1RrX09JeEtUZ2ttSE9MRGZoVnJaNWl3MGdqTGpJZ3V6d2pZeUFfY09YN2pOMlV3NS1uZVpzbWdZTTZOOEQ2UUozVFRRdG53LTlQbjhoazRHdDhLY0dnVFY5N051UkdhaFNxQ0d6OGppb2IwQ21fcDZ1c1gtYnVLSEQtejdhdVptSXlGUzRDRWFpRHJaVk9ZZGQyWUZabThaeVdWV1NvWHlpT2sxamNQQS1KdkJnVGtDUU9MUFp2U1drOVBMandBSHFVOUcyMXo0aXlQSEtyWjBDMVVsbUhRSUExVWFXWEd3OVZZbzltSGo0bllkY0FGa3RjX01IVXBOR1M5c29CUjdISWJpQVZhc2QzeGZOUmhrTW1FSFFnaERWSmxXZXk3TVJtdWliNEI4a2ltZDVpeWI3TDlHYndlSmlweTV2UHdxNGZZalJERlZia05vTDdZNTdFZWdLeVMzdnFubEpRV1RjS3h6RUNSTzc4b3Z3aFRmRU55XzNYNU9YZWRpenduM0RuQ1FTUnlxOFhnRFpyRFpENldMQUg2emNlejZnU2ZoN3FBLTB3NWFNTWpFUmQxdUFaWnlLUGNuVXJUYmhhNkd0dHJXdTVsVFB0QzNIMGhwNVdVWjI1bGNGYnNXNVJGX28yY2l0dnVTNzRYOVpSY3dYUzlDM2pUQWVDVC1uTDJJS2RVUXRGNnFFd3hZcGVmaGVHb1k1czZOUkRlQzBRTlJWWDNoQmpFbmF2dm40OFNHZkF2QlhNTG8zNThfbndXeUE0YjhtSVJadWU0Ym1Qa0R0aU9nWUdPNHVoY215aTROWU5kMVBUaENMVzA0WHFWb3pwQ1Vva1NueURYb0xMNFBnY1NpQWZMOV9nb3pwSHBWNGhQVm5hM3RsT0c1WEdmcFZscTNacFpEM2NENlpSUzdVN3hCSTdfR0laR2t1OThGWkRsUEVsRk5xcUV6cWlWeHFiUnF0X0prN1pBLWJ5V3g3ZXVQWVhicE4tLXMwZ2w3SHFBRnNrQTNCQW56ZXFyaHA4Nm1SbFc3NjZnMjQwZTg2S09hMFEzaGRkcG8wdnp5OFVxTEpCOVZURkNpNzBQdzN6WlZPdWl6OVVWTnc2UDRPVzRBYlJ2NWZYYVRzdy1PY3lzMjQ3YkRsdm9sMDl2NDhHa3ZSQ2ttWHZDQVgxU3R4X1FyNm5GMmwwcTBPVGNEU2FiVTJFWjZmZ2F3MGsxN21hdmIySFA0SkVtZnZwdkRwcmd5T1dUY2NWMDRVT2NBMDA3eGpaeTJNME5uRDZMZzVScFYwaDN0VGJjZFpHaHJXRG1icHItMkxhZmdiWG5wcXJ6N2hJVnhwa0c1Q3FaSVNJdnFYaDd0M0pxWVFGLU9XOU4wT2VqSmhsMVhvMzJlMFVOM0JNVmpzMnQtalU1bWlMSEVBYk0tUDd6Qk11WWdRY3JiRW9VaU40elFNdTBlazZpN1Vfem5ocUhDOG1OUVVnakhWSXZFelZyV0dRdjZhSmxfSFRUYUxYVmxKTWdGbkxfaEhiaFdoQlBxcUlHcXNvd3JXSUxVc2ZXUmtOdG5FOWhRSkM2OGtvUlVyMGs1UTlYd1RkZk1uNDlhNXgwRWdGcl96TTNIMjdXME9wLWs1VTlrLXZfa1JyVmpQSG9kcmRBZ1lsMTJqYkVvLXFqY0lFbFQtOVZGRE5fSE5BZ3dqMGJPaS0tTi1CZTRybWFNclZhYWh3ZXR5bGxBNjNGWlg5NWxoNGJzdjNKT01lNWNCTHRRU3hWRENvNUZVNDlZRnRhelpIOHA0S1hTd1MxZ3FnRko3ajd6Zi1iM1BfMUlLZFJfZURCSmt4RWc0UUFXTmg5UkdXU3BrU0lTRlZXZU91VV9DdGlVd1ZHRFVZSk1YWHd1RVA2V1RDcHplRnM3MlRMVkZUN1FJbkR2c181dTFRY3gzaUpFLUxBczdDZ2R4NldVZ2F2YmZXbkVpckpDanY0NlhtczZPa002Nk9OZ3U1YmNTWWtsQzdiem5JSFZpbWpxeTVXaVNHX3VISTFQdmVsZlNUdzFwM3JQekxQV1dldFlFeXFNbUtHM0lBUWRMdnY2cTVNY0lLUzdQcWhHYXFQWUR3NDhpN1I5aDNfelFjbDFUNU54ZTdCeUF0Q2ppeGZzdkRrenlCZm1CYXZza1l4ZWhNc3VNd2tIbWEzb2hab2U0NktuWU1KWU9JVmRHNEtmSEV4NFRnNzFwa2pMSkEtNUlvYlFIYU15NmNYLUxiUlVvRVlkaG9rOFY1WEtKdHpiRXlxa21tWHdLZnRHaWFEZlVGX0Zlb0xBYW9leUpCVHFfQUZ1N0pHNHNrdjZGaFAzNUN4NzlpWktsdXRCNS1aS3RJampEVnV5NmQ5TlpXMFRQYzNZY0VZdnJwLWQ0cVg3WXFiMFdGSGdnTGkzODk4akx0Q0pKZGlRbWdOTjVQVUdTNm1NNUp5LUpFQXYxRXBlNGFSOTY4MXM0dktac3FSbUljUjMwemotVDhQeUlqVlBhYkhyVjVlT0c4clUybUw1YlhhRkNiUGUyLWU1X0dTbVlaZ3hfSUlxazVMMHRTR2dDd2lBUFFiemdXU3FYSFRscFJwc09ELW1VZ3NwVTdxMVBENlI4NDB6a3ZFYWlOVlZCSGdLLUJkZnVuRnl0d3ZIRER3YjNUWldTTzBTbG14Zlotdkh1Mm16b19Gem1ZQ3N6ZkxqVWNyMmluRDI4aU9Jb2RSd1ktS2tuNXhLamhWQS1xUi01STNSd0tFb2EwZm5sbnluOGRfOTZKT3NRRFBjQllvLWJJN1dfdGJqd3p6TXE4cy1HS3BrekpSbVVJb0FRdXZCWm5TbTh6c1Q1Mkk5UkgwUEx5VzQ5aUtBRGhjb1ZtbkMzNkt2REZZVVlLU0IzMHZfUlk2WmNUQXlPSXRfVjQ3QndtQVkyeXZ3RV83ejQ2MEEyY1BTeGY2c1hRbGFPc21Sd0xGcm9yWVNHM1piYTcwSTVkWG9ha2ZETEc4ZkFxZUhIbnJHaHNnSlVqa2JYbG1rMFJBQ0s5WXlLak14Z2ZIU3o5S2ZtY01ycENxZXdTbVRhcE9kLWM4aW1RYmVveWJZamF0LXlIdE9FR1Ixai04VUIzb184YTZsOEdkQ2dJclQ2Qlp0WVpyYm03em1vV2hDT200Smw3WEFybmpCYmFLYU5aNy1hM2M3MDNJVjRSbGVpOTd5QV95blZVWG9JQ3A2LW9iMWd5Mkl0T2ZlSzRwbi1VOVBjdFEwOXN6T3BnbjVtYTA4YlFiZU8ySVdLT0NtOEQ4Tjh5S2lLeHZNbUd5U3FmYUtJY1JNNThHUnU3OFNCQWdBMkMwNlVTZUdFU2I5VFo0b2w4YVIyRkR1cHU2Sm9zZFh1RzVFSnd1VUFVaVB4OG5SajlSaEdCTUZKc29RejBZUndTWWpQQlFLbHdyak4zYTZDbTIzMTRaOXhTYkk1eW5MQ1c0SjVfQ1NLS2NFcnd0ZFY3QXJ3R2tWcUNGX0lDMjlQN3EzZEk2bmRSajJtQkt5QTB5VkVqcVVzcW9pYXdsM2puVlBjeFV1eC1rZFZHbnM2ZU1DdHVJX2I2UWtlM3gzRHRWa2c3czNJQ1VEaFBjS0lnRzdWY2t3ME9ORENtTVpmV25qUmhXWjlfTXY4ZXRzZnF6SFVSTkNWTlFBMkljZkVIRUJNS0VhbGtMSXJNZGFPNDBCeGZMR2VLQUMxN25aSFh0T1JUblcxM3FNcGE4X2w2X095SmprMWVsY1NmYm95ai0wV0ZVZmY2bEltXzROLVhGMEE4T1B5RTBuaVZvekpVRGJ3U0t0TUlJZDJqRjBiT0RKQkppV1EtcXlHdHVTNW54dDRQT0lWQzR4UmZhTnpZc3Q2YXRrUmstSTRybHpKcXNIemJuTGFpVElJRkFadnlJVFY0VzhoZ2hJaHpXdEZoOFZiVlJ3VVg2cVhWY0x5WGlXaDdOa3Nwdml2ZmVWYnRWVGdwZzlzcTNRdWhXZmoxMG5PMUoyUWlMZ0s4dXdRS001R2lHYlh6dzEyUC1lV2o2OUt6M2w2VVo3bTBTalVMOTJ4eGR0R0J2RGxEd2lJLVc0WjlzSV8tMWNNQVFWS215SHpfOTBCUF9CQmZWbzJkUWVrWE41bU5WOXFLMm9XQUs1TWpJS3NtWWZuX0FpeXQzWWUtdGFIbEdEWVg3R184d3oxVXpUdW5MN3hWRnE3eEpBWHJqSy1LdEdCMjJpZXVfME5IRmtEdGdPSWRaTFZJMlN4SUJwaE5Gd0g5WTdKQlAwS0F3d2o1M2ZyanFDZ0Nvamw1TEZ0UElpMzFKS3JiTEJxUmhSUW41RmxQNnZtbmZBaUVHTFR2U1JLNC1jTVZmdjF4Y3ZONjlOT3hYZHI3cWZwUU1aLXFwZWhaMFl6bUYyRUQ1bE03Q01vMUtvYV9yN2N2VVFnZnc1LUxnNDVMSkxEQk5LLU1aTFZBZlFOOTloREZhUzRTNlRmeGczc3g1Ynh5ZE1SV1VnaXJfNFN5M2ZZeDBBeDRrU244ZjlPTFQzN0hNOGFLSTI3NG9XaGVxSkQycXhzX05ULWYtQ04xYk13YVJ2dFl1aXVrOXYxYWVZdGFRX19xN1V1aHlCeDJZYm15a21qZDB2UVRYd1E5MW51VVdXZjZ0NWdtanR1VG1fZ3Q0cWVLdmdmcWY5NVVFcmM5Umh0dDQwNGhKNTg1Vl9hSUVOdnJpSjdtUF84NU5XWldoYTktSS1Ja1BaUGlSTTlzT2Q4T2l4aHIyYzA4MG1rZzhpZXBiOEVhMlFkNjBPNGlaMnEzTkJkWmNwT2ZjbkdhMXZidlhEUTJrZWtvMmZXSm92eFZUWE8yYlVsMk8tSTdESFBpUVZyYi1QVm13dTVrcGt4dUVOWVNRbE9QNGJJRkhQMkVlY05wQnM1QThjajkyR1BmYjNnUXc0NWNnaTdoekF6QTBmcmplWkFkekJlVGpiUGpIZURvb3NSdzNjdHhTVHRlUGRkTzVsdzJ1eTQtREEzTXBDWk5weTdOZS1YUGc3cHVwaXA5ektXZmJrWGVUcHJpTU4ySE1QNTJPUUU0R1d4eXNNNlVSbHdDZ0d1YW5SNWJNOVcyLXBwRHgxbWlEVTJyQ0dIemoxdWNjYkJmVWVvdFUtdmk5bkI5Rl9TVGVqT3oxbjl6UFpsbXJDMVc2Y1JDUV9OZzhCMlJBeGFEQmlDV0U4Tk83bC1aVmFSZFJ4TkVWbG93RmNQWWJzY0ktVnl5ejRFX3VzR2d5OFNHd0l5Q1FtOUxsZnVCS2t4bVhCTjFGV2lCTzIxanA0VTU2MngwLURJQTVadFBDZFFnRWNVTUFwZ2x1dkpxZEpBczdmTDZneE5tM3M3TjlxRnYteEJ2LXJsbDlfSGZrcGtWUktNTE1OTXBDd1lvUEFiUEE0N3FVMDVBOHhxQzN1c04xRGw0YkxLV0ZsWndkenI2OXBSUHZ3MWlHS1g0ZkNrd2d1VXdkc0VndlVuU1BkcldNLWJSRWdPV3pWa0hnYy1PSnpmUGM4Ylh3c1AyMC1mWU92SzVCbU9ueGNSZFg2aDNTY1VOV0FCOWl3ZUpPS0NzQnRHYkVIVkEyc0FLRElyd2tyZks3U1JwSE1odURCRWRUREYyNlFKWUhDY2ktNDRiMlVjRUZGaE9BMlBfYklqUjZ1LVpyMUNxMFVSa1R0R2kwTktDWjgwUTZQNi1sUFFvOVRFS1dMYXIwNWFDSng0dGV5anhLcTFZZC1XNHFyaEpIZ3duZi1WUjFaZE1aWU1Mems3cXVJRDdMSzFvTTlYQ0FtVDNwM1Eza1JuSWFsc1NRNXhUV1hnSXFUd1pwdWMyX0N5MENHcWtyWkhHSXJqT1dsUUZZaW54WkNxcVBBOVhRVmdwbGtXOFRJRHRNZHFyd3ktU05fcmFFcUhQek5ncjYyamFqNXpCbUxSUkpkODFqRTlpUUlUU2ZTamljZkhHS1NaT2RjTEFRRnZGakR4akhrbElvZjdMb0FqSTVVMlBqd29uWEI2S3hJQS1ZenV3UTkyR1hXUUhDTU5LMDBYd0lDazBiOFdVUXpaaGs0cWZxeUZrbG81TFJ4c1Y2TEJwZWdyTDZyUE9sdXNoNnhzNzQxME5HN2RiWWIwZzFsVW5RNFEwZ1N3SWdBel90Y1ZEWkZrQkJNY2ZWQm54SHY2SW44V2RjRXRxVnY2dmM1Ykp1azZNZkF4cFVObWxVbUR4UHdDSmNVcllHWXd2N29objJnOV80R2ZIWHhXLWNVYXdzRVd3bVBoOGhncUZ6UGtKbENIMDhiaDdNajd6QmhwbkJoMVNvTk1FQmZWMXk3dzc1c3NESjdwb3NibjlrckVhLVZwM3hjOVhKY1dxS21ESldCMlVjM1Y3bjUxVUhnSjJJanZIN2dNRUN1YkNXSmk0dm04RURjdDFreHV4bFBSU2FHN1JUbVBxWUZWQU1fTW9ZWDRYa1BmOFB3dEhkbXBoM1dTaUdtYnpBREI1Vi1KbzR2Rlg2TklYYjZqSWVGRmRmRmJ1TWJ6RTNwT3NKXzEzX19JRHF5RldjSXBudWVSZHhxMUJCZ3NvblFvNExuZmlPeUJScXpSX0x6X2hud0NDalRPbUg1cGlkcUVUc0o0bENDNjhhcEJ0UUozZUdNTUdjbi1ra0FRTXNGYW5sQVRxbFJOTW5sQmZsemRmWVZlbVFuM3A2TXZqS3A1WmRCSTEtWWliT2pfcGhZemtpdExMVWgzbEd6N1kxRjlpVGIxLW43cklST0kwajFnVTBaZ2NnZGxuZWozOTNSUDlWWWNlMkF5SHZ3R25PUmxxdDBZMFlwRFdRMU1rc0c3ZnlCTnZscUJPNU1wR1ROQzFPZXNwTktWaktxY2ZHb1VETlppMy1zTGhSc1ZMQkVyS3F0eUlpbk9yY21DUWhSMExFMGlXVHRIQVBnSU9FM3ZKWE9iMDlnQkxjcW9ZdTN3WThPaTRlWkY4WWdfZDFIeTNxOUlOUFpCcklRa1dMS1lDcnlJMzlVSzR4WFFhQXBzQ0tKcWNoR1V0V0gxYmJJMlVHTUQ5OGtrdWZjUkoxZVYzQVhyQ2NuazFMVzdBLUtRcFB5QWdHUkFVYkdLeUs3QUFPcWJxSUJMejhLVmRTVnlqWm04b3VNRDNScjhvZURCeVd2OUFSZ0RrOFpmSmplUHJQRDByNzNnZFJWSllBTzA1d2lDUjJQVGFRcWt1VnFzM1JmU21zYm9HbG9obF9PUlBBenNVRlFoR3RRTDVteU1MV040RFVpRkNDRTJ4WDBIUXhVZEMxa1N1Q0NaTnNLR1RjZVpvMEpycDYwOHdWT19wTFBNeTRfSHZhR0h2MGJRVWNERVVQV2lmcm16ekhUMzhOVUhKMzZ2NV9hd1M0STB0REx4M2xKQXpZTHVkU3l0d01TZHQ5NnVFU1JHZTBtQVM0WDkxbnVXX1ZiMGNGd2RYSnVKNnF4SThVQjVmeXI2QkRSYXVBT3pjQk9ZdzhMcnMwZzJiQ2pJWWFGWUgzbmR3dlIyUWlLT052VkpBQkw0cEg3dk1US1ZaZEtqTEZnd2VBczNmRnlnYjUzQ1RRRkdjRlBVREZuT2ZjdWJjSXhiQTJ3R2J2alFsWkVPaWNpWEk0VGViRUZlSmUweVVXR0VfMm9kdnFIV3g0V011SjdtYklpQ3JJYjB4b1hHN1o4SGlMTU1zYnBmZk5aN0pmaERBbUo1ZFNXUzFlMXpKbTFxQU8yWTR5cXhTTTBGOS1Od3RDWXJXa2xLaUlKa0R3cWV5d0ZxZHFIQjlSRGZwc2JvU0VNaURURFBVcXNrMHFYcVExcVdBd0FzQS1POW1sNTVzRkVqVFk2WVNxc1RRZDVya0pzS21uNkZtMklZQXlYTDdaU1JObU1fNDFoeU1NR0Q4Ynp5RG5WRmZsOWtPTW9QbnJCNVNHQjY5eUZSME9STzc2WnVxLTFOUlNqWXFYYUcybTVtREJMSDVnSnNpdFJQSElDcGUzLUtueG5LOWFCbTJzRjk5SDYzNEdpeV9TY2pKaXhxQXFQRkNyLTgxZHlyMnVxT3hhZGxUSmFWLVBPUkRtdFVidXdNd3pMOWpoVXNiWnRmX1NzRjU3eFpRdmdXYXVvekpvajRkYmo3SDNqN3F0SG9KQTc0QUF5WGozOG9DVFJzc2wxOHpON2t6X2NnTF9keHMwN1RTdGE4LVVWSVhURFI3LXVsVzd4bXdKdWZFYU9ON2J4RXEwdHZCeHo3R25LdU1wamtIVjVzYVlCUk9NUG05TkpvcWo3dUdxQmxYNEUzdTY2eTFQMTFnUXBkYXprdTY2Qno2Y1FndmQyLW1wcU16Z2pvQkY1dFZualgwclA1aEhYMHZ2d1dlenJxNFIyOEJqSDZTQldnelpNM2dWYW1zWGRNWTIwT2IzLWJMdTRmNDhGMDhTYnNFOHAzWGtYamhCdWd3RzBKTThWT3BDRzdBNlNvTlR2VWhSaWc1c3plOVM1YXlMTEJxQ0FBZmpxSXIwRzdnSW45b0hFQ0pmM1FnOXhmdi1HbVIwSmZpbU5WdElMNWJRUjZiRTJCanRjMXpHSk5NTHZxaUxhZnRnWkFwZTNwVm5FTER6NHZueVZNUExsWkF4cHhSNzRGTWFic0FXNEV4U19iaEVxRUVsTmxVVzJGbGFFcEI2ZkJrdUh6d0NtZ1ViWTNHQlljYU9oeTE2MUJJUnlVR0pWXzU1ZXI5Q0FVSkNfRWR1SUJxODFQdlZqYkpLemU4ZWVTUHpQbnpfTmdTLUZmQldjRWd6LU1udGp5ME1CN3dnUmdZcWVEZmZSdXRINUtaMHJzZXR3b2hDUTJkcy1mc1piN3ZIQ3B6WUY2eFVKQ0t3ZVItT3dTanc5Z3dVcmV5Zzk2RGhkZFJfcXNXdmc3UzdGOTlwVTd2YWo3RDUtY0cxVlp6OG1TQ0UzMWp5LTBjQkxQMFJILWI5ZEs3a2o3RkRDYjR5SHRzTWNYUWZDWFFrQWtzYXdZZlRwOGRpZEFpTzJoUzlzN0d6dWQ1RThXbUFvZUt6NjhzQXZDVHVxV0NqbE1jRmpCMmFnOFhzUURPVUZZejIwWnZFYVhpclVtRzRpRlpDTThHMjNxSWJ3VDd5VFdvblhseW8zUFRGLTRYOEVlWWw1NVIzSFhDbndfOFVxTV9teDFaR2lpcVl5aklKc2ZOVTgtMkhHd3hCaWktdU9ZSHBmdVlDT1oya3JoTkFITTZmZ3BYUlI2YmJjeU92TVk5c2o4Y004R2JWTEtITjFaaDNPM0p5LVNGMllyZ3ZnREJkWVcwWFpiZl9qLW01RU56WlEyWks3RHFhV1pEWVRFMVpsLU1ybUtWeGU5elV6OXBISUM0Z1JlLXZkbzB5SjdQMTdSVkdfX2hVbWNyX2VBSTZnQ1BPaVZHU2VVdEJ3eWFBQjlUWFNxNjdLOTcwSk1JdExjN2UzZ1RMSWVSQkFidUI0NWgxMldPaWRWTmpvbC05T0tFblFCbFRrWFFxMV91Uy0ycHJPcDRrdEFWeThxYkJvbFdNdi1tT09wRE52T01pcWtOZEJkcml4bUVrakRDZWZfLW1WUkl0VDhvNVdrWlctam50blVfZWVrNWpKOHdGVXRYdEMtTkEtZ2NERnFGbm5yd3NDLUttQUUyMkRDSWkycUo4T09nam1UazFsVUNjWHZwS1Q4MURnVWVoNE5NSFM3ZDk1dnVyY0l3bWFjVjBjM2hUc2h1ZzNJS0Q2NGNacTJwZU5tOVNWcEtpc2cwbFVrNjV1WVUyRzM4VGpNbnZmclJ3OUZBblhUU0VOUzZpMG8tVzZlVHphUjl4SktaaWhBSjhsaFNET2MzYnJTRjlzMjNiM2lKU1Fxdzhwa0V1cXJTeWZ1WTB2SVN4U0NneFVnSF9kV21ZWVFxVEhoSXZ4VkpmUk9wbTBiaHVMSjlDbVFyMExORUVfZEY5dkpDRFVsTnBSN3k5QzA5VC05Y3l4ajBHaGtTd05xUENwRnppVDdQNVdwRVd5SVRSTUlZX21PSENkUFMxQ2FnQWVRcEpfQldaTlI2dGlTOWJPWUwyRlRjMUNVS3BKSWM3amx0bGJFWmQ1c01VaGRHa1RudVJWQmRvT2NlZTNnVmVJZkJhLWo5bFlyUUZaUWppT3Vfbkt1NzFVZXJTQVBnMHpsV3hVSkcxdEpGSVh4WVZfcG9WTHk1eXlvWlRnY3ViUGxLR1dtYnlzS09MemVTNTMxM3F6X3VJbDY2VHp1SUxuOTVacFpQaXduaXFoTzJpbktTY3NDX01CVkNYdGhTdVlXeW8xSkI2alZlX1h3VjctS1dUMlhjYk5ITnl5M2RWTkJwOWdidWl1RWlmNmExUDhDTlVyRmNzQjRGQlBOaklld1I5MDZNWkM4TUR6bUtfWm1tb3M0c0M4Ql9IcWctMXhaWFZZQnBLay10YUpmNWNBZ2F3dmZxaVJ1a1hYYkNDWHpKUFJvZjNJQUQyN3dZTUJLWEpYdzVGcll4dU9hMHEwRlJVMTVUWG1JN3RSbVFJWWE0eDFTZGVhZ2hMYVBGcFRwNjRaSVZBa0pJbllHbnN6aml4Uk5mXzdreDdJc0xNallZa3RFekZZa282bXZEX3d6NXFzUmIwcGV6cENLcVQ5TU0zcnB2TkE2NVZsdFgwMGt0cjFxOTdXajVHejNCU2pBN2pfVWNhdmp1R2dqV3Mycm5jNWx4bU41dUhPMnF2T1lFLWtNV0Q2S1NaWFp0bkQ2d29LRS1QZnR2bUFqUEFiQ2RCT1RucmRESm5NVW9jdGw2TlJlZG8xVkVLalJkclBXaEhPWXk1Ylk2SjVFZHdiY2I4TWlFcFd2azFSRWJBRFVkdjI4aUluM0pMdmlJODE3MkdhRW1BdXV1NEpHcnlXVVM5ejdRUmRYb3R6SnF6MDVVcHFxRFFHQW42bUJCTURYUmhLUzNhcWswQkhHNGhGQ0ZMaXhva0pBOFZmMkdoMTVqa2xUZ2pOc1VwajN6cE5iaWZ4LTc2WmRpSmxpcGxPUl91MDlSVHN2TUs5Q3lrNW83QzEtX1Y5NlJqNUJVUkoxT0NLamhoNkNCV1RvZ3UyckNFSUVlY1FlT0lnWmdFYy1yclpHc1BPUXhtTFdKdVp5SjRLcEtqUFJPMWttTjVMRlVneGkydVN4d3YySnAwTXRGODVkXzFjMzNXMUpYOFp1aHNrVGNFeExaUDVLekJWTzdlX2syclVuQzRid054eDVHUlhKRTI2OUlhcGFFd3Nad1RrSmRBOVc0YnJxTXN5SnNmYW4yTXlOUmxoSHpzdUhpeUZib3ZpWEFwQmVsMVQyYTZReHNqTHE2QmFHUWxhUXFSZV90Rk5PVUl6UzNpcDdCdUtGN3hqYjdNVUdtbU45VVg1Q2pHb1NzMkRnRElucVlXejVXUGRkZG1KMlZqc3dUSVM2emdHS0dOLW1uR0NHU3c3MDhfWldEbFlDVkxmdnpDc2ZFYTB3X0Vtc25NRUtsZHQ0OHhXT2FwQ0VUaVI3bjJsMFVNRGtPQjA4blB6QWF4dWtyaUg5bDltMzlwUGhOVE5CUHE4NHhYOE5MTy1hVnh3cDVvTEZaRm1uZFN5UzZWTERMTjdEd2hXNGtLQS0wcnlVQ1gwenAyRk1DalM4SC11cHZHY28yTVJMd3QwYnFzb3gtd0lYUlU0Mi1vYTRlTGM0cElBRFJ0M3dBc3U4dWp0OFFBTFhZN2tDNFJNYW5zYmp5N2RVRkprbVk3LXdkQXJqSmUzQy1KQW9QVTM3RWltam43Qk9SVy1peFZyVTNBd2taQl9TMkVBWHo2azViTVNNYnJFS25vODQtNElMbGIzcFpfcmh3TDlVc2hFcnE3TmJMWFVZOVRwOVhqRGtrVzRlTjB6OFBtQ1h3R25QQnVGZGxMZ2dvVW0wNWVuQkxOLW43eUR3NGFQZThqNHc5RGNVOHhMRU13aE5CbzF5TmN3bE5SR05NY25SRmF3cGNCNWtMS2FYd1BWUVpibzJiWDBGSk0yeXVpcGJKX2JBSzB4aFExNzBmZkZRY015R1RHWFhtdWNYMnVEckNWTmhnTkJvWDhmN1NicmVJSndJaER1em1nYldJUEpKMFgxUGtRWjBBUkFJZXkyTnJBaVFxZWp2c0d4dmhadDJ2Q0kwRFF6b1UyOXhxVlJfUFFybkNvYzE2bl9ESDdjQ1J0WFotZUZYdkV3WEpPbkNBUVFkSi1qY1JKY00wTXRxR0t6MXVYN3V5eUVJMjlJbWR0amFTdEZVcmF0N1piQnlwd1UzempDTlFxVnNUSEtkc3MyT3EtU2NJdHhaaWpmbXBScUs5STRqZFhHd2drTlQ1cVRCQ2puZ2dDYU1FTW8yTVZwMjhEUjNpNFV4dHIyZTIyd1Q4a1NMZVY5T0NtSU50amp0LVVaVTRnaDNaLS02YzNsX0Jxd09IMzFxemhHTmlBb3FkcVAyMnBVUVJmcFNwWUpBaktHcVRIMk1Ta1d1eGx6SjB2Z2Fmam5JbHJOSnVJVy1QeUpwcUpwQzZTeWlCQzAwRnlvYWxzWFliRFBNSWJvbE1xT0N2V2VkVkRSYkVZRVAyN1YtWG1CNGdSNGwzZm5zM2lxY3JrSkRSUDVVend0Ny1lMTR2b3VQckhtdzEzQ2t3UGJqZ2xsR2Q4Nmx5OW9aS0p3Qy1jS3FGWnpnem9vVDg2cUhicUtheHNTR0t2WXlabUxhSnF1emg4ZHNsamotQ2dvZjdBY2tadExOelVrVzlpRFRaWG5qMlB6czNtYmVCWEwyNndPLXktTWJlaEpqUVp4MzVZck95TWFyZ1RqeE9wbTNSak5hTWxzWjMtcU01NHFYbHh3QXJVWEVDbVNXRkN4Q1l5QjNrd29NRkp6TEJxT193ekNTSWF3dG5jWUF5Q2xOSkdaSi1hNklnUVdTY040SlhoMVJRYVZ4X3o4RU1mbWhFWkFCTF9YWndYT0FrNS1GcEVPZEZlbmJ0OW00MTc3Vm5IckFIUzB4REotTG4zcWNWemdwNHh0V3dvNm9aR3gxX1RSS0NXR1ptY0tveEROalQ3NFhVZlQ0QzdmYmNUV211NzZOZmQ5NHZHT1JqdnA5eVhlZkY5M1c4QVM5LXp6X2ZGQmlsTGk3ajNOUkRHcmp4UXZYUE04bkkxdldUZnZYWXl4RXBLTkw4NWxRZno3MVVibzVDUnA1SElsVFNfQUpnbks2RnU3N0dDaHJBLThGWHBFUTd3TWpCUVNyYkozRFU4MmVodGJzSUlSMmgxbk9RVnhId2hWejM4RG9NYzIwR0Rqbk5GRDZZWG9GNkpIWFdXY05OcmpLYXg1RDJCWDZCYktOSDBpU0JTWXBsTjhsU19HSFgwN1BCTTlFOEdQRVJHMG1uTmJ6clhGMkFmM3ZfZ1VZenZIQjBHZnhTYjAwZDFBU01pZ1dnRnhEaUM3cHlGeWE4NlJ2U1ZMVGNuaFJ5TGJiYy1iT1Zscjc5Y0tFNE1rcGdXYm4zcVdaZ2Q0MlFvbFgxMUZlelJnZW1Ja2FLRVd4bHpTSmRPS1RiblBnd1hCeUM3ZmFoa3lFTmk1dXhBTU51aHo3dlRTMWUyWktyVzI3OXlBWTdnd0lqQk44bUFVSnVqWUgwMHJIbFhoSDlaaUltWHp5Z3ZNdHM4cVNxUThwSG9QTVVFREpLRWxDNVZCY0RSaUpUTmhlZU9TdXBBZGNrbFBQV0tDYUUwbVlDM3VUY0x0V2syMS1jX0otOVZ2dTNFNzNKWXJUbE4wR1NMV1ZhcVY3bjZ3QkJoTEtwSEg0bmNkRkk3Y1pjV19UYmQ4OGhyUmJYZ21SbmpqVHJEd21RbDdOTFNUN0Z4R2dxR2lDUTNOQjNoa0NoUUpENVp3dV9QLWRmRnVFaUtDWFc3NlZoaTM4ekk2cjRUVkJWdU53WTdHQUphdDNRM3lEUE5Pb1AycDFraTlXVjRoLVZsWTBLUThEaEFLeXdKVl9rLXJNZWNGaEhwQ1VzN2hXRGdjajdsbmlPdlVOZTZDSjNXUWJkRy1leGpadjlSRXoxTjZpVGtYby00OGc0THhyc1Z6ay01b3JKTTQ3V2RzSzJaMi15cFMwcWRmUG5hc09CX1gzTVVMZU5CcGtHNUoyT0dMNjRvN18zSlV6Mk54OFlwaG11aFNvZmdEOXpOWjlkc3FCdUdrVkdIQkR0NVpZUG9VUVhDV1hLYVV6Q0FFRFc1S2tlWGdPSzVVWnA2ZVcyekZndXc5RlBmekpjVjAtd0h2dHRhWVdqRHN4RmpvNkN5MDc3TjJXRzVEZkNLa3FIM1VFNDBCejJtNjlpTkxhTUVMMm0zUHBkVHNROFVfdFdyNElCUUNXYXhLdUI2R1NsMWw3ak0xMEJ6akpmTFJadXJXR2MwQkxlSUVuc05ka0tMNmNOWWZ4cGpkQzFKNXppTTBQZ3dsUGMyOFJXeDAxeXlkXzVhTWQyR2NjVk4xVzRjeWlfRHRINUotSUFzeVhvUjM4V0xUeGpqR2U3UnJWRlJSMHFxaVRwVW1BQ0IzRU5KNUZWSXVXcmItNGMwZ0ZXWXlId19mSjEyUllSSFFOMkdzZEpibFN2cXAyc2ZQM3FWSVBWdjFXRzhKUmozbHFYRDFaNDA0SFNMeW5jM0tlbV9hVF9WVUo2MVdTR1lCQTVXMm5UcGhSMkJXV25WMkg3RzdLaWJacm94MmliVExReEdtamtLaGtxX2hNZ0NLS2ZaaXlnRWtEN3pZb1YzV1RRWmhaZmZib3cyMlVHTzdMWVVIUWlYZ3hHWEdINElxaXY5aHRqNklSS29PeG1CRl9aRENqS1kwOXQ1a2pFN29FWjNVeTNIckhyNjhMVVhzT2tkZ1lCcU5UQnZ0c3RRbDdZOG55a0dpNUtjbDlKZ2JUTUl5cDJuQk1ZYzdCMlo3cm80YllkZWFVclFfeUQ1MjNOcV9BMEx4OExWdkF4MUkxSUMyaTFoa3hRbjJWa2VIQ2NHR0F3Qy05V2oxeE9GSmZrRUlJS0Y3dGpNdUhHRE9KMW1PdjB4OUxvbG5nVGw4M3Q4T01zR2VFNVY5a3FHTTJPdFpwcWtqeG4tQngwUFpwd1hJV2FHM2s4a0kxa1ptNWg4MHg3dlhxeWVETGJjRGhYdzQ0eEIwWktYRDItWEk1WmdMNExFX0JLekR3OVJaQTNYRjJ0eTJCX3JqOG9Uby04V01ZbGt6dlJaZVpGWXV2Y2tyNVlGZGFQR2I3bjR2Qkh0ZDZySlRzV2R6SmllRFBSS05IaG1vQUVUQmxMdEMyWk1ZNkxpbkVoUFNWbk11X24wcGtaMXVXcmhWZzgtU3JrNEhnWmNnZUdwdVNnVWRSNXVOaUNIWkZKa1B4V0tYTk1pNGRIUnE1ZERPS3laR19Jczh0LUlPRDRlbXFGVjJKMHVwWHhWcmFfSHR1UWN2b19oY2prMWc0ZzFlWVQ1czdLMzBjM3RfR3g0ajlmWmJ0aXhxQkxsZHE1ZHhVcmFTR193Q0NRYV9BTHF4bm5ySVVNWmZlbGJ3WFpITWVta3pabmlQOE5zLVRRa3VFY2VINzRkblR1Znh4U1dGNFZRSzZBWnI5WnA4VjBUeFNSZ0JjRDVGT3lWUzhaOVV2bXkwRnFBWVNOTHdLYi12aTkwbW9MV2pESlVqblJXMDRLallYMm1TSlZxakNnVlJOZ3AwOXRWczRwYUszOUNnZHhnUDVrS1ZfZGlTN2xWVVl0bEkxeEZrOEN5cVJqaHYzbkl2WmZIbzRucHV3eFMxY2QyQTVqLUY1WlpvazVYcE53cHBIOXpnMFRqMG5IcFFqT3FmMkdiVktuUGlWMHJ3cEpvbWV4SGEyMmtpTjdyYzJVazczWlhkRmxQdGNwNmp5S0E0a3JoS19KNzZKZkNCeVBhVGlTV1U1WEM5RjRPN3hUeXBCay1YS0w1SWVBWDl3NEtFUGZLV29zbGs3N3h0MXowV0UzbkVsbVR5WFFNLXVKVlJnNWExQlBKTHl5R2RDVFZMalZaN2dZbl9QMlF6dzIwTUtWNEZaekR4QU40MWFQSnUyZEdMYmU2czI0QUhkUmhDT1RTNWF4SDVTejg4NGp5UWMwRDJqZjBDUVk0Nkp3YkpENzZFQUFpMGc4cGwwR2luc0FEVUU0RS1tc0tkMlVtSGxucGp1TngwLVpvdEVZckdQRlZzT3Z1R1hnN3M3NFFBNGFwTGJ6VHhVOWZpVGFmdmU0Q05tWE9uSlEtOGdIR1VudEZleW5VZUQ1MUd0dlduQllmZkxSak9wM0taNTlWcEFvWnFCaVZIeVVIeU9vTWFmOVNtU2hMNTQyUHNwZjV3a2lVSFBvWWtpbmt6VnlBRXd4LVkyV1ljSmVadG1tdk5jc1hPaS1OSWEzVzVHZmhQY3h0RjJLV1Z0blhKamhpWUJuaVJMU0RGU3kyd0ZWQTduM3dEbl8tUWZ0MlczQ2YtdlB5MW1jY0lvZUJqVWZ4MUIzaGFxME9rYjRwTENmQ0NBNVVTSVRKT3MzS2pHbHJNVEJrVTBoVlk1WE9NTy1QZXZ0YldRRVJ2MHBGNDdiWk4wUlA0bGNUNzNxN3g0X0pfRWhMNnRBNHl1clU1dHNYc19PNXBnWlBlXzNYczBNMndvU3V2VE54UHdtZzNtdjdvS0FiRXpGNlFFMzZCVHlFZ3M4YzBBVWR4NkRKLS1wX0FLemRzYVRVNkZUczNUWjJuZnFUbzBZamItYkJST1NQaUxZajNjcUc5cGFlQmJGS0p5TjhBajZYTmpBbTFqWC1INXIzaGRncTd4TVZ2RThxQVFOamZYRk9hNEcxWnMxaENPN2lPc0Y5T2MzbFZDbVVzTDczNDFzbGlYMXhIUmdfMFQzcmJyU3RVdzNfSnMzMTd0Tm9Sa2NlQnF5ejFPdjk0dzFBdkxWU3o3MlFKT2F6elJGUjRXWmpRcEVFV1lIRi1pT0ZHR1BDZnI3d3RYMVd0YURURWZVMXVSTnhPYUhpNmJCQlVtZXp0QmZyNGlfLUo2WVZFanYwazZSa2hNQWljSDBOVElONHF2SlQ2Z0JCVGhQU3d0SjFwNS1tTXc1TGdlcDdtbEFKaUxpUnliLUwzYjd1TmZ6a3AtcFo4aWlmeUpRNGdJb04xbWlFSTNNaElpT1dTeUxNaXhkY1kxTEVaN01Bb0dZbUZXTlNpeDg5QThhaWpNTmdkY291a3p4LUVUMV9OY24xMUtNdTBfQmFjZk03SDdNTmJPSjBKeXJ3ODhGbTRyVUFtTk5FTm1CTUp2cWh4MUV0NGhkS09DeHJwTFhyNHlfQ0w4X2o4eXBYQXhvQ0RfYWR2SDRpdDFwMGFJV1F0QlhDMDZDeTJpUlk2aEZybzBGREpXbEljajZ6RGtEMGg0am9Ob2xSaXplQkxWQmV3VnZmOUJRWFY1enp3TzBfNWQtYkZJODBjcE1jV1lxRmU3bHhtU3V2eUZ6UGh2b0ZLcmdHeS1La1VlWGRmT0lzbHFHNm1kcERwT0Q2X1BpdFl5ZmxLNjNpMkMtVXdVN1dTR3VUQlpiY2xfdEFTRkU1UE1CTEVVa1JqN2JqUWEydEgtZ0FaQ1ZPRmc1V0FSNTRHLXhFeEprOFFEVmtTSmpYY3p0WXdXVXFiMU5aV1JIcGNfWW0wdnA2RW1XdFlTVVJtTXV5NlY5enFoYnJlYkxWYVh0UDJJRGh0YnlxV1oxMVBOd1RDYllENzFRanN6MUwxU1pHakxaM2RXX0FnQTQwcGJNeGVyVnFHWG5oS2szTVNXa2RzS0s3cWFxM0VGMDcwUmlVYUQ0dHU4a25QWVdvb3NJWnp2aEhmVDRxcUs5NFduS19ONkRodlp1TmUzR192LWEtczJ5ZDlUcTNUalJsZDNCTF8tbnYyT2o0bWRvdWRhQW5yc1BSaTd4TEtOQl8ydkFqZ0RHRF9FODBCZFliX3VrS2FKTkFHRFZzMHJZX2ZTekZ5cUtKMFNWZjk5Q3JvWkdZaHMwaEMzOUs4OWVyZS1ZTFJFcG93UUNEQmMxZkJmUnJxUlBxMXBEWnJ1OHJjMUNyU0I5ZjJJak5Jb0o4cE80ZmJMTE1lbnd5ekhqal9sQ1kyTEtfbTFYaEd2RFIyVVZrNDFteTQ3ckVuU1J0b0dKWDJIOUNGd29ZVzN2RU5XR2tlSGcwUnQ5cFlOZTZQSGtUODdtMEp6TFlEWnBRcUZMM2hIdjgyOW5VRkVGNjBzZ1R5MTR4bHQxbE1OV1J4dHBwUUozdWl5N1h4Zm5pUXV0RlBpMng1aTVScFVfSFFNamtsUmxoX3lKdFhvTUtLNFJ5SUFpTi1XTnBhZ1lVTjhPUlZKUUpvUTRmT0Mtb0pBdnZmSzVHb0E3VGRiUXdSdnhNM1VnTThydTVMYmdReUFZTDc3MVVFby0zSUxLMFJnM3hJcW1hUTJETlQ5dmVrendkaXRBMGJBX2kwdjZBbkw0ZHpicWE1Qkt3Q0p2SHBkNmZRdDhlVlhzWGtWWTVMSkdsYjJxNzNqNUJiZGszZlZqZjBZSUI2eTlkbE5NTHFZWF9RN2ZTb0xZTmxEMjdERmFJYk1PcmlZVWhEVXRZbUl2dXlVMWpYaUVzLU5fVElKT3cxODRqUmY4UFZnSGZuX1UyWkstN2d3ZndJWkF3emd3amt1MWRJSlVGQnZhdWg3ZWwtSFpvWmV2ZDhRYk1ORjVzRjlubjE4bWlGNkJCMmZiOWw0dThRVDhQQUUwYWpUZFNNcUZSbVNadnByRUJncTVjNkpYMnJqNFVxOHpYcDF2OTRQVHM2U0Mwdl9SY1I1MVlFMGgxdzJrVXVUZXVEN3lKNHloVzlCUDZ1a1pPNXVwWWdKSUQ2em5FLWFsRUk2dzZJdC12LTBxMnhhV0YtbFpHamZLOVdpRTZNdzdjRFdHZzk4blJDTmJyc1ItTjE0ZmcuaTY2ejBVOTg3QmVFNHZNU0RsdHJLQSINCn0.F97n9ow8AlifFZTfh4QoC6P0rfMSBwVblnkl2pBlzZ-jvYS0mYOwJYwyB7TKG_JlWuPxJYdyDY5xPKEXhOxrQPY-448PVrSLAiuR3f5R2PFqVl4WXio87gfbC8z7PAd0y0vNJcTD8PRFbf-SsZZESA6S5rnrrpAN1EsuDMkEVimFaSQo9TTc2PYXPH1qe5m18LMF2bteqIiwVEW7-4waAZF0VMVAVlaYYOGx8AzdFuGgTPFe67leOo2Zam3YvBsGX6gH3EzaY69hQS5lS4km09WcNnH8RDMVeC2VsWiPaVTyZ9z9limS-P-0YkikQP5VbjiOPRCIhHOu6S6k4xQHoA"
 }
\ No newline at end of file
-- 
cgit v1.2.3


From 3b1130e2366138871a92a1f83124a27fa83885dd Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Mon, 9 Jul 2018 12:32:13 +0200
Subject: update keyStore for jUnit test

---
 .../src/test/resources/sl20.jks                      | Bin 12069 -> 9894 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks
index 47752e0f1..a976d286b 100644
Binary files a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks differ
-- 
cgit v1.2.3


From 3535ae9500b29d0b2d0f317ea7f47a6c25c6f70e Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Tue, 10 Jul 2018 16:53:03 +0200
Subject: some small updates and handbook update

---
 .../EidasCentralAuthConstants.java                 |  2 +-
 ...idasCentralAuthRequestBuilderConfiguration.java | 12 ++++++-
 .../tasks/CreateAuthnRequestTask.java              | 10 ++++++
 .../tasks/ReceiveAuthnResponseTask.java            | 39 +++++-----------------
 4 files changed, 30 insertions(+), 33 deletions(-)

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
index 55864f3c9..0f4f81122 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/EidasCentralAuthConstants.java
@@ -55,7 +55,7 @@ public class EidasCentralAuthConstants {
 	public static final String CONFIG_PROPS_SIGN_SIGNING_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "request.sign.alias";
 	public static final String CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.password";
 	public static final String CONFIG_PROPS_ENCRYPTION_ALIAS_PASSWORD = CONFIG_PROPS_PREFIX + "response.encryption.alias";	
-	public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additinal.attributes";	
+	public static final String CONFIG_PROPS_REQUIRED_PVP_ATTRIBUTES_LIST = CONFIG_PROPS_PREFIX + "required.additional.attributes";	
 	public static final String CONFIG_PROPS_NODE_ENTITYID = CONFIG_PROPS_PREFIX + "node.entityId";
 	public static final String CONFIG_PROPS_NODE_METADATAURL = CONFIG_PROPS_PREFIX + "node.metadataUrl";
 	public static final String CONFIG_PROPS_NODE_TRUSTPROFILEID = CONFIG_PROPS_PREFIX + "node.trustprofileID";	
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
index ebbe08588..8376f3aad 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/config/EidasCentralAuthRequestBuilderConfiguration.java
@@ -48,6 +48,7 @@ public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnReq
 	private String scopeRequesterId;
 	private String providerName;
 	private List requestedAttributes;
+	private String reqId;
 	
 	
 	/* (non-Javadoc)
@@ -186,7 +187,7 @@ public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnReq
 	 */
 	@Override
 	public String getRequestID() {
-		return null;
+		return this.reqId;
 	}
 
 	/* (non-Javadoc)
@@ -256,6 +257,15 @@ public class EidasCentralAuthRequestBuilderConfiguration implements IPVPAuthnReq
 		this.requestedAttributes = requestedAttributes;
 	}
 	
+	/**
+	 * Set a RequestId for this Authn. Request
+	 * 
+	 * @param reqId
+	 */
+	public void setRequestId(String reqId) {
+		this.reqId = reqId;
+	}
+	
 	
 
 	
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index 08ae845cb..e312299f8 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,6 +29,7 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
@@ -45,6 +46,7 @@ import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
@@ -76,6 +78,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
 			throws TaskExecutionException {
 		try{
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_SELECTED);
+			
 			//check if eIDAS authentication is enabled for this SP
 			if (!Boolean.parseBoolean(pendingReq.getServiceProviderConfiguration().getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_STORK_ENABLED, String.valueOf(false)))) {
 				Logger.info("eIDAS authentication is NOT enabled for OA: " + pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
@@ -114,6 +118,8 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			
 			//setup AuthnRequestBuilder configuration
 			EidasCentralAuthRequestBuilderConfiguration authnReqConfig = new EidasCentralAuthRequestBuilderConfiguration();
+			SecureRandomIdentifierGenerator gen = new SecureRandomIdentifierGenerator();
+			authnReqConfig.setRequestId(gen.generateIdentifier());
 			authnReqConfig.setIdpEntity(entityDesc);
 			authnReqConfig.setPassive(false);
 			authnReqConfig.setSignCred(credential.getIDPAssertionSigningCredential());
@@ -130,6 +136,10 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			//build and transmit AuthnRequest
 			authnReqBuilder.buildAuthnRequest(pendingReq, authnReqConfig , response);
 
+			revisionsLogger.logEvent(pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_REQUESTED,
+					authnReqConfig.getRequestID());
+			
 		} catch (MOAIDException e) {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 						
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index f9686029f..214a23f88 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -59,7 +59,6 @@ import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
-import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
@@ -112,7 +111,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			msg = (InboundMessage) decoder.decode(
 					request, response, metadataProvider, true,
 					comperator);
-			 
+			
 			if (MiscUtil.isEmpty(msg.getEntityID())) {
 				throw new InvalidProtocolRequestException("sp.pvp2.04", 
 						new Object[] {EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING},
@@ -126,9 +125,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 				msg.setVerified(true);
 								
 			}
-			
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROTOCOL_PVP_REQUEST_AUTHRESPONSE);
-			
+						
 			//validate assertion
 			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
@@ -153,7 +150,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			//write log entries
-			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_REVEIVED);				
+			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_MDS_VALID);				
 			Logger.info("Receive a valid assertion from IDP " + msg.getEntityID()); 
 											
 		} catch (MessageDecodingException | SecurityException e) {
@@ -208,32 +205,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			
 		}
 	}
-	
-	/**
-	 * @param executionContext
-	 * @param idpConfig
-	 * @param message 
-	 * @param objects 
-	 * @throws TaskExecutionException 
-	 * @throws Throwable 
-	 */
-	private void handleAuthnResponseValidationProblem(ExecutionContext executionContext, IOAAuthParameters idpConfig, Throwable e) throws TaskExecutionException {
-
-		if (idpConfig != null && idpConfig.isPerformLocalAuthenticationOnInterfederationError()) {
-			Logger.info("Switch to local authentication on this IDP ... ");
-		
-			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_REQUIRELOCALAUTHENTICATION, true);
-			executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, true);
 		
-			executionContext.remove(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_INTERFEDERATION_AUTH);
-			
-		} else {
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
-			
-		}
-		
-	}
-	
 	/**
 	 * PreProcess AuthResponse and Assertion 
 	 * @param msg
@@ -257,11 +229,16 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING);
 
 			msg.setSAMLMessage(SAML2Utils.asDOMDocument(samlResp).getDocumentElement());
+			revisionsLogger.logEvent(pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED,
+					samlResp.getID());
 			return msg;
 				
 		} else {
 			Logger.info("Receive StatusCode " + samlResp.getStatus().getStatusCode().getValue() 
 				+ " from 'ms-specific eIDAS node'.");
+			revisionsLogger.logEvent(pendingReq, 
+					MOAIDEventConstants.AUTHPROCESS_EIDAS_AT_CONNECTOR_RECEIVED_ERROR);			
 			throw new AuthnResponseValidationException("sp.pvp2.05", 
 					new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING, samlResp.getIssuer().getValue(), samlResp.getStatus().getStatusCode().getValue()});
 					
-- 
cgit v1.2.3


From 158d41705d0f8c67a858e84bda8d2c16377cf288 Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Fri, 13 Jul 2018 15:48:17 +0200
Subject: some bug fixes

---
 .../moa/id/auth/AuthenticationServer.java          | 10 ++---
 .../AuthenticationBlockAssertionBuilder.java       |  2 +-
 .../internal/tasks/CertificateReadRequestTask.java |  4 +-
 .../internal/tasks/CreateIdentityLinkFormTask.java |  2 +-
 .../internal/tasks/GetMISSessionIDTask.java        |  3 +-
 .../tasks/InitializeBKUAuthenticationTask.java     |  9 ++--
 .../tasks/PrepareAuthBlockSignatureTask.java       |  3 +-
 .../internal/tasks/PrepareGetMISMandateTask.java   |  3 +-
 .../tasks/VerifyAuthenticationBlockTask.java       |  3 +-
 .../internal/tasks/VerifyCertificateTask.java      |  3 +-
 .../internal/tasks/VerifyIdentityLinkTask.java     |  3 +-
 .../CreateXMLSignatureResponseValidator.java       |  4 +-
 .../tasks/CreateAuthnRequestTask.java              | 50 ++++++----------------
 .../tasks/ReceiveAuthnResponseTask.java            | 34 +++++++++++----
 .../auth/modules/eIDAScentralAuth/utils/Utils.java | 45 +++++++++++++++++++
 .../tasks/FirstBKAMobileAuthTask.java              | 19 ++------
 .../tasks/SecondBKAMobileAuthTask.java             | 13 ++----
 .../eidas/tasks/CreateIdentityLinkTask.java        | 18 ++++----
 .../eidas/tasks/ReceiveAuthnResponseTask.java      | 19 ++++----
 .../moa/id/protocols/eidas/EIDASProtocol.java      |  6 +--
 .../tasks/ReceiveElgaMandateResponseTask.java      |  8 +++-
 .../elgamandates/tasks/RequestELGAMandateTask.java |  4 +-
 .../oauth20/protocol/OAuth20AuthRequest.java       |  3 +-
 .../oauth20/protocol/OAuth20BaseRequest.java       | 11 ++---
 .../oauth20/protocol/OAuth20Protocol.java          |  4 +-
 .../oauth20/protocol/OAuth20TokenRequest.java      |  3 +-
 .../sl20_auth/tasks/CreateQualeIDRequestTask.java  |  2 +-
 .../sl20_auth/tasks/ReceiveQualeIDTask.java        | 19 ++++----
 .../sl20_auth/tasks/VerifyQualifiedeIDTask.java    | 14 +++---
 .../task/InitializeRestoreSSOSessionTask.java      |  4 +-
 .../ssotransfer/task/RestoreSSOSessionTask.java    | 14 +++---
 .../tasks/CreateAuthnRequestTask.java              |  2 +-
 .../tasks/ReceiveAuthnResponseTask.java            | 16 ++++---
 .../moa/id/protocols/saml1/GetArtifactAction.java  |  6 +--
 .../moa/id/protocols/saml1/SAML1Protocol.java      |  4 +-
 35 files changed, 191 insertions(+), 176 deletions(-)
 create mode 100644 id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
index 34567131b..a77ba45a5 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java
@@ -151,7 +151,7 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 			throw new AuthenticationException("auth.00", new Object[]{pendingReq.getSPEntityId()});
 
 		//load Template
-		String templateURL = pendingReq.getGenericData(
+		String templateURL = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE, String.class);
 		String template = null;
 		if (MiscUtil.isNotEmpty(templateURL)) {
@@ -450,8 +450,8 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		
 		SpecificTraceLogger.trace("Req. Authblock: " + createXMLSignatureRequest);
 		SpecificTraceLogger.trace("OA config: " + pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class).toString());
-		SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class));
-		SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getGenericData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class));	
+		SpecificTraceLogger.trace("saml1RequestedTarget: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class));
+		SpecificTraceLogger.trace("saml1RequestedFriendlyName: " + pendingReq.getRawData(MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class));	
 				
 		return createXMLSignatureRequest;
 	}
@@ -547,10 +547,10 @@ public class AuthenticationServer extends BaseAuthenticationServer {
 		String authURL = pendingReq.getAuthURL();
 		
 		@Deprecated
-		String saml1RequestedTarget = pendingReq.getGenericData(
+		String saml1RequestedTarget = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 		@Deprecated
-		String saml1RequestedFriendlyName = pendingReq.getGenericData(
+		String saml1RequestedFriendlyName = pendingReq.getRawData(
 				MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
 
 		
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
index a46c81d06..a2e03bc4e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilder.java
@@ -162,7 +162,7 @@ public class AuthenticationBlockAssertionBuilder extends AuthenticationAssertion
 	  result.put(AUTHBLOCK_TEXT_PATTERN_TIME, timeformat.format(datetime.getTime()));
 	  	  
 	  //set other values from pendingReq if exists
-	  Map processSpecificElements = pendingReq.getGenericData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class);
+	  Map processSpecificElements = pendingReq.getRawData(PENDING_REQ_AUTHBLOCK_TEXT_KEY, Map.class);
 	  if (processSpecificElements != null && !processSpecificElements.isEmpty()) {
 		  Logger.debug("Find process-specific patterns for 'special AuthBlock-Text'. Start processing ...");
 		  Iterator mapIterator = processSpecificElements.entrySet().iterator();
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
index f53dfae45..3eb7225a8 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CertificateReadRequestTask.java
@@ -51,8 +51,8 @@ public class CertificateReadRequestTask extends AbstractAuthServletTask {
 		Logger.debug("Send InfoboxReadRequest to BKU to get signer certificate.");
 					
 		try { 
-			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			//execute default task initialization   
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 			boolean useMandate = moasession.isMandateUsed();
 			boolean identityLinkAvailable = BooleanUtils.isTrue((Boolean) executionContext.get("identityLinkAvailable"));	
 			if (!identityLinkAvailable && useMandate) {
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
index af8f780ec..50add6beb 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateIdentityLinkFormTask.java
@@ -64,7 +64,7 @@ public class CreateIdentityLinkFormTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {		
 		try { 
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 	    	//normal MOA-ID authentication
 	    	Logger.debug("Starting normal MOA-ID authentication");		    			    	    	
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
index af4abe813..e4966a53b 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GetMISSessionIDTask.java
@@ -71,7 +71,7 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 
 		try {
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			//get MIS sessionID
 			String misSessionID = moasession.getMISSessionID();
@@ -120,7 +120,6 @@ public class GetMISSessionIDTask extends AbstractAuthServletTask {
 			//revisionsLogger.logMandateEventSet(pendingReq, mandate);
 									
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
index ab53671f2..65ae9cf91 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/InitializeBKUAuthenticationTask.java
@@ -34,6 +34,7 @@ import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EAAFException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
@@ -87,7 +88,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 			HttpServletRequest request, HttpServletResponse response) throws EAAFException {
 		
 		Logger.info("BKU is selected -> Start BKU communication ...");			
-		AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+		//AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+		
+		AuthenticationSessionWrapper moasession = ((RequestImpl)pendingReq).getSessionData(AuthenticationSessionWrapper.class);
 		
 		boolean isLegacyRequest = false;
 		Object isLegacyRequestObj = executionContext.get("isLegacyRequest");
@@ -122,9 +125,9 @@ public class InitializeBKUAuthenticationTask extends AbstractAuthServletTask {
 				
 		    	//get Target from config or from request in case of SAML 1				
 				String target = null;
-				if (MiscUtil.isNotEmpty(pendingReq.getGenericData("saml1_target", String.class)) && 
+				if (MiscUtil.isNotEmpty(pendingReq.getRawData("saml1_target", String.class)) && 
 						pendingReq.requestedModule().equals("at.gv.egovernment.moa.id.protocols.saml1.SAML1Protocol"))
-					target = pendingReq.getGenericData("saml1_target", String.class);
+					target = pendingReq.getRawData("saml1_target", String.class);
 
 				
 		    	String bkuURL = oaParam.getBKUURL(bkuid);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
index d1d0ef086..a02032e74 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareAuthBlockSignatureTask.java
@@ -50,14 +50,13 @@ public class PrepareAuthBlockSignatureTask extends AbstractAuthServletTask {
 		
 		try {
 			//initialize task
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			//build authBlock
 			String createXMLSignatureRequest = authServer
 					.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 			
 			//write response
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
index 7c9702b8b..dd7890b7e 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/PrepareGetMISMandateTask.java
@@ -71,7 +71,7 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 		//mandate Mode
 		try {
 			//perform default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 						
 			ConnectionParameterInterface connectionParameters = 
 					moaAuthConfig.getOnlineMandatesConnectionParameter(pendingReq.getServiceProviderConfiguration(IOAAuthParameters.class));	
@@ -131,7 +131,6 @@ public class PrepareGetMISMandateTask extends AbstractAuthServletTask {
 	        moasession.setMISSessionID(misSessionID.getSessiondId());
 		
 	      //store pending request with new MOASession data information
-	        pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 	        			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_MANDATE_REDIRECT);
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
index 3b70c55e9..c8b562282 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyAuthenticationBlockTask.java
@@ -87,7 +87,7 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 				throw new WrongParametersException("VerifyAuthenticationBlock", PARAM_XMLRESPONSE, "auth.12");
 
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 			
@@ -95,7 +95,6 @@ public class VerifyAuthenticationBlockTask extends AbstractAuthServletTask {
 			authServer.verifyAuthenticationBlock(pendingReq, moasession, createXMLSignatureResponse);
 			
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 							
 		}
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
index 5b207d33e..9f1f23344 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyCertificateTask.java
@@ -77,7 +77,7 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 				
 	    try {
 	    	//execute default task initialization
-	    	AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+	    	AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 	    		    	
@@ -98,7 +98,6 @@ public class VerifyCertificateTask extends AbstractAuthServletTask {
 	    				authServer.getCreateXMLSignatureRequestAuthBlockOrRedirect(moasession, pendingReq);
 	    		
 	    		//store pending request with new MOASession data information
-	    		pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 				requestStoreage.storePendingRequest(pendingReq);
 	    		
 		    	CitizenCardServletUtils.writeCreateXMLSignatureRequestOrRedirect(resp, pendingReq, createXMLSignatureRequestOrRedirect, AuthenticationServer.REQ_PROCESS_VALIDATOR_INPUT, "VerifyCertificate");
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
index 99eba56c1..b7c45a032 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/VerifyIdentityLinkTask.java
@@ -66,7 +66,7 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 		
 		try {
 			//execute default task initialization
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, req.getRemoteHost());
 
@@ -74,7 +74,6 @@ public class VerifyIdentityLinkTask extends AbstractAuthServletTask {
 			boolean identityLinkAvailable = authServer.verifyIdentityLink(pendingReq, moasession, parameters) != null;
 			
 			//store pending request with new MOASession data information
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
 			requestStoreage.storePendingRequest(pendingReq);
 
 			//set 'identityLink exists' flag to context
diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
index 01ef4ee26..ab9be7163 100644
--- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
+++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/CreateXMLSignatureResponseValidator.java
@@ -144,10 +144,10 @@ public class CreateXMLSignatureResponseValidator {
     IIdentityLink identityLink = session.getIdentityLink();
     
     @Deprecated
-	String saml1RequestedTarget = pendingReq.getGenericData(
+	String saml1RequestedTarget = pendingReq.getRawData(
 			MOAIDAuthConstants.AUTHPROCESS_DATA_TARGET, String.class);
 	@Deprecated
-	String saml1RequestedFriendlyName = pendingReq.getGenericData(
+	String saml1RequestedFriendlyName = pendingReq.getRawData(
 			MOAIDAuthConstants.AUTHPROCESS_DATA_TARGETFRIENDLYNAME, String.class);
 	  
 	  try {	                
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
index c3c3331e1..c1229e3ff 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/CreateAuthnRequestTask.java
@@ -29,7 +29,6 @@ import java.util.List;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.apache.commons.lang3.StringUtils;
 import org.opensaml.common.impl.SecureRandomIdentifierGenerator;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.metadata.EntityDescriptor;
@@ -40,21 +39,20 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
 import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EAAFRequestedAttribute;
 import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.SAML2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.PVPAuthnRequestBuilder;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.config.EidasCentralAuthRequestBuilderConfiguration;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
-import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -92,7 +90,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			}
 						
 			// get entityID for central ms-specific eIDAS node 			
-			String msNodeEntityID = getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration());
+			String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
 			
 			
 			if (MiscUtil.isEmpty(msNodeEntityID)) {
@@ -149,48 +147,24 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 						
 		} catch (MetadataProviderException e) {
-			throw new TaskExecutionException(pendingReq, "Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", e);
+			
+			throw new TaskExecutionException(pendingReq, 
+					"Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED.", 
+					new AuthnRequestBuildException("sp.pvp2.02", new Object[] {"'national central eIDASNode'"},e ));
 
 		} catch (MessageEncodingException | NoSuchAlgorithmException  | SecurityException e) {
-			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
-			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
+			Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e);
+			throw new TaskExecutionException(pendingReq, 
+					e.getMessage(), 
+					new AuthnRequestBuildException("sp.pvp2.13", new Object[] {"'national central eIDASNode'"},e ));
 			
 		} catch (Exception e) {
-			Logger.error("Build PVP2.1 AuthnRequest for SSO inderfederation FAILED", e);
+			Logger.error("Build PVP2.1 AuthnRequest to connect 'ms-specific eIDAS node' FAILED", e);
 			throw new TaskExecutionException(pendingReq, e.getMessage(), e);
 			
 		}
 	}
 
-	private String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration) {
-		//load from service-provider configuration
-		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
-		
-		if (StringUtils.isEmpty(msNodeEntityID)) {
-			Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
-			if (authConfig instanceof AuthConfiguration) {
-				AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;					
-				List configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
-						moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
-				
-				if (configuratedEntityIDs.size() > 0)
-					msNodeEntityID = configuratedEntityIDs.get(0);
-				else
-					Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
-				
-			} else 
-				Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
-						+ "' Switch to generic Type ... ");
-				
-			
-			if (StringUtils.isEmpty(msNodeEntityID))
-				msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
-			
-		}
-						
-		return msNodeEntityID;
-	}
-
 	private List buildRequestedAttributes() {
 		List attributs = new ArrayList();
 		
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
index c034dc95e..f3eaff11a 100644
--- a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/tasks/ReceiveAuthnResponseTask.java
@@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.xml.transform.TransformerException;
 
+import org.apache.commons.lang3.StringUtils;
 import org.opensaml.saml2.core.Response;
 import org.opensaml.saml2.core.StatusCode;
 import org.opensaml.ws.message.decoder.MessageDecodingException;
@@ -55,10 +56,12 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AssertionValidationExeption;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthCredentialProvider;
 import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.EidasCentralAuthMetadataProvider;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils.Utils;
 import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.verification.SAMLVerificationEngineSP;
@@ -129,7 +132,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			PVPSProfileResponse processedMsg = preProcessAuthResponse((PVPSProfileResponse) msg);
 			
 			//validate entityId of response
-			String msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			String msNodeEntityID = Utils.getCentraleIDASNodeEntityId(pendingReq.getServiceProviderConfiguration(), authConfig);
 			String respEntityId = msg.getEntityID();
 			if (!msNodeEntityID.equals(respEntityId)) {
 				Logger.warn("Response Issuer is not a 'ms-specific eIDAS node'. Stopping eIDAS authentication ...");
@@ -155,23 +158,28 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 		} catch (MessageDecodingException | SecurityException e) {
 			String samlRequest = request.getParameter("SAMLRequest");			
 			Logger.warn("Receive INVALID PVP Response from 'ms-specific eIDAS node': " + samlRequest, e);
-			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", e);
+			throw new TaskExecutionException(pendingReq, "Receive INVALID PVP Response from federated IDP", 
+					new AuthnResponseValidationException("sp.pvp2.11", new Object[] {"'national central eIDASNode'"}, e));
 
 		} catch (IOException | MarshallingException | TransformerException e) {
 			Logger.warn("Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
-			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "Processing PVP response from 'ms-specific eIDAS node' FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
 			
 		} catch (CredentialsNotAvailableException e) {
 			Logger.error("PVP response decrytion FAILED. No credential found.", e);
-			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response decrytion FAILED. No credential found.", 
+					new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
 
 		} catch (AssertionValidationExeption | AuthnResponseValidationException e) {
 			Logger.info("PVP response validation FAILED. Msg:" + e.getMessage());			
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.10", new Object[] {"'national central eIDASNode'"}, e));
 									
 		} catch (Exception e) {
 			Logger.warn("PVP response validation FAILED. Msg:" + e.getMessage(), e);			
-			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", e);
+			throw new TaskExecutionException(pendingReq, "PVP response validation FAILED.", 
+					new AuthnResponseValidationException("sp.pvp2.12", new Object[] {"'national central eIDASNode'", e.getMessage()}, e));
 			
 		}
 
@@ -182,19 +190,29 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//check if all attributes are include
 			if (!extractor.containsAllRequiredAttributes() 
 					&& !extractor.containsAllRequiredAttributes(EidasCentralAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES)) {
-				Logger.warn("PVP Response from federated IDP contains not all requested attributes.");
+				Logger.warn("PVP Response from 'ms-specific eIDAS node' contains not all requested attributes.");
 				throw new AssertionValidationExeption("sp.pvp2.06", new Object[]{EidasCentralAuthConstants.MODULE_NAME_FOR_LOGGING});
 				
 			}
 			
 			//copy attributes into MOASession
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
 			Set includedAttrNames = extractor.getAllIncludeAttributeNames();
 			for (String el : includedAttrNames) {
 				String value = extractor.getSingleAttributeValue(el);				 				
-				pendingReq.setGenericDataToSession(el, value);				
+				session.setGenericDataToSession(el, value);				
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
+			
+			//set foreigner flag
+			session.setForeigner(true);
+			if (extractor.getFullAssertion().getIssuer() != null && 
+					StringUtils.isNotEmpty(extractor.getFullAssertion().getIssuer().getValue()))
+				session.setBkuURL(extractor.getFullAssertion().getIssuer().getValue());
+			else
+				session.setBkuURL("eIDAS_Authentication");
+			
 												
 		} catch (AssertionValidationExeption e) {
 			throw new BuildException("builder.06", null, e);
diff --git a/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java
new file mode 100644
index 000000000..642008726
--- /dev/null
+++ b/id/server/modules/moa-id-module-AT_eIDAS_connector/src/main/java/at/gv/egovernment/moa/id/auth/modules/eIDAScentralAuth/utils/Utils.java
@@ -0,0 +1,45 @@
+package at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.utils;
+
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils;
+import at.gv.egovernment.moa.id.auth.modules.eIDAScentralAuth.EidasCentralAuthConstants;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants;
+import at.gv.egovernment.moa.logging.Logger;
+
+public class Utils {
+
+	public static String getCentraleIDASNodeEntityId(ISPConfiguration spConfiguration, IConfiguration authConfig) {
+		//load from service-provider configuration
+		String msNodeEntityID = spConfiguration.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_EXTERNAL_CENTRAL_EIDASNODE_SERVICE_URL);
+		
+		if (StringUtils.isEmpty(msNodeEntityID)) {
+			Logger.debug("No SP-specific central eIDAS-node URL. Switch to general configuration ... ");
+			if (authConfig instanceof AuthConfiguration) {
+				AuthConfiguration moaAuthConfig = (AuthConfiguration)authConfig;					
+				List configuratedEntityIDs = KeyValueUtils.getListOfCSVValues(
+						moaAuthConfig.getConfigurationWithKey(MOAIDConfigurationConstants.GENERAL_AUTH_SERVICES_CENTRAL_EIDASNODE_URL));
+				
+				if (configuratedEntityIDs.size() > 0)
+					msNodeEntityID = configuratedEntityIDs.get(0);
+				else
+					Logger.info("No central eIDAS-node URL in IDP configuration. Switch to backup configuration ... ");
+				
+			} else 
+				Logger.info("Basic configuration is NOT of type '" + AuthConfiguration.class.getName()
+						+ "' Switch to generic Type ... ");
+				
+			
+			if (StringUtils.isEmpty(msNodeEntityID))
+				msNodeEntityID = authConfig.getBasicConfiguration(EidasCentralAuthConstants.CONFIG_PROPS_NODE_ENTITYID);
+			
+		}
+						
+		return msNodeEntityID;
+	}
+}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
index ec43adccc..0cbf009ad 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java
@@ -29,7 +29,6 @@ import java.security.InvalidKeyException;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
-import java.util.Date;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -57,14 +56,12 @@ import com.google.gson.JsonParser;
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -136,9 +133,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws IOException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {
-		IAuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
-		
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq, String eIDBlobRawB64) throws MOAIDException, IOException {		
 		Logger.debug("Check eID blob signature  ... ");
 		byte[] eIDBlobRaw = Base64Utils.decode(eIDBlobRawB64.trim(), false);
 		
@@ -206,16 +201,14 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.debug("Parse eID information into MOA-Session ...");
 			byte[] rawIDL = Base64Utils.decode(idlB64, false);
 			IIdentityLink identityLink = new IdentityLinkAssertionParser(new ByteArrayInputStream(rawIDL)).parseIdentityLink();			
+			AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			moaSession.setIdentityLink(identityLink);
 			moaSession.setUseMandates(false);
 			moaSession.setForeigner(false);			
 			moaSession.setBkuURL("http://egiz.gv.at/BKA_MobileAuthTest");			
 			moaSession.setQAALevel(PVPConstants.EIDAS_QAA_SUBSTANTIAL);
 			Logger.info("Session Restore completed");
-			
-			
-			pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
-			
+									
 		} catch (MOAIDException e) {
 			throw e;
 			
@@ -243,10 +236,6 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask {
 			Logger.error("Can not extract mobile-app binding-certificate from eID blob.", e);
 			throw new MOAIDException("Can not extract mobile-app binding-certificate from eID blob.", null, e);
 						
-		} catch (EAAFStorageException e) {
-			Logger.error("Can not populate pending-request with eID data.", e);
-			throw new MOAIDException("Can not populate pending-request with eID data.", null, e);
-			
 		} finally {
 						
 		}
diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
index 5e79aee8e..bb5700bd7 100644
--- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
+++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/SecondBKAMobileAuthTask.java
@@ -25,7 +25,6 @@ package at.gv.egovernment.moa.id.auth.modules.bkamobileauthtests.tasks;
 import java.io.IOException;
 import java.io.InputStream;
 import java.net.URL;
-import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -40,11 +39,10 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
 import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser;
 import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.logging.Logger;
@@ -87,9 +85,8 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 	 * @throws MOAIDException 
 	 * @throws EAAFStorageException 
 	 */
-	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {
-		IAuthenticationSession moaSession = new AuthenticationSession("1233", new Date());
-		
+	private void parseDemoValuesIntoMOASession(IRequest pendingReq) throws MOAIDException, EAAFStorageException {		
+		AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		moaSession.setUseMandates(false);
 		moaSession.setForeigner(false);
 		
@@ -108,9 +105,7 @@ public class SecondBKAMobileAuthTask extends AbstractAuthServletTask {
 			throw new MOAIDException("IdentityLink is not parseable.", null);
 			
 		}
-			
-		pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
-		
+					
 	}
 
 }
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
index 103781470..3dea62ec4 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/CreateIdentityLinkTask.java
@@ -24,7 +24,6 @@ package at.gv.egovernment.moa.id.auth.modules.eidas.tasks;
 
 import java.io.InputStream;
 import java.text.SimpleDateFormat;
-import java.util.Date;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -42,8 +41,8 @@ import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.DOMUtils;
 import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.eIDASAttributeException;
 import at.gv.egovernment.moa.id.auth.modules.eidas.utils.SAMLEngineUtils;
@@ -73,7 +72,8 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			throws TaskExecutionException { 
 		try{												
 			//get eIDAS attributes from MOA-Session
-			ImmutableAttributeMap eIDASAttributes = pendingReq.getGenericData(
+			AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
+			ImmutableAttributeMap eIDASAttributes = moaSession.getGenericDataFromSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
 					ImmutableAttributeMap.class);
 			
@@ -161,13 +161,11 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 			}
 			
 			revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_PEPS_IDL_RECEIVED);
-			AuthenticationSession moasession = new AuthenticationSession("1234", new Date());
-			moasession.setForeigner(true);
-			moasession.setIdentityLink(identityLink);
-			moasession.setBkuURL("Not applicable (eIDASAuthentication)");
-			pendingReq.setGenericDataToSession(moasession.getKeyValueRepresentationFromAuthSession());
-			
-			
+			moaSession.setForeigner(true);
+			moaSession.setIdentityLink(identityLink);
+			moaSession.setBkuURL("Not applicable (eIDASAuthentication)");
+
+						
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
 		
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
index 55416e92b..1788facf0 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/auth/modules/eidas/tasks/ReceiveAuthnResponseTask.java
@@ -12,6 +12,7 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionStorageConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.eidas.Constants;
 import at.gv.egovernment.moa.id.auth.modules.eidas.engine.MOAeIDASChainingMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.eidas.exceptions.EIDASEngineException;
@@ -89,21 +90,19 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			// **********************************************************
 			
 			//update MOA-Session data with received information			
-			Logger.debug("Store eIDAS response information into MOA-session.");
-					
-			pendingReq.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance());
-			
-			pendingReq.setGenericDataToSession(
+			Logger.debug("Store eIDAS response information into MOA-session.");					
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
+			session.setGenericDataToSession(AuthProzessDataConstants.VALUE_QAALEVEL, samlResp.getLevelOfAssurance());			
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_ATTRIBUTELIST, 
-					samlResp.getAttributes());
-						
-			pendingReq.setGenericDataToSession(
+					samlResp.getAttributes());						
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.eIDAS_RESPONSE, 
 					decSamlToken);
 			
 			//set issuer nation as PVP attribute into MOASession
-			pendingReq.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());
-						
+			session.setGenericDataToSession(PVPConstants.EID_ISSUING_NATION_NAME, samlResp.getCountry());			
+			
 			//store MOA-session to database
 			requestStoreage.storePendingRequest(pendingReq);
 			
diff --git a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
index 42ca6e507..d268dd2f6 100644
--- a/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
+++ b/id/server/modules/moa-id-module-eIDAS/src/main/java/at/gv/egovernment/moa/id/protocols/eidas/EIDASProtocol.java
@@ -350,15 +350,15 @@ public class EIDASProtocol extends AbstractAuthProtocolModulController implement
 			pendingReq.setRemoteRelayState(relayState);
 			
 			//store level of assurance
-			pendingReq.setGenericDataToSession(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
+			pendingReq.setRawDataToTransaction(eIDAS_GENERIC_REQ_DATA_LEVELOFASSURENCE, 
 					eIDASSamlReq.getEidasLevelOfAssurance().stringValue());			
 			
 			//set flag if transiend identifier is requested
 			if (MiscUtil.isNotEmpty(eIDASSamlReq.getNameIdFormat()) 
 					&& eIDASSamlReq.getNameIdFormat().equals(SamlNameIdFormat.TRANSIENT.getNameIdFormat()))
-				pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true);
+				pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, true);
 			else
-				pendingReq.setGenericDataToSession(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false);
+				pendingReq.setRawDataToTransaction(EIDASData.REQ_PARAM_eIDAS_AUTHN_TRANSIENT_ID, false);
 			
 			// - memorize requested attributes			
 			pendingReq.setEidasRequestedAttributes(eIDASSamlReq.getRequestedAttributes());
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
index 25f303816..b1db1564e 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/ReceiveElgaMandateResponseTask.java
@@ -55,6 +55,7 @@ import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationExceptio
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.ELGAMandatesAuthConstants;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandateServiceMetadataProvider;
 import at.gv.egovernment.moa.id.auth.modules.elgamandates.utils.ELGAMandatesCredentialProvider;
@@ -162,8 +163,11 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 			Logger.debug("Validation of PVP Response from ELGA mandate-service is complete.");
 			
 			Set includedAttrNames = extractor.getAllIncludeAttributeNames();
+			
+			AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			for (String el : includedAttrNames) {
-				pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				session.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
+				//pendingReq.setGenericDataToSession(el, extractor.getSingleAttributeValue(el));
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
@@ -243,7 +247,7 @@ public class ReceiveElgaMandateResponseTask extends AbstractAuthServletTask {
 		Response samlResp = (Response) msg.getResponse();
 
 		//validate 'inResponseTo' attribute
-		String authnReqID = pendingReq.getGenericData(
+		String authnReqID = pendingReq.getRawData(
 				MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID, String.class);
 		String inResponseTo = samlResp.getInResponseTo();
 		
diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
index 658502d2c..50fb2cb4a 100644
--- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
+++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/java/at/gv/egovernment/moa/id/auth/modules/elgamandates/tasks/RequestELGAMandateTask.java
@@ -114,7 +114,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			EntityDescriptor entityDesc = metadataService.getEntityDescriptor(elgaMandateServiceEntityID);			
 			
 			//load MOASession from database
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 			
 			
 			//setup AuthnRequestBuilder configuration
@@ -192,7 +192,7 @@ public class RequestELGAMandateTask extends AbstractAuthServletTask {
 			
 			//set MandateReferenceValue as RequestID
 			authnReqConfig.setRequestID(moasession.getMandateReferenceValue());
-			pendingReq.setGenericDataToSession(
+			pendingReq.setRawDataToTransaction(
 					MOAIDAuthConstants.DATAID_INTERFEDERATION_REQUESTID,
 					authnReqConfig.getRequestID());
 			
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
index 40701d91d..0350a113c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20AuthRequest.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -159,7 +160,7 @@ public class OAuth20AuthRequest extends OAuth20BaseRequest {
 	}
 
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		this.setResponseType(this.getParam(request, OAuth20Constants.PARAM_RESPONSE_TYPE, true));
 		this.setState(this.getParam(request, OAuth20Constants.PARAM_STATE, true));
 		this.setRedirectUri(this.getParam(request, OAuth20Constants.PARAM_REDIRECT_URI, true));
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
index 2ce5234ac..118de861c 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20BaseRequest.java
@@ -30,7 +30,6 @@ import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.lang.StringEscapeUtils;
 import org.apache.commons.lang.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
@@ -49,9 +48,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 	private static final long serialVersionUID = 1L;
 	
 	protected Set allowedParameters = new HashSet();
-		
-	@Autowired(required=true) protected IConfiguration authConfig;
-	
+			
 	protected String getParam(final HttpServletRequest request, final String name, final boolean isNeeded) throws OAuth20Exception {
 		String param = request.getParameter(name);
 		Logger.debug("Reading param " + name + " from HttpServletRequest with value " + param);
@@ -65,7 +62,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		return param;
 	}
 	
-	protected void populateParameters(final HttpServletRequest request) throws OAuth20Exception {
+	protected void populateParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		
 		// moa id - load oa with client id!
 		try {
@@ -91,7 +88,7 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		}
 		
 		// oAuth
-		this.populateSpecialParameters(request);
+		this.populateSpecialParameters(request, authConfig);
 		
 		// cleanup parameters
 		this.checkAllowedParameters(request);
@@ -115,6 +112,6 @@ abstract class OAuth20BaseRequest extends RequestImpl {
 		
 	}
 	
-	protected abstract void populateSpecialParameters(final HttpServletRequest request) throws OAuth20Exception;
+	protected abstract void populateSpecialParameters(final HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception;
 	
 }
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
index 30e89d15a..9f4174bf0 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20Protocol.java
@@ -79,7 +79,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		try {			
 			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
-			pendingReq.populateParameters(req);
+			pendingReq.populateParameters(req, authConfig);
 			
 		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
@@ -113,7 +113,7 @@ public class OAuth20Protocol extends AbstractAuthProtocolModulController impleme
 		try {			
 			pendingReq.initialize(req, authConfig);
 			pendingReq.setModule(OAuth20Protocol.NAME);		
-			pendingReq.populateParameters(req);
+			pendingReq.populateParameters(req, authConfig);
 			
 		} catch (EAAFException e) {
 			Logger.info("OpenID-Connect request has a validation error: " + e.getMessage());
diff --git a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
index e14914512..89e4252b1 100644
--- a/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
+++ b/id/server/modules/moa-id-module-openID/src/main/java/at/gv/egovernment/moa/id/protocols/oauth20/protocol/OAuth20TokenRequest.java
@@ -28,6 +28,7 @@ import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
 import org.springframework.stereotype.Component;
 
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
 import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
@@ -124,7 +125,7 @@ class OAuth20TokenRequest extends OAuth20BaseRequest {
 	}
 	
 	@Override
-	protected void populateSpecialParameters(HttpServletRequest request) throws OAuth20Exception {
+	protected void populateSpecialParameters(HttpServletRequest request, IConfiguration authConfig) throws OAuth20Exception {
 		this.setCode(this.getParam(request, OAuth20Constants.RESPONSE_CODE, true));
 		this.setGrantType(this.getParam(request, OAuth20Constants.PARAM_GRANT_TYPE, true));
 		this.setClientID(this.getParam(request, OAuth20Constants.PARAM_CLIENT_ID, true));
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
index fec78d88c..3408cf538 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java
@@ -167,7 +167,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask {
 							command, signedCommand);
 										
 					//store pending request
-					pendingReq.setGenericDataToSession(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
+					pendingReq.setRawDataToTransaction(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
 							qualeIDReqId);
 					requestStoreage.storePendingRequest(pendingReq);
 
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
index a3175713a..fc386b796 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java
@@ -25,7 +25,6 @@ import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
-import at.gv.egiz.eaaf.core.impl.idp.controller.AbstractAuthProtocolModulController;
 import at.gv.egiz.eaaf.core.impl.utils.DataURLBuilder;
 import at.gv.egiz.eaaf.core.impl.utils.StreamUtils;
 import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
@@ -93,7 +92,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				}
 			
 				//validate reqId with inResponseTo 
-				String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
+				String sl20ReqId = pendingReq.getRawData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class);
 				String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true);
 				if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) {
 					Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo);
@@ -153,16 +152,16 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 					}
 				
 					//cache qualified eID data into pending request
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, 
 							idlB64);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
 							authBlockB64);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
 							ccsURL);
-					pendingReq.setGenericDataToSession(
+					pendingReq.setRawDataToTransaction(
 							Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
 							LoA);
 								
@@ -176,7 +175,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Logger.warn("SL2.0 processing error:", e);
 				if (sl20Result != null)
 					Logger.debug("Received SL2.0 result: " + sl20Result);
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e));
 				
@@ -185,7 +184,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Logger.warn("SL2.0 Authentication FAILED with a generic error.", e);
 				if (sl20Result != null)
 					Logger.debug("Received SL2.0 result: " + sl20Result);
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, 
 						new TaskExecutionException(pendingReq, e.getMessage(), e));
 				
@@ -246,7 +245,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 				Map reqParameters = new HashMap();
 				reqParameters.put(EAAFConstants.PARAM_HTTP_TARGET_PENDINGREQUESTID, pendingReq.getPendingRequestId());
 				JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
 						SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, 
 						false, 
 						reqParameters);
@@ -260,7 +259,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask {
 								
 				//build second redirect command for IDP
 				JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters(
-						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.ENDPOINT_FINALIZEPROTOCOL, null), 
+						new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), 
 						redirectOneCommand, null, true);
 				JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams);
 				
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
index 403423e46..6811d1016 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java
@@ -40,7 +40,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 		Logger.debug("Verify qualified eID data from SL20 response .... ");
 		try {
 			//check if there was an error 
-			TaskExecutionException sl20Error = pendingReq.getGenericData(
+			TaskExecutionException sl20Error = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR,
 					TaskExecutionException.class);			
 			if (sl20Error != null) {
@@ -50,19 +50,19 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			}
 			
 			//get data from pending request
-			String sl20ReqId = pendingReq.getGenericData(
+			String sl20ReqId = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, 
 					String.class);
-			String idlB64 =  pendingReq.getGenericData(
+			String idlB64 =  pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL,
 					String.class);
-			String authBlockB64 = pendingReq.getGenericData(
+			String authBlockB64 = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, 
 					String.class);
-			String ccsURL = pendingReq.getGenericData(
+			String ccsURL = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, 
 					String.class);
-			String LoA = pendingReq.getGenericData(
+			String LoA = pendingReq.getRawData(
 					Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, 
 					String.class);
 							
@@ -104,7 +104,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask {
 			
 			
 			//add into session
-			AuthenticationSessionWrapper moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());			
+			AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);			
 			moasession.setIdentityLink(idl);
 			moasession.setBkuURL(ccsURL);
 			//TODO: from AuthBlock
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
index 95590b51a..921e3844b 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/InitializeRestoreSSOSessionTask.java
@@ -91,8 +91,8 @@ public class InitializeRestoreSSOSessionTask extends AbstractAuthServletTask {
 			//store DH params and nonce to pending-request
 			SSOTransferContainer container = new SSOTransferContainer();
 			container.setDhParams(dhKeyIDP);
-			pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_DH, container);
-			pendingReq.setGenericDataToSession(SSOTransferConstants.PENDINGREQ_NONCE, nonce);
+			pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_DH, container);
+			pendingReq.setRawDataToTransaction(SSOTransferConstants.PENDINGREQ_NONCE, nonce);
 						
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
index c7e42c8ab..90b74ebd7 100644
--- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
+++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/task/RestoreSSOSessionTask.java
@@ -27,7 +27,6 @@ import java.io.IOException;
 import java.io.PrintWriter;
 import java.math.BigInteger;
 import java.security.MessageDigest;
-import java.util.Date;
 
 import javax.crypto.Cipher;
 import javax.crypto.spec.DHPublicKeySpec;
@@ -50,13 +49,11 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.core.impl.utils.HTTPUtils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.impl.utils.AssertionAttributeExtractor;
-import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.SSOTransferConstants;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.data.SSOTransferContainer;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.GUIUtils;
 import at.gv.egovernment.moa.id.auth.modules.ssotransfer.utils.SSOContainerUtils;
-import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession;
 import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
@@ -102,8 +99,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 			
 		}
 		
-    	String nonce = pendingReq.getGenericData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
-    	SSOTransferContainer container = pendingReq.getGenericData(
+    	String nonce = pendingReq.getRawData(SSOTransferConstants.PENDINGREQ_NONCE, String.class);
+    	SSOTransferContainer container = pendingReq.getRawData(
     			SSOTransferConstants.PENDINGREQ_DH, SSOTransferContainer.class);
     	if (container == null) {
     		throw new TaskExecutionException(pendingReq, "NO DH-Params in pending-request", 
@@ -189,9 +186,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				Logger.debug("MobileDevice is valid. --> Starting session reconstruction ...");
 		    					
 		    	//transfer SSO Assertion into MOA-Session
-				AuthenticationSession moaSession = new AuthenticationSession("1235", new Date());
+				AuthenticationSessionWrapper moaSession = pendingReq.getSessionData(AuthenticationSessionWrapper.class);
 		    	ssoTransferUtils.parseSSOContainerToMOASessionDataObject(pendingReq, moaSession, attributeExtractor);
-		    	pendingReq.setGenericDataToSession(moaSession.getKeyValueRepresentationFromAuthSession());
 		    	
 		    	// store MOASession into database
 		    	requestStoreage.storePendingRequest(pendingReq);
@@ -249,8 +245,8 @@ public class RestoreSSOSessionTask extends AbstractAuthServletTask {
 				
 			} else {
 		    	//session is valid --> load MOASession object
-
-				IAuthenticationSession moasession = new AuthenticationSessionWrapper(pendingReq.genericFullDataStorage());			    
+				AuthenticationSessionWrapper moasession = pendingReq.getSessionData(AuthenticationSessionWrapper.class); 
+								
 				DateTime moaSessionCreated = new DateTime(moasession.getSessionCreated().getTime());
 				if (moaSessionCreated.plusMinutes(1).isBeforeNow()) {
 					Logger.warn("No SSO session-container received. Stop authentication process after time-out.");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
index 20fd5ebc4..d0d97e9e8 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/CreateAuthnRequestTask.java
@@ -73,7 +73,7 @@ public class CreateAuthnRequestTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		try{
 			// get IDP entityID
-			String idpEntityID = pendingReq.getGenericData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
+			String idpEntityID = pendingReq.getRawData(SSOManager.DATAID_INTERFEDERATIOIDP_URL, String.class);
 					
 			if (MiscUtil.isEmpty(idpEntityID)) {
 				Logger.info("Interfederation not possible -> not inderfederation IDP EntityID found!");
diff --git a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
index f5af84405..6b6d1a196 100644
--- a/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
+++ b/id/server/modules/moa-id-modules-federated_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/federatedauth/tasks/ReceiveAuthnResponseTask.java
@@ -47,6 +47,7 @@ import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException;
 import at.gv.egiz.eaaf.core.exceptions.EAAFStorageException;
 import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask;
 import at.gv.egiz.eaaf.modules.pvp2.api.binding.IDecoder;
 import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
@@ -168,11 +169,11 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			//check if SP is also a federated IDP
 			if (spConfig.isInderfederationIDP()) {
 				//SP is a federated IDP  --> answer only with nameID and wait for attribute-Query
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_MINIMAL_FRONTCHANNEL_RESP, true);				
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_NAMEID, extractor.getNameID());
-				pendingReq.setGenericDataToSession(
+				pendingReq.setRawDataToTransaction(
 						MOAIDAuthConstants.DATAID_INTERFEDERATION_QAALEVEL, extractor.getQAALevel());
 
 				authenticatedSessionStorage.
@@ -195,8 +196,8 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			}
 
 			//store valid assertion into pending-request
-			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
-			pendingReq.setGenericDataToSession(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
+			pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_RESPONSE, processedMsg);
+			pendingReq.setRawDataToTransaction(SSOManager.DATAID_INTERFEDERATIOIDP_ENTITYID, processedMsg.getEntityID());
 			
 			//store pending-request
 			requestStoreage.storePendingRequest(pendingReq);
@@ -297,6 +298,7 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 			
 			//copy attributes into MOASession
 			Set includedAttrNames = extractor.getAllIncludeAttributeNames();
+			AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
 			for (String el : includedAttrNames) {
 				String value = extractor.getSingleAttributeValue(el);
 				
@@ -310,13 +312,13 @@ public class ReceiveAuthnResponseTask extends AbstractAuthServletTask {
 					}					
 				} 
 				
-				pendingReq.setGenericDataToSession(el, value);				
+				session.setGenericDataToSession(el, value);				
 				Logger.debug("Add PVP-attribute " + el + " into MOASession");
 				
 			}
 			
 			//set validTo from this federated IDP response
-			pendingReq.setGenericDataToSession(
+			session.setGenericDataToSession(
 					AuthenticationSessionStorageConstants.FEDERATION_RESPONSE_VALIDE_TO, 
 					extractor.getAssertionNotOnOrAfter());
 									
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
index 92bcce24b..21dbb573a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/GetArtifactAction.java
@@ -85,14 +85,14 @@ public class GetArtifactAction implements IAction {
 			
 			String samlArtifactBase64 = saml1server.BuildSAMLArtifact(oaParam, authData, sourceID);
 			
-			String oaTargetArea = req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class);
+			String oaTargetArea = req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class);
 			
 			if (authData.isSsoSession()) {
 				String url = req.getAuthURL() + RedirectServlet.SERVICE_ENDPOINT;
 				url = addURLParameter(url, RedirectServlet.REDIRCT_PARAM_URL, URLEncoder.encode(oaURL, "UTF-8"));
 				if (MiscUtil.isNotEmpty(oaTargetArea))
 					url = addURLParameter(url, MOAIDAuthConstants.PARAM_TARGET, 
-							URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+							URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
 				url = addURLParameter(url, MOAIDAuthConstants.PARAM_SAMLARTIFACT, URLEncoder.encode(samlArtifactBase64, "UTF-8"));
 				url = httpResp.encodeRedirectURL(url);
 				
@@ -104,7 +104,7 @@ public class GetArtifactAction implements IAction {
 				String redirectURL = oaURL;		
 				if (MiscUtil.isNotEmpty(oaTargetArea)) {
 					redirectURL = addURLParameter(redirectURL, MOAIDAuthConstants.PARAM_TARGET,
-					URLEncoder.encode(req.getGenericData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
+					URLEncoder.encode(req.getRawData(SAML1Protocol.REQ_DATA_TARGET, String.class), "UTF-8"));
 
 				}
 				
diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
index 398119a7f..30d740a2a 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1Protocol.java
@@ -193,7 +193,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 			revisionsLogger.logEvent(pendingRequest, MOAIDEventConstants.AUTHPROTOCOL_SAML1_AUTHNREQUEST);
 			
 			if (MiscUtil.isNotEmpty(target)) {
-				pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, target);
+				pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, target);
 				pendingRequest.setTarget(MOAIDAuthConstants.PREFIX_CDID + target);
 			
 			} else {
@@ -201,7 +201,7 @@ public class SAML1Protocol extends AbstractAuthProtocolModulController implement
 				pendingRequest.setTarget(targetArea);
 				
 				if (targetArea.startsWith(MOAIDAuthConstants.PREFIX_CDID))
-					pendingRequest.setGenericDataToSession(REQ_DATA_TARGET, 
+					pendingRequest.setRawDataToTransaction(REQ_DATA_TARGET, 
 							targetArea.substring(MOAIDAuthConstants.PREFIX_CDID.length()));
 				
 				
-- 
cgit v1.2.3


From bb6aaa83002e5daae15dde06abb9c984ab644bb4 Mon Sep 17 00:00:00 2001
From: Thomas Lenz 
Date: Mon, 16 Jul 2018 13:11:21 +0200
Subject: add countryCode Attribute into SAML1 assertion

---
 .../protocols/saml1/SAML1AuthenticationServer.java | 27 ++++++++++++++++++----
 1 file changed, 22 insertions(+), 5 deletions(-)

(limited to 'id/server/modules')

diff --git a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
index 78dc80815..c8f01f67d 100644
--- a/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
+++ b/id/server/modules/moa-id-modules-saml1/src/main/java/at/gv/egovernment/moa/id/protocols/saml1/SAML1AuthenticationServer.java
@@ -24,6 +24,7 @@ package at.gv.egovernment.moa.id.protocols.saml1;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.List;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -44,6 +45,7 @@ import org.xml.sax.SAXException;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandate;
 import at.gv.e_government.reference.namespace.mandates._20040701_.Mandator;
 import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions;
 import at.gv.egiz.eaaf.core.api.idp.IAuthData;
 import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
 import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException;
@@ -56,6 +58,7 @@ import at.gv.egovernment.moa.id.auth.AuthenticationServer;
 import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
 import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder;
+import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.ParseException;
@@ -319,12 +322,26 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 				
 			}
 			
-			String samlAssertion;
 			
-			//add mandate info's
-			if (authData.isUseMandate()) {
-				List oaAttributes = authData.getExtendedSAMLAttributesOA();
+			List oaAttributes = authData.getExtendedSAMLAttributesOA();
+			
+			//add additional SAML1 attribute that containts the CountryCode in case of foreigners
+			if (authData.isForeigner()) {
+				if (oaAttributes == null)
+					oaAttributes = new ArrayList();
+
+				Logger.trace("Entity is marked as foreigner. Adding CountryCode: "
+						+ authData.getCiticenCountryCode() + " as attribute into SAML1 assertion ... ");
+				oaAttributes.add(new ExtendedSAMLAttributeImpl(
+						PVPAttributeDefinitions.EID_ISSUING_NATION_FRIENDLY_NAME, authData.getCiticenCountryCode(),
+						Constants.MOA_NS_URI,
+						ExtendedSAMLAttribute.NOT_ADD_TO_AUTHBLOCK));
 				
+			}
+									
+			String samlAssertion = null;
+			//add mandate info's
+			if (authData.isUseMandate()) {								
 				//only provide full mandate if it is included.  
 				if (saml1parameter.isProvideFullMandatorData() 
 						&& authData.getMISMandate() != null) {
@@ -420,7 +437,7 @@ public class SAML1AuthenticationServer extends AuthenticationServer {
 					authData.getBkuURL(),
 					signerCertificateBase64,
 					oaParam.hasBaseIdTransferRestriction(),
-					authData.getExtendedSAMLAttributesOA(), 
+					oaAttributes, 
 					useCondition,
 					conditionLength);
 			}
-- 
cgit v1.2.3