From dc2fb6695f44e3e01088e8a986ae1ac98b1743b1 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 29 May 2018 07:42:26 +0200 Subject: update SL2.0 module to support more than one VDA backend --- .../moa/id/auth/modules/sl20_auth/Constants.java | 7 +++--- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 29 +++++++++++++++++++--- 2 files changed, 30 insertions(+), 6 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java index 7a58648cc..920187bfb 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -5,9 +5,8 @@ public class Constants { public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl"; public static final String CONFIG_PROP_PREFIX = "modules.sl20"; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint"; - public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; - + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.keystore.password"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias"; @@ -15,6 +14,8 @@ public class Constants { public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";; public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password"; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + "."; + public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index b1dfa9b0d..d9ff9d93c 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -4,6 +4,7 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; +import java.util.Map.Entry; import java.util.UUID; import javax.net.ssl.SSLSocketFactory; @@ -38,6 +39,7 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -59,9 +61,9 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); //get basic configuration parameters - String vdaQualeIDUrl = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID); + String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig); if (MiscUtil.isEmpty(vdaQualeIDUrl)) { - Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + ")"); + Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); } @@ -165,8 +167,29 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { } + } + + private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig) { + Map listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + Map listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST); + + for (Entry el : listOfSPs.entrySet()) { + List spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue()); + if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) { + Logger.trace("Select VDA endPoint with Id: " + el.getKey()); + if (listOfVDAs.containsKey(el.getKey())) + return listOfVDAs.get(el.getKey()); + + else + Logger.info("No VDA endPoint with Id: " + el.getKey()); + + } else + Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix()); - + } + + Logger.debug("NO SP specific VDA endpoint found. Use default VDA"); + return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT); } -- cgit v1.2.3 From 52ad604e54cb91073503d708cd0c50ff0121174a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 30 May 2018 06:29:29 +0200 Subject: add additional validation to SL20 module --- .../auth/builder/SignatureVerificationUtils.java | 27 +- .../id/auth/validator/IdentityLinkValidator.java | 210 +++++++++++ .../VerifyXMLSignatureRequestBuilder.java | 408 +++++++++++++++++++++ .../VerifyXMLSignatureResponseValidator.java | 307 ++++++++++++++++ .../pvp2x/utils/AssertionAttributeExtractor.java | 98 +++-- .../moa/id/auth/AuthenticationServer.java | 2 +- .../builder/VerifyXMLSignatureRequestBuilder.java | 408 --------------------- .../id/auth/validator/IdentityLinkValidator.java | 210 ----------- .../VerifyXMLSignatureResponseValidator.java | 302 --------------- .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 67 +++- .../sl20/verifier/QualifiedeIDVerifier.java | 132 +++++++ .../sl20_auth/tasks/ReceiveQualeIDTask.java | 5 +- 12 files changed, 1212 insertions(+), 964 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java delete mode 100644 id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java index 9ca15c76f..27d983785 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/SignatureVerificationUtils.java @@ -22,6 +22,8 @@ */ package at.gv.egovernment.moa.id.auth.builder; +import java.util.List; + import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; @@ -74,10 +76,15 @@ public class SignatureVerificationUtils { } } - public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException { + public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID) throws MOAIDException { + return verify(signature, trustProfileID, null); + + } + + public IVerifiyXMLSignatureResponse verify(byte[] signature, String trustProfileID, List verifyTransformsInfoProfileID) throws MOAIDException { try { //build signature-verification request - Element domVerifyXMLSignatureRequest = build(signature, trustProfileID); + Element domVerifyXMLSignatureRequest = build(signature, trustProfileID, verifyTransformsInfoProfileID); //send signature-verification to MOA-SP Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() @@ -112,7 +119,7 @@ public class SignatureVerificationUtils { * * @throws ParseException */ - private Element build(byte[] signature, String trustProfileID) + private Element build(byte[] signature, String trustProfileID, List verifyTransformsInfoProfileID) throws ParseException { try { @@ -153,6 +160,20 @@ public class SignatureVerificationUtils { requestElem_.appendChild(signatureManifestCheckParamsElem); signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); + //verify transformations + if (verifyTransformsInfoProfileID != null && !verifyTransformsInfoProfileID.isEmpty()) { + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + for (String element : verifyTransformsInfoProfileID) { + Element verifyTransformsInfoProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild(requestDoc_.createTextNode(element)); + + } + } + + + //hashinput data Element returnHashInputDataElem = requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); requestElem_.appendChild(returnHashInputDataElem); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java new file mode 100644 index 000000000..f3ce6888b --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java @@ -0,0 +1,210 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator; + +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.exception.ValidateException; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * This class is used to validate an {@link IdentityLink} + * returned by the security layer + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class IdentityLinkValidator implements Constants { + + // + // XPath namespace prefix shortcuts + // + /** Xpath prefix for reaching PersonData Namespaces */ + private static final String PDATA = PD_PREFIX + ":"; + /** Xpath prefix for reaching SAML Namespaces */ + private static final String SAML = SAML_PREFIX + ":"; + /** Xpath prefix for reaching XML-DSIG Namespaces */ + private static final String DSIG = DSIG_PREFIX + ":"; + /** Xpath prefix for reaching ECDSA Namespaces */ + private static final String ECDSA = ECDSA_PREFIX + ":"; + /** Xpath expression to the root element */ + private static final String ROOT = ""; + /** Xpath expression to the SAML:SubjectConfirmationData element */ + private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = + ROOT + + SAML + + "AttributeStatement/" + + SAML + + "Subject/" + + SAML + + "SubjectConfirmation/" + + SAML + + "SubjectConfirmationData"; +/** Xpath expression to the PersonData:Person element */ + private static final String PERSON_XPATH = + SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; + /** Xpath expression to the SAML:Attribute element */ + private static final String ATTRIBUTE_XPATH = + ROOT + SAML + "AttributeStatement/" + SAML + "Attribute"; +// /** Xpath expression to the SAML:AttributeName attribute */ +// private static final String ATTRIBUTE_NAME_XPATH = +// ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName"; +// /** Xpath expression to the SAML:AttributeNamespace attribute */ +// private static final String ATTRIBUTE_NAMESPACE_XPATH = +// ROOT +// + SAML +// + "AttributeStatement/" +// + SAML +// + "Attribute/@AttributeNamespace"; +// /** Xpath expression to the SAML:AttributeValue element */ +// private static final String ATTRIBUTE_VALUE_XPATH = +// ROOT +// + SAML +// + "AttributeStatement/" +// + SAML +// + "Attribute/" +// + SAML +// + "AttributeValue"; + + /** Singleton instance. null, if none has been created. */ + private static IdentityLinkValidator instance; + + /** + * Constructor for a singleton IdentityLinkValidator. + * @return a new IdentityLinkValidator instance + * @throws ValidateException if no instance can be created + */ + public static synchronized IdentityLinkValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new IdentityLinkValidator(); + } + return instance; + } + + /** + * Method validate. Validates the {@link IdentityLink} + * @param identityLink The identityLink to validate + * @throws ValidateException on any validation error + */ + public void validate(IIdentityLink identityLink) throws ValidateException { + + Element samlAssertion = identityLink.getSamlAssertion(); + //Search the SAML:ASSERTION Object (A2.054) + if (samlAssertion == null) { + throw new ValidateException("validator.00", null); + } + + // Check how many saml:Assertion/saml:AttributeStatement/ + // saml:Subject/ saml:SubjectConfirmation/ + // saml:SubjectConfirmationData/pr:Person of type + // PhysicalPersonType exist (A2.056) + NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH); + // If we have just one Person-Element we don't need to check the attributes + int counterPhysicalPersonType = 0; + if (nl.getLength() > 1) + for (int i = 0; i < nl.getLength(); i++) { + String xsiType = + ((Element) nl.item(i)) + .getAttributeNodeNS( + "http://www.w3.org/2001/XMLSchema-instance", + "type") + .getNodeValue(); + // We have to check if xsiType contains "PhysicalPersonType" + // An equal-check will fail because of the Namespace-prefix of the attribute value + if (xsiType.indexOf("PhysicalPersonType") > -1) + counterPhysicalPersonType++; + } + if (counterPhysicalPersonType > 1) + throw new ValidateException("validator.01", null); + + //Check the SAML:ATTRIBUTES + nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH); + for (int i = 0; i < nl.getLength(); i++) { + String attributeName = + XPathUtils.getAttributeValue( + (Element) nl.item(i), + "@AttributeName", + null); + String attributeNS = + XPathUtils.getAttributeValue( + (Element) nl.item(i), + "@AttributeNamespace", + null); + if (attributeName.equals("CitizenPublicKey")) { + + if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") || + attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) { + Element attributeValue = + (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue"); + if (attributeValue==null) + attributeValue = + (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); + if (attributeValue==null) + attributeValue = + (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue"); + if (attributeValue == null) + throw new ValidateException("validator.02", null); + + } + else + throw new ValidateException("validator.03", new Object [] {attributeNS} ); + } + else + throw new ValidateException("validator.04", new Object [] {attributeName} ); + } + + //Check if dsig:Signature exists + Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature"); + if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"}); + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java new file mode 100644 index 000000000..ae9ff80ae --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureRequestBuilder.java @@ -0,0 +1,408 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator; + +import java.util.List; + +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.Constants; + +/** + * Builder for the <VerifyXMLSignatureRequestBuilder> structure + * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureRequestBuilder { + + /** shortcut for XMLNS namespace URI */ + private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; + /** shortcut for MOA namespace URI */ + private static final String MOA_NS_URI = Constants.MOA_NS_URI; + /** The DSIG-Prefix */ + private static final String DSIG = Constants.DSIG_PREFIX + ":"; + + /** The document containing the VerifyXMLsignatureRequest */ + private Document requestDoc_; + /** the VerifyXMLsignatureRequest root element */ + private Element requestElem_; + + + /** + * Builds the body for a VerifyXMLsignatureRequest including the root + * element and namespace declarations. + * + * @throws BuildException If an error occurs on building the document. + */ + public VerifyXMLSignatureRequestBuilder() throws BuildException { + try { + DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); + requestDoc_ = docBuilder.newDocument(); + requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); + requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); + requestDoc_.appendChild(requestElem_); + } catch (Throwable t) { + throw new BuildException( + "builder.00", + new Object[] {"VerifyXMLSignatureRequest", t.toString()}, + t); + } + } + + + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param identityLink - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * + * @return Element - The complete request as Dom-Element + * + * @throws ParseException + */ + public Element build(IIdentityLink identityLink, String trustProfileID) + throws ParseException + { + try { + // build the request + Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); + requestElem_.appendChild(dateTimeElem); + Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); + dateTimeElem.appendChild(dateTime); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + // insert the base64 encoded identity link SAML assertion + String serializedAssertion = identityLink.getSerializedSamlAssertion(); + String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8")); + //replace all '\r' characters by no char. + StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i ++) { + char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } + } + base64EncodedAssertion = replaced.toString(); + Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); + // add the transforms + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); + + for (int i = 0; i < dsigTransforms.length; i++) { + Element verifyTransformsInfoProfileElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); + verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); + } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + } catch (Throwable t) { + throw new ParseException("builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } + + return requestElem_; + } + + /** + * Builds a <VerifyXMLSignatureRequest> + * from an IdentityLink with a known trustProfileID which + * has to exist in MOA-SP + * @param identityLink - The IdentityLink + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * + * @return Element - The complete request as Dom-Element + * + * @throws ParseException + */ + public Element build(byte[]mandate, String trustProfileID) + throws ParseException + { + try { + // build the request +// Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); +// requestElem_.appendChild(dateTimeElem); +// Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); +// dateTimeElem.appendChild(dateTime); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); + verifySignatureEnvironmentElem.appendChild(base64ContentElem); + // insert the base64 encoded identity link SAML assertion + //String serializedAssertion = identityLink.getSerializedSamlAssertion(); + //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8")); + String base64EncodedAssertion = Base64Utils.encode(mandate); + //replace all '\r' characters by no char. + StringBuffer replaced = new StringBuffer(); + for (int i = 0; i < base64EncodedAssertion.length(); i ++) { + char c = base64EncodedAssertion.charAt(i); + if (c != '\r') { + replaced.append(c); + } + } + base64EncodedAssertion = replaced.toString(); + Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); + base64ContentElem.appendChild(base64Content); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); +// // add the transforms +// Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); +// signatureManifestCheckParamsElem.appendChild(referenceInfoElem); +// Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); +// +// for (int i = 0; i < dsigTransforms.length; i++) { +// Element verifyTransformsInfoProfileElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); +// verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); +// } + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + } catch (Throwable t) { + throw new ParseException("builder.00", + new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); + } + + return requestElem_; + } + + + /** + * Builds a <VerifyXMLSignatureRequest> + * from the signed AUTH-Block with a known trustProfileID which + * has to exist in MOA-SP + * @param csr - signed AUTH-Block + * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element build( + CreateXMLSignatureResponse csr, + List verifyTransformsInfoProfileID, + String trustProfileID) + throws BuildException { //samlAssertionObject + + try { + // build the request +// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" +// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); + verifySignatureEnvironmentElem.appendChild(xmlContentElem); + xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); + // insert the SAML assertion + xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true)); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); + // add the transform profile IDs + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + +// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { +// +// Element verifyTransformsInfoProfileIDElem = +// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); +// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); +// verifyTransformsInfoProfileIDElem.appendChild( +// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); +// } + + for (String element : verifyTransformsInfoProfileID) { + + Element verifyTransformsInfoProfileIDElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); + referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); + verifyTransformsInfoProfileIDElem.appendChild( + requestDoc_.createTextNode(element)); + } + + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + + } catch (Throwable t) { + throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); + } + + return requestElem_; + } + + /** + * Builds a <VerifyXMLSignatureRequest> + * from the signed data with a known trustProfileID which + * has to exist in MOA-SP + * @param csr - signed AUTH-Block + * @param trustProfileID - a preconfigured TrustProfile at MOA-SP + * @return Element - The complete request as Dom-Element + * @throws ParseException + */ + public Element buildDsig( + CreateXMLSignatureResponse csr, + String trustProfileID) + throws BuildException { //samlAssertionObject + + try { + // build the request +// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" +// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); + + Element verifiySignatureInfoElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); + requestElem_.appendChild(verifiySignatureInfoElem); + Element verifySignatureEnvironmentElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); + verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); + + Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); + verifySignatureEnvironmentElem.appendChild(xmlContentElem); + xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); + + // insert the dsig:Signature + xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true)); + // specify the signature location + Element verifySignatureLocationElem = + requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); + verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); + Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature"); + verifySignatureLocationElem.appendChild(signatureLocation); + // signature manifest params + Element signatureManifestCheckParamsElem = + requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); + requestElem_.appendChild(signatureManifestCheckParamsElem); + signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); + // add the transform profile IDs + Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); + signatureManifestCheckParamsElem.appendChild(referenceInfoElem); + + Element returnHashInputDataElem = + requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); + requestElem_.appendChild(returnHashInputDataElem); + Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); + + trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); + requestElem_.appendChild(trustProfileIDElem); + + } catch (Throwable t) { + throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); + } + + return requestElem_; + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java new file mode 100644 index 000000000..832aa58c6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -0,0 +1,307 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package at.gv.egovernment.moa.id.auth.validator; + +import java.security.InvalidKeyException; +import java.security.PublicKey; +import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; +import java.util.Iterator; +import java.util.List; +import java.util.Set; + +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.ValidateException; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; +import at.gv.egovernment.moa.logging.Logger; +import iaik.asn1.structures.Name; +import iaik.security.ec.common.ECPublicKey; +import iaik.utils.RFC2253NameParserException; +import iaik.x509.X509Certificate; +import iaik.x509.X509ExtensionInitException; + +/** + * This class is used to validate an {@link VerifyXMLSignatureResponse} + * returned by MOA-SPSS + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureResponseValidator { + + /** Identification string for checking identity link */ + public static final String CHECK_IDENTITY_LINK = "IdentityLink"; + /** Identification string for checking authentication block */ + public static final String CHECK_AUTH_BLOCK = "AuthBlock"; + + /** Singleton instance. null, if none has been created. */ + private static VerifyXMLSignatureResponseValidator instance; + + /** + * Constructor for a singleton VerifyXMLSignatureResponseValidator. + */ + public static synchronized VerifyXMLSignatureResponseValidator getInstance() + throws ValidateException { + if (instance == null) { + instance = new VerifyXMLSignatureResponseValidator(); + } + return instance; + } + + /** + * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. + * + * @param verifyXMLSignatureResponse the <VerifyXMLSignatureResponse> + * @param identityLinkSignersSubjectDNNames subject names configured + * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated + * @param oaParam specifies whether the validation result of the + * manifest has to be ignored (identityLink validation if + * the OA is a business service) or not + * @throws ValidateException on any validation error + * @throws ConfigurationException + */ + public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, + List identityLinkSignersSubjectDNNames, + String whatToCheck, + IOAAuthParameters oaParam) + throws ValidateException, ConfigurationException { + + if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) + throw new ValidateException("validator.06", null); + + if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { + String checkFailedReason =""; + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); + if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) + checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); + +// TEST CARDS + if (whatToCheck.equals(CHECK_IDENTITY_LINK)) + throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); + else + throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); + } + + //check QC + if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() && + !whatToCheck.equals(CHECK_IDENTITY_LINK) && + !verifyXMLSignatureResponse.isQualifiedCertificate()) { + + //check if testcards are active and certificate has an extension for test credentials + if (oaParam.isTestCredentialEnabled()) { + boolean foundTestCredentialOID = false; + try { + X509Certificate signerCert = verifyXMLSignatureResponse.getX509certificate(); + + List validOIDs = new ArrayList(); + if (oaParam.getTestCredentialOIDs() != null) + validOIDs.addAll(oaParam.getTestCredentialOIDs()); + else + validOIDs.add(MOAIDAuthConstants.TESTCREDENTIALROOTOID); + + Set extentsions = signerCert.getCriticalExtensionOIDs(); + extentsions.addAll(signerCert.getNonCriticalExtensionOIDs()); + Iterator extit = extentsions.iterator(); + while(extit.hasNext()) { + String certOID = extit.next(); + for (String el : validOIDs) { + if (certOID.startsWith(el)) + foundTestCredentialOID = true; + } + } + + } catch (Exception e) { + Logger.warn("Test credential OID extraction FAILED.", e); + + } + //throw Exception if not TestCredentialOID is found + if (!foundTestCredentialOID) + throw new ValidateException("validator.72", null); + + } else + throw new ValidateException("validator.71", null); + } + + // if OA is type is business service the manifest validation result has + // to be ignored + boolean ignoreManifestValidationResult = false; + if (whatToCheck.equals(CHECK_IDENTITY_LINK)) + ignoreManifestValidationResult = (oaParam.hasBaseIdInternalProcessingRestriction()) ? true + : false; + + if (ignoreManifestValidationResult) { + Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); + } else { + if (verifyXMLSignatureResponse.isXmlDSIGManigest()) + if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) + throw new ValidateException("validator.08", null); + } + + + // Check the signature manifest only when verifying the signed AUTHBlock + if (whatToCheck.equals(CHECK_AUTH_BLOCK)) { + if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) { + throw new ValidateException("validator.50", null); + } + } + + //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not + if (identityLinkSignersSubjectDNNames != null) { + String subjectDN = ""; + X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); + try { + subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); + } + catch (RFC2253NameParserException e) { + throw new ValidateException("validator.17", null); + } + //System.out.println("subjectDN: " + subjectDN); + // check the authorisation to sign the identity link + if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { + // subject DN check failed, try OID check: + try { + if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) { + throw new ValidateException("validator.18", new Object[] { subjectDN }); + } else { + Logger.debug("Identity link signer cert accepted for signing identity link: " + + "subjectDN check failed, but OID check successfully passed."); + } + } catch (X509ExtensionInitException e) { + throw new ValidateException("validator.49", null); + } + } else { + Logger.debug("Identity link signer cert accepted for signing identity link: " + + "subjectDN check successfully passed."); + } + + } + } + + /** + * Method validateCertificate. + * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse + * @param idl The Identitylink + * @throws ValidateException + */ + public void validateCertificate( + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, + IIdentityLink idl) + throws ValidateException { + + X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); + PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); + + PublicKey pubKeySignature = x509Response.getPublicKey(); + checkIDLAgainstSignatureCertificate(pubKeysIdentityLink, pubKeySignature); + + } + + + public void checkIDLAgainstSignatureCertificate( PublicKey[] pubKeysIdentityLink, PublicKey pubKeySignature) throws ValidateException { + boolean found = false; + for (int i = 0; i < pubKeysIdentityLink.length; i++) { + PublicKey idlPubKey = pubKeysIdentityLink[i]; + //compare RSAPublicKeys + if ((idlPubKey instanceof java.security.interfaces.RSAPublicKey) && + (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) { + + RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature; + RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; + + if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus()) + && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent())) + found = true; + } + + //compare ECDSAPublicKeys + if( ( (idlPubKey instanceof java.security.interfaces.ECPublicKey) || + (idlPubKey instanceof ECPublicKey)) && + ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || + (pubKeySignature instanceof ECPublicKey) ) ) { + + try { + ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded()); + ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded()); + + if(ecdsakey.equals(ecdsaPubKeySignature)) + found = true; + + } catch (InvalidKeyException e) { + Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e); + throw new ValidateException("validator.09", null); + } + + + + } + +// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName() +// + " Resp-Pubkey=" + pubKeySignature.getClass().getName()); + + } + + if (!found) { + + throw new ValidateException("validator.09", null); + + } + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index 9d585bc86..05bb16d0d 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -63,6 +63,7 @@ public class AssertionAttributeExtractor { PVPConstants.EID_SOURCE_PIN_NAME, PVPConstants.EID_SOURCE_PIN_TYPE_NAME); + /** * Parse the SAML2 Response element and extracts included information *

@@ -81,36 +82,25 @@ public class AssertionAttributeExtractor { Logger.warn("Found more then ONE PVP2.1 assertions. Only the First is used."); assertion = assertions.get(0); - - if (assertion.getAttributeStatements() != null && - assertion.getAttributeStatements().size() > 0) { - AttributeStatement attrStat = assertion.getAttributeStatements().get(0); - for (Attribute attr : attrStat.getAttributes()) { - if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) { - List storkAttrValues = new ArrayList(); - for (XMLObject el : attr.getAttributeValues()) - storkAttrValues.add(el.getDOM().getTextContent()); - -// PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), -// false, storkAttrValues , "Available"); -// storkAttributes.put(attr.getName(), storkAttr ); - - } else { - List attrList = new ArrayList(); - for (XMLObject el : attr.getAttributeValues()) - attrList.add(el.getDOM().getTextContent()); - - attributs.put(attr.getName(), attrList); - - } - } - - } - + internalInitialize(); + } else - throw new AssertionAttributeExtractorExeption(); + throw new AssertionAttributeExtractorExeption(); } - + + /** + * Parse the SAML2 Assertion element and extracts included information + *

+ * + * @param assertion SAML2 Assertion + * @throws AssertionAttributeExtractorExeption + */ + public AssertionAttributeExtractor(Assertion assertion) throws AssertionAttributeExtractorExeption { + this.assertion = assertion; + internalInitialize(); + + } + /** * Get all SAML2 attributes from first SAML2 AttributeStatement element * @@ -274,7 +264,30 @@ public class AssertionAttributeExtractor { } - return getFullAssertion().getConditions().getNotOnOrAfter().toDate(); + try { + return getFullAssertion().getConditions().getNotOnOrAfter().toDate(); + + } catch (NullPointerException e) { + return null; + + } + } + + /** + * Get the Assertion validFrom period + * + * This method returns value of SAML 'Conditions' element. + * + * @return Date, after this SAML2 assertion is valid, otherwise null + */ + public Date getAssertionNotBefore() { + try { + return getFullAssertion().getConditions().getNotBefore().toDate(); + + } catch (NullPointerException e) { + return null; + + } } @@ -288,5 +301,32 @@ public class AssertionAttributeExtractor { return authnList.get(0); } + + private void internalInitialize() { + internalInitialize(); + if (assertion.getAttributeStatements() != null && + assertion.getAttributeStatements().size() > 0) { + AttributeStatement attrStat = assertion.getAttributeStatements().get(0); + for (Attribute attr : attrStat.getAttributes()) { + if (attr.getName().startsWith(PVPConstants.STORK_ATTRIBUTE_PREFIX)) { + List storkAttrValues = new ArrayList(); + for (XMLObject el : attr.getAttributeValues()) + storkAttrValues.add(el.getDOM().getTextContent()); + +// PersonalAttribute storkAttr = new PersonalAttribute(attr.getName(), +// false, storkAttrValues , "Available"); +// storkAttributes.put(attr.getName(), storkAttr ); + + } else { + List attrList = new ArrayList(); + for (XMLObject el : attr.getAttributeValues()) + attrList.add(el.getDOM().getTextContent()); + + attributs.put(attr.getName(), attrList); + + } + } + } + } } diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index 7c435d0b0..a67b27315 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -33,7 +33,6 @@ import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.ExtendedSAMLAttributeImpl; @@ -51,6 +50,7 @@ import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.parep.ParepUtils; import at.gv.egovernment.moa.id.auth.validator.parep.client.szrgw.SZRGWConstants; diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java deleted file mode 100644 index e6adcf159..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilder.java +++ /dev/null @@ -1,408 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.builder; - -import java.util.List; - -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; - -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; - -/** - * Builder for the <VerifyXMLSignatureRequestBuilder> structure - * used for sending the DSIG-Signature of the Security Layer card for validating to MOA-SP. - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureRequestBuilder { - - /** shortcut for XMLNS namespace URI */ - private static final String XMLNS_NS_URI = Constants.XMLNS_NS_URI; - /** shortcut for MOA namespace URI */ - private static final String MOA_NS_URI = Constants.MOA_NS_URI; - /** The DSIG-Prefix */ - private static final String DSIG = Constants.DSIG_PREFIX + ":"; - - /** The document containing the VerifyXMLsignatureRequest */ - private Document requestDoc_; - /** the VerifyXMLsignatureRequest root element */ - private Element requestElem_; - - - /** - * Builds the body for a VerifyXMLsignatureRequest including the root - * element and namespace declarations. - * - * @throws BuildException If an error occurs on building the document. - */ - public VerifyXMLSignatureRequestBuilder() throws BuildException { - try { - DocumentBuilder docBuilder = DocumentBuilderFactory.newInstance().newDocumentBuilder(); - requestDoc_ = docBuilder.newDocument(); - requestElem_ = requestDoc_.createElementNS(MOA_NS_URI, "VerifyXMLSignatureRequest"); - requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns", MOA_NS_URI); - requestElem_.setAttributeNS(XMLNS_NS_URI, "xmlns:" + Constants.DSIG_PREFIX, Constants.DSIG_NS_URI); - requestDoc_.appendChild(requestElem_); - } catch (Throwable t) { - throw new BuildException( - "builder.00", - new Object[] {"VerifyXMLSignatureRequest", t.toString()}, - t); - } - } - - - /** - * Builds a <VerifyXMLSignatureRequest> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param identityLink - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * - * @return Element - The complete request as Dom-Element - * - * @throws ParseException - */ - public Element build(IIdentityLink identityLink, String trustProfileID) - throws ParseException - { - try { - // build the request - Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); - requestElem_.appendChild(dateTimeElem); - Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); - dateTimeElem.appendChild(dateTime); - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); - verifySignatureEnvironmentElem.appendChild(base64ContentElem); - // insert the base64 encoded identity link SAML assertion - String serializedAssertion = identityLink.getSerializedSamlAssertion(); - String base64EncodedAssertion = Base64Utils.encode(serializedAssertion.getBytes("UTF-8")); - //replace all '\r' characters by no char. - StringBuffer replaced = new StringBuffer(); - for (int i = 0; i < base64EncodedAssertion.length(); i ++) { - char c = base64EncodedAssertion.charAt(i); - if (c != '\r') { - replaced.append(c); - } - } - base64EncodedAssertion = replaced.toString(); - Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); - base64ContentElem.appendChild(base64Content); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); - // add the transforms - Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); - - for (int i = 0; i < dsigTransforms.length; i++) { - Element verifyTransformsInfoProfileElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); - verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); - } - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - } catch (Throwable t) { - throw new ParseException("builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); - } - - return requestElem_; - } - - /** - * Builds a <VerifyXMLSignatureRequest> - * from an IdentityLink with a known trustProfileID which - * has to exist in MOA-SP - * @param identityLink - The IdentityLink - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * - * @return Element - The complete request as Dom-Element - * - * @throws ParseException - */ - public Element build(byte[]mandate, String trustProfileID) - throws ParseException - { - try { - // build the request -// Element dateTimeElem = requestDoc_.createElementNS(MOA_NS_URI, "DateTime"); -// requestElem_.appendChild(dateTimeElem); -// Node dateTime = requestDoc_.createTextNode(identityLink.getIssueInstant()); -// dateTimeElem.appendChild(dateTime); - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - Element base64ContentElem = requestDoc_.createElementNS(MOA_NS_URI, "Base64Content"); - verifySignatureEnvironmentElem.appendChild(base64ContentElem); - // insert the base64 encoded identity link SAML assertion - //String serializedAssertion = identityLink.getSerializedSamlAssertion(); - //String base64EncodedAssertion = Base64Utils.encode(mandate.getBytes("UTF-8")); - String base64EncodedAssertion = Base64Utils.encode(mandate); - //replace all '\r' characters by no char. - StringBuffer replaced = new StringBuffer(); - for (int i = 0; i < base64EncodedAssertion.length(); i ++) { - char c = base64EncodedAssertion.charAt(i); - if (c != '\r') { - replaced.append(c); - } - } - base64EncodedAssertion = replaced.toString(); - Node base64Content = requestDoc_.createTextNode(base64EncodedAssertion); - base64ContentElem.appendChild(base64Content); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "false"); -// // add the transforms -// Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); -// signatureManifestCheckParamsElem.appendChild(referenceInfoElem); -// Element[] dsigTransforms = identityLink.getDsigReferenceTransforms(); -// -// for (int i = 0; i < dsigTransforms.length; i++) { -// Element verifyTransformsInfoProfileElem = -// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfile"); -// referenceInfoElem.appendChild(verifyTransformsInfoProfileElem); -// verifyTransformsInfoProfileElem.appendChild(requestDoc_.importNode(dsigTransforms[i], true)); -// } - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - } catch (Throwable t) { - throw new ParseException("builder.00", - new Object[] { "VerifyXMLSignatureRequest (IdentityLink)" }, t); - } - - return requestElem_; - } - - - /** - * Builds a <VerifyXMLSignatureRequest> - * from the signed AUTH-Block with a known trustProfileID which - * has to exist in MOA-SP - * @param csr - signed AUTH-Block - * @param verifyTransformsInfoProfileID - allowed verifyTransformsInfoProfileID - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element build( - CreateXMLSignatureResponse csr, - List verifyTransformsInfoProfileID, - String trustProfileID) - throws BuildException { //samlAssertionObject - - try { - // build the request -// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" -// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); - verifySignatureEnvironmentElem.appendChild(xmlContentElem); - xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); - // insert the SAML assertion - xmlContentElem.appendChild(requestDoc_.importNode(csr.getSamlAssertion(), true)); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode(DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); - // add the transform profile IDs - Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - -// for (int i = 0; i < verifyTransformsInfoProfileID.length; i++) { -// -// Element verifyTransformsInfoProfileIDElem = -// requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); -// referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); -// verifyTransformsInfoProfileIDElem.appendChild( -// requestDoc_.createTextNode(verifyTransformsInfoProfileID[i])); -// } - - for (String element : verifyTransformsInfoProfileID) { - - Element verifyTransformsInfoProfileIDElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifyTransformsInfoProfileID"); - referenceInfoElem.appendChild(verifyTransformsInfoProfileIDElem); - verifyTransformsInfoProfileIDElem.appendChild( - requestDoc_.createTextNode(element)); - } - - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - - } catch (Throwable t) { - throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); - } - - return requestElem_; - } - - /** - * Builds a <VerifyXMLSignatureRequest> - * from the signed data with a known trustProfileID which - * has to exist in MOA-SP - * @param csr - signed AUTH-Block - * @param trustProfileID - a preconfigured TrustProfile at MOA-SP - * @return Element - The complete request as Dom-Element - * @throws ParseException - */ - public Element buildDsig( - CreateXMLSignatureResponse csr, - String trustProfileID) - throws BuildException { //samlAssertionObject - - try { - // build the request -// requestElem_.setAttributeNS(Constants.XMLNS_NS_URI, "xmlns:" -// + Constants.XML_PREFIX, Constants.XMLNS_NS_URI); - - Element verifiySignatureInfoElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureInfo"); - requestElem_.appendChild(verifiySignatureInfoElem); - Element verifySignatureEnvironmentElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureEnvironment"); - verifiySignatureInfoElem.appendChild(verifySignatureEnvironmentElem); - - Element xmlContentElem = requestDoc_.createElementNS(MOA_NS_URI, "XMLContent"); - verifySignatureEnvironmentElem.appendChild(xmlContentElem); - xmlContentElem.setAttribute(Constants.XML_PREFIX + ":space", "preserve"); - - // insert the dsig:Signature - xmlContentElem.appendChild(requestDoc_.importNode(csr.getDsigSignature(), true)); - // specify the signature location - Element verifySignatureLocationElem = - requestDoc_.createElementNS(MOA_NS_URI, "VerifySignatureLocation"); - verifiySignatureInfoElem.appendChild(verifySignatureLocationElem); - Node signatureLocation = requestDoc_.createTextNode("/"+ DSIG + "Signature"); - verifySignatureLocationElem.appendChild(signatureLocation); - // signature manifest params - Element signatureManifestCheckParamsElem = - requestDoc_.createElementNS(MOA_NS_URI, "SignatureManifestCheckParams"); - requestElem_.appendChild(signatureManifestCheckParamsElem); - signatureManifestCheckParamsElem.setAttribute("ReturnReferenceInputData", "true"); - // add the transform profile IDs - Element referenceInfoElem = requestDoc_.createElementNS(MOA_NS_URI, "ReferenceInfo"); - signatureManifestCheckParamsElem.appendChild(referenceInfoElem); - - Element returnHashInputDataElem = - requestDoc_.createElementNS(MOA_NS_URI, "ReturnHashInputData"); - requestElem_.appendChild(returnHashInputDataElem); - Element trustProfileIDElem = requestDoc_.createElementNS(MOA_NS_URI, "TrustProfileID"); - - trustProfileIDElem.appendChild(requestDoc_.createTextNode(trustProfileID)); - requestElem_.appendChild(trustProfileIDElem); - - } catch (Throwable t) { - throw new BuildException("builder.00", new Object[] { "VerifyXMLSignatureRequest" }, t); - } - - return requestElem_; - } - -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java deleted file mode 100644 index f3ce6888b..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.java +++ /dev/null @@ -1,210 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.validator; - -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - -import at.gv.egovernment.moa.id.auth.data.IdentityLink; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.XPathUtils; - -/** - * This class is used to validate an {@link IdentityLink} - * returned by the security layer - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class IdentityLinkValidator implements Constants { - - // - // XPath namespace prefix shortcuts - // - /** Xpath prefix for reaching PersonData Namespaces */ - private static final String PDATA = PD_PREFIX + ":"; - /** Xpath prefix for reaching SAML Namespaces */ - private static final String SAML = SAML_PREFIX + ":"; - /** Xpath prefix for reaching XML-DSIG Namespaces */ - private static final String DSIG = DSIG_PREFIX + ":"; - /** Xpath prefix for reaching ECDSA Namespaces */ - private static final String ECDSA = ECDSA_PREFIX + ":"; - /** Xpath expression to the root element */ - private static final String ROOT = ""; - /** Xpath expression to the SAML:SubjectConfirmationData element */ - private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = - ROOT - + SAML - + "AttributeStatement/" - + SAML - + "Subject/" - + SAML - + "SubjectConfirmation/" - + SAML - + "SubjectConfirmationData"; -/** Xpath expression to the PersonData:Person element */ - private static final String PERSON_XPATH = - SAML_SUBJECT_CONFIRMATION_DATA_XPATH + "/" + PDATA + "Person"; - /** Xpath expression to the SAML:Attribute element */ - private static final String ATTRIBUTE_XPATH = - ROOT + SAML + "AttributeStatement/" + SAML + "Attribute"; -// /** Xpath expression to the SAML:AttributeName attribute */ -// private static final String ATTRIBUTE_NAME_XPATH = -// ROOT + SAML + "AttributeStatement/" + SAML + "Attribute/@AttributeName"; -// /** Xpath expression to the SAML:AttributeNamespace attribute */ -// private static final String ATTRIBUTE_NAMESPACE_XPATH = -// ROOT -// + SAML -// + "AttributeStatement/" -// + SAML -// + "Attribute/@AttributeNamespace"; -// /** Xpath expression to the SAML:AttributeValue element */ -// private static final String ATTRIBUTE_VALUE_XPATH = -// ROOT -// + SAML -// + "AttributeStatement/" -// + SAML -// + "Attribute/" -// + SAML -// + "AttributeValue"; - - /** Singleton instance. null, if none has been created. */ - private static IdentityLinkValidator instance; - - /** - * Constructor for a singleton IdentityLinkValidator. - * @return a new IdentityLinkValidator instance - * @throws ValidateException if no instance can be created - */ - public static synchronized IdentityLinkValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new IdentityLinkValidator(); - } - return instance; - } - - /** - * Method validate. Validates the {@link IdentityLink} - * @param identityLink The identityLink to validate - * @throws ValidateException on any validation error - */ - public void validate(IIdentityLink identityLink) throws ValidateException { - - Element samlAssertion = identityLink.getSamlAssertion(); - //Search the SAML:ASSERTION Object (A2.054) - if (samlAssertion == null) { - throw new ValidateException("validator.00", null); - } - - // Check how many saml:Assertion/saml:AttributeStatement/ - // saml:Subject/ saml:SubjectConfirmation/ - // saml:SubjectConfirmationData/pr:Person of type - // PhysicalPersonType exist (A2.056) - NodeList nl = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH); - // If we have just one Person-Element we don't need to check the attributes - int counterPhysicalPersonType = 0; - if (nl.getLength() > 1) - for (int i = 0; i < nl.getLength(); i++) { - String xsiType = - ((Element) nl.item(i)) - .getAttributeNodeNS( - "http://www.w3.org/2001/XMLSchema-instance", - "type") - .getNodeValue(); - // We have to check if xsiType contains "PhysicalPersonType" - // An equal-check will fail because of the Namespace-prefix of the attribute value - if (xsiType.indexOf("PhysicalPersonType") > -1) - counterPhysicalPersonType++; - } - if (counterPhysicalPersonType > 1) - throw new ValidateException("validator.01", null); - - //Check the SAML:ATTRIBUTES - nl = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH); - for (int i = 0; i < nl.getLength(); i++) { - String attributeName = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeName", - null); - String attributeNS = - XPathUtils.getAttributeValue( - (Element) nl.item(i), - "@AttributeNamespace", - null); - if (attributeName.equals("CitizenPublicKey")) { - - if (attributeNS.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") || - attributeNS.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) { - Element attributeValue = - (Element) XPathUtils.selectSingleNode((Element) nl.item(i),nSMap, SAML + "AttributeValue/" + DSIG + "RSAKeyValue"); - if (attributeValue==null) - attributeValue = - (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + ECDSA + "ECDSAKeyValue"); - if (attributeValue==null) - attributeValue = - (Element) XPathUtils.selectSingleNode((Element)nl.item(i), nSMap, SAML + "AttributeValue/" + DSIG + "DSAKeyValue"); - if (attributeValue == null) - throw new ValidateException("validator.02", null); - - } - else - throw new ValidateException("validator.03", new Object [] {attributeNS} ); - } - else - throw new ValidateException("validator.04", new Object [] {attributeName} ); - } - - //Check if dsig:Signature exists - Element dsigSignature = (Element) XPathUtils.selectSingleNode(samlAssertion,ROOT + DSIG + "Signature"); - if (dsigSignature==null) throw new ValidateException("validator.05", new Object[] {"in der Personenbindung"}); - } - -} diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java deleted file mode 100644 index c4ea80df9..000000000 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ /dev/null @@ -1,302 +0,0 @@ -/******************************************************************************* - * Copyright 2014 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - ******************************************************************************/ -/* - * Copyright 2003 Federal Chancellery Austria - * MOA-ID has been developed in a cooperation between BRZ, the Federal - * Chancellery Austria - ICT staff unit, and Graz University of Technology. - * - * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by - * the European Commission - subsequent versions of the EUPL (the "Licence"); - * You may not use this work except in compliance with the Licence. - * You may obtain a copy of the Licence at: - * http://www.osor.eu/eupl/ - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the Licence is distributed on an "AS IS" basis, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the Licence for the specific language governing permissions and - * limitations under the Licence. - * - * This product combines work with different licenses. See the "NOTICE" text - * file for details on the various modules and licenses. - * The "NOTICE" text file is part of the distribution. Any derivative works - * that you distribute must include a readable copy of the "NOTICE" text file. - */ - - -package at.gv.egovernment.moa.id.auth.validator; - -import java.security.InvalidKeyException; -import java.security.PublicKey; -import java.security.interfaces.RSAPublicKey; -import java.util.ArrayList; -import java.util.Iterator; -import java.util.List; -import java.util.Set; - -import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; -import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; -import at.gv.egovernment.moa.logging.Logger; -import iaik.asn1.structures.Name; -import iaik.security.ec.common.ECPublicKey; -import iaik.utils.RFC2253NameParserException; -import iaik.x509.X509Certificate; -import iaik.x509.X509ExtensionInitException; - -/** - * This class is used to validate an {@link VerifyXMLSignatureResponse} - * returned by MOA-SPSS - * - * @author Stefan Knirsch - * @version $Id$ - */ -public class VerifyXMLSignatureResponseValidator { - - /** Identification string for checking identity link */ - public static final String CHECK_IDENTITY_LINK = "IdentityLink"; - /** Identification string for checking authentication block */ - public static final String CHECK_AUTH_BLOCK = "AuthBlock"; - - /** Singleton instance. null, if none has been created. */ - private static VerifyXMLSignatureResponseValidator instance; - - /** - * Constructor for a singleton VerifyXMLSignatureResponseValidator. - */ - public static synchronized VerifyXMLSignatureResponseValidator getInstance() - throws ValidateException { - if (instance == null) { - instance = new VerifyXMLSignatureResponseValidator(); - } - return instance; - } - - /** - * Validates a {@link VerifyXMLSignatureResponse} returned by MOA-SPSS. - * - * @param verifyXMLSignatureResponse the <VerifyXMLSignatureResponse> - * @param identityLinkSignersSubjectDNNames subject names configured - * @param whatToCheck is used to identify whether the identityLink or the Auth-Block is validated - * @param oaParam specifies whether the validation result of the - * manifest has to be ignored (identityLink validation if - * the OA is a business service) or not - * @throws ValidateException on any validation error - * @throws ConfigurationException - */ - public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, - List identityLinkSignersSubjectDNNames, - String whatToCheck, - IOAAuthParameters oaParam) - throws ValidateException, ConfigurationException { - - if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) - throw new ValidateException("validator.06", null); - - if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { - String checkFailedReason =""; - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 1) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.21", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 2) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.22", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 3) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.23", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 4) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.24", null); - if (verifyXMLSignatureResponse.getCertificateCheckCode() == 5) - checkFailedReason = MOAIDMessageProvider.getInstance().getMessage("validator.25", null); - -// TEST CARDS - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - throw new ValidateException("validator.07", new Object[] { checkFailedReason } ); - else - throw new ValidateException("validator.19", new Object[] { checkFailedReason } ); - } - - //check QC - if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() && - !whatToCheck.equals(CHECK_IDENTITY_LINK) && - !verifyXMLSignatureResponse.isQualifiedCertificate()) { - - //check if testcards are active and certificate has an extension for test credentials - if (oaParam.isTestCredentialEnabled()) { - boolean foundTestCredentialOID = false; - try { - X509Certificate signerCert = verifyXMLSignatureResponse.getX509certificate(); - - List validOIDs = new ArrayList(); - if (oaParam.getTestCredentialOIDs() != null) - validOIDs.addAll(oaParam.getTestCredentialOIDs()); - else - validOIDs.add(MOAIDAuthConstants.TESTCREDENTIALROOTOID); - - Set extentsions = signerCert.getCriticalExtensionOIDs(); - extentsions.addAll(signerCert.getNonCriticalExtensionOIDs()); - Iterator extit = extentsions.iterator(); - while(extit.hasNext()) { - String certOID = extit.next(); - for (String el : validOIDs) { - if (certOID.startsWith(el)) - foundTestCredentialOID = true; - } - } - - } catch (Exception e) { - Logger.warn("Test credential OID extraction FAILED.", e); - - } - //throw Exception if not TestCredentialOID is found - if (!foundTestCredentialOID) - throw new ValidateException("validator.72", null); - - } else - throw new ValidateException("validator.71", null); - } - - // if OA is type is business service the manifest validation result has - // to be ignored - boolean ignoreManifestValidationResult = false; - if (whatToCheck.equals(CHECK_IDENTITY_LINK)) - ignoreManifestValidationResult = (oaParam.hasBaseIdInternalProcessingRestriction()) ? true - : false; - - if (ignoreManifestValidationResult) { - Logger.debug("OA type is business service, thus ignoring DSIG manifest validation result"); - } else { - if (verifyXMLSignatureResponse.isXmlDSIGManigest()) - if (verifyXMLSignatureResponse.getXmlDSIGManifestCheckCode() != 0) - throw new ValidateException("validator.08", null); - } - - - // Check the signature manifest only when verifying the signed AUTHBlock - if (whatToCheck.equals(CHECK_AUTH_BLOCK)) { - if (verifyXMLSignatureResponse.getSignatureManifestCheckCode() > 0) { - throw new ValidateException("validator.50", null); - } - } - - //Check whether the returned X509 SubjectName is in the MOA-ID configuration or not - if (identityLinkSignersSubjectDNNames != null) { - String subjectDN = ""; - X509Certificate x509Cert = verifyXMLSignatureResponse.getX509certificate(); - try { - subjectDN = ((Name) x509Cert.getSubjectDN()).getRFC2253String(); - } - catch (RFC2253NameParserException e) { - throw new ValidateException("validator.17", null); - } - //System.out.println("subjectDN: " + subjectDN); - // check the authorisation to sign the identity link - if (!identityLinkSignersSubjectDNNames.contains(subjectDN)) { - // subject DN check failed, try OID check: - try { - if (x509Cert.getExtension(MOAIDAuthConstants.IDENTITY_LINK_SIGNER_OID) == null) { - throw new ValidateException("validator.18", new Object[] { subjectDN }); - } else { - Logger.debug("Identity link signer cert accepted for signing identity link: " + - "subjectDN check failed, but OID check successfully passed."); - } - } catch (X509ExtensionInitException e) { - throw new ValidateException("validator.49", null); - } - } else { - Logger.debug("Identity link signer cert accepted for signing identity link: " + - "subjectDN check successfully passed."); - } - - } - } - - /** - * Method validateCertificate. - * @param verifyXMLSignatureResponse The VerifyXMLSignatureResponse - * @param idl The Identitylink - * @throws ValidateException - */ - public void validateCertificate( - IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, - IIdentityLink idl) - throws ValidateException { - - X509Certificate x509Response = verifyXMLSignatureResponse.getX509certificate(); - PublicKey[] pubKeysIdentityLink = (PublicKey[]) idl.getPublicKey(); - - PublicKey pubKeySignature = x509Response.getPublicKey(); - - boolean found = false; - for (int i = 0; i < pubKeysIdentityLink.length; i++) { - - //compare RSAPublicKeys - if ((idl.getPublicKey()[i] instanceof java.security.interfaces.RSAPublicKey) && - (pubKeySignature instanceof java.security.interfaces.RSAPublicKey)) { - - RSAPublicKey rsaPubKeySignature = (RSAPublicKey) pubKeySignature; - RSAPublicKey rsakey = (RSAPublicKey) pubKeysIdentityLink[i]; - - if (rsakey.getModulus().equals(rsaPubKeySignature.getModulus()) - && rsakey.getPublicExponent().equals(rsaPubKeySignature.getPublicExponent())) - found = true; - } - - //compare ECDSAPublicKeys - if( ( (idl.getPublicKey()[i] instanceof java.security.interfaces.ECPublicKey) || - (idl.getPublicKey()[i] instanceof ECPublicKey)) && - ( (pubKeySignature instanceof java.security.interfaces.ECPublicKey) || - (pubKeySignature instanceof ECPublicKey) ) ) { - - try { - ECPublicKey ecdsaPubKeySignature = new ECPublicKey(pubKeySignature.getEncoded()); - ECPublicKey ecdsakey = new ECPublicKey(pubKeysIdentityLink[i].getEncoded()); - - if(ecdsakey.equals(ecdsaPubKeySignature)) - found = true; - - } catch (InvalidKeyException e) { - Logger.warn("ECPublicKey can not parsed into a iaik.ECPublicKey", e); - throw new ValidateException("validator.09", null); - } - - - - } - -// Logger.debug("IDL-Pubkey=" + idl.getPublicKey()[i].getClass().getName() -// + " Resp-Pubkey=" + pubKeySignature.getClass().getName()); - - } - - if (!found) { - - throw new ValidateException("validator.09", null); - - } - } - -} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index e0965c712..d00ef8a04 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -5,6 +5,9 @@ import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.Certificate; import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.Collections; +import java.util.Enumeration; import java.util.List; import javax.annotation.PostConstruct; @@ -14,6 +17,8 @@ import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; import org.jose4j.jwe.JsonWebEncryption; import org.jose4j.jws.AlgorithmIdentifiers; import org.jose4j.jws.JsonWebSignature; +import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.keys.resolvers.X509VerificationKeyResolver; import org.jose4j.lang.JoseException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; @@ -33,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.utils.X509Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.KeyStoreUtils; +import at.gv.egovernment.moa.util.MiscUtil; @Service public class JsonSecurityUtils implements IJOSETools{ @@ -44,6 +50,8 @@ public class JsonSecurityUtils implements IJOSETools{ private Key encPrivKey = null; private X509Certificate[] encCertChain = null; + private List trustedCerts = new ArrayList(); + @PostConstruct protected void initalize() { Logger.info("Initialize SL2.0 authentication security constrains ... "); @@ -83,6 +91,21 @@ public class JsonSecurityUtils implements IJOSETools{ } + //load trusted certificates + Enumeration aliases = keyStore.aliases(); + while(aliases.hasMoreElements()) { + String el = aliases.nextElement(); + Logger.trace("Process TrustStoreEntry: " + el); + if (keyStore.isCertificateEntry(el)) { + Certificate cert = keyStore.getCertificate(el); + if (cert != null && cert instanceof X509Certificate) + trustedCerts.add((X509Certificate) cert); + else + Logger.info("Can not process entry: " + el + ". Reason: " + cert.toString()); + + } + } + //some short validation if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); @@ -144,18 +167,42 @@ public class JsonSecurityUtils implements IJOSETools{ SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.toArray(new String[SL20Constants.SL20_ALGORITHM_WHITELIST_SIGNING.size()]))); //load signinc certs + Key selectedKey = null; List x5cCerts = jws.getCertificateChainHeaderValue(); - List sortedX5cCerts = null; - if (x5cCerts == null || x5cCerts.size() < 1) { - Logger.info("Signed SL2.0 response contains NO signature certificate"); - throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate"); + String x5t256 = jws.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + Logger.debug("Found x509 certificate in JOSE header ... "); + Logger.trace("Sorting received X509 certificates ... "); + List sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (trustedCerts.contains(sortedX5cCerts.get(0))) { + selectedKey = sortedX5cCerts.get(0).getPublicKey(); + + } else { + Logger.info("Can NOT find JOSE certificate in truststore."); + Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); + + } - } - Logger.trace("Sorting received X509 certificates ... "); - sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); - + } else if (MiscUtil.isNotEmpty(x5t256)) { + Logger.debug("Found x5t256 fingerprint in JOSE header .... "); + X509VerificationKeyResolver x509VerificationKeyResolver = new X509VerificationKeyResolver(trustedCerts); + selectedKey = x509VerificationKeyResolver.resolveKey(jws, Collections.emptyList()); + + } else { + Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + + } + + if (selectedKey == null) { + Logger.info("Can NOT select verification key for JWS. Signature verification FAILED."); + throw new SLCommandoParserException("Can NOT select verification key for JWS. Signature verification FAILED"); + + } + //set verification key - jws.setKey(sortedX5cCerts.get(0).getPublicKey()); + jws.setKey(selectedKey); //validate signature boolean valid = jws.verifySignature(); @@ -169,7 +216,7 @@ public class JsonSecurityUtils implements IJOSETools{ //load payLoad JsonElement sl20Req = new JsonParser().parse(jws.getPayload()); - return new VerificationResult(sl20Req.getAsJsonObject(), sortedX5cCerts, valid) ; + return new VerificationResult(sl20Req.getAsJsonObject(), null, valid) ; } catch (JoseException e) { Logger.warn("SL2.0 commando signature validation FAILED", e); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java new file mode 100644 index 000000000..7d03a43ac --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -0,0 +1,132 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier; + +import java.io.IOException; +import java.util.Calendar; +import java.util.Date; +import java.util.GregorianCalendar; +import java.util.List; + +import javax.xml.bind.DatatypeConverter; +import javax.xml.transform.TransformerException; + +import org.jaxen.SimpleNamespaceContext; +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.auth.exception.ParseException; +import at.gv.egovernment.moa.id.auth.exception.ServiceException; +import at.gv.egovernment.moa.id.auth.exception.ValidateException; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.api.impl.VerifyXMLSignatureRequestImpl; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + + +public class QualifiedeIDVerifier { + + /** Xpath expression to the dsig:Signature element */ + private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; + + private static final String XADES_1_1_1_SIGNINGTIME_PATH = "//" + Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; + private static final String XADES_1_3_2_SIGNINGTIME_PATH = "//" + Constants.XADES_1_3_2_NS_PREFIX + ":SigningTime"; + + + private static final long MAX_DIFFERENCE_IN_MILLISECONDS = 600000; // 10min + + + private static SimpleNamespaceContext NS_CONTEXT; + static { + NS_CONTEXT = new SimpleNamespaceContext(); + NS_CONTEXT.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI); + NS_CONTEXT.addNamespace(Constants.XADES_1_2_2_NS_PREFIX, Constants.XADES_1_2_2_NS_URI); + NS_CONTEXT.addNamespace(Constants.XADES_1_3_2_NS_PREFIX, Constants.XADES_1_3_2_NS_URI); + NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI); + } + + public static boolean verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + // validates the identity link + IdentityLinkValidator.getInstance().validate(idl); + + // builds a for a call of MOA-SP + Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder() + .build(idl, authConfig.getMoaSpIdentityLinkTrustProfileID(oaParam.isUseIDLTestTrustStore())); + + // invokes the call + Element domVerifyXMLSignatureResponse = SignatureVerificationInvoker.getInstance() + .verifyXMLSignature(domVerifyXMLSignatureRequest); + + // parses the + IVerifiyXMLSignatureResponse verifyXMLSignatureResponse = new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse).parseData(); + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate( + verifyXMLSignatureResponse, + authConfig.getIdentityLinkX509SubjectNames(), + VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, + oaParam); + + + return false; + + } + + public static IVerifiyXMLSignatureResponse verifyAuthBlock(byte[] authblock, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); + List verifyTransformsInfoProfileID = null; + + SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); + IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(authblock, trustProfileId , verifyTransformsInfoProfileID); + + // validates the + VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult, + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam); + + return sigVerifyResult; + + } + + public static boolean checkIDLAgainstAuthblock(IVerifiyXMLSignatureResponse sigVerifyResult, IIdentityLink idl, byte[] authBlock) throws ValidateException { + + try { + // compares the public keys from the identityLink with the AuthBlock + VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(sigVerifyResult, idl); + + + // Compare AuthBlock Data with information stored in session, especially + // date and time + validateSigningDateTime(sigVerifyResult); + + } catch ( ValidateException e) { + Logger.error("Signature verification error. ", e); + throw e; + + } + + + return false; + + } + + private static boolean validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult) throws ValidateException { + Date signingDate = sigVerifyResult.getSigningDateTime(); + + + + return false; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 698546a4f..90e19326e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -37,6 +37,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; @@ -128,11 +129,13 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //TODO: validate results + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + //add into session defaultTaskInitialization(request, executionContext); - moasession.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink()); + moasession.setIdentityLink(idl); moasession.setBkuURL(ccsURL); //TODO: from AuthBlock moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); -- cgit v1.2.3 From ecf9de84e76dde785ced8c1632c7909d1d57f94a Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 30 May 2018 14:36:39 +0200 Subject: add error handling and some more validation to SL2.0 module --- .../pvp2x/utils/AssertionAttributeExtractor.java | 6 + .../moa/id/protocols/pvp2x/utils/SAML2Utils.java | 21 ++ .../metadata/SchemaValidationFilter.java | 11 +- .../resources/properties/id_messages_de.properties | 3 +- .../protocol_response_statuscodes_de.properties | 4 + .../moa/id/auth/modules/sl20_auth/Constants.java | 4 + .../auth/modules/sl20_auth/SL20SignalServlet.java | 7 +- .../exceptions/SL20eIDDataValidationException.java | 16 + .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 2 +- .../auth/modules/sl20_auth/sl20/SL20Constants.java | 2 + .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 61 +++- .../sl20/verifier/QualifiedeIDVerifier.java | 99 +++++-- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 29 +- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 327 +++++++++++---------- .../sl20_auth/tasks/VerifyQualifiedeIDTask.java | 180 ++++++++++++ .../src/main/resources/moaid_sl20_auth.beans.xml | 4 + .../main/resources/sl20.Authentication.process.xml | 14 +- .../moa/id/monitoring/IdentityLinkTestModule.java | 2 +- 18 files changed, 575 insertions(+), 217 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index 05bb16d0d..5b1d952ff 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -196,6 +196,12 @@ public class AssertionAttributeExtractor { // } + public String getAssertionID() { + return assertion.getID(); + + } + + public String getNameID() throws AssertionAttributeExtractorExeption { if (assertion.getSubject() != null) { Subject subject = assertion.getSubject(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java index 28a85b4af..da4b54a5a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/SAML2Utils.java @@ -31,9 +31,13 @@ import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; +import javax.xml.transform.dom.DOMSource; +import javax.xml.validation.Schema; +import javax.xml.validation.Validator; import org.opensaml.Configuration; import org.opensaml.common.impl.SecureRandomIdentifierGenerator; +import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.core.Status; import org.opensaml.saml2.core.StatusCode; import org.opensaml.saml2.metadata.AssertionConsumerService; @@ -47,6 +51,7 @@ import org.opensaml.xml.io.MarshallingException; import org.w3c.dom.Document; import at.gv.egovernment.moa.id.util.Random; +import at.gv.egovernment.moa.logging.Logger; public class SAML2Utils { @@ -142,4 +147,20 @@ public class SAML2Utils { return envelope; } + + public static void schemeValidation(XMLObject xmlObject) throws Exception { + try { + Schema test = SAMLSchemaBuilder.getSAML11Schema(); + Validator val = test.newValidator(); + DOMSource source = new DOMSource(xmlObject.getDOM()); + val.validate(source); + Logger.debug("SAML2 Scheme validation successful"); + return; + + } catch (Exception e) { + Logger.warn("SAML2 scheme validation FAILED.", e); + throw e; + + } + } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java index 83a2b61d2..489d2fb4a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/verification/metadata/SchemaValidationFilter.java @@ -22,11 +22,6 @@ */ package at.gv.egovernment.moa.id.protocols.pvp2x.verification.metadata; -import javax.xml.transform.dom.DOMSource; -import javax.xml.validation.Schema; -import javax.xml.validation.Validator; - -import org.opensaml.common.xml.SAMLSchemaBuilder; import org.opensaml.saml2.metadata.provider.MetadataFilter; import org.opensaml.xml.XMLObject; import org.xml.sax.SAXException; @@ -34,6 +29,7 @@ import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.filter.SchemaValidationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; /** @@ -71,10 +67,7 @@ public class SchemaValidationFilter implements MetadataFilter { if (isActive) { try { - Schema test = SAMLSchemaBuilder.getSAML11Schema(); - Validator val = test.newValidator(); - DOMSource source = new DOMSource(arg0.getDOM()); - val.validate(source); + SAML2Utils.schemeValidation(arg0); Logger.info("Metadata Schema validation check done OK"); return; diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 9cc4b0b5e..84fd93773 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -344,4 +344,5 @@ sl20.03=Fehlende Konfiguration im SL2.0 Modul. Msg: {0} sl20.04=Http request enth\u00e4lt keinen SL2.0 Transportcontainer. sl20.05=Fehler beim Validieren eines JWS oder JWE Tokens. Reason: {0}. sl20.06=Http transport-binding error. Reason: {0} - +sl20.07=Fehler beim Validieren der eID information. Type: {0} Reason: {1} +sl20.08=SL2.0 Teilnehmer antwortet mit einem Fehler. Code: {0} Reason: {1} diff --git a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties index 6de581cae..d77ea437b 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/protocol_response_statuscodes_de.properties @@ -258,6 +258,10 @@ sl20.01=14000 sl20.02=14001 sl20.03=14800 sl20.04=14001 +sl20.05=xxxxx +sl20.06=xxxxx +sl20.07=xxxxx +sl20.08=xxxxx ##Map MIS/BKU statuscodes to MOA-ID-Auth statuscodes mis.301=1005 diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java index 920187bfb..a3648220d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -3,6 +3,7 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth; public class Constants { public static final String HTTP_ENDPOINT_DATAURL = "/sl20/dataUrl"; + public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume"; public static final String CONFIG_PROP_PREFIX = "modules.sl20"; public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint"; @@ -17,6 +18,9 @@ public class Constants { public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + "."; public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; + public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable"; + public static final String CONFIG_PROP_DISABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled"; + public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_"; /** diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java index 87d306822..4f8ef0a76 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20SignalServlet.java @@ -44,11 +44,14 @@ public class SL20SignalServlet extends AbstractProcessEngineSignalController { public SL20SignalServlet() { super(); Logger.debug("Registering servlet " + getClass().getName() + - " with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + "'."); + " with mappings '"+ Constants.HTTP_ENDPOINT_DATAURL + + " and " + Constants.HTTP_ENDPOINT_RESUME + + "'."); } - @RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL + @RequestMapping(value = { Constants.HTTP_ENDPOINT_DATAURL, + Constants.HTTP_ENDPOINT_RESUME }, method = {RequestMethod.POST, RequestMethod.GET}) public void performCitizenCardAuthentication(HttpServletRequest req, HttpServletResponse resp) throws IOException { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java new file mode 100644 index 000000000..957ace0fb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/exceptions/SL20eIDDataValidationException.java @@ -0,0 +1,16 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions; + +public class SL20eIDDataValidationException extends SL20Exception { + private static final long serialVersionUID = 1L; + + public SL20eIDDataValidationException(Object[] parameters) { + super("sl20.07", parameters); + + } + + public SL20eIDDataValidationException(Object[] parameters, Throwable e) { + super("sl20.07", parameters, e); + + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index d00ef8a04..2563c7f7d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -105,7 +105,7 @@ public class JsonSecurityUtils implements IJOSETools{ } } - + //some short validation if (signPrivKey == null || !(signPrivKey instanceof PrivateKey)) { Logger.info("Can NOT open privateKey for SL2.0 signing. KeyStore=" + getKeyStoreFilePath()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java index b855c3cac..33bb4fe36 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java @@ -12,6 +12,8 @@ public class SL20Constants { //http binding parameters public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; + public static final String PARAM_SL20_REQ_COMMAND_PARAM_OLD = "sl2command"; + public static final String PARAM_SL20_REQ_ICP_RETURN_URL_PARAM = "slIPCReturnUrl"; public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index e01945df0..6949b7a18 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -9,6 +9,7 @@ import java.util.Map; import java.util.Map.Entry; import org.apache.http.Header; +import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.utils.URIBuilder; import org.apache.log4j.Logger; @@ -163,19 +164,23 @@ public class SL20JSONExtractorUtils { return result; else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { - /*TODO: - * - * Remove dummy code and test real decryption!!!!! - * - */ - - //return decrypter.decryptPayload(encryptedResult.getAsString()); + try { + return decrypter.decryptPayload(encryptedResult.getAsString()); + + } catch (Exception e) { + log.info("Can NOT decrypt SL20 result. Reason:" + e.getMessage()); + if (!mustBeEncrypted) { + log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); - //dummy code - String[] signedPayload = encryptedResult.toString().split("\\."); - JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); - return payLoad; - + //dummy code + String[] signedPayload = encryptedResult.toString().split("\\."); + JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); + return payLoad; + + } else + throw e; + + } } else throw new SLCommandoParserException("Internal build error"); @@ -241,13 +246,21 @@ public class SL20JSONExtractorUtils { } else if (httpResp.getStatusLine().getStatusCode() == 200) { if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8")) - throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); - - sl20Resp = new JsonParser().parse(new InputStreamReader(httpResp.getEntity().getContent())).getAsJsonObject(); + throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + } else if ( (httpResp.getStatusLine().getStatusCode() == 500) || + (httpResp.getStatusLine().getStatusCode() == 401) || + (httpResp.getStatusLine().getStatusCode() == 400) ) { + log.info("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode() + + ". Search for error message"); + sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); + + } else throw new SLCommandoParserException("SL20 response with http-code: " + httpResp.getStatusLine().getStatusCode()); - + + log.info("Find JSON object in http response"); return sl20Resp; } catch (Exception e) { @@ -256,6 +269,22 @@ public class SL20JSONExtractorUtils { } } + private static JsonObject parseSL20ResultFromResponse(HttpEntity resp) throws Exception { + if (resp != null && resp.getContent() != null) { + JsonElement sl20Resp = new JsonParser().parse(new InputStreamReader(resp.getContent())); + if (sl20Resp != null && sl20Resp.isJsonObject()) { + return sl20Resp.getAsJsonObject(); + + } else + throw new SLCommandoParserException("SL2.0 can NOT parse to a JSON object"); + + + } else + throw new SLCommandoParserException("Can NOT find content in http response"); + + } + + private static JsonElement getAndCheck(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { JsonElement internal = input.get(keyID); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index 7d03a43ac..d07d7a78a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -1,24 +1,17 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier; import java.io.IOException; -import java.util.Calendar; import java.util.Date; -import java.util.GregorianCalendar; import java.util.List; -import javax.xml.bind.DatatypeConverter; -import javax.xml.transform.TransformerException; - import org.jaxen.SimpleNamespaceContext; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; -import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; -import at.gv.egovernment.moa.id.auth.exception.BuildException; -import at.gv.egovernment.moa.id.auth.exception.ParseException; -import at.gv.egovernment.moa.id.auth.exception.ServiceException; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; @@ -27,13 +20,12 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.spss.api.impl.VerifyXMLSignatureRequestImpl; +import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; -import at.gv.egovernment.moa.util.DOMUtils; -import at.gv.egovernment.moa.util.XPathUtils; public class QualifiedeIDVerifier { @@ -57,7 +49,7 @@ public class QualifiedeIDVerifier { NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI); } - public static boolean verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + public static void verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { // validates the identity link IdentityLinkValidator.getInstance().validate(idl); @@ -79,17 +71,15 @@ public class QualifiedeIDVerifier { VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, oaParam); - - return false; - + } - public static IVerifiyXMLSignatureResponse verifyAuthBlock(byte[] authblock, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { + public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException { String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); List verifyTransformsInfoProfileID = null; SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); - IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(authblock, trustProfileId , verifyTransformsInfoProfileID); + IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID); // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult, @@ -99,20 +89,43 @@ public class QualifiedeIDVerifier { } - public static boolean checkIDLAgainstAuthblock(IVerifiyXMLSignatureResponse sigVerifyResult, IIdentityLink idl, byte[] authBlock) throws ValidateException { + public static boolean checkConsistencyOfeIDData(String sl20ReqId, IIdentityLink idl, AssertionAttributeExtractor authBlockExtractor, IVerifiyXMLSignatureResponse sigVerifyResult) throws SL20eIDDataValidationException { try { // compares the public keys from the identityLink with the AuthBlock VerifyXMLSignatureResponseValidator.getInstance().validateCertificate(sigVerifyResult, idl); + //compare requestId from SL20 qualifiedeID command to ID from SAML2 assertion + String authBlockId = authBlockExtractor.getAssertionID(); + if (MiscUtil.isEmpty(authBlockId)) { + Logger.info("AuthBlock containts no ID, but ID MUST be included"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock containts no ID, but ID MUST be included" + }); + } + if (!authBlockId.equals(sl20ReqId)) { + Logger.info("SL20 'requestId' does NOT match to AuthBlock Id." + + " Expected : " + sl20ReqId + + " Authblock: " + authBlockId); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "SL20 'requestId' does NOT match to AuthBlock Id." + }); + } + + // Compare AuthBlock Data with information stored in session, especially // date and time - validateSigningDateTime(sigVerifyResult); + validateSigningDateTime(sigVerifyResult, authBlockExtractor); } catch ( ValidateException e) { - Logger.error("Signature verification error. ", e); - throw e; + Logger.warn("Validation of eID information FAILED. ", e); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + e.getMessage() + }); } @@ -121,12 +134,46 @@ public class QualifiedeIDVerifier { } - private static boolean validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult) throws ValidateException { + private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException { Date signingDate = sigVerifyResult.getSigningDateTime(); + Date notBefore = authBlockExtractor.getAssertionNotBefore(); + Date notOrNotAfter = authBlockExtractor.getAssertionNotOnOrAfter(); + if (signingDate == null) { + Logger.info("AuthBlock signature contains NO signing data"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock signature contains NO signing data" + }); + + } - - return false; + Logger.debug("AuthBlock signing data: " + signingDate.toString()); + + if (notBefore == null || notOrNotAfter == null) { + Logger.info("AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock contains NO 'notBefore' or 'notOrNotAfter' dates" + }); + + } + + Logger.debug("AuthBlock valid period." + + " NotBefore:" + notBefore.toString() + + " NotOrNotAfter:" + notOrNotAfter.toString()); + + if (signingDate.after(notBefore) || signingDate.before(notOrNotAfter)) + Logger.debug("Signing date validation successfull"); + + else { + Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains"); + throw new SL20eIDDataValidationException(new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock signing date does NOT match to AuthBlock constrains" + }); + + } } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index d9ff9d93c..763454639 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -5,7 +5,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Map.Entry; -import java.util.UUID; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; @@ -30,6 +29,7 @@ import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20HttpBindingUtils; @@ -41,6 +41,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.SSLUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; @@ -91,7 +92,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { qualifiedeIDParams, joseTools.getEncryptionCertificate()); - String qualeIDReqId = UUID.randomUUID().toString(); + //String qualeIDReqId = UUID.randomUUID().toString(); + String qualeIDReqId = SAML2Utils.getSecureIdentifier(); String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools); JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); @@ -107,9 +109,16 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); List parameters = new ArrayList();; - parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Req.toString())); + + //correct one + //parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()))); + + //A-Trust current version + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM_OLD, sl20Req.toString())); httpReq.setEntity(new UrlEncodedFormEntity(parameters )); + + //request VDA HttpResponse httpResp = httpClient.execute(httpReq); @@ -147,10 +156,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { //TODO: maybe add SL2ClientType Header from execution context SL20HttpBindingUtils.writeIntoResponse(request, response, sl20Forward, redirectURL); + } else if (respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString() + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR)) { + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_RESULT, false); + if (result == null) + result = SL20JSONExtractorUtils.getJSONObjectValue(respPayload, SL20Constants.SL20_COMMAND_CONTAINER_PARAMS, false); + + String errorCode = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORCODE, true); + String errorMsg = SL20JSONExtractorUtils.getStringValue(result, SL20Constants.SL20_COMMAND_PARAM_GENERAL_RESPONSE_ERRORMESSAGE, true); + + Logger.info("Receive SL2.0 error. Code:" + errorCode + " Msg:" + errorMsg); + throw new SL20Exception("sl20.08", new Object[]{errorCode, errorMsg}); + } else { //TODO: update to add error handling Logger.warn("Received an unrecognized command: " + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()); - + throw new SLCommandoParserException("Received an unrecognized command: \" + respPayload.get(SL20Constants.SL20_COMMAND_CONTAINER_NAME).getAsString()"); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 90e19326e..b7fe579a3 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -1,9 +1,8 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; -import java.io.ByteArrayInputStream; +import java.io.IOException; import java.io.StringWriter; import java.security.cert.X509Certificate; -import java.util.Calendar; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -13,7 +12,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.http.entity.ContentType; -import org.jose4j.keys.X509Util; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -35,18 +33,12 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONBuilderUtils; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; -import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; -import at.gv.egovernment.moa.id.protocols.AbstractAuthProtocolModulController; -import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; -import iaik.esi.sva.util.X509Utils; -import iaik.utils.Util; + @Component("ReceiveQualeIDTask") public class ReceiveQualeIDTask extends AbstractAuthServletTask { @@ -57,173 +49,210 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) throws TaskExecutionException { - Logger.debug("Receiving SL2.0 response process .... "); try { - //get SL2.0 command or result from HTTP request - Map reqParams = getParameters(request); - String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); - if (MiscUtil.isEmpty(sl20Result)) { - Logger.info("NO SL2.0 commando or result FOUND."); - throw new SL20Exception("sl20.04", null); - - } - - - //parse SL2.0 command/result into JSON + Logger.debug("Receiving SL2.0 response process .... "); JsonObject sl20ReqObj = null; try { - JsonParser jsonParser = new JsonParser(); - JsonElement sl20Req = jsonParser.parse(sl20Result); - sl20ReqObj = sl20Req.getAsJsonObject(); + //get SL2.0 command or result from HTTP request + Map reqParams = getParameters(request); + String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + if (MiscUtil.isEmpty(sl20Result)) { + Logger.info("NO SL2.0 commando or result FOUND."); + throw new SL20Exception("sl20.04", null); + + } + + //parse SL2.0 command/result into JSON + try { + JsonParser jsonParser = new JsonParser(); + JsonElement sl20Req = jsonParser.parse(sl20Result); + sl20ReqObj = sl20Req.getAsJsonObject(); + + } catch (JsonSyntaxException e) { + Logger.warn("SL2.0 command or result is NOT valid JSON.", e); + Logger.debug("SL2.0 msg: " + sl20Result); + throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); + + } - } catch (JsonSyntaxException e) { - Logger.warn("SL2.0 command or result is NOT valid JSON.", e); - Logger.debug("SL2.0 msg: " + sl20Result); - throw new SL20Exception("sl20.02", new Object[]{"SL2.0 command or result is NOT valid JSON."}, e); + //validate reqId with inResponseTo + String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); + String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); + if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { + Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); + } - } - - //validate reqId with inResponseTo - String sl20ReqId = pendingReq.getGenericData(Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, String.class); - String inRespTo = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_INRESPTO, true); - if (sl20ReqId == null || !sl20ReqId.equals(inRespTo)) { - Logger.info("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); - throw new SL20SecurityException("SL20 'reqId': " + sl20ReqId + " does NOT match to 'inResponseTo':" + inRespTo); - } - - - //validate signature - VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true); - if (payLoadContainer.isValidSigned() == null || - !payLoadContainer.isValidSigned()) { - Logger.info("SL20 result from VDA was not valid signed"); - throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); - } - - //TODO validate certificate - List sigCertChain = payLoadContainer.getCertChain(); - - - //extract payloaf - JsonObject payLoad = payLoadContainer.getPayload(); - - //check response type - if (SL20JSONExtractorUtils.getStringValue( - payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) - .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) { - Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... "); - - //TODO: activate decryption in 'SL20JSONExtractorUtils.extractSL20Result' - JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result(payLoad, joseTools, false); - - //extract attributes from result - String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true); - String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true); - String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true); - String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true); + //validate signature + VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true); + if (payLoadContainer.isValidSigned() == null || + !payLoadContainer.isValidSigned()) { + Logger.info("SL20 result from VDA was not valid signed"); + throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); + + } + /*TODO validate certificate by using MOA-SPSS + * currently, the certificate is validated in IJOSETools by using a pkcs12 or jks keystore + */ + List sigCertChain = payLoadContainer.getCertChain(); - //TODO: validate results - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + //extract payloaf + JsonObject payLoad = payLoadContainer.getPayload(); + //check response type + if (SL20JSONExtractorUtils.getStringValue( + payLoad, SL20Constants.SL20_COMMAND_CONTAINER_NAME, true) + .equals(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID)) { + Logger.debug("Find " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result .... "); + + JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( + payLoad, joseTools, + authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_ENCRYPTION, true)); + + //extract attributes from result + String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true); + String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true); + String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true); + String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true); + + //cache qualified eID data into pending request + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + idlB64); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + authBlockB64); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, + ccsURL); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, + LoA); + + } else { + Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); + } - //add into session - defaultTaskInitialization(request, executionContext); - moasession.setIdentityLink(idl); - moasession.setBkuURL(ccsURL); - //TODO: from AuthBlock - moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); - moasession.setQAALevel(LoA); - //mark as authenticated - moasession.setAuthenticated(true); - pendingReq.setAuthenticated(true); - - //store pending request - requestStoreage.storePendingRequest(pendingReq); - - //create response - Map reqParameters = new HashMap(); - reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); - JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), - SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, - false, - reqParameters); - JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); + } catch (MOAIDException e) { + Logger.warn("SL2.0 processing error:", e); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); - //build first redirect command for app - JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true); - JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); - - //build second redirect command for IDP - JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( - new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), AbstractAuthProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, null), - redirectOneCommand, null, true); - JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + } catch (Exception e) { + Logger.warn("ERROR:", e); + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + pendingReq.setGenericDataToSession( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + new TaskExecutionException(pendingReq, e.getMessage(), e)); - //build generic SL2.0 response container - String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); - JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( - UUID.randomUUID().toString(), - transactionId, - redirectTwoCommand, - null); + } finally { + //store pending request + requestStoreage.storePendingRequest(pendingReq); - if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && - request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { - Logger.debug("Client request containts 'native client' header ... "); - StringWriter writer = new StringWriter(); - writer.write(respContainer.toString()); - final byte[] content = writer.toString().getBytes("UTF-8"); - response.setStatus(HttpServletResponse.SC_OK); - response.setContentLength(content.length); - response.setContentType(ContentType.APPLICATION_JSON.toString()); - response.getOutputStream().write(content); + //write SL2.0 response + if (sl20ReqObj != null) + buildResponse(request, response, sl20ReqObj); + else + buildErrorResponse(request, response, "2000", "General transport Binding error"); - - } else { - Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); - throw new SL20Exception("sl20.06", - new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); - - } - - } else { - Logger.info("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); - throw new SLCommandoParserException("SL20 response is NOT a " + SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID + " result"); } - - - } catch (MOAIDException e) { - Logger.warn("ERROR:", e); - throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); - + } catch (Exception e) { - Logger.warn("ERROR:", e); - Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); - throw new TaskExecutionException(pendingReq, e.getMessage(), e); + //write internal server errror 500 according to SL2.0 specification, chapter https transport binding + Logger.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e); + try { + response.sendError(500, "Internal Server Error."); + + } catch (IOException e1) { + Logger.error("Can NOT send error message. SOMETHING IS REALY WRONG!", e); + + } - } finally { + } finally { TransactionIDUtils.removeTransactionId(); TransactionIDUtils.removeSessionId(); } } - - private JsonObject createRedirectCommand() { - + private void buildErrorResponse(HttpServletRequest request, HttpServletResponse response, String errorCode, String errorMsg) throws Exception { + JsonObject error = SL20JSONBuilderUtils.createErrorCommandResult(errorCode, errorMsg); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + null, + error , + null); + + Logger.debug("Client request containts 'native client' header ... "); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + } + + private void buildResponse(HttpServletRequest request, HttpServletResponse response, JsonObject sl20ReqObj) throws IOException, SL20Exception { + //create response + Map reqParameters = new HashMap(); + reqParameters.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); + JsonObject callReqParams = SL20JSONBuilderUtils.createCallCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), + SL20Constants.SL20_COMMAND_PARAM_GENERAL_CALL_METHOD_GET, + false, + reqParameters); + JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); - return null; + //build first redirect command for app + JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true); + JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); + + //build second redirect command for IDP + JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), + redirectOneCommand, null, true); + JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); + //build generic SL2.0 response container + String transactionId = SL20JSONExtractorUtils.getStringValue(sl20ReqObj, SL20Constants.SL20_TRANSACTIONID, false); + JsonObject respContainer = SL20JSONBuilderUtils.createGenericRequest( + UUID.randomUUID().toString(), + transactionId, + redirectTwoCommand, + null); + if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { + Logger.debug("Client request containts 'native client' header ... "); + StringWriter writer = new StringWriter(); + writer.write(respContainer.toString()); + final byte[] content = writer.toString().getBytes("UTF-8"); + response.setStatus(HttpServletResponse.SC_OK); + response.setContentLength(content.length); + response.setContentType(ContentType.APPLICATION_JSON.toString()); + response.getOutputStream().write(content); + + + } else { + Logger.info("SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"); + throw new SL20Exception("sl20.06", + new Object[] {"SL2.0 DataURL communication needs http header: '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "'"}); + + } } + + } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java new file mode 100644 index 000000000..b5c84d315 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -0,0 +1,180 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; + +import java.io.ByteArrayInputStream; +import java.util.Calendar; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.opensaml.Configuration; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.springframework.stereotype.Component; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moaspss.logging.Logger; + + +@Component("VerifyQualifiedeIDTask") +public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + + Logger.debug("Verify qualified eID data from SL20 response .... "); + try { + //check if there was an error + TaskExecutionException sl20Error = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, + TaskExecutionException.class); + if (sl20Error != null) { + Logger.info("Found SL2.0 error after redirect ... "); + throw sl20Error; + + } + + //get data from pending request + String sl20ReqId = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_REQID, + String.class); + String idlB64 = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, + String.class); + String authBlockB64 = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + String.class); + String ccsURL = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, + String.class); + String LoA = pendingReq.getGenericData( + Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, + String.class); + + //parse eID data + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + IVerifiyXMLSignatureResponse authBlockVerificationResult = null; + try { + Assertion authBlock = parseAuthBlockToSaml2Assertion(authBlockB64); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + + + //validate eID data + QualifiedeIDVerifier.verifyIdentityLink(idl, pendingReq.getOnlineApplicationConfiguration(), authConfig); + authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock( + authBlockB64, pendingReq.getOnlineApplicationConfiguration(), authConfig); + QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult); + + //TODO: add LoA verification + + } catch (SL20eIDDataValidationException e) { + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { + Logger.warn("SL20 eID data validation IS DISABLED!!"); + Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e); + + } else + throw e; + + } + + //add into session + defaultTaskInitialization(request, executionContext); + moasession.setIdentityLink(idl); + moasession.setBkuURL(ccsURL); + //TODO: from AuthBlock + if (authBlockVerificationResult != null) + moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(authBlockVerificationResult.getSigningDateTime())); + else + moasession.setIssueInstant(DateTimeUtils.buildDateTimeUTC(Calendar.getInstance())); + + moasession.setQAALevel(LoA); + + //store pending request + requestStoreage.storePendingRequest(pendingReq); + + } catch (MOAIDException e) { + Logger.warn("ERROR:", e); + throw new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("ERROR:", e); + Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } finally { + TransactionIDUtils.removeTransactionId(); + TransactionIDUtils.removeSessionId(); + + } + } + + private Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException { + try { + //parse authBlock into SAML2 Assertion + byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); + Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); + XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); + + //validate SAML2 Assertion + SAML2Utils.schemeValidation(samlAssertion); + + if (samlAssertion instanceof Assertion) + return (Assertion) samlAssertion; + else + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock is NOT of type SAML2 Assertion" + }); + + } catch (SL20eIDDataValidationException e) { + throw e; + + } catch (SAXException e) { + Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage()); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } catch (Exception e) { + Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage()); + Logger.trace("FullAuthBlock: " + authblockB64); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } + + } + + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml index 37551b3f5..a9c9bac8e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/moaid_sl20_auth.beans.xml @@ -29,5 +29,9 @@ + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml index bcd74f84c..4975dc2d7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml @@ -3,17 +3,15 @@ - - + + - - - - - + + + + diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index a56be1f46..fa4a50992 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -28,12 +28,12 @@ import java.util.List; import org.w3c.dom.Element; -import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; -- cgit v1.2.3 From 709197ce12c5502f86e16da1167b97ca318f47fa Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 10:44:40 +0200 Subject: implement user restriction based on whitelisting --- id/server/doc/handbook/protocol/protocol.html | 4 + .../internal/tasks/UserRestrictionTask.java | 85 ++++++++++++++++++++++ .../id/config/auth/data/UserWhitelistStore.java | 73 +++++++++++++++++++ .../main/resources/moaid.authentication.beans.xml | 9 ++- .../resources/properties/id_messages_de.properties | 2 + .../protocol_response_statuscodes_de.properties | 2 + .../internal/DefaultAuthentication.process.xml | 11 ++- .../DefaultAuth_with_ELGA_mandates.process.xml | 13 ++-- .../main/resources/sl20.Authentication.process.xml | 8 +- 9 files changed, 195 insertions(+), 12 deletions(-) create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java create mode 100644 id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java (limited to 'id') diff --git a/id/server/doc/handbook/protocol/protocol.html b/id/server/doc/handbook/protocol/protocol.html index 7d3f8d627..8f6ed735c 100644 --- a/id/server/doc/handbook/protocol/protocol.html +++ b/id/server/doc/handbook/protocol/protocol.html @@ -621,6 +621,10 @@ Redirect Binding 1110 Ungültige Single Sign-On Session + + 1111 + Der Anmeldevorgang wurde automatisiert abgebrochten da dem Benutzer die nötigen Zugriffsrechte für diese Online Applikation fehlen. +
1.3.1.3 STORK (12xxx)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java new file mode 100644 index 000000000..4853a5ab6 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java @@ -0,0 +1,85 @@ +package at.gv.egovernment.moa.id.auth.modules.internal.tasks; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore; +import at.gv.egovernment.moa.id.data.Pair; +import at.gv.egovernment.moa.id.process.api.ExecutionContext; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; + +public class UserRestrictionTask extends AbstractAuthServletTask { + + public static final String CONFIG_PROPS_SP_LIST = "configuration.restrictions.sp.entityIds"; + public static final String CONFIG_PROPS_CSV_USER_FILE = "configuration.restrictions.sp.users.url"; + public static final String CONFIG_PROPS_CSV_USER_SECTOR = "configuration.restrictions.sp.users.sector"; + + @Autowired(required=true) UserWhitelistStore whitelist; + + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) + throws TaskExecutionException { + try { + String spEntityId = pendingReq.getOnlineApplicationConfiguration().getPublicURLPrefix(); + List restrictedSPs = KeyValueUtils.getListOfCSVValues(authConfig.getBasicMOAIDConfiguration(CONFIG_PROPS_SP_LIST)); + if (restrictedSPs.contains(spEntityId)) { + Logger.debug("SP:" + spEntityId + " has a user restrication. Check users bPK ... "); + defaultTaskInitialization(request, executionContext);; + + //check if user idl is already loaded + if (moasession.getIdentityLink() == null) { + Logger.warn("PendingRequest contains NO IdentityLink. User restrictation NOT possible!"); + throw new MOAIDException("process.03", null); + + } + + //calculate whitelist bPK for current user + String bpkTarget = authConfig.getBasicMOAIDConfiguration(CONFIG_PROPS_CSV_USER_SECTOR); + if (MiscUtil.isEmpty(bpkTarget)) { + Logger.info("NO bPK sector for user whitelist in configuration"); + throw new MOAIDException("config.05", new Object[] {CONFIG_PROPS_CSV_USER_SECTOR}); + + } + + Pair pseudonym = new BPKBuilder().generateAreaSpecificPersonIdentifier( + moasession.getIdentityLink().getIdentificationValue(), + moasession.getIdentityLink().getIdentificationType(), + bpkTarget); + + + //check if user's bPK is whitelisted + if (!whitelist.isUserbPKInWhitelist(pseudonym.getFirst())) { + Logger.info("User's bPK is not whitelisted. Authentication process stops ..."); + Logger.trace("User's bPK: " + pseudonym.getFirst()); + throw new MOAIDException("auth.35", null); + + } + + Logger.debug("User was found in whitelist. Continue authentication process ... "); + + } else + Logger.trace("SP: " + spEntityId + " has no user restrication."); + + + } catch (MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (Exception e) { + Logger.warn("RestartAuthProzessManagement has an internal error", e); + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + + } + +} diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java new file mode 100644 index 000000000..a300739b3 --- /dev/null +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java @@ -0,0 +1,73 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileNotFoundException; +import java.io.IOException; +import java.io.InputStream; +import java.io.InputStreamReader; +import java.net.URISyntaxException; +import java.net.URL; +import java.util.ArrayList; +import java.util.List; + +import javax.annotation.PostConstruct; + +import org.apache.commons.io.IOUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Service; + +import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.Logger; + +@Service("UserWhiteList_Store") +public class UserWhitelistStore { + + @Autowired(required=true) AuthConfiguration authConfig; + + private List whitelist = new ArrayList(); + + @PostConstruct + private void initialize() { + String whiteListUrl = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE); + if (MiscUtil.isEmpty(whiteListUrl)) + Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file."); + + else { + String absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir()); + try { + InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); + String whiteListString = IOUtils.toString(new InputStreamReader(is)); + whitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString)); + Logger.info("User whitelist is initialized with " + whitelist.size() + " entries."); + + } catch (FileNotFoundException e) { + Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e); + + } catch (IOException e) { + Logger.warn("Do not initialize user whitelist. Reason: CSV file is NOT readable", e); + + } catch (URISyntaxException e) { + Logger.warn("Do not initialize user whitelist. Reason: CSV file looks wrong", e); + + } + + } + + } + + /** + * Check if bPK is in whitelist + * + * @param bPK + * @return true if bPK is in whitelist, otherwise false + */ + public boolean isUserbPKInWhitelist(String bPK) { + return whitelist.contains(bPK); + + } +} diff --git a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml index ba8c47304..dc3022ab4 100644 --- a/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml +++ b/id/server/idserverlib/src/main/resources/moaid.authentication.beans.xml @@ -42,6 +42,9 @@ + + + scope="prototype"/> + + - + + @@ -39,13 +40,15 @@ - + - - + + + + diff --git a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml index d41e8a017..60fd120d0 100644 --- a/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml +++ b/id/server/modules/moa-id-module-elga_mandate_service/src/main/resources/at/gv/egovernment/moa/id/auth/modules/elgamandates/DefaultAuth_with_ELGA_mandates.process.xml @@ -17,6 +17,8 @@ + + @@ -47,7 +49,7 @@ - + @@ -60,13 +62,14 @@ - + - - - + + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml index 4975dc2d7..673144b06 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/resources/sl20.Authentication.process.xml @@ -3,16 +3,20 @@ - + + - + + + + -- cgit v1.2.3 From 84a55fe8bec3924102bd2217f7e39e7a698f2829 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 10:46:09 +0200 Subject: update moa-sig to 3.1.2 to get signing time in XML signature verification result --- id/moa-spss-container/pom.xml | 6 +- .../auth/invoke/SignatureVerificationInvoker.java | 77 ++++++++++------------ .../parser/VerifyXMLSignatureResponseParser.java | 20 ++++-- 3 files changed, 55 insertions(+), 48 deletions(-) (limited to 'id') diff --git a/id/moa-spss-container/pom.xml b/id/moa-spss-container/pom.xml index d66a09621..84c3b2f29 100644 --- a/id/moa-spss-container/pom.xml +++ b/id/moa-spss-container/pom.xml @@ -47,7 +47,7 @@ MOA.spss.server moa-sig-lib - 3.1.1 + 3.1.2 commons-logging @@ -65,12 +65,12 @@ MOA.spss common - 3.1.1 + 3.1.2 MOA.spss tsl_lib - 2.0.0 + 2.0.1 iaik.prod diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java index d5ca89656..d2d39e9e6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationInvoker.java @@ -52,10 +52,7 @@ import org.w3c.dom.Document; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.exception.ServiceException; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; -import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.SignatureVerificationService; import at.gv.egovernment.moa.spss.api.cmsverify.VerifyCMSSignatureRequest; @@ -64,7 +61,6 @@ import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlbind.VerifyXMLSignatureResponseBuilder; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; -import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moaspss.logging.Logger; /** @@ -93,22 +89,22 @@ public class SignatureVerificationInvoker { } private SignatureVerificationInvoker() { - try { - AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); - ConnectionParameterInterface authConnParam = authConfigProvider.getMoaSpConnectionParameter(); +// try { +// AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); +// ConnectionParameterInterface authConnParam = authConfigProvider.getMoaSpConnectionParameter(); - if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { - - - } else { +// if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { +// +// +// } else { svs = SignatureVerificationService.getInstance(); - } +// } - } catch (ConfigurationException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - } +// } catch (ConfigurationException e) { +// // TODO Auto-generated catch block +// e.printStackTrace(); +// } } @@ -144,35 +140,34 @@ public class SignatureVerificationInvoker { protected Element doCall(QName serviceName, Element request) throws ServiceException { ConnectionParameterInterface authConnParam = null; try { - AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); - authConnParam = authConfigProvider.getMoaSpConnectionParameter(); - //If the ConnectionParameter do NOT exist, we try to get the api to work.... - if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { - - throw new ServiceException("service.00", new Object[]{"MOA-SP connection via Web-Service is not allowed any more!!!!!!"}); -// Service service = ServiceFactory.newInstance().createService(serviceName); -// Call call = service.createCall(); -// SOAPBodyElement body = new SOAPBodyElement(request); -// SOAPBodyElement[] params = new SOAPBodyElement[] { body }; -// Vector responses; -// SOAPBodyElement response; +// AuthConfiguration authConfigProvider = AuthConfigurationProviderFactory.getInstance(); +// authConnParam = authConfigProvider.getMoaSpConnectionParameter(); +// //If the ConnectionParameter do NOT exist, we try to get the api to work.... +// if (authConnParam != null && MiscUtil.isNotEmpty(authConnParam.getUrl())) { // -// Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); -// call.setTargetEndpointAddress(authConnParam.getUrl()); -// responses = (Vector) call.invoke(serviceName, params); -// Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used -// response = (SOAPBodyElement) responses.get(0); -// return response.getAsDOM(); - } - else { - VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); - +// throw new ServiceException("service.00", new Object[]{"MOA-SP connection via Web-Service is not allowed any more!!!!!!"}); +//// Service service = ServiceFactory.newInstance().createService(serviceName); +//// Call call = service.createCall(); +//// SOAPBodyElement body = new SOAPBodyElement(request); +//// SOAPBodyElement[] params = new SOAPBodyElement[] { body }; +//// Vector responses; +//// SOAPBodyElement response; +//// +//// Logger.debug("Connecting using auth url: " + authConnParam.getUrl() + ", service " + serviceName.getNamespaceURI() + " : " + serviceName.getLocalPart() + " : "+ serviceName.getPrefix()); +//// call.setTargetEndpointAddress(authConnParam.getUrl()); +//// responses = (Vector) call.invoke(serviceName, params); +//// Logger.debug("Got responses: " + responses.size()); // TODO handle axis 302 response when incorrect service url is used +//// response = (SOAPBodyElement) responses.get(0); +//// return response.getAsDOM(); +// } +// else { + VerifyXMLSignatureRequest vsrequest = new VerifyXMLSignatureRequestParser().parse(request); VerifyXMLSignatureResponse vsresponse = svs.verifyXMLSignature(vsrequest); - Document result = new VerifyXMLSignatureResponseBuilder().build(vsresponse); - + Document result = new VerifyXMLSignatureResponseBuilder(true).build(vsresponse); + //Logger.setHierarchy("moa.id.auth"); return result.getDocumentElement(); - } +// } } catch (Exception ex) { if (authConnParam != null) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index b54a43fff..0fba2d3f6 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -46,12 +46,11 @@ package at.gv.egovernment.moa.id.auth.parser; -import iaik.utils.Base64InputStream; -import iaik.x509.X509Certificate; - import java.io.ByteArrayInputStream; import java.io.InputStream; +import org.joda.time.DateTime; +import org.joda.time.format.ISODateTimeFormat; import org.w3c.dom.Element; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; @@ -59,7 +58,10 @@ import at.gv.egovernment.moa.id.auth.exception.ParseException; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.MiscUtil; import at.gv.egovernment.moa.util.XPathUtils; +import iaik.utils.Base64InputStream; +import iaik.x509.X509Certificate; /** * Parses a <VerifyXMLSignatureResponse> returned by @@ -115,6 +117,9 @@ public class VerifyXMLSignatureResponseParser { private static final String CERTIFICATE_CHECK_CODE_XPATH = ROOT + MOA + "CertificateCheck/" + MOA + "Code"; + private static final String SIGNING_TIME_XPATH = + ROOT + MOA + "SigningTime"; + /** This is the root element of the XML-Document provided by the Security Layer Card*/ private Element verifyXMLSignatureResponse; @@ -200,7 +205,14 @@ public class VerifyXMLSignatureResponseParser { if (signatureManifestCheckCode != null) { respData.setSignatureManifestCheckCode(new Integer(signatureManifestCheckCode).intValue()); } - respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + respData.setCertificateCheckCode(new Integer(XPathUtils.getElementValue(verifyXMLSignatureResponse,CERTIFICATE_CHECK_CODE_XPATH,"")).intValue()); + + String signingTimeElement = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNING_TIME_XPATH,""); + if (MiscUtil.isNotEmpty(signingTimeElement)) { + DateTime datetime = ISODateTimeFormat.dateTimeNoMillis().parseDateTime(signingTimeElement); + respData.setSigningDateTime(datetime.toDate()); + + } } catch (Throwable t) { throw new ParseException("parser.01", null, t); -- cgit v1.2.3 From cd5cef47db73c85cbb2defdec3b283655fdc859b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 10:46:41 +0200 Subject: update SL20 implementation --- .../VerifyXMLSignatureResponseValidator.java | 7 +- .../moa/id/moduls/AuthenticationManager.java | 18 +- .../pvp2x/utils/AssertionAttributeExtractor.java | 1 - .../moa/id/auth/AuthenticationServer.java | 6 +- .../bkamobileauthtests/BKAMobileAuthModule.java | 19 +- .../tasks/FirstBKAMobileAuthTask.java | 2 +- .../src/main/resources/BKAMobileAuth.process.xml | 14 +- .../main/resources/moaid_bka_mobileauth.beans.xml | 2 +- .../moa-id-module-sl20_authentication/pom.xml | 5 + .../sl20_auth/SL20AuthenticationModulImpl.java | 26 +- .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 15 +- .../auth/modules/sl20_auth/sl20/SL20Constants.java | 8 +- .../sl20_auth/sl20/SL20HttpBindingUtils.java | 6 +- .../sl20_auth/sl20/SL20JSONBuilderUtils.java | 15 +- .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 89 +++-- .../sl20/verifier/QualifiedeIDVerifier.java | 76 ++++- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 79 +++-- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 41 ++- .../sl20_auth/tasks/VerifyQualifiedeIDTask.java | 62 +--- .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 42 +++ .../modules/sl20_auth/EIDDataVerifier_OwnTest.java | 41 +++ .../sl20_auth/dummydata/DummyAuthConfig.java | 376 +++++++++++++++++++++ .../auth/modules/sl20_auth/dummydata/DummyOA.java | 264 +++++++++++++++ .../modules/sl20_auth/eIDDataVerifierTest.java | 105 ++++++ .../src/test/resources/SpringTest-context.xml | 13 + .../src/test/resources/tests/eIDdata_atrust.json | 14 + .../src/test/resources/tests/eIDdata_own_test.json | 8 + 27 files changed, 1167 insertions(+), 187 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 832aa58c6..407454c2a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -57,12 +57,12 @@ import java.util.Set; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; import at.gv.egovernment.moa.id.commons.utils.MOAIDMessageProvider; -import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory; import at.gv.egovernment.moa.logging.Logger; import iaik.asn1.structures.Name; import iaik.security.ec.common.ECPublicKey; @@ -113,7 +113,8 @@ public class VerifyXMLSignatureResponseValidator { public void validate(IVerifiyXMLSignatureResponse verifyXMLSignatureResponse, List identityLinkSignersSubjectDNNames, String whatToCheck, - IOAAuthParameters oaParam) + IOAAuthParameters oaParam, + AuthConfiguration authConfig) throws ValidateException, ConfigurationException { if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) @@ -140,7 +141,7 @@ public class VerifyXMLSignatureResponseValidator { } //check QC - if (AuthConfigurationProviderFactory.getInstance().isCertifiacteQCActive() && + if (authConfig.isCertifiacteQCActive() && !whatToCheck.equals(CHECK_IDENTITY_LINK) && !verifyXMLSignatureResponse.isQualifiedCertificate()) { diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index a24683545..e093ce1e2 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -317,9 +317,10 @@ public class AuthenticationManager extends MOAIDAuthConstants { * @param httpReqParam http parameter name, but never null */ public void addParameterNameToWhiteList(String httpReqParam) { - if (MiscUtil.isNotEmpty(httpReqParam)) - reqParameterWhiteListeForModules.add(httpReqParam); - + if (MiscUtil.isNotEmpty(httpReqParam)) { + if (!reqParameterWhiteListeForModules.contains(httpReqParam)) + reqParameterWhiteListeForModules.add(httpReqParam); + } } /** @@ -328,8 +329,11 @@ public class AuthenticationManager extends MOAIDAuthConstants { * @param httpReqParam http header name, but never null */ public void addHeaderNameToWhiteList(String httpReqParam) { - if (MiscUtil.isNotEmpty(httpReqParam)) - reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); + if (MiscUtil.isNotEmpty(httpReqParam)) { + if (!reqHeaderWhiteListeForModules.contains(httpReqParam.toLowerCase())) + reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase()); + + } } @@ -439,8 +443,8 @@ public class AuthenticationManager extends MOAIDAuthConstants { while(reqHeaderNames.hasMoreElements()) { String paramName = reqHeaderNames.nextElement(); if (MiscUtil.isNotEmpty(paramName) && reqHeaderWhiteListeForModules.contains(paramName.toLowerCase()) ) { - executionContext.put(paramName, - StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName))); + executionContext.put(paramName.toLowerCase(), + StringEscapeUtils.escapeHtml(httpReq.getHeader(paramName.toLowerCase()))); } } } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index 5b1d952ff..4a0cec6e4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -309,7 +309,6 @@ public class AssertionAttributeExtractor { } private void internalInitialize() { - internalInitialize(); if (assertion.getAttributeStatements() != null && assertion.getAttributeStatements().size() > 0) { AttributeStatement attrStat = assertion.getAttributeStatements().get(0); diff --git a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java index a67b27315..7ea4ee436 100644 --- a/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java +++ b/id/server/modules/moa-id-modul-citizencard_authentication/src/main/java/at/gv/egovernment/moa/id/auth/AuthenticationServer.java @@ -311,7 +311,8 @@ public class AuthenticationServer extends BaseAuthenticationServer { verifyXMLSignatureResponse, authConfig.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - oaParam); + oaParam, + authConfig); session.setIdentityLink(identityLink); // now validate the extended infoboxes @@ -1001,7 +1002,8 @@ public class AuthenticationServer extends BaseAuthenticationServer { // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, - oaParam); + oaParam, + authConfig); // Compare AuthBlock Data with information stored in session, especially // date and time diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 0cef4cb41..853d1b6a4 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -45,7 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil; */ public class BKAMobileAuthModule implements AuthModule { - private int priority = 1; + private int priority = 2; @Autowired(required=true) protected AuthConfiguration authConfig; @Autowired(required=true) private AuthenticationManager authManager; @@ -67,7 +67,6 @@ public class BKAMobileAuthModule implements AuthModule { public void setPriority(int priority) { this.priority = priority; } - @PostConstruct public void initialDummyAuthWhiteList() { @@ -84,6 +83,8 @@ public class BKAMobileAuthModule implements AuthModule { //parameter to whiteList authManager.addParameterNameToWhiteList(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); +// authManager.addHeaderNameToWhiteList("SL2ClientType"); +// authManager.addHeaderNameToWhiteList("X-MOA-VDA"); } /* (non-Javadoc) @@ -92,12 +93,22 @@ public class BKAMobileAuthModule implements AuthModule { @Override public String selectProcess(ExecutionContext context) { String spEntityID = (String) context.get(MOAIDAuthConstants.PROCESSCONTEXT_UNIQUE_OA_IDENTFIER); - if (MiscUtil.isNotEmpty(spEntityID)) { - if (uniqueIDsDummyAuthEnabled.contains(spEntityID)) { + String sl20ClientTypeHeader = (String) context.get("SL2ClientType".toLowerCase()); + String sl20VDATypeHeader = (String) context.get("X-MOA-VDA".toLowerCase()); + if (MiscUtil.isNotEmpty(spEntityID)) { + Logger.trace("Check dummy-auth for SP: " + spEntityID); + + + if ( (uniqueIDsDummyAuthEnabled.contains(spEntityID))) { String eIDBlob = (String)context.get(FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW); if (eIDBlob != null && MiscUtil.isNotEmpty(eIDBlob.trim())) { return "BKAMobileAuthentication"; + } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) + && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) { + Logger.info("Find dummy-auth request for oe.gv.at demos ... "); + return "BKAMobileAuthentication"; + } else { Logger.debug("Dummy-auth are enabled for " + spEntityID + " but no '" + FirstBKAMobileAuthTask.REQ_PARAM_eID_BLOW + "' req. parameter available."); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java index 43043ddd6..15cf298f1 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/tasks/FirstBKAMobileAuthTask.java @@ -112,7 +112,7 @@ public class FirstBKAMobileAuthTask extends AbstractAuthServletTask { } parseDemoValuesIntoMOASession(pendingReq, pendingReq.getMOASession(), eIDBlobRawB64); - + } catch (MOAIDException e) { throw new TaskExecutionException(pendingReq, e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml index 6f41f347a..07faeae88 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/BKAMobileAuth.process.xml @@ -5,17 +5,17 @@ STORK authentication both with C-PEPS supporting xml signatures and with C-PEPS not supporting xml signatures. --> - - + + - - - - + + + + + diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml index ef13b0348..79f29e08c 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/resources/moaid_bka_mobileauth.beans.xml @@ -10,7 +10,7 @@ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - + diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index d08e0f0ec..5b682538c 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -58,6 +58,11 @@ + + org.springframework + spring-test + test + junit junit diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java index a4044ce21..367e7b604 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -22,6 +22,9 @@ */ package at.gv.egovernment.moa.id.auth.modules.sl20_auth; +import java.util.Arrays; +import java.util.List; + import javax.annotation.PostConstruct; import org.apache.commons.lang3.StringUtils; @@ -38,10 +41,10 @@ import at.gv.egovernment.moa.logging.Logger; * @author tlenz * */ -public class SL20AuthenticationModulImpl implements AuthModule { - +public class SL20AuthenticationModulImpl implements AuthModule { private int priority = 3; - + public static final List VDA_TYPE_IDS = Arrays.asList("1", "2", "3", "4"); + @Autowired(required=true) protected AuthConfiguration authConfig; @Autowired(required=true) private AuthenticationManager authManager; @@ -62,6 +65,7 @@ public class SL20AuthenticationModulImpl implements AuthModule { protected void initalSL20Authentication() { //parameter to whiteList authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE); + authManager.addHeaderNameToWhiteList(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE); } @@ -71,17 +75,23 @@ public class SL20AuthenticationModulImpl implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { - if (StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase())) || - StringUtils.isNotBlank((String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE))) { - Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); + String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); + String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + + if ( StringUtils.isNotBlank(sl20ClientTypeHeader) +// && ( +// StringUtils.isNotBlank(sl20VDATypeHeader) +// //&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim()) +// ) + ) { + Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); return "SL20Authentication"; } else { Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); return null; - } - + } } /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index 2563c7f7d..c95e0b731 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -1,9 +1,11 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; +import java.io.IOException; import java.security.Key; import java.security.KeyStore; import java.security.PrivateKey; import java.security.cert.Certificate; +import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.Collections; @@ -36,6 +38,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoPars import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.utils.X509Utils; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.FileUtils; import at.gv.egovernment.moa.util.KeyStoreUtils; import at.gv.egovernment.moa.util.MiscUtil; @@ -143,8 +146,11 @@ public class JsonSecurityUtils implements IJOSETools{ //set signing information jws.setAlgorithmHeaderValue(AlgorithmIdentifiers.RSA_USING_SHA256); jws.setKey(signPrivKey); - jws.setCertificateChainHeaderValue(signCertChain); - + + //TODO: + //jws.setCertificateChainHeaderValue(signCertChain); + jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]); + return jws.getCompactSerialization(); } catch (JoseException e) { @@ -181,6 +187,11 @@ public class JsonSecurityUtils implements IJOSETools{ } else { Logger.info("Can NOT find JOSE certificate in truststore."); Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); + try { + Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); + } catch (CertificateEncodingException | IOException e) { + e.printStackTrace(); + } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java index 33bb4fe36..658384578 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java @@ -8,7 +8,7 @@ import org.jose4j.jwe.KeyManagementAlgorithmIdentifiers; import org.jose4j.jws.AlgorithmIdentifiers; public class SL20Constants { - public static final String CURRENT_SL20_VERSION = "10"; + public static final int CURRENT_SL20_VERSION = 10; //http binding parameters public static final String PARAM_SL20_REQ_COMMAND_PARAM = "slcommand"; @@ -18,6 +18,7 @@ public class SL20Constants { public static final String PARAM_SL20_REQ_TRANSACTIONID = "slTransactionID"; public static final String HTTP_HEADER_SL20_CLIENT_TYPE = "SL2ClientType"; + public static final String HTTP_HEADER_SL20_VDA_TYPE = "X-MOA-VDA"; public static final String HTTP_HEADER_VALUE_NATIVE = "nativeApp"; @@ -129,8 +130,9 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_EID_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES = "attributes"; public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE = "MANDATE-REFERENCE-VALUE"; - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-FRIENDLYNAME"; - public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-UNIQUEID"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID = "SP-UNIQUEID"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME"; + public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE"; public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK"; public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java index cc7137a0f..169cb8e73 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20HttpBindingUtils.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; import java.io.IOException; import java.io.StringWriter; -import java.io.UnsupportedEncodingException; import java.net.URISyntaxException; import javax.servlet.http.HttpServletRequest; @@ -10,6 +9,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.http.client.utils.URIBuilder; import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; import com.google.gson.JsonObject; @@ -33,7 +33,9 @@ public class SL20HttpBindingUtils { } else { Logger.debug("Client request containts is no native client ... "); URIBuilder clientRedirectURI = new URIBuilder(redirectURL); - clientRedirectURI.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, sl20Forward.toString()); + clientRedirectURI.addParameter( + SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, + Base64Url.encode(sl20Forward.toString().getBytes())); response.setStatus(307); response.setHeader("Location", clientRedirectURI.build().toString()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java index 52d7e1e67..d5dec1fe1 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONBuilderUtils.java @@ -387,7 +387,7 @@ public class SL20JSONBuilderUtils { */ public static JsonObject createGenericRequest(String reqId, String transactionId, JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { JsonObject req = new JsonObject(); - addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_REQID, reqId, true); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); addOnlyOnceOfTwo(req, SL20Constants.SL20_PAYLOAD, SL20Constants.SL20_SIGNEDPAYLOAD, @@ -411,7 +411,7 @@ public class SL20JSONBuilderUtils { JsonElement payLoad, String signedPayload) throws SLCommandoBuildException { JsonObject req = new JsonObject(); - addSingleStringElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); + addSingleIntegerElement(req, SL20Constants.SL20_VERSION, SL20Constants.CURRENT_SL20_VERSION, true); addSingleStringElement(req, SL20Constants.SL20_RESPID, respId, true); addSingleStringElement(req, SL20Constants.SL20_INRESPTO, inResponseTo, true); addSingleStringElement(req, SL20Constants.SL20_TRANSACTIONID, transactionId, false); @@ -568,6 +568,17 @@ public class SL20JSONBuilderUtils { } + private static void addSingleIntegerElement(JsonObject parent, String keyId, Integer value, boolean isRequired) throws SLCommandoBuildException { + validateParentAndKey(parent, keyId); + + if (isRequired && value == null) + throw new SLCommandoBuildException(keyId + " has an empty value"); + + else if (value != null) + parent.addProperty(keyId, value); + + } + private static void addSingleJSONElement(JsonObject parent, String keyId, JsonElement element, boolean isRequired) throws SLCommandoBuildException { validateParentAndKey(parent, keyId); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index 6949b7a18..2e81d9c64 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -1,7 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; import java.io.InputStreamReader; -import java.net.URLDecoder; import java.util.Base64; import java.util.HashMap; import java.util.Iterator; @@ -13,6 +12,7 @@ import org.apache.http.HttpEntity; import org.apache.http.HttpResponse; import org.apache.http.client.utils.URIBuilder; import org.apache.log4j.Logger; +import org.jose4j.base64url.Base64Url; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -107,45 +107,64 @@ public class SL20JSONExtractorUtils { } /** - * Extract Map of Key/Value pairs from a JSON Array + * Extract Map of Key/Value pairs from a JSON Element * - * @param input - * @param keyID + * @param input parent JSON object + * @param keyID KeyId of the child that should be parsed * @param isRequired * @return * @throws SLCommandoParserException */ public static Map getMapOfStringElements(JsonObject input, String keyID, boolean isRequired) throws SLCommandoParserException { JsonElement internal = getAndCheck(input, keyID, isRequired); + return getMapOfStringElements(internal); + } + + /** + * Extract Map of Key/Value pairs from a JSON Element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static Map getMapOfStringElements(JsonElement input) throws SLCommandoParserException { Map result = new HashMap(); - if (internal != null) { - if (!internal.isJsonArray()) - throw new SLCommandoParserException("JSON Element IS NOT a JSON array"); - - Iterator arrayIterator = internal.getAsJsonArray().iterator(); - while(arrayIterator.hasNext()) { - //JsonObject next = arrayIterator.next().getAsJsonObject(); - //result.put( - // next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY).getAsString(), - // next.get(SL20Constants.SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_VALUE).getAsString()); - JsonElement next = arrayIterator.next(); - Iterator> entry = next.getAsJsonObject().entrySet().iterator(); - while (entry.hasNext()) { - Entry el = entry.next(); - if (result.containsKey(el.getKey())) - log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); - - result.put(el.getKey(), el.getValue().getAsString()); + if (input != null) { + if (input.isJsonArray()) { + Iterator arrayIterator = input.getAsJsonArray().iterator(); + while(arrayIterator.hasNext()) { + JsonElement next = arrayIterator.next(); + Iterator> entry = next.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, entry); - } - } + } + + } else if (input.isJsonObject()) { + Iterator> objectKeys = input.getAsJsonObject().entrySet().iterator(); + entitySetToMap(result, objectKeys); + + } else + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON object"); + } return result; } + private static void entitySetToMap(Map result, Iterator> entry) { + while (entry.hasNext()) { + Entry el = entry.next(); + if (result.containsKey(el.getKey())) + log.info("Attr. Map already contains Element with Key: " + el.getKey() + ". Overwrite element ... "); + + result.put(el.getKey(), el.getValue().getAsString()); + + } + + } + public static JsonElement extractSL20Result(JsonObject command, IJOSETools decrypter, boolean mustBeEncrypted) throws SL20Exception { JsonElement result = command.get(SL20Constants.SL20_COMMAND_CONTAINER_RESULT); @@ -207,19 +226,21 @@ public class SL20JSONExtractorUtils { if (sl20Payload == null && sl20SignedPayload == null) throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); - else if (sl20Payload == null && sl20SignedPayload == null) - throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice"); - + //TODO: + //else if (sl20Payload != null && sl20SignedPayload != null) { + //log.warn("Find 'signed' AND 'unsigned' SL2.0 payload"); + //throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice"); + //} else if (sl20SignedPayload == null && mustBeSigned) throw new SLCommandoParserException("payLoad MUST be signed."); + + else if (joseTools != null && sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { + return joseTools.validateSignature(sl20SignedPayload.getAsString()); - else if (sl20Payload != null) + } else if (sl20Payload != null) return new VerificationResult(sl20Payload.getAsJsonObject()); - else if (sl20SignedPayload != null && sl20SignedPayload.isJsonPrimitive()) { - return joseTools.validateSignature(sl20SignedPayload.getAsString()); - - } else + else throw new SLCommandoParserException("Internal build error"); @@ -242,10 +263,10 @@ public class SL20JSONExtractorUtils { throw new SLCommandoParserException("Find Redirect statuscode but not Location header"); String sl20RespString = new URIBuilder(locationHeader[0].getValue()).getQueryParams().get(0).getValue(); - sl20Resp = new JsonParser().parse(URLDecoder.decode(sl20RespString)).getAsJsonObject(); + sl20Resp = new JsonParser().parse(Base64Url.encode((sl20RespString.getBytes()))).getAsJsonObject(); } else if (httpResp.getStatusLine().getStatusCode() == 200) { - if (!httpResp.getEntity().getContentType().getValue().equals("application/json;charset=UTF-8")) + if (!httpResp.getEntity().getContentType().getValue().startsWith("application/json")) throw new SLCommandoParserException("SL20 response with a wrong ContentType: " + httpResp.getEntity().getContentType().getValue()); sl20Resp = parseSL20ResultFromResponse(httpResp.getEntity()); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index d07d7a78a..a7253c2c6 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -1,14 +1,22 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier; +import java.io.ByteArrayInputStream; import java.io.IOException; +import java.util.Arrays; import java.util.Date; import java.util.List; import org.jaxen.SimpleNamespaceContext; +import org.opensaml.Configuration; +import org.opensaml.DefaultBootstrap; +import org.opensaml.saml2.core.Assertion; +import org.opensaml.xml.XMLObject; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; import org.w3c.dom.Element; +import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.auth.builder.SignatureVerificationUtils; -import at.gv.egovernment.moa.id.auth.exception.ValidateException; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; @@ -22,10 +30,12 @@ import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.util.Base64Utils; import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; public class QualifiedeIDVerifier { @@ -69,21 +79,22 @@ public class QualifiedeIDVerifier { verifyXMLSignatureResponse, authConfig.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - oaParam); + oaParam, + authConfig); } public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException { String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); - List verifyTransformsInfoProfileID = null; + List verifyTransformsInfoProfileID = Arrays.asList("SL20Authblock_v1.0"); SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID); // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(sigVerifyResult, - null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam); + null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, oaParam, authConfig); return sigVerifyResult; @@ -120,7 +131,7 @@ public class QualifiedeIDVerifier { // date and time validateSigningDateTime(sigVerifyResult, authBlockExtractor); - } catch ( ValidateException e) { + } catch ( Exception e) { Logger.warn("Validation of eID information FAILED. ", e); throw new SL20eIDDataValidationException(new Object[] { SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, @@ -134,6 +145,59 @@ public class QualifiedeIDVerifier { } + public static Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException { + try { + //parse authBlock into SAML2 Assertion + byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); + Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); + + //A-Trust workarounda +// Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authblockB64.getBytes())); +// Element authBlockDOM = DOMUtils.parseXmlNonValidating(new ByteArrayInputStream(authblockB64.getBytes())); + + DefaultBootstrap.bootstrap(); + UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); + Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); + XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); + + //validate SAML2 Assertion + SAML2Utils.schemeValidation(samlAssertion); + + if (samlAssertion instanceof Assertion) + return (Assertion) samlAssertion; + else + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + "AuthBlock is NOT of type SAML2 Assertion" + }); + + } catch (SL20eIDDataValidationException e) { + throw e; + + } catch (SAXException e) { + Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage()); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } catch (Exception e) { + Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage()); + Logger.trace("FullAuthBlock: " + authblockB64); + throw new SL20eIDDataValidationException( + new Object[] { + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, + e.getMessage() + }, + e); + + } + + } + private static void validateSigningDateTime( IVerifiyXMLSignatureResponse sigVerifyResult, AssertionAttributeExtractor authBlockExtractor) throws SL20eIDDataValidationException { Date signingDate = sigVerifyResult.getSigningDateTime(); Date notBefore = authBlockExtractor.getAssertionNotBefore(); @@ -163,7 +227,7 @@ public class QualifiedeIDVerifier { + " NotBefore:" + notBefore.toString() + " NotOrNotAfter:" + notOrNotAfter.toString()); - if (signingDate.after(notBefore) || signingDate.before(notOrNotAfter)) + if (signingDate.after(notBefore) && signingDate.before(notOrNotAfter)) Logger.debug("Signing date validation successfull"); else { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index 763454639..26283cab2 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -4,7 +4,6 @@ import java.util.ArrayList; import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import javax.net.ssl.SSLSocketFactory; import javax.servlet.http.HttpServletRequest; @@ -17,6 +16,7 @@ import org.apache.http.client.methods.HttpPost; import org.apache.http.client.utils.URIBuilder; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.message.BasicNameValuePair; +import org.jose4j.base64url.Base64Url; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -39,7 +39,6 @@ import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; -import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -62,7 +61,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); //get basic configuration parameters - String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig); + String vdaQualeIDUrl = extractVDAURLForSpecificOA(oaConfig, executionContext); if (MiscUtil.isEmpty(vdaQualeIDUrl)) { Logger.error("NO VDA URL for qualified eID (" + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + ")"); throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); @@ -83,17 +82,21 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { //build qualifiedeID command Map qualifiedeIDParams = new HashMap(); qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPUNIQUEID, oaConfig.getPublicURLPrefix()); - qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME, oaConfig.getFriendlyName()); + qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT"); //qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString()); + //TODO: JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters( authBlockId, dataURL, qualifiedeIDParams, - joseTools.getEncryptionCertificate()); + //joseTools.getEncryptionCertificate()); + null); //String qualeIDReqId = UUID.randomUUID().toString(); - String qualeIDReqId = SAML2Utils.getSecureIdentifier(); + //TODO: work-Around for A-trust + String qualeIDReqId = SAML2Utils.getSecureIdentifier().substring(0, 12); String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools); JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); @@ -105,19 +108,21 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { sslFactory, authConfig.getBasicMOAIDConfigurationBoolean(AuthConfiguration.PROP_KEY_OVS_SSL_HOSTNAME_VALIDATION, true)); - //build post request + //build http POST request HttpPost httpReq = new HttpPost(new URIBuilder(vdaQualeIDUrl).build()); - httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); List parameters = new ArrayList();; - - //correct one - //parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()))); - - //A-Trust current version - parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM_OLD, sl20Req.toString())); + parameters.add(new BasicNameValuePair(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes()))); httpReq.setEntity(new UrlEncodedFormEntity(parameters )); + //build http GET request +// URIBuilder sl20ReqUri = new URIBuilder(vdaQualeIDUrl); +// sl20ReqUri.addParameter(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM, Base64Url.encode(sl20Req.toString().getBytes())); +// HttpGet httpReq = new HttpGet(sl20ReqUri.build()); + //set native client header + httpReq.addHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE, SL20Constants.HTTP_HEADER_VALUE_NATIVE); + + Logger.trace("Request VDA via SL20 with: " + Base64Url.encode(sl20Req.toString().getBytes())); //request VDA HttpResponse httpResp = httpClient.execute(httpReq); @@ -190,26 +195,40 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { } - private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig) { - Map listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); - Map listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST); + private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig, ExecutionContext executionContext) { - for (Entry el : listOfSPs.entrySet()) { - List spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue()); - if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) { - Logger.trace("Select VDA endPoint with Id: " + el.getKey()); - if (listOfVDAs.containsKey(el.getKey())) - return listOfVDAs.get(el.getKey()); - - else - Logger.info("No VDA endPoint with Id: " + el.getKey()); - - } else - Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix()); + //selection based on EntityID +// Map listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); +// Map listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST); +// +// for (Entry el : listOfSPs.entrySet()) { +// List spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue()); +// if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) { +// Logger.trace("Select VDA endPoint with Id: " + el.getKey()); +// if (listOfVDAs.containsKey(el.getKey())) +// return listOfVDAs.get(el.getKey()); +// +// else +// Logger.info("No VDA endPoint with Id: " + el.getKey()); +// +// } else +// Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix()); +// +// } + + //selection based on request Header + String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); + if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) { + String vdaURL = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST + sl20VDATypeHeader); + if (MiscUtil.isNotEmpty(vdaURL)) + return vdaURL.trim(); + else + Logger.info("Can NOT find VDA with Id: " + sl20VDATypeHeader + ". Use default VDA"); + } - Logger.debug("NO SP specific VDA endpoint found. Use default VDA"); + Logger.info("NO SP specific VDA endpoint found. Use default VDA"); return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index b7fe579a3..357ecb6ec 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -12,6 +12,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.http.entity.ContentType; +import org.jose4j.base64url.Base64Url; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; @@ -37,6 +38,7 @@ import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moa.util.StreamUtils; import at.gv.egovernment.moaspss.logging.Logger; @@ -55,17 +57,30 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { try { //get SL2.0 command or result from HTTP request Map reqParams = getParameters(request); - String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + if (MiscUtil.isEmpty(sl20Result)) { - Logger.info("NO SL2.0 commando or result FOUND."); - throw new SL20Exception("sl20.04", null); + + //TODO: remove + //Workaround for SIC Handy-Signature, because it sends result in InputStream + String test = StreamUtils.readStream(request.getInputStream(), "UTF-8"); + if (MiscUtil.isNotEmpty(test)) { + Logger.info("Use SIC Handy-Signature work-around!"); + sl20Result = test.substring("slcommand=".length()); + + } else { + Logger.info("NO SL2.0 commando or result FOUND."); + throw new SL20Exception("sl20.04", null); + } } - + + Logger.trace("Received SL2.0 result: " + sl20Result); + //parse SL2.0 command/result into JSON try { JsonParser jsonParser = new JsonParser(); - JsonElement sl20Req = jsonParser.parse(sl20Result); + JsonElement sl20Req = jsonParser.parse(Base64Url.decodeToUtf8String(sl20Result)); sl20ReqObj = sl20Req.getAsJsonObject(); } catch (JsonSyntaxException e) { @@ -111,16 +126,13 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( payLoad, joseTools, authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_ENCRYPTION, true)); - + //extract attributes from result - String idlB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, true); - String authBlockB64 = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, true); - String ccsURL = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL, true); - String LoA = SL20JSONExtractorUtils.getStringValue(qualeIDResult.getAsJsonObject(), - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA, true); + Map eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult); + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + String ccsURL = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL); + String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA); //cache qualified eID data into pending request pendingReq.setGenericDataToSession( @@ -233,6 +245,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { redirectTwoCommand, null); + //workaround for SIC VDA if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { Logger.debug("Client request containts 'native client' header ... "); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index b5c84d315..cc74bb11a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -6,14 +6,8 @@ import java.util.Calendar; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.opensaml.Configuration; import org.opensaml.saml2.core.Assertion; -import org.opensaml.xml.XMLObject; -import org.opensaml.xml.io.Unmarshaller; -import org.opensaml.xml.io.UnmarshallerFactory; import org.springframework.stereotype.Component; -import org.w3c.dom.Element; -import org.xml.sax.SAXException; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -28,9 +22,7 @@ import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; -import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; import at.gv.egovernment.moaspss.logging.Logger; @@ -75,7 +67,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); IVerifiyXMLSignatureResponse authBlockVerificationResult = null; try { - Assertion authBlock = parseAuthBlockToSaml2Assertion(authBlockB64); + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); @@ -126,55 +118,5 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { TransactionIDUtils.removeSessionId(); } - } - - private Assertion parseAuthBlockToSaml2Assertion(String authblockB64) throws SL20eIDDataValidationException { - try { - //parse authBlock into SAML2 Assertion - byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); - Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); - UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); - Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); - XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); - - //validate SAML2 Assertion - SAML2Utils.schemeValidation(samlAssertion); - - if (samlAssertion instanceof Assertion) - return (Assertion) samlAssertion; - else - throw new SL20eIDDataValidationException( - new Object[] { - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, - "AuthBlock is NOT of type SAML2 Assertion" - }); - - } catch (SL20eIDDataValidationException e) { - throw e; - - } catch (SAXException e) { - Logger.info("Scheme validation of SAML2 AuthBlock FAILED. Reason: " + e.getMessage()); - throw new SL20eIDDataValidationException( - new Object[] { - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, - e.getMessage() - }, - e); - - } catch (Exception e) { - Logger.info("Can not parse AuthBlock. Reason: " + e.getMessage()); - Logger.trace("FullAuthBlock: " + authblockB64); - throw new SL20eIDDataValidationException( - new Object[] { - SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK, - e.getMessage() - }, - e); - - } - - } - - - + } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java new file mode 100644 index 000000000..49c11ea05 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -0,0 +1,42 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context.xml") +public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { + + @Before + public void init() throws SLCommandoParserException, IOException { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); + JsonParser jsonParser = new JsonParser(); + JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); + + JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad, "result", true); + + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_28ab8536d068a153e1a"; + } +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java new file mode 100644 index 000000000..65460439e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/SpringTest-context.xml" }) +public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { + + @Before + public void init() throws SLCommandoParserException, IOException { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json"))); + JsonParser jsonParser = new JsonParser(); + JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject(); + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getAsJsonObject(), "result", true); + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_57010b7fcc93cc4cf3f2b764389137c2"; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java new file mode 100644 index 000000000..93e046797 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -0,0 +1,376 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; + +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IStorkConfig; +import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + +public class DummyAuthConfig implements AuthConfiguration { + + @Override + public String getRootConfigFileDir() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultChainingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getTrustedCACertificates() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isTrustmanagerrevoationchecking() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getActiveProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralPVP2ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralOAuth20ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ProtocolAllowed getAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map getConfigurationWithPrefix(String Prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationWithKey(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBasicMOAIDConfiguration(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBasicMOAIDConfiguration(String key, String defaultValue) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getTransactionTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOCreatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOUpdatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getAlternativeSourceID() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getLegacyAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public IOAAuthParameters getOnlineApplicationParameter(String oaURL) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten"; + else + return "MOAIDBuergerkarteAuthentisierungsDaten"; + } + + @Override + public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkartePersonenbindungMitTestkarten"; + else + return "MOAIDBuergerkartePersonenbindung"; + } + + @Override + public List getTransformsInfos() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getIdentityLinkX509SubjectNames() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getSLRequestTemplates() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSLRequestTemplates(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getDefaultBKUURLs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultBKUURL(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOTagetIdentifier() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOSpecialText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOASessionEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOAConfigurationEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIdentityLinkResigning() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getIdentityLinkResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isMonitoringActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getMonitoringTestIdentityLinkURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMonitoringMessageSuccess() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isAdvancedLoggingActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getPublicURLPrefix() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isVirtualIDPsEnabled() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPVP2AssertionEncryptionActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isCertifiacteQCActive() { + return true; + } + + @Override + public IStorkConfig getStorkConfig() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDocumentServiceUrl() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isStorkFakeIdLActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getStorkFakeIdLCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getStorkNoSignatureCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getStorkFakeIdLResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPVPSchemaValidationActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Map getConfigurationWithWildCard(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getDefaultRevisionsLogEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isHTTPAuthAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getRevocationMethodOrder() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java new file mode 100644 index 000000000..2df20edb4 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -0,0 +1,264 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; + +import java.security.PrivateKey; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +public class DummyOA implements IOAAuthParameters { + + @Override + public Map getFullConfiguration() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationValue(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPublicURLPrefix() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + return false; + } + + @Override + public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInderfederationIDP() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isSTORKPVPGateway() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRemovePBKFromAuthBlock() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public SAML1ConfigurationParameters getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean useSSO() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection getRequestedSTORKAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Collection getPepsList() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIDPAttributQueryServiceURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isTestCredentialEnabled() { + return true; + } + + @Override + public List getTestCredentialOIDs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isUseIDLTestTrustStore() { + return true; + } + + @Override + public boolean isUseAuthBlockTestTestStore() { + return true; + } + + @Override + public PrivateKey getBPKDecBpkDecryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java new file mode 100644 index 000000000..52743c9da --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -0,0 +1,105 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.ByteArrayInputStream; +import java.util.Map; + +import org.junit.Test; +import org.opensaml.saml2.core.Assertion; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.spss.MOAException; +import at.gv.egovernment.moa.spss.api.Configurator; +import at.gv.egovernment.moa.util.Base64Utils; +import at.gv.egovernment.moa.util.MiscUtil; +import at.gv.egovernment.moaspss.logging.LoggingContext; +import at.gv.egovernment.moaspss.logging.LoggingContextManager; +import iaik.security.ec.provider.ECCelerate; +import iaik.security.provider.IAIK; + +public abstract class eIDDataVerifierTest { + + protected Map eIDData = null; + + @Test + public void dummyTest() throws Exception { + + + } + + @Test + public void parseIdl() throws Exception { + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + + if (idl == null) + throw new Exception("IDL parsing FAILED"); + + } + + @Test + public void parseAuthBlock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + new AssertionAttributeExtractor(authBlock); + + } + + @Test + public void checkIDLAgainstAuthblock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + + IOAAuthParameters dummyOA = new DummyOA(); + AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); + + Logger.info("Loading Java security providers."); + System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); + + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + Logger.debug("Starting MOA-SPSS initialization process ... "); + Configurator.getInstance().init(); + Logger.info("MOA-SPSS initialization complete "); + + } catch (MOAException e) { + Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new ConfigurationException("config.10", new Object[] { e + .toString() }, e); + } + + QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig); + IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); + QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult); + + } + + protected abstract String getSl20ReqId(); +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml new file mode 100644 index 000000000..011d1ed64 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml @@ -0,0 +1,13 @@ + + + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json new file mode 100644 index 000000000..09190574d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -0,0 +1,14 @@ +{ + "v": 10, + "respID": "Cl6uQjZlOWFjUEbtyXb0", + "inResponseTo": "_28ab8536d068a153e1a", + "payload": { + "name": "qualifiedeID", + "result": { + "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", + "EID-CITIZEN-QAA-LEVEL": "substantial", + "EID-CCS-URL": "https://www.a-trust.at/todo", + "EID-AUTH-BLOCK": "https://www.a-trust.at/todohttps://demo.egiz.gv.at/demoportal_moaid-2.0/sl20/dataUrl?pendingid=862482318004000902Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
\n\t\t\t\t\t\t\t\t\t\t\tVollmachten-Referenz:
DataURL:
AuthBlockValidTo:
9YAYcxkIWv1Zzdhli5Mjk6Nz8ZJjVQTxU/u71fF5StA=F7ye8qqVpognWOY8JAZVHk7X+AzH/5OStZWYSSbKgH4=WVqZ8I9HaPIerCh1DIh6FnNQODSmWkxSecxTrcSL79ooWPYRB8DPbNoMT39rT+eRgYPjcAxjiNegbo0+lE51ZauWNr3jq2USaVY3nBpnmVDfBlnkFMdovaVVJPyegtGTYMMeN3+EQaZRSy13bvJS1U36bFUgv2i8KeXdftFzxeNheJqyXvrGzvmVuJV4dB8fOUm2VXgKepvelpRQZ+U6Jpyq1yVE9gz4frqVLetdUSGQhKJ0VRgYVVqa4FQ+YpyFgWwJQF/lOuUWli0jZ73HC7rIuVZ5Y0LEqaB+GUwthQk4qM3BsIfxPAxeh7a1Z915h0Ilzjkbk9kwt5Z2yZ8qXQ==MIIF1jCCBL6gAwIBAgIEfgS3/TANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBgwCQVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVByZW1pdW0tVGVzdC1TaWctMDIxIzAhBgNVBAMMGmEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyMB4XDTE4MDUzMDA4MzIyOVoXDTIzMDUzMDA4MzIyOVowYDELMAkGA1UEBgwCQVQxFzAVBgNVBAMMDk1heCBNdXN0ZXJtYW5uMRMwEQYDVQQEDApNdXN0ZXJtYW5uMQwwCgYDVQQqDANNYXgxFTATBgNVBAUMDDUxNzY2MDcxODk5MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNGYXRmvAx9CJmzVO4uKreJhpwTwHi/fQhnX3QfB1VzQeYMMHi3GfVzEmAaD6hrVI84cyqLBQstyo5RxJM9Lf6z84TU3ZVdkOwBVxXjoe98Do+Oxj7zolO+6Qde2a2fMjZpiDNdkEPdUrQ2lRRPpBqjyHBHb23zsZ1PIXIpMl6nmsVVFs9ZlljbaMi9l56ZFOARVAbueYfSpF0wD66U5QC3/fw9SY31aDZo5aSmMcwqwCWvCc/Ef5evuEhO2sO7X55N2EMtaVH+X382Hcrzyn6lNEzBCf+4vZjQ6gX1KalwBI9LniaBJOD/4pHfUb51CJUhLu9Rt/rkyJyKWYu7z6MCAwEAAaOCAlQwggJQMIGDBggrBgEFBQcBAQR3MHUwRQYIKwYBBQUHMAKGOWh0dHA6Ly93d3cuYS10cnVzdC5hdC9jZXJ0cy9hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDNhLmNydDAsBggrBgEFBQcwAYYgaHR0cDovL29jc3AtdGVzdC5hLXRydXN0LmF0L29jc3AwEwYDVR0jBAwwCoAIRgafjkGOFb0wcgYIKwYBBQUHAQMEZjBkMAoGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwLQYGBACORgEFMCMwIRYbaHR0cHM6Ly93d3cuYS10cnVzdC5hdC9wZHMvEwJFTjARBgNVHQ4ECgQIQWyS5dXk/tYwDgYDVR0PAQH/BAQDAgbAMAkGA1UdEwQCMAAwYAYDVR0gBFkwVzAIBgYEAIswAQEwSwYGKigAEQEUMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1wcmVtaXVtLW1vYmlsZTCBrgYDVR0fBIGmMIGjMIGgoIGdoIGahoGXbGRhcDovL2xkYXAtdGVzdC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyIChTSEEtMjU2KSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAyEmgODt02xaxHb4E+O9XgImEC0AoH4Q97Pq7Bd4v+Pqqd6i5RodvwfTgIaW1J+fvH8KUTzI0XX9wpUWwImVEGMH63VAJcXVH0y9ifEWIHdhOLtRYVif0SQK9YRachvJDmF5hLwAQREeGsX2iNmP7dYe4xiNKAtQn0phvlPqgha6oKDGMQ8FNAfRz3kAtXJwPbFg6QE4kIhkTgd32uOiAJW7G2TaJZXWfK9TpV5LQ13+11FJ2S3KQc8ub/+1GdgirKSW4J1zhsfT+WCr/OayU2MzQXKv8OWb0SxWIJHiMTexH7r9muGk/ZLkaQQV2CtSOYqTAN8AweCiJ11uVFHeLpQ==2018-06-04T15:20:13Z6aTkha/Y9xYS4bQMZbwIX8TFsD2CezdhuqHpTtCI3f0=CN=a-sign-Premium-Test-Sig-02,OU=a-sign-Premium-Test-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT2114238461application/xhtml+xml2.1MustermannMax1940-01-01labda - Developmenthttps://labda.iaik.tugraz.at:5553/demologin/AT" + } + } +} \ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json new file mode 100644 index 000000000..a75535da1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json @@ -0,0 +1,8 @@ +{"result": + { + "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", + "EID-CITIZEN-QAA-LEVEL": "substantial", + "EID-CCS-URL": "https://www.a-trust.at/todo", + "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il81NzAxMGI3ZmNjOTNjYzRjZjNmMmI3NjQzODkxMzdjMiIgSXNzdWVJbnN0YW50PSIyMDE2LTAzLTI5VDA4OjUwOjU2LjQ1MFoiIFZlcnNpb249IjIuMCIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj4NCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2RlbW8tdmRhLmF0L3ZkYS1zZXJ2aWNlPC9zYW1sMjpJc3N1ZXI+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiLz48eHNsOnRlbXBsYXRlIG1hdGNoPSIvIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxoZWFkPjx0aXRsZT5TaWduYXR1ciBkZXIgQW5tZWxkZWRhdGVuPC90aXRsZT48c3R5bGUgbWVkaWE9InNjcmVlbiIgdHlwZT0idGV4dC9jc3MiPg0KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0NCgkJCQkJCQkJLnRpdGxlc3R5bGUgeyB0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lOyBmb250LXdlaWdodDpib2xkOyBmb250LXNpemU6IG1lZGl1bTsgfSANCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSANCiAgICAgICAgICAgICAgCQkJCTwvc3R5bGU+PC9oZWFkPjxib2R5PjxoNCBjbGFzcz0iaDRzdHlsZSI+QW5tZWxkZWRhdGVuOjwvaDQ+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBQZXJzb248L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb3JuYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjIwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+TmFjaG5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9sbG1hY2h0OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dGV4dD5JY2ggbWVsZGUgbWljaCBpbiBWZXJ0cmV0dW5nIGFuLiBJbSBuw6RjaHN0ZW4gU2Nocml0dCB3aXJkIG1pciBlaW5lIExpc3RlIGRlciBmw7xyIG1pY2ggdmVyZsO8Z2JhcmVuIFZlcnRyZXR1bmdzdmVyaMOkbHRuaXNzZSBhbmdlemVpZ3QsIGF1cyBkZW5lbiBpY2ggZWluZXMgYXVzd8OkaGxlbiB3ZXJkZS48L3hzbDp0ZXh0PjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgQW53ZW5kdW5nPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPklkZW50aWZpa2F0b3I6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyRnJpZW5kbHlOYW1lJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPlRlY2huaXNjaGUgUGFyYW1ldGVyPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdHVtOjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsOSwyKSIvPjx4c2w6dGV4dD4uPC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw2LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlVocnplaXQ6PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxMiwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxNSwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VHJhbnNha3Rpb25zVG9ra2VuOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL0BJRCIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPg0KCQkJCQkJCQkJCQlWb2xsbWFjaHRlbi1SZWZlcmVuejogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXRhVVJMOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbi9zYW1sMjpBdWRpZW5jZSIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48L2JvZHk+PC9odG1sPjwveHNsOnRlbXBsYXRlPjwveHNsOnN0eWxlc2hlZXQ+PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSNXaXRoQ29tbWVudHMiLz48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5tY0xFdXNpMmMySFZsZWJXZWJnK1VUVVVCVDRHSUxIVDdhN1ZGaDFNZ1YwPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDIvMDYveG1sZHNpZy1maWx0ZXIyIj48eHBmOlhQYXRoIHhtbG5zOnhwZj0iaHR0cDovL3d3dy53My5vcmcvMjAwMi8wNi94bWxkc2lnLWZpbHRlcjIiIEZpbHRlcj0iaW50ZXJzZWN0IiB4bWxuczpldHNpPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzL3YxLjEuMSMiPi8vKltASWQ9J2V0c2ktc2lnbmVkLTEtMSddL2V0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMvZXRzaTpTaWduZWRQcm9wZXJ0aWVzPC94cGY6WFBhdGg+PC9kc2lnOlRyYW5zZm9ybT48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5xMWdMWm9lTDZLOVZaZHkzM3lPdVRFaTJGVDFTaDBqRDJSZGMzRXJ0WmNvPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpTaWduZWRJbmZvPjxkc2lnOlNpZ25hdHVyZVZhbHVlPmpjV2YrejljckIvVU1COTVPR2ZlMys5U2pESXRrMUZWSGRFZWNGSnhnbVJndWRjMWxmc1V2Z21BTzhxYlBHcGpEMDJhMi9pNmowTlJFR1l4dU5aVGtBPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRm1qQ0NBNEtnQXdJQkFnSUVPTkd1bWpBTkJna3Foa2lHOXcwQkFRc0ZBRENCblRFTE1Ba0dBMVVFQmhNQ1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVoTUI4R0ExVUVDd3dZWVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNU0V3SHdZRFZRUUREQmhoTFhOcFoyNHRjSEpsYldsMWJTMXRiMkpwYkdVdE1EVXdIaGNOTVRnd05ERXlNRFl4T0RVd1doY05Nak13TkRFeU1EWXhPRFV3V2pCbU1Rc3dDUVlEVlFRR0V3SkJWREVhTUJnR0ExVUVBd3dSVkdodmJXRnpJRWRsYjNKbklFeGxibm94RFRBTEJnTlZCQVFNQkV4bGJub3hGVEFUQmdOVkJDb01ERlJvYjIxaGN5QkhaVzl5WnpFVk1CTUdBMVVFQlJNTU9ESXdNVGd3TnpjM01qZzNNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVmMmFZaTM5UlRPd3VHbHZqbWwwNms0eEdnSUZIOU8rajUrdms0bDdjbzVYRVNkYUYvK1FFQmJpcUIxQjlIcGZFOVJIZjdiYkc2WjdlZjh4VXhkdjMzYU9DQWVFd2dnSGRNSDBHQ0NzR0FRVUZCd0VCQkhFd2J6QkVCZ2dyQmdFRkJRY3dBb1k0YUhSMGNEb3ZMM2QzZHk1aExYUnlkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTF3Y21WdGFYVnRMVzF2WW1sc1pTMHdOUzVqY25Rd0p3WUlLd1lCQlFVSE1BR0dHMmgwZEhBNkx5OXZZM053TG1FdGRISjFjM1F1WVhRdmIyTnpjREFUQmdOVkhTTUVEREFLZ0FoSTgvMmNJdzZIZHpCeUJnZ3JCZ0VGQlFjQkF3Um1NR1F3Q2dZSUt3WUJCUVVIQ3dJd0NBWUdCQUNPUmdFQk1BZ0dCZ1FBamtZQkJEQVRCZ1lFQUk1R0FRWXdDUVlIQkFDT1JnRUdBVEF0QmdZRUFJNUdBUVV3SXpBaEZodG9kSFJ3Y3pvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDNCa2N5OFRBa1ZPTUJFR0ExVWREZ1FLQkFoS1F2Z2VFZTdPaURBT0JnTlZIUThCQWY4RUJBTUNCc0F3Q1FZRFZSMFRCQUl3QURCZ0JnTlZIU0FFV1RCWE1BZ0dCZ1FBaXpBQkFUQkxCZ1lxS0FBUkFSUXdRVEEvQmdnckJnRUZCUWNDQVJZemFIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMlJ2WTNNdlkzQXZZUzF6YVdkdUxYQnlaVzFwZFcwdGJXOWlhV3hsTUVNR0ExVWRId1E4TURvd09LQTJvRFNHTW1oMGRIQTZMeTlqY213dVlTMTBjblZ6ZEM1aGRDOWpjbXd2WVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUFyL1Z0T3hVaU5aTVVjeHJISG9yM0FYWnlqcVVmdTRWTTFkbkt3Zjl1d1hRa3NVcnF2b1Jzc3AyakhDbnpIM2FaV2plQ3U5UFVDSmV3NXgxUnBNeEUwaFZZanEzNzVrdjM4d1ZXUjM4WmE3eVl5ME45cTBVbjBOSmlTUHpuaklUa3RweWZkcHNGSkluTDIrM1h5Z2FZZU51dGU5NjA0WTMwK3JGSCtKck85UjgzWmFwbTZjdGs4ai8xSHBxb0c0NXlJbTZtS3AvWGhndGJnVk13OHptUjBQWGpBaW5FaTYrUmEzL1Z0cUV4ZVlHaUt5WS9SdWU1TWZQRGhiMmRBQjByd1ozVWtRakU0TWFyMFRDVzR0cHZKR0hiakhuQkwyMVY4SVNMZkUxb1NYcGJZWVNqTFh4TENmcmJrZUdSbkhTUTVENUUwU1ZqTzdsU3NQazFtaVErcExGR1FTNTZKS3VFWTBoVzRKYzlkUGRRc29Qc2FEVCtQZW1WQXIzcVZGTEQ1QSt0cm5GMFpqQ3A2RHVhYVdnT0hQajFweE05V0tVRFpXa1hUQWdDZVZhN3RLMlFjMlZWUUUvc3ZGS1I1OWlGTWlSdGpZQXpjTS9OZ215bE9DYUc1a01UZmlXOWhnbGo5QjNSdVVackZHWFNhY0ptcGM4ZWppRTl4a3B5UTVadDlpK3FDVE40ajdIOWdpRHMydkNnMDFwYnp3b0txc05zWGlFc2JzM3NVeTVTUFYyRzg4a055Vm9DTkVKVVZka0ZBZXBqQkcwbDJ5SkxaVkRtdHBucjlFbzc2LzRWSGhGeWJIYU84aWxabXJaQTRqMitMaGRBSFg3a3ZhVE1YbHQxSVphaWdOZE9YYVAwT3d2d3BWUGtSTG9LOHJ1UDRObzE4VGRvQVc0MTVpUT09PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PGRzaWc6T2JqZWN0IElkPSJldHNpLXNpZ25lZC0xLTEiPjxldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzIHhtbG5zOmV0c2k9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xIyIgVGFyZ2V0PSIjc2lnbmF0dXJlLTEtMSI+PGV0c2k6U2lnbmVkUHJvcGVydGllcz48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDVUMDY6MzI6MjZaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGV0c2k6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZXRzaTpEaWdlc3RWYWx1ZT5JZE1yc2VxMHNXczl5UStFRDN3UWpIOHcxeDg9PC9ldHNpOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDUsT1U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTA1LE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj45NTMyNjU4MTg8L2RzaWc6WDUwOVNlcmlhbE51bWJlcj48L2V0c2k6SXNzdWVyU2VyaWFsPjwvZXRzaTpDZXJ0PjwvZXRzaTpTaWduaW5nQ2VydGlmaWNhdGU+PGV0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48ZXRzaTpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT4NCgk8c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTYtMDMtMjlUMDg6NTA6NTYuNDUwWiIgTm90T25PckFmdGVyPSIyMDE2LTAzLTI5VDA4OjU1OjU2LjQ1MFoiPg0KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj4NCgkJCTxzYW1sMjpBdWRpZW5jZT5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9wb3N0PC9zYW1sMjpBdWRpZW5jZT4NCgkJPC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCTwvc2FtbDI6Q29uZGl0aW9ucz4NCgk8c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Mi4xPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NdXN0ZXJtYW5uPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIuNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TWF4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4wMS4wMy4xOTk4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9tZXRhZGF0YTwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUZyaWVuZGx5TmFtZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5EZW1vbG9naW4gU2VydmljZSBwcm92aWRlZCBieSBFR0laPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItQ291bnRyeUNvZGUiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5BVDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iTUFOREFURS1SRUZFUkVOQ0UtVkFMVUUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+X2FzZGZhZGZhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhczwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCTwvc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KPC9zYW1sMjpBc3NlcnRpb24+" + } +} \ No newline at end of file -- cgit v1.2.3 From eeb353539af8e185eca23795ae592df01b049914 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 11:21:58 +0200 Subject: fix refactoring problem in monitoring module --- .../moa/id/monitoring/IdentityLinkTestModule.java | 13 +++++++++++-- .../at/gv/egovernment/moa/id/monitoring/TestManager.java | 2 +- 2 files changed, 12 insertions(+), 3 deletions(-) (limited to 'id') diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java index fa4a50992..867855c49 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/IdentityLinkTestModule.java @@ -46,14 +46,22 @@ import at.gv.egovernment.moa.util.MiscUtil; public class IdentityLinkTestModule implements TestModuleInterface { private static IIdentityLink identityLink = null; + private AuthConfiguration authConfig; - public void initializeTest(long delayParam, String url) throws Exception{ + @Override + public void initializeTest(long delayParam, String url) throws Exception { + Logger.error("NOT implemented yet!!!"); + + } + + public void initializeTest(long delayParam, String url, AuthConfiguration authConfig) throws Exception{ if (MiscUtil.isNotEmpty(url)) { URL keystoreURL = new URL(url); InputStream idlstream = keystoreURL.openStream(); identityLink = new IdentityLinkAssertionParser(idlstream).parseIdentityLink(); + this.authConfig = authConfig; } } @@ -85,7 +93,8 @@ public class IdentityLinkTestModule implements TestModuleInterface { verifyXMLSignatureResponse, config.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK, - oaParam); + oaParam, + authConfig); } catch (ValidateException e) { //check if default Monitoring IDL is used then error is ignored diff --git a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java index 9f0083fb8..1fa878d60 100644 --- a/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java +++ b/id/server/modules/module-monitoring/src/main/java/at/gv/egovernment/moa/id/monitoring/TestManager.java @@ -101,7 +101,7 @@ public class TestManager{ IdentityLinkTestModule test2 = new IdentityLinkTestModule(); String idlurl = FileUtils.makeAbsoluteURL(authConfig.getMonitoringTestIdentityLinkURL(), authConfig.getRootConfigFileDir()); try { - test2.initializeTest(0, idlurl); + test2.initializeTest(0, idlurl, authConfig); tests.put(test2.getName(), test2);; } catch (Exception e) { -- cgit v1.2.3 From f6be7465031504f3b9764d1e7a687f5ba491e7b5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 11:22:47 +0200 Subject: some more SL20 authentication module updates --- .../moa/id/auth/modules/sl20_auth/Constants.java | 7 +++++-- .../auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java | 5 ----- .../sl20_auth/sl20/verifier/QualifiedeIDVerifier.java | 8 ++++++-- .../modules/sl20_auth/tasks/CreateQualeIDRequestTask.java | 13 ++++++++++--- .../id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java | 6 ++++-- .../auth/modules/sl20_auth/dummydata/DummyAuthConfig.java | 7 +++++-- 6 files changed, 30 insertions(+), 16 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java index a3648220d..10a95501b 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -7,7 +7,8 @@ public class Constants { public static final String CONFIG_PROP_PREFIX = "modules.sl20"; public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint"; - public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; + public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD = CONFIG_PROP_PREFIX + ".security.keystore.password"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS = CONFIG_PROP_PREFIX + ".security.sign.alias"; @@ -19,7 +20,9 @@ public class Constants { public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable"; - public static final String CONFIG_PROP_DISABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled"; + public static final String CONFIG_PROP_ENABLE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.enabled"; + public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.required"; + public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = CONFIG_PROP_PREFIX + ".security.eID.signed.result.required"; public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index 2e81d9c64..fa52634a3 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -226,11 +226,6 @@ public class SL20JSONExtractorUtils { if (sl20Payload == null && sl20SignedPayload == null) throw new SLCommandoParserException("NO payLoad OR signedPayload FOUND."); - //TODO: - //else if (sl20Payload != null && sl20SignedPayload != null) { - //log.warn("Find 'signed' AND 'unsigned' SL2.0 payload"); - //throw new SLCommandoParserException("payLoad AND signedPayload FOUND. Can not used twice"); - //} else if (sl20SignedPayload == null && mustBeSigned) throw new SLCommandoParserException("payLoad MUST be signed."); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index a7253c2c6..0c93e7886 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -2,7 +2,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier; import java.io.ByteArrayInputStream; import java.io.IOException; -import java.util.Arrays; import java.util.Date; import java.util.List; @@ -29,6 +28,7 @@ import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; @@ -87,7 +87,11 @@ public class QualifiedeIDVerifier { public static IVerifiyXMLSignatureResponse verifyAuthBlock(String authBlockB64, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException, IOException { String trustProfileId = authConfig.getMoaSpAuthBlockTrustProfileID(oaParam.isUseAuthBlockTestTestStore()); - List verifyTransformsInfoProfileID = Arrays.asList("SL20Authblock_v1.0"); + List verifyTransformsInfoProfileID = + KeyValueUtils.getListOfCSVValues( + KeyValueUtils.normalizeCSVValueString( + authConfig.getBasicMOAIDConfiguration( + at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID))); SignatureVerificationUtils sigVerify = new SignatureVerificationUtils(); IVerifiyXMLSignatureResponse sigVerifyResult = sigVerify.verify(Base64Utils.decode(authBlockB64, false), trustProfileId , verifyTransformsInfoProfileID); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index 26283cab2..c425ca0a7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.tasks; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.HashMap; import java.util.List; @@ -86,13 +87,19 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE, "AT"); //qualifiedeIDParams.put(SL20Constants.SL20_COMMAND_PARAM_EID_ATTRIBUTES_MANDATEREFVALUE, UUID.randomUUID().toString()); - //TODO: + + X509Certificate encCert = null; + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_ENABLE_EID_ENCRYPTION, true)) + encCert = joseTools.getEncryptionCertificate(); + else + Logger.info("eID data encryption is disabled by configuration"); + JsonObject qualeIDCommandParams = SL20JSONBuilderUtils.createQualifiedeIDCommandParameters( authBlockId, dataURL, qualifiedeIDParams, - //joseTools.getEncryptionCertificate()); - null); + encCert + ); //String qualeIDReqId = UUID.randomUUID().toString(); //TODO: work-Around for A-trust diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 357ecb6ec..9262e43e9 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -100,7 +100,9 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //validate signature - VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, true); + VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, + authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); + if (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned()) { Logger.info("SL20 result from VDA was not valid signed"); @@ -125,7 +127,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { JsonElement qualeIDResult = SL20JSONExtractorUtils.extractSL20Result( payLoad, joseTools, - authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_ENCRYPTION, true)); + authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_ENCRYPTION, true)); //extract attributes from result Map eIDData = SL20JSONExtractorUtils.getMapOfStringElements(qualeIDResult); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index 93e046797..bba4ade82 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -76,8 +76,11 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public String getBasicMOAIDConfiguration(String key) { - // TODO Auto-generated method stub - return null; + if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID.equals(key)) + return "SL20Authblock_v1.0"; + + else + return null; } @Override -- cgit v1.2.3 From a06f94c9da130af5cf755b7d6465c8905d37d75b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 15:05:50 +0200 Subject: add one method to AssertionAttributeExtractor and add some log messages --- .../pvp2x/utils/AssertionAttributeExtractor.java | 57 +++++++++++++++++++--- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 44 +++++++++++------ .../modules/sl20_auth/eIDDataVerifierTest.java | 4 +- 3 files changed, 82 insertions(+), 23 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java index 4a0cec6e4..bdfb11d34 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/AssertionAttributeExtractor.java @@ -34,6 +34,8 @@ import java.util.Set; import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.AttributeStatement; +import org.opensaml.saml2.core.Audience; +import org.opensaml.saml2.core.AudienceRestriction; import org.opensaml.saml2.core.AuthnContextClassRef; import org.opensaml.saml2.core.AuthnStatement; import org.opensaml.saml2.core.Response; @@ -191,17 +193,22 @@ public class AssertionAttributeExtractor { } -// public PersonalAttributeList getSTORKAttributes() { -// return storkAttributes; -// } - - + /** + * Get the Id attribute from SAML2 assertion + * + * @return + */ public String getAssertionID() { return assertion.getID(); } - + /** + * Get the subjectNameId from SAML2 Assertion + * + * @return nameId but never null + * @throws AssertionAttributeExtractorExeption + */ public String getNameID() throws AssertionAttributeExtractorExeption { if (assertion.getSubject() != null) { Subject subject = assertion.getSubject(); @@ -218,6 +225,12 @@ public class AssertionAttributeExtractor { throw new AssertionAttributeExtractorExeption("nameID"); } + /** + * Get get SessionIndex from SAML2 assertion + * + * @return sessionIndex but never null + * @throws AssertionAttributeExtractorExeption + */ public String getSessionIndex() throws AssertionAttributeExtractorExeption { AuthnStatement authn = getAuthnStatement(); @@ -229,7 +242,9 @@ public class AssertionAttributeExtractor { } /** - * @return + * Get the LoA (QAA level) from assertion. This information is extracted from AuthnContext and AuthnContextClassRef + * + * @return LoA but never null * @throws AssertionAttributeExtractorExeption */ public String getQAALevel() throws AssertionAttributeExtractorExeption { @@ -247,6 +262,11 @@ public class AssertionAttributeExtractor { throw new AssertionAttributeExtractorExeption("AuthnContextClassRef"); } + /** + * Get full SAML2 assertion + * + * @return + */ public Assertion getFullAssertion() { return assertion; } @@ -297,6 +317,29 @@ public class AssertionAttributeExtractor { } + /** + * Get the AudienceRestriction from SAML2 Assertion + * + * @return AudienceRestriction, but never null + * @throws AssertionAttributeExtractorExeption + */ + public List getAudienceRestriction( ) throws AssertionAttributeExtractorExeption { + try { + List rest = getFullAssertion().getConditions().getAudienceRestrictions(); + if (rest != null && rest.size() != 0) { + if (rest.size() == 1 && rest.get(0) != null) + return rest.get(0).getAudiences(); + + else + Logger.warn("More than one 'AudienceRestriction'! Extraction currently NOT supported"); + } + + } catch (NullPointerException e) { } + + throw new AssertionAttributeExtractorExeption("AudienceRestriction"); + + } + private AuthnStatement getAuthnStatement() throws AssertionAttributeExtractorExeption { List authnList = assertion.getAuthnStatements(); if (authnList.size() == 0) diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 9262e43e9..03db52695 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -49,15 +49,16 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { @Override public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response) - throws TaskExecutionException { + throws TaskExecutionException { + String sl20Result = null; try { Logger.debug("Receiving SL2.0 response process .... "); - JsonObject sl20ReqObj = null; + JsonObject sl20ReqObj = null; try { //get SL2.0 command or result from HTTP request Map reqParams = getParameters(request); - String sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); + sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); if (MiscUtil.isEmpty(sl20Result)) { @@ -103,10 +104,15 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { VerificationResult payLoadContainer = SL20JSONExtractorUtils.extractSL20PayLoad(sl20ReqObj, joseTools, authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)); - if (payLoadContainer.isValidSigned() == null || - !payLoadContainer.isValidSigned()) { - Logger.info("SL20 result from VDA was not valid signed"); - throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); + if ( (payLoadContainer.isValidSigned() == null || !payLoadContainer.isValidSigned())) { + if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_FORCE_EID_SIGNED_RESULT, true)) { + Logger.info("SL20 result from VDA was not valid signed"); + throw new SL20SecurityException(new Object[]{"Signature on SL20 result NOT valid."}); + + } else { + Logger.warn("SL20 result from VDA is NOT valid signed, but signatures-verification is DISABLED by configuration!"); + + } } @@ -158,6 +164,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { } catch (MOAIDException e) { Logger.warn("SL2.0 processing error:", e); + if (sl20Result != null) + Logger.debug("Received SL2.0 result: " + sl20Result); pendingReq.setGenericDataToSession( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, new TaskExecutionException(pendingReq, "SL2.0 Authentication FAILED. Msg: " + e.getMessage(), e)); @@ -165,6 +173,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { } catch (Exception e) { Logger.warn("ERROR:", e); Logger.warn("SL2.0 Authentication FAILED with a generic error.", e); + if (sl20Result != null) + Logger.debug("Received SL2.0 result: " + sl20Result); pendingReq.setGenericDataToSession( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_IDENTIFIER_ERROR, new TaskExecutionException(pendingReq, e.getMessage(), e)); @@ -182,8 +192,10 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { } } catch (Exception e) { - //write internal server errror 500 according to SL2.0 specification, chapter https transport binding + //write internal server errror 500 according to SL2.0 specification, chapter https transport binding Logger.warn("Can NOT build SL2.0 response. Reason: " + e.getMessage(), e); + if (sl20Result != null) + Logger.debug("Received SL2.0 result: " + sl20Result); try { response.sendError(500, "Internal Server Error."); @@ -207,7 +219,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { error , null); - Logger.debug("Client request containts 'native client' header ... "); + Logger.debug("Client request containts 'native client' header ... "); + Logger.trace("SL20 response to VDA: " + respContainer); StringWriter writer = new StringWriter(); writer.write(respContainer.toString()); final byte[] content = writer.toString().getBytes("UTF-8"); @@ -230,13 +243,14 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); //build first redirect command for app - JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", callCommand, null, true); + JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", + callCommand, null, true); JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); //build second redirect command for IDP JsonObject redirectTwoParams = SL20JSONBuilderUtils.createRedirectCommandParameters( new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), Constants.HTTP_ENDPOINT_RESUME, null), - redirectOneCommand, null, true); + redirectOneCommand, null, false); JsonObject redirectTwoCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectTwoParams); //build generic SL2.0 response container @@ -247,10 +261,12 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { redirectTwoCommand, null); - //workaround for SIC VDA + //workaround for A-Trust if (request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE) != null && - request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE)) { - Logger.debug("Client request containts 'native client' header ... "); + request.getHeader(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE).equals(SL20Constants.HTTP_HEADER_VALUE_NATIVE) + || true) { + Logger.debug("Client request containts 'native client' header ... "); + Logger.trace("SL20 response to VDA: " + respContainer); StringWriter writer = new StringWriter(); writer.write(respContainer.toString()); final byte[] content = writer.toString().getBytes("UTF-8"); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index 52743c9da..365152f66 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -50,7 +50,7 @@ public abstract class eIDDataVerifierTest { } - @Test + //@Test public void parseAuthBlock() throws Exception { String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); if (MiscUtil.isEmpty(authBlockB64)) @@ -61,7 +61,7 @@ public abstract class eIDDataVerifierTest { } - @Test + //@Test public void checkIDLAgainstAuthblock() throws Exception { String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); -- cgit v1.2.3 From 4fa07676d5f2763cc9795c31fd95b1b6959dacb9 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 5 Jun 2018 15:46:15 +0200 Subject: make IPC return URL configurable for debug purposes --- .../at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java | 2 ++ .../moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java index 10a95501b..9fcb3aa58 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -24,6 +24,8 @@ public class Constants { public static final String CONFIG_PROP_FORCE_EID_ENCRYPTION = CONFIG_PROP_PREFIX + ".security.eID.encryption.required"; public static final String CONFIG_PROP_FORCE_EID_SIGNED_RESULT = CONFIG_PROP_PREFIX + ".security.eID.signed.result.required"; + public static final String CONFIG_PROP_IPC_RETURN_URL = CONFIG_PROP_PREFIX + ".ipc.return.url"; + public static final String PENDING_REQ_STORAGE_PREFIX = "SL20_AUTH_"; /** diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 03db52695..d35d113f9 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -243,7 +243,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { JsonObject callCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_CALL, callReqParams); //build first redirect command for app - JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters("", + JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( + authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL), callCommand, null, true); JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); -- cgit v1.2.3 From ac21c6be50070c34dd20abe07e0f95ff33751804 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Jun 2018 11:22:25 +0200 Subject: refactor user whitelist to allow list updates without restarting the IDP --- .../internal/tasks/UserRestrictionTask.java | 2 +- .../id/config/auth/data/UserWhitelistStore.java | 27 +++++++++++++++++++++- 2 files changed, 27 insertions(+), 2 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java index 4853a5ab6..5d0580464 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/UserRestrictionTask.java @@ -58,7 +58,7 @@ public class UserRestrictionTask extends AbstractAuthServletTask { //check if user's bPK is whitelisted - if (!whitelist.isUserbPKInWhitelist(pseudonym.getFirst())) { + if (!whitelist.isUserbPKInWhitelistDynamic(pseudonym.getFirst())) { Logger.info("User's bPK is not whitelisted. Authentication process stops ..."); Logger.trace("User's bPK: " + pseudonym.getFirst()); throw new MOAIDException("auth.35", null); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java index a300739b3..71bd0f3c0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java @@ -30,6 +30,7 @@ public class UserWhitelistStore { @Autowired(required=true) AuthConfiguration authConfig; private List whitelist = new ArrayList(); + private String absWhiteListUrl = null; @PostConstruct private void initialize() { @@ -38,7 +39,7 @@ public class UserWhitelistStore { Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file."); else { - String absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir()); + absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir()); try { InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); String whiteListString = IOUtils.toString(new InputStreamReader(is)); @@ -70,4 +71,28 @@ public class UserWhitelistStore { return whitelist.contains(bPK); } + + public boolean isUserbPKInWhitelistDynamic(String bPK) { + try { + if (absWhiteListUrl != null) { + InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); + String whiteListString = IOUtils.toString(new InputStreamReader(is)); + if (whiteListString != null && whiteListString.contains(bPK)) { + Logger.trace("Find user with dynamic whitelist check"); + return true; + + } else { + Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... "); + return isUserbPKInWhitelist(bPK); + } + + } + } catch (Exception e) { + Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e); + + } + + return isUserbPKInWhitelist(bPK); + } + } -- cgit v1.2.3 From 2376b4247adab09ad5e6991ba2a1511a8683bda7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Jun 2018 11:22:42 +0200 Subject: some small update --- .../sl20/verifier/QualifiedeIDVerifier.java | 10 ++----- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 3 +- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 34 ++++++++++++++++++---- .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 8 +++-- .../modules/sl20_auth/EIDDataVerifier_OwnTest.java | 5 +++- .../src/test/resources/tests/eIDdata_atrust.json | 6 ++-- 6 files changed, 45 insertions(+), 21 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index 0c93e7886..a437e3411 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -7,7 +7,6 @@ import java.util.List; import org.jaxen.SimpleNamespaceContext; import org.opensaml.Configuration; -import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.core.Assertion; import org.opensaml.xml.XMLObject; import org.opensaml.xml.io.Unmarshaller; @@ -154,12 +153,7 @@ public class QualifiedeIDVerifier { //parse authBlock into SAML2 Assertion byte[] authBlockBytes = Base64Utils.decode(authblockB64, false); Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authBlockBytes)); - - //A-Trust workarounda -// Element authBlockDOM = DOMUtils.parseXmlValidating(new ByteArrayInputStream(authblockB64.getBytes())); -// Element authBlockDOM = DOMUtils.parseXmlNonValidating(new ByteArrayInputStream(authblockB64.getBytes())); - DefaultBootstrap.bootstrap(); UnmarshallerFactory unmarshallerFactory = Configuration.getUnmarshallerFactory(); Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDOM); XMLObject samlAssertion = unmarshaller.unmarshall(authBlockDOM); @@ -231,8 +225,10 @@ public class QualifiedeIDVerifier { + " NotBefore:" + notBefore.toString() + " NotOrNotAfter:" + notOrNotAfter.toString()); - if (signingDate.after(notBefore) && signingDate.before(notOrNotAfter)) + if ((signingDate.after(notBefore) || signingDate.equals(notBefore)) + && signingDate.before(notOrNotAfter)) Logger.debug("Signing date validation successfull"); + else { Logger.info("AuthBlock signing date does NOT match to AuthBlock constrains"); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index c425ca0a7..b87d614c5 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -102,8 +102,7 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { ); //String qualeIDReqId = UUID.randomUUID().toString(); - //TODO: work-Around for A-trust - String qualeIDReqId = SAML2Utils.getSecureIdentifier().substring(0, 12); + String qualeIDReqId = SAML2Utils.getSecureIdentifier(); String signedQualeIDCommand = SL20JSONBuilderUtils.createSignedCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_QUALIFIEDEID, qualeIDCommandParams, joseTools); JsonObject sl20Req = SL20JSONBuilderUtils.createGenericRequest(qualeIDReqId, null, null, signedQualeIDCommand); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index d35d113f9..bb66f452a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -61,13 +61,11 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { sl20Result = reqParams.get(SL20Constants.PARAM_SL20_REQ_COMMAND_PARAM); if (MiscUtil.isEmpty(sl20Result)) { - - //TODO: remove //Workaround for SIC Handy-Signature, because it sends result in InputStream - String test = StreamUtils.readStream(request.getInputStream(), "UTF-8"); - if (MiscUtil.isNotEmpty(test)) { + String isReqInput = StreamUtils.readStream(request.getInputStream(), "UTF-8"); + if (MiscUtil.isNotEmpty(isReqInput)) { Logger.info("Use SIC Handy-Signature work-around!"); - sl20Result = test.substring("slcommand=".length()); + sl20Result = isReqInput.substring("slcommand=".length()); } else { Logger.info("NO SL2.0 commando or result FOUND."); @@ -244,7 +242,7 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { //build first redirect command for app JsonObject redirectOneParams = SL20JSONBuilderUtils.createRedirectCommandParameters( - authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL), + generateICPRedirectURLForDebugging(), callCommand, null, true); JsonObject redirectOneCommand = SL20JSONBuilderUtils.createCommand(SL20Constants.SL20_COMMAND_IDENTIFIER_REDIRECT, redirectOneParams); @@ -285,6 +283,30 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { } } + /** + * Generates a IPC redirect URL that is configured on IDP side + * + * @return IPC ReturnURL, or null if no URL is configured + */ + private String generateICPRedirectURLForDebugging() { + final String PATTERN_PENDING_REQ_ID = "#PENDINGREQID#"; + + String ipcRedirectURLConfig = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_IPC_RETURN_URL); + if (MiscUtil.isNotEmpty(ipcRedirectURLConfig)) { + if (ipcRedirectURLConfig.contains(PATTERN_PENDING_REQ_ID)) { + Logger.trace("Find 'pendingReqId' pattern in IPC redirect URL. Update url ... "); + ipcRedirectURLConfig = ipcRedirectURLConfig.replaceAll( + "#PENDINGREQID#", + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingReq.getRequestID()); + + } + + return ipcRedirectURLConfig; + } + + return null; + + } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index 49c11ea05..c3c10dd16 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -6,6 +6,8 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; import org.junit.runner.RunWith; +import org.opensaml.DefaultBootstrap; +import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -20,7 +22,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Before - public void init() throws SLCommandoParserException, IOException { + public void init() throws SLCommandoParserException, IOException, ConfigurationException { String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); JsonParser jsonParser = new JsonParser(); JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); @@ -32,11 +34,13 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); if (eIDData == null || eIDData.isEmpty()) throw new SLCommandoParserException("Can not load eID data"); + + DefaultBootstrap.bootstrap(); } @Override protected String getSl20ReqId() { - return "_28ab8536d068a153e1a"; + return "_ae0f0cbf2997125832e80b3a0082848a"; } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java index 65460439e..e56d5834a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -6,6 +6,8 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; import org.junit.runner.RunWith; +import org.opensaml.DefaultBootstrap; +import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -21,7 +23,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { @Before - public void init() throws SLCommandoParserException, IOException { + public void init() throws SLCommandoParserException, IOException, ConfigurationException { String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json"))); JsonParser jsonParser = new JsonParser(); JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject(); @@ -31,6 +33,7 @@ public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { if (eIDData == null || eIDData.isEmpty()) throw new SLCommandoParserException("Can not load eID data"); + DefaultBootstrap.bootstrap(); } @Override diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json index 09190574d..141bd6741 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -1,14 +1,14 @@ { "v": 10, - "respID": "Cl6uQjZlOWFjUEbtyXb0", - "inResponseTo": "_28ab8536d068a153e1a", + "respID": "kYZ6Mj143nTk7HSzVHxG", + "inResponseTo": "_ae0f0cbf2997125832e80b3a0082848a", "payload": { "name": "qualifiedeID", "result": { "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", "EID-CITIZEN-QAA-LEVEL": "substantial", "EID-CCS-URL": "https://www.a-trust.at/todo", - "EID-AUTH-BLOCK": "https://www.a-trust.at/todohttps://demo.egiz.gv.at/demoportal_moaid-2.0/sl20/dataUrl?pendingid=862482318004000902Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
\n\t\t\t\t\t\t\t\t\t\t\tVollmachten-Referenz:
DataURL:
AuthBlockValidTo:
9YAYcxkIWv1Zzdhli5Mjk6Nz8ZJjVQTxU/u71fF5StA=F7ye8qqVpognWOY8JAZVHk7X+AzH/5OStZWYSSbKgH4=WVqZ8I9HaPIerCh1DIh6FnNQODSmWkxSecxTrcSL79ooWPYRB8DPbNoMT39rT+eRgYPjcAxjiNegbo0+lE51ZauWNr3jq2USaVY3nBpnmVDfBlnkFMdovaVVJPyegtGTYMMeN3+EQaZRSy13bvJS1U36bFUgv2i8KeXdftFzxeNheJqyXvrGzvmVuJV4dB8fOUm2VXgKepvelpRQZ+U6Jpyq1yVE9gz4frqVLetdUSGQhKJ0VRgYVVqa4FQ+YpyFgWwJQF/lOuUWli0jZ73HC7rIuVZ5Y0LEqaB+GUwthQk4qM3BsIfxPAxeh7a1Z915h0Ilzjkbk9kwt5Z2yZ8qXQ==MIIF1jCCBL6gAwIBAgIEfgS3/TANBgkqhkiG9w0BAQsFADCBoTELMAkGA1UEBgwCQVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVByZW1pdW0tVGVzdC1TaWctMDIxIzAhBgNVBAMMGmEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyMB4XDTE4MDUzMDA4MzIyOVoXDTIzMDUzMDA4MzIyOVowYDELMAkGA1UEBgwCQVQxFzAVBgNVBAMMDk1heCBNdXN0ZXJtYW5uMRMwEQYDVQQEDApNdXN0ZXJtYW5uMQwwCgYDVQQqDANNYXgxFTATBgNVBAUMDDUxNzY2MDcxODk5MzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNGYXRmvAx9CJmzVO4uKreJhpwTwHi/fQhnX3QfB1VzQeYMMHi3GfVzEmAaD6hrVI84cyqLBQstyo5RxJM9Lf6z84TU3ZVdkOwBVxXjoe98Do+Oxj7zolO+6Qde2a2fMjZpiDNdkEPdUrQ2lRRPpBqjyHBHb23zsZ1PIXIpMl6nmsVVFs9ZlljbaMi9l56ZFOARVAbueYfSpF0wD66U5QC3/fw9SY31aDZo5aSmMcwqwCWvCc/Ef5evuEhO2sO7X55N2EMtaVH+X382Hcrzyn6lNEzBCf+4vZjQ6gX1KalwBI9LniaBJOD/4pHfUb51CJUhLu9Rt/rkyJyKWYu7z6MCAwEAAaOCAlQwggJQMIGDBggrBgEFBQcBAQR3MHUwRQYIKwYBBQUHMAKGOWh0dHA6Ly93d3cuYS10cnVzdC5hdC9jZXJ0cy9hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDNhLmNydDAsBggrBgEFBQcwAYYgaHR0cDovL29jc3AtdGVzdC5hLXRydXN0LmF0L29jc3AwEwYDVR0jBAwwCoAIRgafjkGOFb0wcgYIKwYBBQUHAQMEZjBkMAoGCCsGAQUFBwsCMAgGBgQAjkYBATAIBgYEAI5GAQQwEwYGBACORgEGMAkGBwQAjkYBBgEwLQYGBACORgEFMCMwIRYbaHR0cHM6Ly93d3cuYS10cnVzdC5hdC9wZHMvEwJFTjARBgNVHQ4ECgQIQWyS5dXk/tYwDgYDVR0PAQH/BAQDAgbAMAkGA1UdEwQCMAAwYAYDVR0gBFkwVzAIBgYEAIswAQEwSwYGKigAEQEUMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cuYS10cnVzdC5hdC9kb2NzL2NwL2Etc2lnbi1wcmVtaXVtLW1vYmlsZTCBrgYDVR0fBIGmMIGjMIGgoIGdoIGahoGXbGRhcDovL2xkYXAtdGVzdC5hLXRydXN0LmF0L291PWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyIChTSEEtMjU2KSxvPUEtVHJ1c3QsYz1BVD9jZXJ0aWZpY2F0ZXJldm9jYXRpb25saXN0P2Jhc2U/b2JqZWN0Y2xhc3M9ZWlkQ2VydGlmaWNhdGlvbkF1dGhvcml0eTANBgkqhkiG9w0BAQsFAAOCAQEAyEmgODt02xaxHb4E+O9XgImEC0AoH4Q97Pq7Bd4v+Pqqd6i5RodvwfTgIaW1J+fvH8KUTzI0XX9wpUWwImVEGMH63VAJcXVH0y9ifEWIHdhOLtRYVif0SQK9YRachvJDmF5hLwAQREeGsX2iNmP7dYe4xiNKAtQn0phvlPqgha6oKDGMQ8FNAfRz3kAtXJwPbFg6QE4kIhkTgd32uOiAJW7G2TaJZXWfK9TpV5LQ13+11FJ2S3KQc8ub/+1GdgirKSW4J1zhsfT+WCr/OayU2MzQXKv8OWb0SxWIJHiMTexH7r9muGk/ZLkaQQV2CtSOYqTAN8AweCiJ11uVFHeLpQ==2018-06-04T15:20:13Z6aTkha/Y9xYS4bQMZbwIX8TFsD2CezdhuqHpTtCI3f0=CN=a-sign-Premium-Test-Sig-02,OU=a-sign-Premium-Test-Sig-02,O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH,C=AT2114238461application/xhtml+xml2.1MustermannMax1940-01-01labda - Developmenthttps://labda.iaik.tugraz.at:5553/demologin/AT" + "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il9hZTBmMGNiZjI5OTcxMjU4MzJlODBiM2EwMDgyODQ4YSIgSXNzdWVJbnN0YW50PSIyMDE4LTA2LTA2VDA5OjIzOjQzKzAyOjAwIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvPC9zYW1sMjpJc3N1ZXI+PHNhbWwyOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE4LTA2LTA2VDA5OjIzOjQzKzAyOjAwIiBOb3RPbk9yQWZ0ZXI9IjIwMTgtMDYtMDZUMDk6Mzg6NDMrMDI6MDAiPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwczovL2VpZC5ndi5hdC9tb2EtaWQtYXV0aC9zbDIwL2RhdGFVcmw/cGVuZGluZ2lkPTU3NTg5NzU3OTA5MTc5NjMyMjU8L3NhbWwyOkF1ZGllbmNlPjwvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWwyOkNvbmRpdGlvbnM+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiIC8+PHhzbDp0ZW1wbGF0ZSBtYXRjaD0iLyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48aGVhZD48dGl0bGU+U2lnbmF0dXIgZGVyIEFubWVsZGVkYXRlbjwvdGl0bGU+PHN0eWxlIG1lZGlhPSJzY3JlZW4iIHR5cGU9InRleHQvY3NzIj4KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IAogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQoJCQkJCQkJCS50aXRsZXN0eWxlIHsgdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTsgZm9udC13ZWlnaHQ6Ym9sZDsgZm9udC1zaXplOiBtZWRpdW07IH0gCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IAogICAgICAgICAgICAgIAkJCQk8L3N0eWxlPjwvaGVhZD48Ym9keT48aDQgY2xhc3M9Img0c3R5bGUiPkFubWVsZGVkYXRlbjo8L2g0PjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgUGVyc29uPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9ybmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiIC8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvbGxtYWNodDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnRleHQ+SWNoIG1lbGRlIG1pY2ggaW4gVmVydHJldHVuZyBhbi4gSW0gbsOkY2hzdGVuIFNjaHJpdHQgd2lyZCBtaXIgZWluZSBMaXN0ZSBkZXIgZsO8ciBtaWNoIHZlcmbDvGdiYXJlbiBWZXJ0cmV0dW5nc3ZlcmjDpGx0bmlzc2UgYW5nZXplaWd0LCBhdXMgZGVuZW4gaWNoIGVpbmVzIGF1c3fDpGhsZW4gd2VyZGUuPC94c2w6dGV4dD48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIEFud2VuZHVuZzwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5JZGVudGlmaWthdG9yOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5UZWNobmlzY2hlIFBhcmFtZXRlcjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXR1bTo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDksMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiIC8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5VaHJ6ZWl0OjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMTIsMikiIC8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIiAvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIgLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlRyYW5zYWt0aW9uc1Rva2tlbjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9ASUQiIC8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIiAvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiIC8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpzdHlsZXNoZWV0PjwvZHNpZzpUcmFuc2Zvcm0+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIiAvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48ZHNpZzpEaWdlc3RWYWx1ZT4vdExReXEvU2dkTGZEUEk4MG9yRytxbEJWQTQ1c1JQZTZySnZHY0x0NWxnPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjZXRzaS1zaWduZWRwcm9wZXJ0aWVzLTEtMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjA2cUtPVkJqRWdVTk1XV3RTMis2WG1VWXBGV3NUT0o0V3pkMDNISlpTeW89PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWUgSWQ9InNpZ25hdHVyZXZhbHVlLTEtMSI+WW5zV01EY01wWExMR3dCb0tpYW45WHpZUWdiamordVVtSkNIRjZWVVZybGpNejlUeC9yeWpnNkNVaklMNjVGb0JQNHU0Zmc3a1JPRDFEeWlGYUtwMUVhaWxLQWtpWlE4WWJtRlNnZW1mNkdENUl6QklZblI1VlMxM1J4ZVMxRDdVUXhEU3c1TkpKaHdXelpFZFFRMnFyaUdsUW5sdUpBNlpuRmk2WFpHUXpUYmd1SFd3b3ZwT05UZ1BYaEJkcG9rb2VnZUkvS3dDNU9WTWt2dnNrVXRXSDZTaUlDRWVGclBpY054dGh3Ym4wZHA0ak1DNEI5TE5aZGRnQ0picUNkelIvNlF6YXBqWmQwYUVKNThWVncvQW5xa2dUL1krRmUwNkVUQXMwZ3FuL3M5dWJ3N0RmMGJqS3NrUE5xU3ZKc0EvWDN2Szk3U3FPeStNNWhvL25KTHpnPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRjFqQ0NCTDZnQXdJQkFnSUVmZ1MzL1RBTkJna3Foa2lHOXcwQkFRc0ZBRENCb1RFTE1Ba0dBMVVFQmd3Q1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVqTUNFR0ExVUVDd3dhWVMxemFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNREl4SXpBaEJnTlZCQU1NR21FdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TUI0WERURTRNRFV6TURBNE16SXlPVm9YRFRJek1EVXpNREE0TXpJeU9Wb3dZREVMTUFrR0ExVUVCZ3dDUVZReEZ6QVZCZ05WQkFNTURrMWhlQ0JOZFhOMFpYSnRZVzV1TVJNd0VRWURWUVFFREFwTmRYTjBaWEp0WVc1dU1Rd3dDZ1lEVlFRcURBTk5ZWGd4RlRBVEJnTlZCQVVNRERVeE56WTJNRGN4T0RrNU16Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxOR1lYUm12QXg5Q0ptelZPNHVLcmVKaHB3VHdIaS9mUWhuWDNRZkIxVnpRZVlNTUhpM0dmVnpFbUFhRDZoclZJODRjeXFMQlFzdHlvNVJ4Sk05TGY2ejg0VFUzWlZka093QlZ4WGpvZTk4RG8rT3hqN3pvbE8rNlFkZTJhMmZNalpwaUROZGtFUGRVclEybFJSUHBCcWp5SEJIYjIzenNaMVBJWElwTWw2bm1zVlZGczlabGxqYmFNaTlsNTZaRk9BUlZBYnVlWWZTcEYwd0Q2NlU1UUMzL2Z3OVNZMzFhRFpvNWFTbU1jd3F3Q1d2Q2MvRWY1ZXZ1RWhPMnNPN1g1NU4yRU10YVZIK1gzODJIY3J6eW42bE5FekJDZis0dlpqUTZnWDFLYWx3Qkk5TG5pYUJKT0QvNHBIZlViNTFDSlVoTHU5UnQvcmt5SnlLV1l1N3o2TUNBd0VBQWFPQ0FsUXdnZ0pRTUlHREJnZ3JCZ0VGQlFjQkFRUjNNSFV3UlFZSUt3WUJCUVVITUFLR09XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlqWlhKMGN5OWhMWE5wWjI0dGNISmxiV2wxYlMxdGIySnBiR1V0TUROaExtTnlkREFzQmdnckJnRUZCUWN3QVlZZ2FIUjBjRG92TDI5amMzQXRkR1Z6ZEM1aExYUnlkWE4wTG1GMEwyOWpjM0F3RXdZRFZSMGpCQXd3Q29BSVJnYWZqa0dPRmIwd2NnWUlLd1lCQlFVSEFRTUVaakJrTUFvR0NDc0dBUVVGQndzQ01BZ0dCZ1FBamtZQkFUQUlCZ1lFQUk1R0FRUXdFd1lHQkFDT1JnRUdNQWtHQndRQWprWUJCZ0V3TFFZR0JBQ09SZ0VGTUNNd0lSWWJhSFIwY0hNNkx5OTNkM2N1WVMxMGNuVnpkQzVoZEM5d1pITXZFd0pGVGpBUkJnTlZIUTRFQ2dRSVFXeVM1ZFhrL3RZd0RnWURWUjBQQVFIL0JBUURBZ2JBTUFrR0ExVWRFd1FDTUFBd1lBWURWUjBnQkZrd1Z6QUlCZ1lFQUlzd0FRRXdTd1lHS2lnQUVRRVVNRUV3UHdZSUt3WUJCUVVIQWdFV00yaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrYjJOekwyTndMMkV0YzJsbmJpMXdjbVZ0YVhWdExXMXZZbWxzWlRDQnJnWURWUjBmQklHbU1JR2pNSUdnb0lHZG9JR2Fob0dYYkdSaGNEb3ZMMnhrWVhBdGRHVnpkQzVoTFhSeWRYTjBMbUYwTDI5MVBXRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXRVMmxuTFRBeUlDaFRTRUV0TWpVMktTeHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wUDJKaGMyVS9iMkpxWldOMFkyeGhjM005Wldsa1EyVnlkR2xtYVdOaGRHbHZia0YxZEdodmNtbDBlVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBeUVtZ09EdDAyeGF4SGI0RStPOVhnSW1FQzBBb0g0UTk3UHE3QmQ0ditQcXFkNmk1Um9kdndmVGdJYVcxSitmdkg4S1VUekkwWFg5d3BVV3dJbVZFR01INjNWQUpjWFZIMHk5aWZFV0lIZGhPTHRSWVZpZjBTUUs5WVJhY2h2SkRtRjVoTHdBUVJFZUdzWDJpTm1QN2RZZTR4aU5LQXRRbjBwaHZsUHFnaGE2b0tER01ROEZOQWZSejNrQXRYSndQYkZnNlFFNGtJaGtUZ2QzMnVPaUFKVzdHMlRhSlpYV2ZLOVRwVjVMUTEzKzExRkoyUzNLUWM4dWIvKzFHZGdpcktTVzRKMXpoc2ZUK1dDci9PYXlVMk16UVhLdjhPV2IwU3hXSUpIaU1UZXhIN3I5bXVHay9aTGthUVFWMkN0U09ZcVRBTjhBd2VDaUoxMXVWRkhlTHBRPT08L2RzaWc6WDUwOUNlcnRpZmljYXRlPjwvZHNpZzpYNTA5RGF0YT48L2RzaWc6S2V5SW5mbz48ZHNpZzpPYmplY3QgSWQ9ImV0c2ktc2lnbmVkLTEtMSI+PGV0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMgeG1sbnM6ZXRzaT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNzaWduYXR1cmUtMS0xIj48ZXRzaTpTaWduZWRQcm9wZXJ0aWVzIElkPSJldHNpLXNpZ25lZHByb3BlcnRpZXMtMS0xIj48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDZUMDc6MjM6NDNaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjZhVGtoYS9ZOXhZUzRiUU1aYndJWDhURnNEMkNlemRodXFIcFR0Q0kzZjA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPVT1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPPUEtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSCxDPUFUPC9kc2lnOlg1MDlJc3N1ZXJOYW1lPjxkc2lnOlg1MDlTZXJpYWxOdW1iZXI+MjExNDIzODQ2MTwvZHNpZzpYNTA5U2VyaWFsTnVtYmVyPjwvZXRzaTpJc3N1ZXJTZXJpYWw+PC9ldHNpOkNlcnQ+PC9ldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjxldHNpOlNpZ25hdHVyZVBvbGljeUltcGxpZWQgLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT48c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQVlAtVkVSU0lPTiIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Mi4xPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iUFJJTkNJUEFMLU5BTUUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjIwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPk11c3Rlcm1hbm48L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIuNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPk1heDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkJJUlRIREFURSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4xOTQwLTAxLTAxPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLVVuaXF1ZUlkIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlclVuaXF1ZUlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vbGFiZGEuaWFpay50dWdyYXouYXQ6NTU1My9kZW1vbG9naW4vPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUZyaWVuZGx5TmFtZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+bGFiZGEgLSBEZXZlbG9wbWVudDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5BVDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+" } } } \ No newline at end of file -- cgit v1.2.3 From ad02267b4f5c7e21cc929dd3d322771da087b0db Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Jun 2018 14:13:38 +0200 Subject: return checkcode false if no whitelist was loaded --- .../moa/id/config/auth/data/UserWhitelistStore.java | 7 +++++-- .../77B99BB2BD7522E17EC099EA7177516F27787CAD | Bin 0 -> 1279 bytes .../3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 | Bin 0 -> 914 bytes .../BD78039E45BA4E4B13ADECC58124520ACE83B6A7 | Bin 0 -> 1614 bytes .../9766A5ED03482991DA91BB763ECDCD9417394100 | Bin 0 -> 1169 bytes .../BB97947C31BBF3364A2909F9876DBD3B87B5B62A | Bin 0 -> 1169 bytes .../B1D0BC027906A3B7E7518C93ACB26D978233ED27 | Bin 0 -> 1171 bytes .../65EF37033859C2F709A64086D3A5BD1B8F1A85A4 | Bin 0 -> 1045 bytes .../7AC3EFA52DE27A930EC8754DB5E061476948E914 | Bin 0 -> 1028 bytes .../F306AACF386136CD5683F89B31904295F89313DE | Bin 0 -> 1029 bytes .../D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D | Bin 0 -> 914 bytes .../F5F2456D79490C268569970E900C68FD1C7DC8E5 | Bin 0 -> 1264 bytes .../07976A2A16EC182670161B46886B05E1FEAC16B1 | Bin 0 -> 1209 bytes .../23E594945195F2414803B4D564D2A3A3F5D88B8C | Bin 0 -> 791 bytes .../59AF82799186C7B47507CBCF035746EB04DDB716 | Bin 0 -> 1486 bytes .../2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E | Bin 0 -> 1506 bytes .../EAB040689A0D805B5D6FD654FC168CFF00B78BE3 | Bin 0 -> 1403 bytes .../42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA | Bin 0 -> 975 bytes .../51C01567BCB22968EF5A297B7EA84E195594E0E8 | Bin 0 -> 975 bytes .../02A0E6456442E35198532ACFFB6FEE3B606D9FA3 | Bin 0 -> 1366 bytes .../51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 | Bin 0 -> 1130 bytes .../CABD2A79A1076A31F21D253635CB039D4329A5E8 | Bin 0 -> 1391 bytes .../8AB0A3519AFA7F3C04074522678BAA1CB3DC734F | Bin 0 -> 930 bytes .../DF47B3040E7632614464BD2EC4ECD1B8030F53E3 | Bin 0 -> 933 bytes .../E117479B4A41D7F3223FCAE50560B0D57B22217D | Bin 0 -> 997 bytes .../14815586D6258BCE1E908346C9186146C812358E | Bin 0 -> 1465 bytes .../5F06F65C714047E3B282AEC427C35AB703E49D8E | Bin 0 -> 1169 bytes .../D45360060761812D33DE294EAC1573F6DE12A208 | Bin 0 -> 1169 bytes .../9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C | Bin 0 -> 997 bytes .../9F0E0FBB25F66FF88C8E033EFF358923C84A2926 | Bin 0 -> 930 bytes .../C87D1855227D995C332C4C9072A2E2053F2CC623 | Bin 0 -> 1028 bytes .../9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 | Bin 0 -> 1151 bytes .../474BC41135FB88BF58B5A8D976A1D5583378D85E | Bin 0 -> 1133 bytes .../6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 | Bin 0 -> 1171 bytes .../2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 | Bin 0 -> 1485 bytes .../1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 | Bin 0 -> 1176 bytes .../341EA32E448659125A67DD04177FD17468FCFCB1 | Bin 0 -> 1366 bytes .../38525C7140D285040E02DD2A7F3C7DBA21042E01 | Bin 0 -> 1533 bytes .../35202B14F69409EAA51CD8AB547AC0CD5E993F3F | Bin 0 -> 1053 bytes .../620127A8E5886A4805403977C3EF7D5EAF881526 | Bin 0 -> 870 bytes .../FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 | Bin 0 -> 1141 bytes .../0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 | Bin 0 -> 1058 bytes .../20CAECDCA766243AAD6FA1327618FC81BA65DC0F | Bin 0 -> 1057 bytes .../96D5D179016A5A6546973BA63733617EE1F1540D | Bin 0 -> 1058 bytes .../CF236CF66379EA506F967D21F0E25E87529D9687 | Bin 0 -> 1058 bytes .../FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 | Bin 0 -> 1057 bytes .../2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA | Bin 0 -> 1103 bytes .../A9D28607928FA8615E2615CC9D71B535C5D0D419 | Bin 0 -> 734 bytes .../5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | Bin 0 -> 969 bytes .../7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E | Bin 0 -> 1159 bytes .../A79681CBDD69EC741214136F128923A574E26F03 | Bin 0 -> 1159 bytes .../A78AABDE7F5B771540D333B505874C8204AAD206 | Bin 0 -> 1252 bytes .../FDC348410699803DE7D8276813BC2232EA99A878 | Bin 0 -> 835 bytes .../6DCD5118D1542E6C205C580775C5420B7509506B | Bin 0 -> 1076 bytes .../84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E | Bin 0 -> 1747 bytes .../C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E | Bin 0 -> 1298 bytes .../35A40EF932B1F23980E2C672FC939E91EEBD0317 | Bin 0 -> 1262 bytes .../9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 | Bin 0 -> 1049 bytes .../60B7181FD8BCA00B84961BF31DB08C50376CCF44 | Bin 0 -> 1068 bytes .../74801529B4E8E5764FFC4D8E6577E1F84E8101CE | Bin 0 -> 1067 bytes .../7B7B60B748C82B34EE71A3CEA729C477083F0BDA | Bin 0 -> 1068 bytes .../EBB80BE34C78814AE659BBA3A2394E4D9857123D | Bin 0 -> 1068 bytes .../D4D1370FD1D9EAA46412008FF3E59E114BCF724A | Bin 0 -> 1111 bytes .../DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A | Bin 0 -> 1110 bytes .../E619D25B380B7B13FDA33E8A58CD82D8A88E0515 | Bin 0 -> 1111 bytes .../F825578F8F5484DFB40F81867C392D6CB0012B92 | Bin 0 -> 1110 bytes .../0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F | Bin 0 -> 861 bytes .../51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE | Bin 0 -> 865 bytes .../7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 | Bin 0 -> 864 bytes .../9E0512DD61DA5949D1D8631C3F19D75F496C3733 | Bin 0 -> 864 bytes .../E6E6FC88719177C9B7421825757C5E47BCAC85F6 | Bin 0 -> 860 bytes .../53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 | Bin 0 -> 1546 bytes .../7F95509243C231A6B1ABCFC661B6B818DB33622C | Bin 0 -> 893 bytes .../F3AE9FEA4DECEE5330770A2520BD86909929E7BE | Bin 0 -> 758 bytes .../4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 | Bin 0 -> 984 bytes .../7A2CFA69FCA284D4627012A7A55662594C803B2A | Bin 0 -> 901 bytes .../ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B | Bin 0 -> 901 bytes .../0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 | Bin 0 -> 704 bytes .../2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D | Bin 0 -> 820 bytes .../A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 | Bin 0 -> 1199 bytes .../D1474E7D99512D05B98DD37B3FE86496A03D088D | Bin 0 -> 922 bytes .../3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F | Bin 0 -> 1997 bytes .../A3F1333FE242BFCFC5D14E8F394298406810D1A0 | Bin 0 -> 1931 bytes .../6814C7316CEA7191C9CB3BE58199B4A957210D9C | Bin 0 -> 704 bytes .../5AD9C840579905D085AAB60F9F5341463C5379A9 | Bin 0 -> 1959 bytes .../A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 | Bin 0 -> 1416 bytes .../C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 | Bin 0 -> 1385 bytes .../EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 | Bin 0 -> 1867 bytes .../3B8484BF1370941BF03F206B5C4958DA4E1559BB | Bin 0 -> 1065 bytes .../6DD653FB8FE2614249924274043E834664EBE980 | Bin 0 -> 1065 bytes .../C0EF3E7A54B4C501295F77974B1995E36B25C92B | Bin 0 -> 1066 bytes .../D29172D3F501A2D7A47F702633044F519A3A5F0B | Bin 0 -> 1066 bytes .../698563ECEE29232C5304487D972310F86650C3A6 | Bin 0 -> 1185 bytes .../1B23675354FCAD90119D88075015EA17ADD527D8 | Bin 0 -> 1425 bytes .../E6A3B45B062D509B3382282D196EFE97D5956CCB | Bin 0 -> 1174 bytes .../66AB66128A44574873E54E6584E450C4EB3B9A1E | Bin 0 -> 1170 bytes .../844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA | Bin 0 -> 1159 bytes .../B38C775A18C1195D01658D75FBDA3258B6DF018B | Bin 0 -> 1159 bytes .../FF406B3E55758E87A206FE2A1EE0C4D5A4575799 | Bin 0 -> 1505 bytes .../1382793A9F360E06D39CA9914912348C63F86357 | Bin 0 -> 1127 bytes .../28C0A6867A1E09715D9F502861B9911F054A0918 | Bin 0 -> 1127 bytes .../4AAE02BB85EB8CED9617662436A47AA2197B01D6 | Bin 0 -> 1127 bytes .../576F2022AF817412D8425AC8AAFF3CA033A422F1 | Bin 0 -> 1127 bytes .../5DD2591009E008D8E5507F2E297E81B501D5D120 | Bin 0 -> 1127 bytes .../82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 | Bin 0 -> 1127 bytes .../87215C2D5EF094F894DFBD418D4D311608DEB3CE | Bin 0 -> 1127 bytes .../95A0D456DABFA76AD295723C03582EF63B6F6D0A | Bin 0 -> 1127 bytes .../CBEEDBBC939A98E4742D7BC8749538C51C0672D1 | Bin 0 -> 1127 bytes .../D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD | Bin 0 -> 1127 bytes .../F3D8DAC954B27BE3065512A709EC0C28FE7E4099 | Bin 0 -> 1127 bytes .../E1201A308CC10323C27D9084B048996E44B8F710 | Bin 0 -> 806 bytes .../C23FC1895966021249B35412C0C8C56D107732DE | Bin 0 -> 1563 bytes .../0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 | Bin 0 -> 1501 bytes .../A536E6A90420437E645CBFC56AD2D79D758FB112 | Bin 0 -> 1605 bytes .../386C1663C6390BC288DC171522439210AF361958 | Bin 0 -> 1000 bytes .../6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B | Bin 0 -> 1159 bytes .../18585FC53A283488E4BA84867980E9B1F2B28ADA | Bin 0 -> 1313 bytes .../27337257493B86B9BFF78D569F938D692A430EAE | Bin 0 -> 1218 bytes .../4832F0A28C3724A92F6CB3314F747D0E74FC7344 | Bin 0 -> 1217 bytes .../6352302A5072DBFB769D4FF4C70C86432C4C1683 | Bin 0 -> 1218 bytes .../EE886B907E31667D622677F665F25C54AF9A7F65 | Bin 0 -> 1218 bytes .../F86591A6D86718886A0234B8E54E21AAEA63E24B | Bin 0 -> 1586 bytes .../BECE82B2F908174E2379652769C6942AF1F0CC5E | Bin 0 -> 982 bytes .../342CD9D3062DA48C346965297F081EBC2EF68FDC | Bin 0 -> 2050 bytes .../ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 | Bin 0 -> 1067 bytes .../0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | Bin 0 -> 955 bytes .../69E7A6D2A78341041BF6816438CA9605A0FA356C | Bin 0 -> 1337 bytes .../B4B77C83465979E3679E3A33F972F48EE3730A18 | Bin 0 -> 924 bytes .../CAF84A42305615AC2C582F6412BDA3E36DAC3D25 | Bin 0 -> 786 bytes .../75F792DE2CF544007F470F1B924961C2BD2EF517 | Bin 0 -> 802 bytes .../88D6151358A5E3C81D7AE1A536121DC03011BC03 | Bin 0 -> 1205 bytes .../0B289953453127C40B22FA953D11F79E052C0580 | Bin 0 -> 1594 bytes .../30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 | Bin 0 -> 1546 bytes .../679A4F81FC705DDEC419778DD2EBD875F4C242C6 | Bin 0 -> 975 bytes .../82096E6D9B1248321625323D52858642CB0B748E | Bin 0 -> 975 bytes .../41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA | Bin 0 -> 1165 bytes .../79B21E2743A879AFF5403ECEA09EAC2084EF4799 | Bin 0 -> 1014 bytes .../4D523730501ADB80A76B0B473A4D21C7D86F8374 | Bin 0 -> 1167 bytes .../A21B7566A582DF7A1A85D7B799983C3C35551C14 | Bin 0 -> 1167 bytes .../C6658C25AFB8A9D738F2BC591775D167549FFD3A | Bin 0 -> 1264 bytes .../09B5043D20EE62D83E3FA151AA878ADED25923D7 | Bin 0 -> 1943 bytes .../08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 | Bin 0 -> 991 bytes .../A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 | Bin 0 -> 991 bytes .../BF648929E7DAABD8D97B3202F48D6C4A19C78F6C | Bin 0 -> 990 bytes .../A149EE01A250491C07D5A279D3B58A646288DA22 | Bin 0 -> 1185 bytes .../AD8ECBB67B9DC59406F92A296A38192297A4F169 | Bin 0 -> 1191 bytes .../6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A | Bin 0 -> 1256 bytes .../DAC9024F54D8F6DF94935FB1732638CA6AD77C13 | Bin 0 -> 846 bytes .../16D8270DE51B034E77B7CDAF1DEE623916243DDC | Bin 0 -> 1068 bytes .../3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 | Bin 0 -> 1068 bytes .../40B51EEF4E709FBD47935DDD83A1F640D0CC378A | Bin 0 -> 1067 bytes .../D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 | Bin 0 -> 1068 bytes .../1BB6C5E44421EBF317B9F3D9049C1E137716B186 | Bin 0 -> 1442 bytes .../8784ED81F5A22779EB0B081945FD151992557FBE | Bin 0 -> 1159 bytes .../88583DB03975127CB488CA7DDE303A1646CEA97B | Bin 0 -> 1159 bytes .../93AE07BC15B1AB17BB09E3C400387CE69DADDFCC | Bin 0 -> 1159 bytes .../45B43346251FDF9E95DCB7F36928785D46D63913 | Bin 0 -> 1136 bytes .../E33619C88426E4FE956041E6751ADDEC9C10F0BC | Bin 0 -> 1136 bytes .../7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 | Bin 0 -> 700 bytes 159 files changed, 5 insertions(+), 2 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java index 71bd0f3c0..38bcfa2af 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java @@ -67,8 +67,11 @@ public class UserWhitelistStore { * @param bPK * @return true if bPK is in whitelist, otherwise false */ - public boolean isUserbPKInWhitelist(String bPK) { - return whitelist.contains(bPK); + public boolean isUserbPKInWhitelist(String bPK) { + if (whitelist != null) + return whitelist.contains(bPK); + else + return false; } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD new file mode 100644 index 000000000..61bfd22bc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0093DFCE34BE9B7D2DFA538F99B87F01628FB56E/77B99BB2BD7522E17EC099EA7177516F27787CAD differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 new file mode 100644 index 000000000..55707d69f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/010668B5FE5E21258404415E8A2AA612FF395475/3A77E9B577661D99F9BBA5A352B29C7FF58A3D26 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 new file mode 100644 index 000000000..815f53d95 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/072489890DA490DF1A0DB3131BEBC01C782C78F6/BD78039E45BA4E4B13ADECC58124520ACE83B6A7 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 new file mode 100644 index 000000000..882753986 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/9766A5ED03482991DA91BB763ECDCD9417394100 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A new file mode 100644 index 000000000..f28aa4b8e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/08782E8B36A75353592960C7AC4C6C5ABBFD5A10/BB97947C31BBF3364A2909F9876DBD3B87B5B62A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 new file mode 100644 index 000000000..5171276f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/0E9B16850F431D57AB755A9D16B6D13CF13A1211/B1D0BC027906A3B7E7518C93ACB26D978233ED27 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 new file mode 100644 index 000000000..6e17b9db5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/15657D006A27CF21F1C84B8E91F51E6146F0E239/65EF37033859C2F709A64086D3A5BD1B8F1A85A4 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 new file mode 100644 index 000000000..911640d0e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/7AC3EFA52DE27A930EC8754DB5E061476948E914 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE new file mode 100644 index 000000000..1bb449441 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1655299D4A598F82CB3575FABD6DD0D5455D713C/F306AACF386136CD5683F89B31904295F89313DE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D new file mode 100644 index 000000000..807fa786c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/1B55160695CCF1E59A575E05F4A745FE3DE5AF9C/D62327E6B19B7968A8BE6588DEAB0BC0DB684D8D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 new file mode 100644 index 000000000..b2a1e145f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/233037A57636621C8A7F65D0A7B3CDC262744BCE/F5F2456D79490C268569970E900C68FD1C7DC8E5 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 new file mode 100644 index 000000000..22d64fb5f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/270199A7491897C3FC69A696A8283023CBB9020B/07976A2A16EC182670161B46886B05E1FEAC16B1 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C new file mode 100644 index 000000000..8588ce58a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A7DA613B9BC73D6B958373EA13D460B6185A9BE/23E594945195F2414803B4D564D2A3A3F5D88B8C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 new file mode 100644 index 000000000..7bbf658e9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2A93331C2D330B8F92E7148812963A47DE9B7F06/59AF82799186C7B47507CBCF035746EB04DDB716 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E new file mode 100644 index 000000000..2fa45b280 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 new file mode 100644 index 000000000..c79d3e6b0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2AAB830651D2962DD872DE727093652FF5364D73/EAB040689A0D805B5D6FD654FC168CFF00B78BE3 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA new file mode 100644 index 000000000..ab9e0cd7d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/42EFDDE6BFF35ED0BAE6ACDD204C50AE86C4F4FA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 new file mode 100644 index 000000000..01965769d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2B97D8E239757C4FF67BBE70FD8666EFED544940/51C01567BCB22968EF5A297B7EA84E195594E0E8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 new file mode 100644 index 000000000..5026d395f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2C5CA69DE83F4B1B9DCACD33FFE80AE099B84DBE/02A0E6456442E35198532ACFFB6FEE3B606D9FA3 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 new file mode 100644 index 000000000..9b2ee0fc6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/2CC91E4C7AC2ABB4994ECBB8E1F6A646523BAC66/51AC8CFF36818AA25498A293DF48EBCFFFF6D0B4 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 new file mode 100644 index 000000000..9d2132e7f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34E379A86B2F4F4F611D114EB3642D2BD9B82A7C/CABD2A79A1076A31F21D253635CB039D4329A5E8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F new file mode 100644 index 000000000..c34d0f380 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/8AB0A3519AFA7F3C04074522678BAA1CB3DC734F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 new file mode 100644 index 000000000..d894e92ca Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/DF47B3040E7632614464BD2EC4ECD1B8030F53E3 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D new file mode 100644 index 000000000..380486f65 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/34F7E086C7AABF7B10ECF7B5094AC22978B22173/E117479B4A41D7F3223FCAE50560B0D57B22217D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E new file mode 100644 index 000000000..0f0db03b3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/36869F166AEB02FA431D1D37F002C313C3D6839D/14815586D6258BCE1E908346C9186146C812358E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E new file mode 100644 index 000000000..39e377edf Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/5F06F65C714047E3B282AEC427C35AB703E49D8E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 new file mode 100644 index 000000000..0a1fcff85 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/37149755C7EB4404A0EAC77C9B1BB3BEF5061338/D45360060761812D33DE294EAC1573F6DE12A208 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C new file mode 100644 index 000000000..61d346a8f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9039DBD29DB8AD0F8E2015F05FCD40582CCCBE8C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 new file mode 100644 index 000000000..9ae7ffa0c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/9F0E0FBB25F66FF88C8E033EFF358923C84A2926 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 new file mode 100644 index 000000000..a68ae2db7 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/38000BA0F57660C10FA4F085337917C053D69AC3/C87D1855227D995C332C4C9072A2E2053F2CC623 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 new file mode 100644 index 000000000..28cb48bb0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3AFBA870639CDCE291E03BB778C1839AC4AE98F8/9FDCFE5A082FD69BF5D9E73C25FBE9EA1AC0ACF2 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E new file mode 100644 index 000000000..c9da41583 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/474BC41135FB88BF58B5A8D976A1D5583378D85E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 new file mode 100644 index 000000000..28fbdf42f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/3E19902F1E9C6C44D8347ED06A141825ED9B1E88/6B618820CE6A5EC0B5E63A9170335E5EA9F3BA01 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 new file mode 100644 index 000000000..b9a0e5a61 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/436B6D266E1295C868A0FD54205152A0DB70C533/2E66C9841181C08FB1DFABD4FF8D5CC72BE08F02 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 new file mode 100644 index 000000000..24d1795f5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/46FF51E4DE7D8DBA9DA2F1ED8516ABA87F98C185/1FB86B1168EC743154062E8C9CC5B171A4B7CCB4 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 new file mode 100644 index 000000000..6da18c620 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/48011680F11A9B83026CC042CB4F795AA564A34F/341EA32E448659125A67DD04177FD17468FCFCB1 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 new file mode 100644 index 000000000..3a274af3c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BF56B14AEF690B3E56AD574781DF0426AB1378D/38525C7140D285040E02DD2A7F3C7DBA21042E01 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F new file mode 100644 index 000000000..3beb4529a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4BFF32F4CD23D4407BAD0A7140CEDB201210D1D5/35202B14F69409EAA51CD8AB547AC0CD5E993F3F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 new file mode 100644 index 000000000..da38ce028 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/620127A8E5886A4805403977C3EF7D5EAF881526 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 new file mode 100644 index 000000000..7e9fd5b0b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C2E52163ED4432FE26ACB308BFC3AF7D90D8881/FCD9E881BCCCB9352EEF337C8D4EAAD65C4EC830 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 new file mode 100644 index 000000000..41dc7c553 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/0C30A6F2950EFEFBAB5964DA9E0EED7C9DB115D8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F new file mode 100644 index 000000000..b596d82e3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/20CAECDCA766243AAD6FA1327618FC81BA65DC0F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D new file mode 100644 index 000000000..4adc3b7ec Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/96D5D179016A5A6546973BA63733617EE1F1540D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 new file mode 100644 index 000000000..1e4f22777 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/CF236CF66379EA506F967D21F0E25E87529D9687 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 new file mode 100644 index 000000000..fe561ad6a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C4A3C62CFB2EBB24177234AF4FA4869BFC13033/FDD40A10FB9BE9DEB5B8AE76CC0184930EF8BB76 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA new file mode 100644 index 000000000..5205ec519 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4C5194E8D503024CBC495CED37A1168D09058F2F/2ED8C34F5D49BC37C418AD9906DEB7FF605EF9FA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 new file mode 100644 index 000000000..10a1f7141 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4CE74C628E16678224576D546591101784F56A95/A9D28607928FA8615E2615CC9D71B535C5D0D419 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 new file mode 100644 index 000000000..dae019650 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4D73E9CBEC1D8C07FAEC4CBEE2E2D301597CF739/5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E new file mode 100644 index 000000000..b9fe1280c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/7D0C7B977ACEA63D51EE34B00BC3C1DBF318B92E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 new file mode 100644 index 000000000..ea1585a6e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/4DE2C47AC178789C53FC01DA3CA152F0A92C0A7A/A79681CBDD69EC741214136F128923A574E26F03 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 new file mode 100644 index 000000000..0c2494a4b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/523690FDA0A12AAAD863F0547EF4009FD8C5DFF0/A78AABDE7F5B771540D333B505874C8204AAD206 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 new file mode 100644 index 000000000..424f849a1 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/52DC13ECD7342E2077D10DD451EE12462CBDC6BF/FDC348410699803DE7D8276813BC2232EA99A878 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B new file mode 100644 index 000000000..06b40aa67 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/55EEF332AEC84036AC52315A4CBA52DE2FF444FF/6DCD5118D1542E6C205C580775C5420B7509506B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E new file mode 100644 index 000000000..3be7b6a06 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5CC2D4B7D01ECC7B6B1633E3E24A39760E9A2036/84E4E75DBB2FD6397E6ABBD27FBE16D5BA71923E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E new file mode 100644 index 000000000..b2beddaa5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5DDAD1F00CABA2C7A31A91485DA0E23EAAF434D7/C0C699EFE6E837CB5E4CFC3A61077617A22C1A9E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 new file mode 100644 index 000000000..73553b996 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5E7183CAD4D6DE7B3C41266DA03F2D3AFFE3E812/35A40EF932B1F23980E2C672FC939E91EEBD0317 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 new file mode 100644 index 000000000..6368a6cc6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/5EFC977763C23FD903C712EC26E2E6940BA75F5F/9D7FC54F84DBAF09167158D2B8885ED0BE76C7F8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 new file mode 100644 index 000000000..08d7b28e2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/60B7181FD8BCA00B84961BF31DB08C50376CCF44 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE new file mode 100644 index 000000000..e47d2b8ba Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/74801529B4E8E5764FFC4D8E6577E1F84E8101CE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA new file mode 100644 index 000000000..5168e1af0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/7B7B60B748C82B34EE71A3CEA729C477083F0BDA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D new file mode 100644 index 000000000..c5bcc42e2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/646078F78918F73CE793DF2E72179FBB2B368421/EBB80BE34C78814AE659BBA3A2394E4D9857123D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A new file mode 100644 index 000000000..3c7775b6e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/D4D1370FD1D9EAA46412008FF3E59E114BCF724A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A new file mode 100644 index 000000000..b6f39e354 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/DFA7DDEF5C212F0F0651E2A9DE1CE4A1AC63AF7A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 new file mode 100644 index 000000000..f9fef65fc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/E619D25B380B7B13FDA33E8A58CD82D8A88E0515 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 new file mode 100644 index 000000000..f9f27442b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6612CCC3FD80AFC1E32B2FE01FD40F3C99E2E697/F825578F8F5484DFB40F81867C392D6CB0012B92 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F new file mode 100644 index 000000000..69de75609 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/0F5A0342F5CD448799C3C6D178607E3F2B5BCB8F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE new file mode 100644 index 000000000..efa28178e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/51A44C28F313E3F9CB5E7C0A1E0E0DD2843758AE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 new file mode 100644 index 000000000..8c434777e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/7E691392F741B7E4B4AA9A76D75851BDE18BE5A7 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/9E0512DD61DA5949D1D8631C3F19D75F496C3733 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 new file mode 100644 index 000000000..b7d4b08a6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6732CDC2E365929E2DA41927834C7EC33B82A940/E6E6FC88719177C9B7421825757C5E47BCAC85F6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 new file mode 100644 index 000000000..89cfe44fd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/67379CCDB32197C6EBA1C53B425301E0161AECD1/53CB69CF933C2D28FB9DF91F2852A99EC3352EA0 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C new file mode 100644 index 000000000..d9d633e32 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/68079AE8AAF867F1B0FAD713F00CB7E09272C7D4/7F95509243C231A6B1ABCFC661B6B818DB33622C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE new file mode 100644 index 000000000..c3fc91352 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6CC979AE065336FB9F5248DBA40200B89F657496/F3AE9FEA4DECEE5330770A2520BD86909929E7BE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 new file mode 100644 index 000000000..640918641 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/6D568A63FFBB246EC2A8DC3E6B4F32A70C4610E9/4B5B0C2A0BF944CD467A6140F8C782E2BE9D15F9 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A new file mode 100644 index 000000000..ad13d7b28 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/7A2CFA69FCA284D4627012A7A55662594C803B2A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B new file mode 100644 index 000000000..d361d919f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/71CE6A3F360D0D24BDEDA2BAC89ADCC4B8F496A5/ADEC5673B57A18F16EFAF75EEFBFAD4841E2CD2B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 new file mode 100644 index 000000000..69a8e4872 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/72607E50E18884AE3CE6D8F9884BDD454AA03D82/0CC37CC35E18F9909E43E4E9894D0CDF06EE9A38 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D new file mode 100644 index 000000000..1a3106742 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/786AAED91FAAC3E55EC08C914535436D3B132369/2CA36B76BC6CCDC29296111A4EFCAFC0553BBC7D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 new file mode 100644 index 000000000..558ce15e3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7A3FCBEFE12D709D596AF6868D1593B05D185557/A8D7FFE70E11850386A6C35185E5EEBA24F0EC02 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D new file mode 100644 index 000000000..0bab77032 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7BCFEE71FBE3FE58D9DD59ED653AAC21FA05A493/D1474E7D99512D05B98DD37B3FE86496A03D088D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F new file mode 100644 index 000000000..b60dea248 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 new file mode 100644 index 000000000..ac2e3c2b4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7C446BE5C51C193D39038A8A74FC41498DE080AC/A3F1333FE242BFCFC5D14E8F394298406810D1A0 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C new file mode 100644 index 000000000..4dd2c49bf Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7D692B2635C9645908FF1DCEB036B7E8F6C5A906/6814C7316CEA7191C9CB3BE58199B4A957210D9C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 new file mode 100644 index 000000000..1bfd4d661 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/5AD9C840579905D085AAB60F9F5341463C5379A9 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 new file mode 100644 index 000000000..09bd4626c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8333BA3A820B340C4EB24A0C084698BDF01DECE2/A937AAEFDC8C951FC1CDCA526F4DA8C9481380C3 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 new file mode 100644 index 000000000..592c96230 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/85DD7AA9B6958F530EEC3F89C59D466C259ABE15/C2556DADDF68A9EEF7F5C14A24CA33BCA930B201 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 new file mode 100644 index 000000000..c171b6d31 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8E985FADADD6A11802213BCA0FF75FE5D3B9BD0E/EFA3540D27E1CF0E0AD29AFC4382F4FD31D42929 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB new file mode 100644 index 000000000..6f97837a2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/3B8484BF1370941BF03F206B5C4958DA4E1559BB differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 new file mode 100644 index 000000000..d7799119f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/6DD653FB8FE2614249924274043E834664EBE980 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B new file mode 100644 index 000000000..508f7f076 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/C0EF3E7A54B4C501295F77974B1995E36B25C92B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B new file mode 100644 index 000000000..c0feb0d0e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8F5DB5A0C60D8ECC373A9DC70AFE595E2E28DAF6/D29172D3F501A2D7A47F702633044F519A3A5F0B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 new file mode 100644 index 000000000..ebfbce9a0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/8FAC7F811E0644FB876D72126930977CEADC38A0/698563ECEE29232C5304487D972310F86650C3A6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 new file mode 100644 index 000000000..5c75689fb Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/1B23675354FCAD90119D88075015EA17ADD527D8 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB new file mode 100644 index 000000000..e08466c5a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/94945946073C72C69DC4B2D58D3F9E831007F6ED/E6A3B45B062D509B3382282D196EFE97D5956CCB differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E new file mode 100644 index 000000000..ed5ba194c Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9523A45E723AACFDE29801206C89BBAA9FFF5963/66AB66128A44574873E54E6584E450C4EB3B9A1E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA new file mode 100644 index 000000000..bc5ed1e62 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/844FDEEE3C847F4BD5153E822803C1A2C1B6E7BA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B new file mode 100644 index 000000000..cb519b7eb Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9956BD40089ED38E280F550842F4DC733B5757A8/B38C775A18C1195D01658D75FBDA3258B6DF018B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 new file mode 100644 index 000000000..f2bbe24c8 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9A71D5E41BECA161359D0EA8E0339D362F158C62/FF406B3E55758E87A206FE2A1EE0C4D5A4575799 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 new file mode 100644 index 000000000..a592bd280 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/1382793A9F360E06D39CA9914912348C63F86357 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 new file mode 100644 index 000000000..6114ab414 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/28C0A6867A1E09715D9F502861B9911F054A0918 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 new file mode 100644 index 000000000..beff53663 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/4AAE02BB85EB8CED9617662436A47AA2197B01D6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 new file mode 100644 index 000000000..60405d6be Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/576F2022AF817412D8425AC8AAFF3CA033A422F1 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 new file mode 100644 index 000000000..4132c67c9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/5DD2591009E008D8E5507F2E297E81B501D5D120 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 new file mode 100644 index 000000000..36c381da7 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/82F0655FB5BF2F905CB3C6FC1AB4A3983F615AE2 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE new file mode 100644 index 000000000..e20156afc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/87215C2D5EF094F894DFBD418D4D311608DEB3CE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A new file mode 100644 index 000000000..6f92cf716 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/95A0D456DABFA76AD295723C03582EF63B6F6D0A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 new file mode 100644 index 000000000..0cba97eec Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/CBEEDBBC939A98E4742D7BC8749538C51C0672D1 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD new file mode 100644 index 000000000..1de8f2cdf Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/D2DF0CD6D422B949EC5C5D4C5FCE9D3AD8BFA5BD differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 new file mode 100644 index 000000000..23d9533dc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9B86A058C9C6D291D253920FD24591387BFD6393/F3D8DAC954B27BE3065512A709EC0C28FE7E4099 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 new file mode 100644 index 000000000..a7948e488 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D1D7AB57D811AF20C795415FD3F5BC8F2C8A518/E1201A308CC10323C27D9084B048996E44B8F710 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE new file mode 100644 index 000000000..c4d97cda3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9D2C9F2BB158809E2897E2AE4825163C09325106/C23FC1895966021249B35412C0C8C56D107732DE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 new file mode 100644 index 000000000..a63cd9ad4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9F5870D819755D35C0070186B91FCFA1F5C52A31/0AD38A30ABC0F0B605B45C727A90819E7FF9DAF4 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 new file mode 100644 index 000000000..f5e70ea0f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/9FF31736488FC553803001BDE8D05CB46957FE21/A536E6A90420437E645CBFC56AD2D79D758FB112 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 new file mode 100644 index 000000000..a5e651f86 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A0B7987F423E4BB990DA079561C9E297B2DA9B97/386C1663C6390BC288DC171522439210AF361958 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B new file mode 100644 index 000000000..b15880c29 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/A1D0D8E720E986DB1E6D256ED7CEFC4BF08D8C9C/6BDA1FF41EEBC5DA66912F3C69B60C2A41C6E25B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA new file mode 100644 index 000000000..d53dce92b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/18585FC53A283488E4BA84867980E9B1F2B28ADA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE new file mode 100644 index 000000000..5375c57c3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/27337257493B86B9BFF78D569F938D692A430EAE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 new file mode 100644 index 000000000..7085c5ac9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/4832F0A28C3724A92F6CB3314F747D0E74FC7344 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 new file mode 100644 index 000000000..97dc187db Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/6352302A5072DBFB769D4FF4C70C86432C4C1683 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 new file mode 100644 index 000000000..ad5d7dea1 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/ABF8BAF2F916A0D8CE95ADED7072E9ABBA46F487/EE886B907E31667D622677F665F25C54AF9A7F65 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B new file mode 100644 index 000000000..2bf4ad712 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/AFF7B9B4549330E8AB1EFBC59F2D1AF4512CD5A0/F86591A6D86718886A0234B8E54E21AAEA63E24B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E new file mode 100644 index 000000000..c3363a922 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/B9FF7AAC52D280FA9400065135C8867CA8C61133/BECE82B2F908174E2379652769C6942AF1F0CC5E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC new file mode 100644 index 000000000..750c08573 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C1197772F20EECD6F541826FE107A95ED8403B75/342CD9D3062DA48C346965297F081EBC2EF68FDC differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 new file mode 100644 index 000000000..069640ffc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C3F02309A4CB4F5F05ABA1F48859FFE0EA269AA4/ED5608CE67EA5CB79AC024CEA7445F9BCBE48703 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 new file mode 100644 index 000000000..391ffc14d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C479F58A50A8BA16A2B38A22D871DC5279E10334/0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C new file mode 100644 index 000000000..255c513af Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C4F75BD1B64212692FA3316D31FD6B65FE966899/69E7A6D2A78341041BF6816438CA9605A0FA356C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 new file mode 100644 index 000000000..6225c0ca7 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C563D66EEE8C46E5DBCD414AC29EC7B362AA3951/B4B77C83465979E3679E3A33F972F48EE3730A18 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 new file mode 100644 index 000000000..83aeb1fce Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C5DC6F3142F010E874E56B78EFE5BF7BDF0BAC20/CAF84A42305615AC2C582F6412BDA3E36DAC3D25 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 new file mode 100644 index 000000000..f8a8957ac Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C872F14BD077139C1DC4C001D688BD37319256AB/75F792DE2CF544007F470F1B924961C2BD2EF517 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 new file mode 100644 index 000000000..376d0753f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/C8941AD7709AD8378D81A61ADD7983E7A78F8F2C/88D6151358A5E3C81D7AE1A536121DC03011BC03 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 new file mode 100644 index 000000000..6bbb4b5a3 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CBD47ABEE632C0103BB7E6C5703F3CF2B54C744A/0B289953453127C40B22FA953D11F79E052C0580 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 new file mode 100644 index 000000000..3536bd3cd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/30E8B7F8F78FB74646C4B4689C74A2E1570D8E35 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 new file mode 100644 index 000000000..36a442b89 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/679A4F81FC705DDEC419778DD2EBD875F4C242C6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E new file mode 100644 index 000000000..54f809962 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0940BE1A51139493ED7A79092BE4877E76EE9BB/82096E6D9B1248321625323D52858642CB0B748E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA new file mode 100644 index 000000000..8ddc7d79b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/41E3FCC9470F8634DBCB5CEA7FB688E04E7575BA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 new file mode 100644 index 000000000..c9fd41f7f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D0FF3ED96CD87165145FEDC31ADA8ED51FE01BD2/79B21E2743A879AFF5403ECEA09EAC2084EF4799 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 new file mode 100644 index 000000000..61a7ccb15 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/4D523730501ADB80A76B0B473A4D21C7D86F8374 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 new file mode 100644 index 000000000..e4bd48dac Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D16EA19279BB4F22FDC8E928DF12EA51A9D4A5A1/A21B7566A582DF7A1A85D7B799983C3C35551C14 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A new file mode 100644 index 000000000..f6df0f4fd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D3F5B4E8FD52F34AA3BDEAD0B9E87887C2D04F3E/C6658C25AFB8A9D738F2BC591775D167549FFD3A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 new file mode 100644 index 000000000..0668256a9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D74DC39E75A9720D7342FFB9463E2E900F207C87/09B5043D20EE62D83E3FA151AA878ADED25923D7 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 new file mode 100644 index 000000000..cac44093a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/08CAE18D8CFF86144CB8FFD671B916CAAB8BD4E9 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 new file mode 100644 index 000000000..46d4477ab Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/A8C93000653FAF7D0025D3D8EEE6BBDC64D98F25 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C new file mode 100644 index 000000000..4989f3e73 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D791EFBF24EA89D20CE26B38C34475543A39C9B8/BF648929E7DAABD8D97B3202F48D6C4A19C78F6C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 new file mode 100644 index 000000000..7c6adedf5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/A149EE01A250491C07D5A279D3B58A646288DA22 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 new file mode 100644 index 000000000..70f5b7c91 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D7B648A0BD9368D83CE1CF523E8F54A8F2F8C92E/AD8ECBB67B9DC59406F92A296A38192297A4F169 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A new file mode 100644 index 000000000..141b05ef4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/D84959A0103547B866F97400B16F8E5871FC28EE/6F61A0C50B4E6ED821F032A4DF3DA7DDDFD2FE6A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 new file mode 100644 index 000000000..95500f6bd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/DFC06A49AADF5E53A99A6FFC00EC3F1F2A8672CF/DAC9024F54D8F6DF94935FB1732638CA6AD77C13 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC new file mode 100644 index 000000000..87d8b52d4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/16D8270DE51B034E77B7CDAF1DEE623916243DDC differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 new file mode 100644 index 000000000..91acd396a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/3D3F25C5CD9F932037D91B7D102EDB58EC7C8239 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A new file mode 100644 index 000000000..b5f5fa6ca Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/40B51EEF4E709FBD47935DDD83A1F640D0CC378A differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 new file mode 100644 index 000000000..abeb964dd Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E0BA3199E811D92A1C10D54E4045C24905A83FCF/D4E1786D8B8B57B22C81D0F0FCE18EA818DA0537 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 new file mode 100644 index 000000000..34c8cf8a5 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E212E8EAB1DE86DE40B405AC12E0F29452CDD77B/1BB6C5E44421EBF317B9F3D9049C1E137716B186 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE new file mode 100644 index 000000000..cc35ba691 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/8784ED81F5A22779EB0B081945FD151992557FBE differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B new file mode 100644 index 000000000..783dd271a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/88583DB03975127CB488CA7DDE303A1646CEA97B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC new file mode 100644 index 000000000..74c4ce3b8 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E2E8A9C0D5DD104CFDE0704C95B6FC283D47F174/93AE07BC15B1AB17BB09E3C400387CE69DADDFCC differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 new file mode 100644 index 000000000..f3cf5e676 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/45B43346251FDF9E95DCB7F36928785D46D63913 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC new file mode 100644 index 000000000..fc5bd433b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E33FA87DDCDF62323BE5FF9AC818556424365F7E/E33619C88426E4FE956041E6751ADDEC9C10F0BC differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 new file mode 100644 index 000000000..0a8de4bb9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E47CAF71ACF4B662FED9BEF2B1F4A5F45E256160/7BE0C8E441786C69A3CB35BDBEF235F8B5310E04 differ -- cgit v1.2.3 From 010649c11c8308a1e6f23f6e40faac051aee976e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 6 Jun 2018 14:16:05 +0200 Subject: update jUnit tests for SL20 eID verification --- .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 9 +- .../modules/sl20_auth/EIDDataVerifier_OwnTest.java | 5 +- .../modules/sl20_auth/eIDDataVerifierTest.java | 91 +++++++++++++++------ .../moaspss_config/MOASPSSConfiguration.xml | 82 +++++++++++++++++++ .../1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 | Bin 0 -> 991 bytes .../AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 | Bin 0 -> 919 bytes .../C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 | Bin 0 -> 1018 bytes .../DFAE695342AC81A521025904406884399822B233 | Bin 0 -> 987 bytes .../C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 | Bin 0 -> 880 bytes .../42AD1897A4643D2AA634D980F16349E6694F3B1B | Bin 0 -> 1237 bytes .../FE7891B6ED7B178F528A28B21478299F865889BD | Bin 0 -> 1333 bytes .../4CAEE38931D19AE73B31AA75CA33D621290FA75E | Bin 0 -> 979 bytes .../D3C063F219ED073E34AD5D750B327629FFD59AF2 | Bin 0 -> 979 bytes .../0F843FB1E0C626540BE638B79A2987E2611CE630 | Bin 0 -> 1018 bytes .../69F21C82DC9A7A940ACEC414593E59C9E61E522F | Bin 0 -> 990 bytes .../FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 | Bin 0 -> 1087 bytes .../E185E05432F7D98BA7469D26A802DB4B0B2F6286 | Bin 0 -> 1851 bytes .../FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 | Bin 0 -> 1147 bytes .../A5A00B223EF24AED92D03F652CFE367CA9D1B200 | Bin 0 -> 958 bytes .../65698A39E03FF00FD552D4AD99FB290C2B9D4BEA | Bin 0 -> 1018 bytes .../ABAAFC4B7A88097279E89C22C242C40420D0826B | Bin 0 -> 1384 bytes .../6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F | Bin 0 -> 1300 bytes .../3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 | Bin 0 -> 1030 bytes .../9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B | Bin 0 -> 932 bytes .../A562C4B99E2847251CB4A1F05DA1FF43E7296F0B | Bin 0 -> 999 bytes .../52ED0FAFBD38A868C678174D7EB03D266ADB221C | Bin 0 -> 994 bytes .../BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 | Bin 0 -> 995 bytes .../CA80A13D41116E24CB1479E970CDC1C030C5907C | Bin 0 -> 1272 bytes .../7D60E314AA6AEF548A614A9354C5068192051A29 | Bin 0 -> 2278 bytes .../BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF | Bin 0 -> 996 bytes .../profiles/SL20_authblock_v1.0.xml | 8 ++ ...-20041130.SerNo01f6(SecureSignatureKeypair).cer | Bin 0 -> 901 bytes ...-20041215.SerNo021e(SecureSignatureKeypair).cer | Bin 0 -> 901 bytes ...-20050207.SerNo0291(SecureSignatureKeypair).cer | Bin 0 -> 1110 bytes ...-20050207.SerNo210d(SecureSignatureKeypair).cer | Bin 0 -> 1110 bytes ...-20141201.SerNoE243(SecureSignatureKeypair).cer | Bin 0 -> 1111 bytes ...rust-Qual-01b.20041201-20141201.SerNo01C854.cer | Bin 0 -> 1111 bytes ...-20141203.SerNoE248(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-02b.20041203-20141203.SerNo01C857.cer | Bin 0 -> 975 bytes ...-20180425.SerNoe694(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-03b.20080424-20180424.SerNo041D14.cer | Bin 0 -> 975 bytes ...-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer | Bin 0 -> 1485 bytes ...-Test-Root-05-20141215-20241209.SerNo165fae.crt | 34 ++++++++ ...011201-20041201.SerNo0213(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...010427-20040427.SerNo006f(CertifiedKeypair).cer | Bin 0 -> 860 bytes ...011212-20041212.SerNo0213(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...011212-20041212.SerNo0218(CertifiedKeypair).cer | Bin 0 -> 861 bytes ...040326-20070326.SerNo6632(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...041201-20141201.SerNoe242(CertifiedKeypair).cer | Bin 0 -> 865 bytes ...rust-nQual-03.20050817-20150817.SerNo016c1e.cer | Bin 0 -> 979 bytes ...m-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer | Bin 0 -> 1028 bytes ...Test-Sig-02.20141124-20141118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes ...Test-Sig-02.20141124-20241118.SerNo3969edc1.cer | Bin 0 -> 1029 bytes ...sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt | 24 ++++++ ...m-Test-Sig-05.20141215-20141209.SerNo165fb8.crt | 36 ++++++++ ...TEST-Qual-01a.20041117-20141117.SerNo00da88.cer | Bin 0 -> 991 bytes ...EST-nQual-01a.20041117-20080630.SerNo00da8b.cer | Bin 0 -> 995 bytes ...-Test-Qual-01.20141117-20241111.SerNo16120f.cer | 23 ++++++ ...-20041130.SerNo01f6(SecureSignatureKeypair).cer | Bin 0 -> 901 bytes ...-20041215.SerNo021e(SecureSignatureKeypair).cer | Bin 0 -> 901 bytes ...-20050207.SerNo0291(SecureSignatureKeypair).cer | Bin 0 -> 1110 bytes ...-20050207.SerNo210d(SecureSignatureKeypair).cer | Bin 0 -> 1110 bytes ...-20141201.SerNoE243(SecureSignatureKeypair).cer | Bin 0 -> 1111 bytes ...rust-Qual-01b.20041201-20141201.SerNo01C854.cer | Bin 0 -> 1111 bytes ...-20141203.SerNoE248(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-02b.20041203-20141203.SerNo01C857.cer | Bin 0 -> 975 bytes ...-20180425.SerNoe694(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-03b.20080424-20180424.SerNo041D14.cer | Bin 0 -> 975 bytes ...-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer | Bin 0 -> 1485 bytes ...011201-20041201.SerNo0213(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...010427-20040427.SerNo006f(CertifiedKeypair).cer | Bin 0 -> 860 bytes ...011212-20041212.SerNo0213(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...011212-20041212.SerNo0218(CertifiedKeypair).cer | Bin 0 -> 861 bytes ...040326-20070326.SerNo6632(CertifiedKeypair).cer | Bin 0 -> 864 bytes ...041201-20141201.SerNoe242(CertifiedKeypair).cer | Bin 0 -> 865 bytes ...rust-nQual-03.20050817-20150817.SerNo016c1e.cer | Bin 0 -> 979 bytes ...band oesterr. Sozialvers.,CN=Root-CA 1-2045.der | Bin 0 -> 1747 bytes ...A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer | Bin 0 -> 2278 bytes ...-20141203.SerNoE248(SecureSignatureKeypair).cer | Bin 0 -> 975 bytes ...rust-Qual-02b.20041203-20141203.SerNo01C857.cer | Bin 0 -> 975 bytes ...rust-nQual-03-20140723-20250723.SerNo14b4f9.cer | 23 ++++++ ...rust-nQual-03.20050817-20150817.SerNo016c1e.cer | Bin 0 -> 979 bytes ..._-_Signaturdienst.20070829-20140101.SerNo02.cer | Bin 0 -> 1272 bytes ...ab-BM-f-Inneres-20040219-20070219.SerNo5c39.der | Bin 0 -> 1205 bytes ...Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer | Bin 0 -> 1205 bytes .../Testuser_BRZ_IdentityLink_Signer.crt | 31 +++++++ ...traut_Kotschy.20070119-20120119.SerNo02DE1C.cer | Bin 0 -> 1385 bytes .../a-sign-SSL-03.cer | Bin 0 -> 1147 bytes ...rate-light-02.20140905-20240905.SerNo153B49.cer | Bin 0 -> 1167 bytes .../a-sign-corporate-light-02.cer | Bin 0 -> 1167 bytes ...rate-light-03-20051114-20151114.SerNo01AAED.cer | Bin 0 -> 1171 bytes ...rate-light-03-20051114-20151114.SerNo01aaed.der | Bin 0 -> 1171 bytes .../atrust_OCSP_Responder_03-1.cer | Bin 0 -> 1185 bytes .../idl_signer_from_IDL.crt | 27 ++++++ ...A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer | Bin 0 -> 2278 bytes ...Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer | Bin 0 -> 1205 bytes ...traut_Kotschy.20070119-20120119.SerNo02DE1C.cer | Bin 0 -> 1385 bytes .../a-sign-corporate-light-02.cer | Bin 0 -> 1167 bytes ...rate-light-03-20051114-20151114.SerNo01AAED.cer | Bin 0 -> 1171 bytes .../src/test/resources/tests/eIDdata_own_test.json | 8 +- 100 files changed, 364 insertions(+), 37 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index c3c10dd16..6ebbd0704 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -5,11 +5,8 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; -import org.junit.runner.RunWith; -import org.opensaml.DefaultBootstrap; import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.gson.JsonObject; import com.google.gson.JsonParser; @@ -17,12 +14,12 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -@RunWith(SpringJUnit4ClassRunner.class) +//@RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/SpringTest-context.xml") public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Before - public void init() throws SLCommandoParserException, IOException, ConfigurationException { + public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); JsonParser jsonParser = new JsonParser(); JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); @@ -35,8 +32,6 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { if (eIDData == null || eIDData.isEmpty()) throw new SLCommandoParserException("Can not load eID data"); - DefaultBootstrap.bootstrap(); - } @Override diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java index e56d5834a..419142c7d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -6,7 +6,6 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; import org.junit.runner.RunWith; -import org.opensaml.DefaultBootstrap; import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @@ -23,7 +22,7 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { @Before - public void init() throws SLCommandoParserException, IOException, ConfigurationException { + public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_own_test.json"))); JsonParser jsonParser = new JsonParser(); JsonElement payLoad = jsonParser.parse(eIDDataString).getAsJsonObject(); @@ -33,12 +32,12 @@ public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { if (eIDData == null || eIDData.isEmpty()) throw new SLCommandoParserException("Can not load eID data"); - DefaultBootstrap.bootstrap(); } @Override protected String getSl20ReqId() { return "_57010b7fcc93cc4cf3f2b764389137c2"; } + } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index 365152f66..32d623b88 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -1,9 +1,12 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth; import java.io.ByteArrayInputStream; +import java.io.IOException; import java.util.Map; +import org.junit.BeforeClass; import org.junit.Test; +import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.core.Assertion; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig; @@ -30,13 +33,41 @@ import iaik.security.provider.IAIK; public abstract class eIDDataVerifierTest { protected Map eIDData = null; + + + + @BeforeClass + public static void moaSPSSInitialize() throws ConfigurationException, org.opensaml.xml.ConfigurationException, IOException { + Logger.info("Loading Java security providers."); + //System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); + String current = new java.io.File( "." ).getCanonicalPath(); + System.setProperty("moa.spss.server.configuration", current + "\\src\\test\\resources\\moaspss_config\\MOASPSSConfiguration.xml"); + IAIK.addAsProvider(); + ECCelerate.addAsProvider(); + DefaultBootstrap.bootstrap(); + + try { + LoggingContextManager.getInstance().setLoggingContext( + new LoggingContext("startup")); + Logger.debug("Starting MOA-SPSS initialization process ... "); + Configurator.getInstance().init(); + Logger.info("MOA-SPSS initialization complete "); + + } catch (MOAException e) { + Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); + throw new ConfigurationException("config.10", new Object[] { e + .toString() }, e); + } + + } + @Test public void dummyTest() throws Exception { } - + @Test public void parseIdl() throws Exception { String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); @@ -47,10 +78,27 @@ public abstract class eIDDataVerifierTest { if (idl == null) throw new Exception("IDL parsing FAILED"); + + } + + @Test + public void verifyIdl() throws Exception { + String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); + if (MiscUtil.isEmpty(idlB64)) + throw new Exception("NO IDL found"); + + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + + if (idl == null) + throw new Exception("IDL parsing FAILED"); + + IOAAuthParameters dummyOA = new DummyOA(); + AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); + QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig); } - //@Test + @Test public void parseAuthBlock() throws Exception { String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); if (MiscUtil.isEmpty(authBlockB64)) @@ -61,7 +109,21 @@ public abstract class eIDDataVerifierTest { } - //@Test + + + @Test + public void verifyAuthBlock() throws Exception { + String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); + if (MiscUtil.isEmpty(authBlockB64)) + throw new Exception("NO AuthBlock found"); + + IOAAuthParameters dummyOA = new DummyOA(); + AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); + QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); + + } + + @Test public void checkIDLAgainstAuthblock() throws Exception { String authBlockB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK); String idlB64 = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL); @@ -76,29 +138,12 @@ public abstract class eIDDataVerifierTest { IOAAuthParameters dummyOA = new DummyOA(); AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); - - Logger.info("Loading Java security providers."); - System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); - - IAIK.addAsProvider(); - ECCelerate.addAsProvider(); - try { - LoggingContextManager.getInstance().setLoggingContext( - new LoggingContext("startup")); - Logger.debug("Starting MOA-SPSS initialization process ... "); - Configurator.getInstance().init(); - Logger.info("MOA-SPSS initialization complete "); - - } catch (MOAException e) { - Logger.error("MOA-SP initialization FAILED!", e.getWrapped()); - throw new ConfigurationException("config.10", new Object[] { e - .toString() }, e); - } - - QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig); + IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult); + + } protected abstract String getSl20ReqId(); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml new file mode 100644 index 000000000..99e60de85 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml @@ -0,0 +1,82 @@ + + + + + + + 192.168 + + + + + + + true + true + + + certstore + + + + + + pkix + + + CN=A-Trust-nQual-0,OU=A-Trust-nQual-0,O=A-Trust,C=AT + 536 + + chaining + + + + C=AT,O=Hauptverband österr. Sozialvers.,CN=Root-CA 1 + 376503867878755617282523408360935024869 + + chaining + + + + MOAIDBuergerkartePersonenbindung + trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten + + + MOAIDBuergerkarteAuthentisierungsDaten + trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten + + + MOAIDBuergerkartePersonenbindungMitTestkarten + trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten + + + MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten + trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten + + + + + false + 0 + + CRL + OCSP + + + false + 365 + + + jdbc:url + fully.qualified.classname + + + + + + + SL20Authblock_v1.0 + profiles/SL20_authblock_v1.0.xml + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 new file mode 100644 index 000000000..d2e7db667 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/1C43C0BA36CC8DE659180B2FAC9A6F54430D5941 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 new file mode 100644 index 000000000..f2f1c6562 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/AC36A78C66FEC87CC0FD2C32B49214C65676E0C5 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 new file mode 100644 index 000000000..476a3efb2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/C92238A7178A6C61F8BACA22D6CF7E50772BA9F0 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 new file mode 100644 index 000000000..5c88b668a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E61F5C046715157D26CF41DD898CB9F606E7AC69/DFAE695342AC81A521025904406884399822B233 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 new file mode 100644 index 000000000..38c2de589 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E7FFFB72F649885E6ECE38D47B5A70BAF73FB575/C200667FF6D7CD3CD371EB2FD6A8E741D5D3EA28 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B new file mode 100644 index 000000000..f1d7b6a28 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/42AD1897A4643D2AA634D980F16349E6694F3B1B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD new file mode 100644 index 000000000..c1b90c0f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/E82952EA67718D015D0BC11B41A2901B29873DBC/FE7891B6ED7B178F528A28B21478299F865889BD differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E new file mode 100644 index 000000000..3c77b90d2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/4CAEE38931D19AE73B31AA75CA33D621290FA75E differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 new file mode 100644 index 000000000..33e776369 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/EA8D319B56924DAA1D230CD30DC66F1E82293CBA/D3C063F219ED073E34AD5D750B327629FFD59AF2 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 new file mode 100644 index 000000000..29d93550e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/0F843FB1E0C626540BE638B79A2987E2611CE630 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F new file mode 100644 index 000000000..2a88295a7 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/69F21C82DC9A7A940ACEC414593E59C9E61E522F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 new file mode 100644 index 000000000..84a1690d2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F132EC41160225A72889AA4375D69477380FB76D/FC72939DC06EDDF8C51549ECF00AC92BF2B39F35 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 new file mode 100644 index 000000000..0dc186019 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F2CDECB365AACC48D159C813DDE6B7B1CE047BF2/E185E05432F7D98BA7469D26A802DB4B0B2F6286 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 new file mode 100644 index 000000000..a699436ca Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F3E673236E6C1AA052ADF0884D399738F4BF2ED7/FE4F09F5D1A4AADE9232D9E2D6B9A2552BC48A22 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 new file mode 100644 index 000000000..05a8b86f9 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F4121996B090501E1FEDA70BE13705CC259E5857/A5A00B223EF24AED92D03F652CFE367CA9D1B200 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA new file mode 100644 index 000000000..836ba3767 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F6E09A71951478BEF77CC1D1F21D29D2C43D3F20/65698A39E03FF00FD552D4AD99FB290C2B9D4BEA differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B new file mode 100644 index 000000000..87b13faaa Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F98FAF493885B596B60CA57C161277EB289D1563/ABAAFC4B7A88097279E89C22C242C40420D0826B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F new file mode 100644 index 000000000..f1c03d688 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/F9BB100C38D7B02F1EF33194BD18DC48D0BA2C33/6EECA9E5AC06BE83A2EB06F3FE31C8FC846BDC8F differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 new file mode 100644 index 000000000..781d1e4f2 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/3F4E01DF7547CDD38DCCFCCD76170C299ECEB9F6 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B new file mode 100644 index 000000000..8286cabbc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/9D4CB7E3DBF24AE596972D59C375DD6384BB5E8B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B new file mode 100644 index 000000000..a0148f63b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FB07E98D307F930CEB7E7D4C89719C652EADFA9B/A562C4B99E2847251CB4A1F05DA1FF43E7296F0B differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C new file mode 100644 index 000000000..42a64da07 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/52ED0FAFBD38A868C678174D7EB03D266ADB221C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 new file mode 100644 index 000000000..32893db7f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FD49F017F5200B459B931D0E038996756FAB6A22/BE9D654B0DE0F3CC53CA36703DD9D9049A5F9330 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C new file mode 100644 index 000000000..277b6083a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FE8A7E29B27E8A43FD03BC0B0B2573B251EB03CE/CA80A13D41116E24CB1479E970CDC1C030C5907C differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 new file mode 100644 index 000000000..afe6fdf09 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FEE5CDC3BD72A50BFCD63BC19BF7A1D8C6DC7D48/7D60E314AA6AEF548A614A9354C5068192051A29 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF new file mode 100644 index 000000000..d71177a4e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/FF880A1F76838D8E051327DF224C7028F2710C58/BDF405F9B9C27CB20AA96BC5D01DEC478C3A84FF differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 000000000..08e24fe92 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
+ Vollmachten-Referenz:
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer new file mode 100644 index 000000000..d361d919f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer new file mode 100644 index 000000000..ad13d7b28 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer new file mode 100644 index 000000000..f9f27442b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer new file mode 100644 index 000000000..b6f39e354 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer new file mode 100644 index 000000000..f9fef65fc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer new file mode 100644 index 000000000..3c7775b6e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer new file mode 100644 index 000000000..36a442b89 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer new file mode 100644 index 000000000..54f809962 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer new file mode 100644 index 000000000..ab9e0cd7d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer new file mode 100644 index 000000000..01965769d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer new file mode 100644 index 000000000..b9a0e5a61 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt new file mode 100644 index 000000000..9befb53fc --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-Test-Root-05-20141215-20241209.SerNo165fae.crt @@ -0,0 +1,34 @@ +-----BEGIN CERTIFICATE----- +MIIF3TCCA8WgAwIBAgIDFl+uMA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMwMDQ1WhcNMjQxMjA5MTIwMDQ1WjCBlTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1UZXN0LVJvb3Qt +MDUxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1Sb290LTA1MIICIDANBgkqhkiG9w0B +AQEFAAOCAg0AMIICCAKCAgEApv3ETyDuseYGvBXgJSiAe7q2dvKtcxlHGlEdEWKv +YUODdXiTIIcwuIU0+F8ybvoQdEVPGDsdzShhXKgMfdGY5WF1BslCgjwcr4h6GWgt +cSkXXFIYVV5GCrac4DhM60EvtXpadi8dNMu7dUKZjqES9UPC6Gc5H6fadauLaV6b +DbNrJufXUditjEbhqj5uX3u4/+nFRH8g1DiQm5RCC3ttVe0/7buJipErVQ9Sbhzk +hkFlzLbph2s2hiEP8NB5tXM3ffxmJ2Yv98+U1Ec0iXvsoGhqRyZVn1huTi+9PJnP +IyPfXDkqWv49E/WeZsaZ48kdVx9xIC6OVYF0GCDsKjsKWN+4xL6/eYvSnyIBij/A +e1T3wkLhp+bDyqxnvDatMlWchfbZxicvzr83c8SGt81RBekwbG/HGPRE4x5DnTkQ +67DTMzMSmW+FAJdZG2Ofsg9+D+v+iqRD310maLABtko3e+xm601FS8d0lDFJVGgG +36IB+ZrUIXmLfOIQjlF/yx566oUmSif3QRgmnSuNtunffXHBbL0qFAiEDwwHg41t +zBiSswKRWa5J/BMIung+6T8gw5kY3c3yJ+pUip4J2oeVa9jZlO/AY7k5BCeGh5Ky +zu22GMQIp9ulIIfUKx8jcnhtDy07UEmaWqv3rVsqKWF9v9B4z2SMiH1oFEgrNAxi +v98CAQOjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYDVR0OBAoECEQv+xQJkonQMA4G +A1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsFAAOCAgEASO7M8elac5VTP+FjuL1S +nS72NaIP/RGYmw6967irlG5qQ0cGmCZO5J8SsL7xc3BMofMQMbrsGEryO1F4Y95B +o419IzqPb8sYHlx1Du+F2D01qXBmGP/NcqQIo9twLa+man16l7SFF/iNof2axigM +TUcWzqHUxtSjCPoU44qTsi8vVuQKRP8gMGlVCty0joc0gEW8PqKiMaKxI+tglVA6 +czwvPXfk9pJkL3hhDg/p59iKJTkEKIDtvugrZ4ZqOCBL5xv1Tar3BMBAKSfl/YoQ +/p6ATGlKkjSbMyU7vUGxXldNALHkezxFufuDZEF/erp3hCVADbQMKgyM7Diu6cKB +0s4+POeTQoSQ2dnMQJdgAfeGcd3twy2s/M/xHAVGPAPIQWH7ppVcs6AbVXQabHxJ +YZU7G2ct8Se0r8RLq+iRYrWhFKl8mmVBNwK2WJhjWPv2fqM1xYtbbwH6zoV/Sf8j +uIbx/5A/MJo/4s/9ciafJLVzLvkOh6Bhf310TAxyB9mDiL00KAuVTDtwYfzo1+jw +0bInpPqTCkgszn0LbajeaEIc7lQ7neY0gmMqDvnhA+5LyHJXuX5tDF+1/KDijlLs +p/k1/YZfe1Ai1+gcRoAlp2O80tKaJWZPkf8POffyIkSxJbHlKF6r3TWs7JYr+YUi +lm2dyCqZ9RUD5ZN2YRntJoo= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer new file mode 100644 index 000000000..b7d4b08a6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer new file mode 100644 index 000000000..69de75609 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer new file mode 100644 index 000000000..8c434777e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer new file mode 100644 index 000000000..efa28178e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer new file mode 100644 index 000000000..33e776369 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer new file mode 100644 index 000000000..911640d0e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20041227-20141201.SerNo00b5ac.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer new file mode 100644 index 000000000..1bb449441 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20141118.SerNo3969edc1.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer new file mode 100644 index 000000000..1bb449441 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02.20141124-20241118.SerNo3969edc1.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt new file mode 100644 index 000000000..803b30eb1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-02_A-Trust-Test-Qual-.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEATCCAumgAwIBAgIEOWntwTANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMC +QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg +aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEdMBsGA1UECwwUQS1UcnVzdC1U +ZXN0LVF1YWwtMDIxHTAbBgNVBAMMFEEtVHJ1c3QtVGVzdC1RdWFsLTAyMB4XDTE0 +MTEyNDE0NDkxN1oXDTI0MTExODEzNDkxN1owgaExCzAJBgNVBAYTAkFUMUgwRgYD +VQQKDD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0 +ci4gRGF0ZW52ZXJrZWhyIEdtYkgxIzAhBgNVBAsMGmEtc2lnbi1QcmVtaXVtLVRl +c3QtU2lnLTAyMSMwIQYDVQQDDBphLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMjCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANwJSfWpRaziThddTTup72Cl +tlXl8oc7HQoK2SWsYQwZGAd5nJZbwbI4K8VFKlNnK72Zl8UhmQ2FxhzS6u+Q+qEz +JOM2xTfA2NB6A9/KFpTJXUjvCHgRvW16EEF9YpYXxKTSK+QrYCXAC5rL6SuYOzgA +7Q1ivq+zLbyXxroux2zVEBIiaBGpZhOHGDFJk6h/4QelIqzd2TIDCRzvhmLDVmhq +X2C1NQb5kZuMgrxxOhG5Cr1F8solkwyu43JiM+apY4bZJVQBwi9ATBMz5tfdoLRs +lQy1BCQ4X+b6u/2856gucU+1e/wa5pB9Ff0eP+xy+j2DZOXLNd8m/IQvnshjNusC +AwEAAaNLMEkwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQIRgafjkGOFb0wEwYD +VR0jBAwwCoAIQg8xWXA9iecwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUA +A4IBAQBq/owq5eGvhxegchLvnMjPnE9gTYIHEvMq8DN6h2J7pTEhKG2o09LLn/pN +HWRjKENU/LqZBIAJ5zebm5XqzB631BYcuu1abyPFfpMdAL9X4zFuDvg9EGaTir2c +81XaBYzVSLN7fxmNLKSmMwUt0JQQyqpe3V9iyoBE/WcQyKmKaEp7mCZsGFBm6KmJ +gqD6TPb7X9bWUr3yx6Z5gek71f3vQi69m1x811azXlxu1i/XFnVpzxkrKRXJWC+w +nQRxXmU7YnMzYPOA7UOpUG6J+7tYi29hY3EpMgyXM/T/BL5MdyzBefbPVzLHng5z +VaXNpO0ENCrlUyi1m3Yd/7QPDdJM +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt new file mode 100644 index 000000000..ee17cdb80 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Premium-Test-Sig-05.20141215-20141209.SerNo165fb8.crt @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIGQTCCBCmgAwIBAgIDFl+4MA0GCSqGSIb3DQEBCwUAMIGVMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMR0wGwYDVQQLDBRBLVRydXN0LVRl +c3QtUm9vdC0wNTEdMBsGA1UEAwwUQS1UcnVzdC1UZXN0LVJvb3QtMDUwHhcNMTQx +MjE1MTMxMDE5WhcNMjQxMjA5MTIxMDE5WjCBoTELMAkGA1UEBhMCQVQxSDBGBgNV +BAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3Ry +LiBEYXRlbnZlcmtlaHIgR21iSDEjMCEGA1UECwwaYS1zaWduLVRlc3QtUHJlbWl1 +bS1TaWctMDUxIzAhBgNVBAMMGmEtc2lnbi1UZXN0LVByZW1pdW0tU2lnLTA1MIIC +IDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAq9PRwApA35K3LT0p5IYtNZMS +BFJsIkzjgF4FRQ36PtxeNsPL6iPgfFjWLZzVT1arHrC6ciz97haDWEN5Jq+aVaZp +gvFtvqZXlwYOWP0sshQg1aP7zrfH/N6yqjkrXHyzgmSz3SVIbdj5CqUJz/+94FCR +cA8XkQ3WZAjSkRB+MSIY8umftkmJOVAstaG28OEtpmqwBLRh/QGcNZzfhyrPS2Ls +5BAKQW9SBb1nXn8JOHq0Bd8zHShHbny9X/qT0xqeFfwItZWiW7iu3LgbGqfB3J4d +s+9iecwHDsmYdSb2quGmzJXejmvktFZte9dlF7BuBqier+R3/czdLteRems5S9Ka +hlP3+f3CnFwKihyVMhnuf5HyhCo1Fvrt+igWtNnos38qzB5RzRTJXnvZyrtTJMQE +/8ZuV2B12Oaf0AQjt+o/SPKeaTBX2yes0S1xbQy7xJzNhgBJ2Ir3OI6SoOooVN+9 +kQuzD7NsJBJzIy4dHCvOgs0C1ro8DROaV3Usn58eYOkLDrPGpEBmFq7GnsxnbeEh +5zzlgh00R9cy5PxiO40U+KxnTmQl+/vc9i1plDLsTRePeThKgS0UOIRZP7voYKdu +IJaEzufNXUxZbCc9Mq3V552BmRPhL9Ouf/bfaVMmkY4p7BdU57stxDfVwG9biujj +AVPA7DeRm+S0kzWRq0kCAQOjgY0wgYowPwYDVR0fBDgwNjA0oDKgMIYuaHR0cDov +L2NybC5hLXRydXN0LmF0L2NybC9BLVRydXN0LVRlc3QtUm9vdC0wNTATBgNVHSME +DDAKgAhEL/sUCZKJ0DAPBgNVHRMBAf8EBTADAQH/MBEGA1UdDgQKBAhB0SNOEjM1 +3jAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggIBAEiqm52uEL2giMCy +8i1tIbqKP3SeJnYxhJgN4d3caWqfE1CoEUQjsN8t7sF866TOYJMrQ+/dS8bUqNiG +x4vvPrDq3DUSyKflgPaz+36xtB4BTlIiYTzio7Tnv+d5n+MsM6c/rijJzRx38FLM +tZTAfr7dXv5KxrfYrrEnPrGg0gMlYqX3rB1TKQnPx5qG3e2YXc6tdvDeXhh9cXj3 +76VJony7iV0ccKWNXRRNx1X0po/Luu6EMD/5czArtmO0KmGXO3gK3Fy7pxUbdBra +nSJNsY+Fv4X3zqf5n9ZM4Yut7KSqBiQbuMmIzLZkICJOWN5t9mOTStgmZjGqBdQN +sRuVinaLxA88Fd32ZmFxbagOLeKEXPTQT/ERbDOjhShY6jA2/LkIcg9mwDDOubsp +FcZaYlyXmvD+HNVxL5B4BGDWoGHmCxaj+bcYP4U797bpE90sTnMIQd6JoYEMQSIy +Re0S4jKIOkCqBDkPBIXZf/IizTvJiQoFUtT7civFYhcUHDOcWs69NUU3F6sEBZmq +C1uIRm7zD6FUPNpVcfVIeqcfWsnx5bSKwheh9Dk/A3eTmxjpodV4tIq6BfCLdq52 +85dumPB4zz/EmCuZ0hwy9/TJwaogVMqicvr1/pQXDM7T6fCM0vK9w/e4ejmX61TK +6MsTXFjxlwpIacl4fkAxk6L22xfB +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer new file mode 100644 index 000000000..cac44093a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-Qual-01a.20041117-20141117.SerNo00da88.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer new file mode 100644 index 000000000..32893db7f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-TEST-nQual-01a.20041117-20080630.SerNo00da8b.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer new file mode 100644 index 000000000..60bc9a557 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/a-sign-Test-Qual-01.20141117-20241111.SerNo16120f.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIID2zCCAsOgAwIBAgIDFhIPMA0GCSqGSIb3DQEBBQUAMIGTMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRwwGgYDVQQLDBNhLXNpZ24tVEVT +VC1RdWFsLTAxMRwwGgYDVQQDDBNhLXNpZ24tVEVTVC1RdWFsLTAxMB4XDTE0MTEx +NzA3NDAzNloXDTI0MTExMTA2NDAzNlowgZMxCzAJBgNVBAYTAkFUMUgwRgYDVQQK +DD9BLVRydXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4g +RGF0ZW52ZXJrZWhyIEdtYkgxHDAaBgNVBAsME2Etc2lnbi1URVNULVF1YWwtMDEx +HDAaBgNVBAMME2Etc2lnbi1URVNULVF1YWwtMDEwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQD4TRgyXzhxJ2AkndX0RPY771f64dsJrReEeuShLRK5io0B +kJWc4t7wuD1B98cJ0MUPlMmOJ2Ckc/vuLhQUyY3qEUmhMhixCUIcdHQ5yH3H0yMV +HxyJxAG83fE8M25kpKA4TzzMW8KPd2S63wbpPElyEy7vrllrLxvdQRSDpMZMvRg8 +fvoDGAehxsnKKwlXZuMq1aSBzfMz3cMBDKxvqzDIz7yC1iWNkdiwog3a5a5PbViK +shhZ0h+bx9WFDpiN6ooPQgcGhjD+NqIDoiOr7CUFHp+HiC6xIsEFJaBHTf3dRZ61 +0r1FDABx0Yj8+wlXSQLYq/1nR/QMwsvH0Cz1qYTPAgMBAAGjNjA0MA8GA1UdEwEB +/wQFMAMBAf8wEQYDVR0OBAoECE8h1CulBqTdMA4GA1UdDwEB/wQEAwIBBjANBgkq +hkiG9w0BAQUFAAOCAQEAimFu+xTm3UdyU+fO+2hz4DS20OGSC9NBDkorjzhRPWoZ +IVhUi6yH5drqSBm4/2ZYS1Ba5npzfyJwm+cLO28ljxAApfRHlbN0y83hKv7c0I7g +zWTMRs8X8ar5Gd7d4O5jpC4PAaZ1ozSDoE06U5im6YMLaJy/0QYvf5EQBMvLdeoc +d1vl17JYKYqYzcX2dvayikrfiglFqDaZZ66yJPBSuiyNhXpPkbXsOoyyTPtV/0Bh +eKIQiQyJID5aZtR7D4fBAzKdp5wB9KLQXBZ80hrwqrIuy+ME0tFaBWYBi8dzQ1iq +/E3Qz0USfGmxPMm8y/zRqsDvxZCRiSuvzBkOXbGMdA== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer new file mode 100644 index 000000000..d361d919f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011130-20041130.SerNo01f6(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer new file mode 100644 index 000000000..ad13d7b28 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20011215-20041215.SerNo021e(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer new file mode 100644 index 000000000..f9f27442b Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo0291(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer new file mode 100644 index 000000000..b6f39e354 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20020207-20050207.SerNo210d(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer new file mode 100644 index 000000000..f9fef65fc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01.20041201-20141201.SerNoE243(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer new file mode 100644 index 000000000..3c7775b6e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-01b.20041201-20141201.SerNo01C854.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer new file mode 100644 index 000000000..36a442b89 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer new file mode 100644 index 000000000..54f809962 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer new file mode 100644 index 000000000..ab9e0cd7d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03.20080425-20180425.SerNoe694(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer new file mode 100644 index 000000000..01965769d Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Qual-03b.20080424-20180424.SerNo041D14.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer new file mode 100644 index 000000000..b9a0e5a61 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-Root-05.20130923-20230920.SerNoFCDB4.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01-20011201-20041201.SerNo0213(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer new file mode 100644 index 000000000..b7d4b08a6 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20010427-20040427.SerNo006f(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer new file mode 100644 index 000000000..289fc2198 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0213(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer new file mode 100644 index 000000000..69de75609 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20011212-20041212.SerNo0218(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer new file mode 100644 index 000000000..8c434777e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20040326-20070326.SerNo6632(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer new file mode 100644 index 000000000..efa28178e Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-01.20041201-20141201.SerNoe242(CertifiedKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer new file mode 100644 index 000000000..33e776369 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der new file mode 100644 index 000000000..3be7b6a06 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenOhneTestkarten/C=AT,O=Hauptverband oesterr. Sozialvers.,CN=Root-CA 1-2045.der differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer new file mode 100644 index 000000000..afe6fdf09 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer new file mode 100644 index 000000000..36a442b89 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02.20041203-20141203.SerNoE248(SecureSignatureKeypair).cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer new file mode 100644 index 000000000..54f809962 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-Qual-02b.20041203-20141203.SerNo01C857.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer new file mode 100644 index 000000000..2284687bb --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03-20140723-20250723.SerNo14b4f9.cer @@ -0,0 +1,23 @@ +-----BEGIN CERTIFICATE----- +MIIDzzCCAregAwIBAgIDFLT5MA0GCSqGSIb3DQEBBQUAMIGNMQswCQYDVQQGEwJB +VDFIMEYGA1UECgw/QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBp +bSBlbGVrdHIuIERhdGVudmVya2VociBHbWJIMRkwFwYDVQQLDBBBLVRydXN0LW5R +dWFsLTAzMRkwFwYDVQQDDBBBLVRydXN0LW5RdWFsLTAzMB4XDTE0MDcyMzEwMzgy +OVoXDTI1MDcyMzA4MzgyOVowgY0xCzAJBgNVBAYTAkFUMUgwRgYDVQQKDD9BLVRy +dXN0IEdlcy4gZi4gU2ljaGVyaGVpdHNzeXN0ZW1lIGltIGVsZWt0ci4gRGF0ZW52 +ZXJrZWhyIEdtYkgxGTAXBgNVBAsMEEEtVHJ1c3QtblF1YWwtMDMxGTAXBgNVBAMM +EEEtVHJ1c3QtblF1YWwtMDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB +AQCtPWFuA/OQO8BBC4SAzewqo51ru27CQoT3URThoKgtUaNR8t4j8DRE/5TrzAUj +lUC5B3ilJfYKvUWG6Nm9wASOhURh73+nyfrBJcyFLGM/BWBzSQXgYHiVEEvc+RFZ +znF/QJuKqiTfC0Li21a8StKlDJu3Qz7dg9MmEALP6iPESU7l0+m0iKsMrmKS1GWH +2WrX9IWf5DMiJaXlyDO6w8dB3F/GaswADm0yqLaHNgBid5seHzTLkDx4iHQF63n1 +k3Flyp3HaxgtPVxO59X4PzF9j4fsCiIvI+n+u33J4PTs63zEsMMtYrWacdaxaujs +2e3Vcuy+VwHOBVWf3tFgiBCzAgMBAAGjNjA0MA8GA1UdEwEB/wQFMAMBAf8wEQYD +VR0OBAoECERqlWdVeRFPMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOC +AQEAEoykPeAA/6iKm6YnfxsSHFe+Dtian2yAH8L2TqMdcHeSB/7L1x73uuDeYku1 +hbKQAXnfXntf8R+VgjQBTww0aDb5164netYcFbK0g8uVWVCqOl8wf3JbAUxHS9br +cFKks+CJKPr6qQ6H+sb1o9127c9IQSZYP3S/gMAaGw0cSTlsnosE0P5Ur5vHsapm +FV3V+VOjYNs2GLSu4XQCYvSIpsfDJp8VsJ/BMYS9GqGvQ/9qGa0fwEbEMadb5mcJ +tw/EKg4gJthMgxOfO5eVuCQ3PAEWOe5lrOrTdvTIlhphUuns5hoIdlyLuNqewK3s +FJ6N46sU7LjJLqSKYEB8usoIiw== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer new file mode 100644 index 000000000..33e776369 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/A-Trust-nQual-03.20050817-20150817.SerNo016c1e.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer new file mode 100644 index 000000000..277b6083a Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/EGIZ_Test_CA_-_Signaturdienst.20070829-20140101.SerNo02.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der new file mode 100644 index 000000000..376d0753f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus-Schwab-BM-f-Inneres-20040219-20070219.SerNo5c39.der differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer new file mode 100644 index 000000000..376d0753f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt new file mode 100644 index 000000000..d69dc044e --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Testuser_BRZ_IdentityLink_Signer.crt @@ -0,0 +1,31 @@ +-----BEGIN CERTIFICATE----- +MIIFZDCCA0ygAwIBAgIJAJav+zeqU/DMMA0GCSqGSIb3DQEBCwUAMFwxCzAJBgNV +BAYTAkFUMQ0wCwYDVQQKEwRFR0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYw +JAYDVQQDFB1UZXN0X1NvZnR3YXJlY2FyZHNfSURMX1NpZ25lcjAeFw0xNjEwMTgx +MDM5MDdaFw0xOTA3MTQxMDM5MDdaMFwxCzAJBgNVBAYTAkFUMQ0wCwYDVQQKEwRF +R0laMRYwFAYDVQQLEw1Tb2Z0d2FyZUNhcmRzMSYwJAYDVQQDFB1UZXN0X1NvZnR3 +YXJlY2FyZHNfSURMX1NpZ25lcjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC +ggIBALkLgt+MFTxLfRzcEIZ0bycIFg7g/HPN7QWIZ67bHzrb6ehebzF9VinzDZXC +kfKWdUJbkNSuWKWrp2X62f7oGhdqK0yFc+Dlo+OpIDgQiWCpBfKJo8cPWsiAmNuT +xWVagU5faI1h7xvvOVMybWe92nivfqLOuEx6WvX/UoIawRHV2VmPGFgZocM5G0X6 +bUVEpqxAa3qOIlRr0poB+RA0PA86hRpRYal/Or93D8BfQH5l8zV9QcvPe/KeJSpJ +HgGWmEs593LtNuA1Rv1iDpuu10y7C2FeMBvcUpRkR7WAj7vIYVtQILXCh1FhfN1b +Hg6xLVTyshlgUn7ARQJYoJ3togdGamDRlnKU2rXN9j88Tw6fAdcCvWbWVtjy8pNj +WLkVJMlFWdfO6/5LAva1HxROMhFx7QOPhOzemetCtT2fI4FTAk9Vyf9wTUQOL8sq +K73t1A419lYS8WuUCzHDxLujLiTuwoIUgzMN/bqMEZrogPLY2Kj4vmZMZ4gU2PU7 +Yw+Xfang3+/yK1gYNEebpdvPi8SVUAnus/Cfmdwdn9O/naWiBpjc06GJvMbegjxw +oPBM5c0SkCR5xCaygZL2OBpRMKgdfrk4k0pj5ZUm+mtrOGojtRZJEZQCBpVPk1yD +3L4/Z4AZofOo8dSkUR+xJN0oKnIdfndvBxNF4sxY4IwOvFRrAgMBAAGjKTAnMAkG +A1UdEwQCMAAwCwYDVR0PBAQDAgWgMA0GByooAAoBBwEEAgUAMA0GCSqGSIb3DQEB +CwUAA4ICAQBcED7tE8qmAwFBdhyoz1D8yodEZmmdXZwksA/kI+o+5wQs6Y/qvw7j ++eBvlctyXCXWh1eFeb/FaiA5Cpoak8Nc/oY7T/yBj5gfKHlNqVT1owaBkHsEYMBv +aUXxyDCbnFMznJfkxjbvFbQdd1hceJht8Dx+ikpB6MJHqHIEry0WWgf3JdN5PErr +ATndjBE4BaTZ2q6sCv+SdK60Mk0mYA6l6nSC9eB8G9C4bA1cQEOu6+FPmFzSkiIF +temA1tjQnhxKZZigzxIN3EQAnq/23jf+CkxAt5GkpUjqF5bqKI1nerJOgn4Jm5j6 +sPZGpGllzHLBaybfY63Az4sERC28OlqFw1vxQs4hWIWNWEAMF3Oz4+pYg4OIIh5C +Nr1aqJgssWfOZrX2KSz2vqrZoU67zq84MQcJTSmgKVBb9OnrC5tYn5YVUlydPPjr +Um0iHlWC0MFiIgSzx6Ti2HnPgc0UHsA6IpSTo+UufYYNDiFCssRbu4r0/Syq4MP3 +ghYXdP9Tj0FISz2TvM6YQfzHej94bZcVNwnF4pWEnGZtBbNVvJRw9iJHHkDWLiYM +1B73zs7+pA8YgKqExDHXc1Shou5HvSuTXSmaTMUHrCkhotHfpqYhrJiAmJ+OftNv +6oxMPfNhZg01eOotm1J+WV2mJbgcPTNSC1ONcSFdQ5vZZLL24J2Hcw== +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer new file mode 100644 index 000000000..592c96230 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer new file mode 100644 index 000000000..a699436ca Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-SSL-03.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer new file mode 100644 index 000000000..e4bd48dac Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.20140905-20240905.SerNo153B49.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer new file mode 100644 index 000000000..61a7ccb15 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-02.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer new file mode 100644 index 000000000..5171276f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der new file mode 100644 index 000000000..5171276f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01aaed.der differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer new file mode 100644 index 000000000..ebfbce9a0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/atrust_OCSP_Responder_03-1.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt new file mode 100644 index 000000000..fda99f2bd --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/idl_signer_from_IDL.crt @@ -0,0 +1,27 @@ +-----BEGIN CERTIFICATE----- +MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer new file mode 100644 index 000000000..afe6fdf09 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/A-CERT-GOVERNMENT-20090505-20360918.SerNo0E.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer new file mode 100644 index 000000000..376d0753f Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Nikolaus_Schwab.20040219-20070219.SerNo5C39.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer new file mode 100644 index 000000000..592c96230 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/Waltraut_Kotschy.20070119-20120119.SerNo02DE1C.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer new file mode 100644 index 000000000..61a7ccb15 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-02.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer new file mode 100644 index 000000000..5171276f4 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungOhneTestkarten/a-sign-corporate-light-03-20051114-20151114.SerNo01AAED.cer differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json index a75535da1..0513709e2 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_own_test.json @@ -1,8 +1,8 @@ {"result": { - "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", - "EID-CITIZEN-QAA-LEVEL": "substantial", - "EID-CCS-URL": "https://www.a-trust.at/todo", - "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il81NzAxMGI3ZmNjOTNjYzRjZjNmMmI3NjQzODkxMzdjMiIgSXNzdWVJbnN0YW50PSIyMDE2LTAzLTI5VDA4OjUwOjU2LjQ1MFoiIFZlcnNpb249IjIuMCIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIj4NCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL2RlbW8tdmRhLmF0L3ZkYS1zZXJ2aWNlPC9zYW1sMjpJc3N1ZXI+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiLz48eHNsOnRlbXBsYXRlIG1hdGNoPSIvIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxoZWFkPjx0aXRsZT5TaWduYXR1ciBkZXIgQW5tZWxkZWRhdGVuPC90aXRsZT48c3R5bGUgbWVkaWE9InNjcmVlbiIgdHlwZT0idGV4dC9jc3MiPg0KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0NCgkJCQkJCQkJLnRpdGxlc3R5bGUgeyB0ZXh0LWRlY29yYXRpb246dW5kZXJsaW5lOyBmb250LXdlaWdodDpib2xkOyBmb250LXNpemU6IG1lZGl1bTsgfSANCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICANCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSANCiAgICAgICAgICAgICAgCQkJCTwvc3R5bGU+PC9oZWFkPjxib2R5PjxoNCBjbGFzcz0iaDRzdHlsZSI+QW5tZWxkZWRhdGVuOjwvaDQ+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBQZXJzb248L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb3JuYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6Mi41LjQuNDInXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjIwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+TmFjaG5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9sbG1hY2h0OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dGV4dD5JY2ggbWVsZGUgbWljaCBpbiBWZXJ0cmV0dW5nIGFuLiBJbSBuw6RjaHN0ZW4gU2Nocml0dCB3aXJkIG1pciBlaW5lIExpc3RlIGRlciBmw7xyIG1pY2ggdmVyZsO8Z2JhcmVuIFZlcnRyZXR1bmdzdmVyaMOkbHRuaXNzZSBhbmdlemVpZ3QsIGF1cyBkZW5lbiBpY2ggZWluZXMgYXVzd8OkaGxlbiB3ZXJkZS48L3hzbDp0ZXh0PjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgQW53ZW5kdW5nPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPklkZW50aWZpa2F0b3I6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYW1lOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyRnJpZW5kbHlOYW1lJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPlRlY2huaXNjaGUgUGFyYW1ldGVyPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdHVtOjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsOSwyKSIvPjx4c2w6dGV4dD4uPC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw2LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlVocnplaXQ6PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxMiwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxNSwyKSIvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VHJhbnNha3Rpb25zVG9ra2VuOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL0BJRCIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPg0KCQkJCQkJCQkJCQlWb2xsbWFjaHRlbi1SZWZlcmVuejogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXRhVVJMOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbi9zYW1sMjpBdWRpZW5jZSIvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48L2JvZHk+PC9odG1sPjwveHNsOnRlbXBsYXRlPjwveHNsOnN0eWxlc2hlZXQ+PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSNXaXRoQ29tbWVudHMiLz48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5tY0xFdXNpMmMySFZsZWJXZWJnK1VUVVVCVDRHSUxIVDdhN1ZGaDFNZ1YwPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDIvMDYveG1sZHNpZy1maWx0ZXIyIj48eHBmOlhQYXRoIHhtbG5zOnhwZj0iaHR0cDovL3d3dy53My5vcmcvMjAwMi8wNi94bWxkc2lnLWZpbHRlcjIiIEZpbHRlcj0iaW50ZXJzZWN0IiB4bWxuczpldHNpPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzL3YxLjEuMSMiPi8vKltASWQ9J2V0c2ktc2lnbmVkLTEtMSddL2V0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMvZXRzaTpTaWduZWRQcm9wZXJ0aWVzPC94cGY6WFBhdGg+PC9kc2lnOlRyYW5zZm9ybT48L2RzaWc6VHJhbnNmb3Jtcz48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHNpZzpEaWdlc3RWYWx1ZT5xMWdMWm9lTDZLOVZaZHkzM3lPdVRFaTJGVDFTaDBqRDJSZGMzRXJ0WmNvPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjwvZHNpZzpTaWduZWRJbmZvPjxkc2lnOlNpZ25hdHVyZVZhbHVlPmpjV2YrejljckIvVU1COTVPR2ZlMys5U2pESXRrMUZWSGRFZWNGSnhnbVJndWRjMWxmc1V2Z21BTzhxYlBHcGpEMDJhMi9pNmowTlJFR1l4dU5aVGtBPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRm1qQ0NBNEtnQXdJQkFnSUVPTkd1bWpBTkJna3Foa2lHOXcwQkFRc0ZBRENCblRFTE1Ba0dBMVVFQmhNQ1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVoTUI4R0ExVUVDd3dZWVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNU0V3SHdZRFZRUUREQmhoTFhOcFoyNHRjSEpsYldsMWJTMXRiMkpwYkdVdE1EVXdIaGNOTVRnd05ERXlNRFl4T0RVd1doY05Nak13TkRFeU1EWXhPRFV3V2pCbU1Rc3dDUVlEVlFRR0V3SkJWREVhTUJnR0ExVUVBd3dSVkdodmJXRnpJRWRsYjNKbklFeGxibm94RFRBTEJnTlZCQVFNQkV4bGJub3hGVEFUQmdOVkJDb01ERlJvYjIxaGN5QkhaVzl5WnpFVk1CTUdBMVVFQlJNTU9ESXdNVGd3TnpjM01qZzNNRmt3RXdZSEtvWkl6ajBDQVFZSUtvWkl6ajBEQVFjRFFnQUVmMmFZaTM5UlRPd3VHbHZqbWwwNms0eEdnSUZIOU8rajUrdms0bDdjbzVYRVNkYUYvK1FFQmJpcUIxQjlIcGZFOVJIZjdiYkc2WjdlZjh4VXhkdjMzYU9DQWVFd2dnSGRNSDBHQ0NzR0FRVUZCd0VCQkhFd2J6QkVCZ2dyQmdFRkJRY3dBb1k0YUhSMGNEb3ZMM2QzZHk1aExYUnlkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTF3Y21WdGFYVnRMVzF2WW1sc1pTMHdOUzVqY25Rd0p3WUlLd1lCQlFVSE1BR0dHMmgwZEhBNkx5OXZZM053TG1FdGRISjFjM1F1WVhRdmIyTnpjREFUQmdOVkhTTUVEREFLZ0FoSTgvMmNJdzZIZHpCeUJnZ3JCZ0VGQlFjQkF3Um1NR1F3Q2dZSUt3WUJCUVVIQ3dJd0NBWUdCQUNPUmdFQk1BZ0dCZ1FBamtZQkJEQVRCZ1lFQUk1R0FRWXdDUVlIQkFDT1JnRUdBVEF0QmdZRUFJNUdBUVV3SXpBaEZodG9kSFJ3Y3pvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDNCa2N5OFRBa1ZPTUJFR0ExVWREZ1FLQkFoS1F2Z2VFZTdPaURBT0JnTlZIUThCQWY4RUJBTUNCc0F3Q1FZRFZSMFRCQUl3QURCZ0JnTlZIU0FFV1RCWE1BZ0dCZ1FBaXpBQkFUQkxCZ1lxS0FBUkFSUXdRVEEvQmdnckJnRUZCUWNDQVJZemFIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMlJ2WTNNdlkzQXZZUzF6YVdkdUxYQnlaVzFwZFcwdGJXOWlhV3hsTUVNR0ExVWRId1E4TURvd09LQTJvRFNHTW1oMGRIQTZMeTlqY213dVlTMTBjblZ6ZEM1aGRDOWpjbXd2WVMxemFXZHVMWEJ5WlcxcGRXMHRiVzlpYVd4bExUQTFNQTBHQ1NxR1NJYjNEUUVCQ3dVQUE0SUNBUUFyL1Z0T3hVaU5aTVVjeHJISG9yM0FYWnlqcVVmdTRWTTFkbkt3Zjl1d1hRa3NVcnF2b1Jzc3AyakhDbnpIM2FaV2plQ3U5UFVDSmV3NXgxUnBNeEUwaFZZanEzNzVrdjM4d1ZXUjM4WmE3eVl5ME45cTBVbjBOSmlTUHpuaklUa3RweWZkcHNGSkluTDIrM1h5Z2FZZU51dGU5NjA0WTMwK3JGSCtKck85UjgzWmFwbTZjdGs4ai8xSHBxb0c0NXlJbTZtS3AvWGhndGJnVk13OHptUjBQWGpBaW5FaTYrUmEzL1Z0cUV4ZVlHaUt5WS9SdWU1TWZQRGhiMmRBQjByd1ozVWtRakU0TWFyMFRDVzR0cHZKR0hiakhuQkwyMVY4SVNMZkUxb1NYcGJZWVNqTFh4TENmcmJrZUdSbkhTUTVENUUwU1ZqTzdsU3NQazFtaVErcExGR1FTNTZKS3VFWTBoVzRKYzlkUGRRc29Qc2FEVCtQZW1WQXIzcVZGTEQ1QSt0cm5GMFpqQ3A2RHVhYVdnT0hQajFweE05V0tVRFpXa1hUQWdDZVZhN3RLMlFjMlZWUUUvc3ZGS1I1OWlGTWlSdGpZQXpjTS9OZ215bE9DYUc1a01UZmlXOWhnbGo5QjNSdVVackZHWFNhY0ptcGM4ZWppRTl4a3B5UTVadDlpK3FDVE40ajdIOWdpRHMydkNnMDFwYnp3b0txc05zWGlFc2JzM3NVeTVTUFYyRzg4a055Vm9DTkVKVVZka0ZBZXBqQkcwbDJ5SkxaVkRtdHBucjlFbzc2LzRWSGhGeWJIYU84aWxabXJaQTRqMitMaGRBSFg3a3ZhVE1YbHQxSVphaWdOZE9YYVAwT3d2d3BWUGtSTG9LOHJ1UDRObzE4VGRvQVc0MTVpUT09PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PGRzaWc6T2JqZWN0IElkPSJldHNpLXNpZ25lZC0xLTEiPjxldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzIHhtbG5zOmV0c2k9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuMS4xIyIgVGFyZ2V0PSIjc2lnbmF0dXJlLTEtMSI+PGV0c2k6U2lnbmVkUHJvcGVydGllcz48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDVUMDY6MzI6MjZaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGV0c2k6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZXRzaTpEaWdlc3RWYWx1ZT5JZE1yc2VxMHNXczl5UStFRDN3UWpIOHcxeDg9PC9ldHNpOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tcHJlbWl1bS1tb2JpbGUtMDUsT1U9YS1zaWduLXByZW1pdW0tbW9iaWxlLTA1LE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj45NTMyNjU4MTg8L2RzaWc6WDUwOVNlcmlhbE51bWJlcj48L2V0c2k6SXNzdWVyU2VyaWFsPjwvZXRzaTpDZXJ0PjwvZXRzaTpTaWduaW5nQ2VydGlmaWNhdGU+PGV0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48ZXRzaTpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT4NCgk8c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTYtMDMtMjlUMDg6NTA6NTYuNDUwWiIgTm90T25PckFmdGVyPSIyMDE2LTAzLTI5VDA4OjU1OjU2LjQ1MFoiPg0KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj4NCgkJCTxzYW1sMjpBdWRpZW5jZT5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9wb3N0PC9zYW1sMjpBdWRpZW5jZT4NCgkJPC9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCTwvc2FtbDI6Q29uZGl0aW9ucz4NCgk8c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Mi4xPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5NdXN0ZXJtYW5uPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIuNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TWF4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4wMS4wMy4xOTk4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5odHRwczovL2RlbW8uZWdpei5ndi5hdC9kZW1vLVNQL3B2cC9tZXRhZGF0YTwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUZyaWVuZGx5TmFtZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5EZW1vbG9naW4gU2VydmljZSBwcm92aWRlZCBieSBFR0laPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItQ291bnRyeUNvZGUiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5BVDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iTUFOREFURS1SRUZFUkVOQ0UtVkFMVUUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+DQoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+X2FzZGZhZGZhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhc2Zhczwvc2FtbDI6QXR0cmlidXRlVmFsdWU+DQoJCTwvc2FtbDI6QXR0cmlidXRlPg0KCTwvc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50Pg0KPC9zYW1sMjpBc3NlcnRpb24+" + "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6cHI9Imh0dHA6Ly9yZWZlcmVuY2UuZS1nb3Zlcm5tZW50Lmd2LmF0L25hbWVzcGFjZS9wZXJzb25kYXRhLzIwMDIwMjI4IyIgeG1sbnM6c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiBBc3NlcnRpb25JRD0ic3pyLmJtaS5ndi5hdC1Bc3NlcnRpb25JRDE0Njc2MTY4NDU1MTg2OTkiIElzc3VlSW5zdGFudD0iMjAxNi0wNy0wNFQwOToyMDo0NSswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiPgoJPHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCTxzYW1sOlN1YmplY3Q+CgkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJCQk8c2FtbDpDb25maXJtYXRpb25NZXRob2Q+dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD4KCQkJCTxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhPgoJCQkJCTxwcjpQZXJzb24gc2k6dHlwZT0icHI6UGh5c2ljYWxQZXJzb25UeXBlIj48cHI6SWRlbnRpZmljYXRpb24+PHByOlZhbHVlPkFUL0NaL3hXRTB2RldhcnpwelNMNExZbHBzdDliNnZnMD08L3ByOlZhbHVlPjxwcjpUeXBlPnVybjpwdWJsaWNpZDpndi5hdDplaWRhc2lkK0FUK0NaPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTgwLTAyLTI5PC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZWNkc2E6RUNEU0FLZXlWYWx1ZT48ZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6TmFtZWRDdXJ2ZSBVUk49InVybjpvaWQ6MS4yLjg0MC4xMDA0NS4zLjEuNyIvPjwvZWNkc2E6RG9tYWluUGFyYW1ldGVycz48ZWNkc2E6UHVibGljS2V5PjxlY2RzYTpYIFZhbHVlPSI0OTYyOTAyMjY5NzQ3NDYwMjQ5NzcwNzQ3MzIzODI0NjkxNDYxMDIxNzUzNTY4OTc5ODUyNzMxMzYyMDE1NzEwOTYxNDM1NTI0Mjk4OCIgc2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8+PGVjZHNhOlkgVmFsdWU9Ijc3MTExNTYwNzEzNzU1OTE0NDUwNzM2MDQxNzUxNjE1MTEyNDAyMzEwNjQ5ODMyMTQ3NzMxNjA5MjIxNzEwNDY1MDY1NTAxMzU2NDkyIiBzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48L2VjZHNhOlB1YmxpY0tleT48L2VjZHNhOkVDRFNBS2V5VmFsdWU+PC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU+PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI+PHNhbWw6QXR0cmlidXRlVmFsdWU+PGRzaWc6UlNBS2V5VmFsdWU+PGRzaWc6TW9kdWx1cz4xQkZPaXRpUVVjMWxBSERHa3NuZVhXWkdLR2FGQmN1MDNIRWlJRnNqSGpOdC9JZlJaNEl6cUhvdFVLSXR4bkNkTnRzRmMxTWtNSmcrCmcwQVhIc3VVNk1OZ2NiY1hQYVBmbUhwKzgrQkpoK2FtREYzRm5BTjRjZUc4b0ZBR1ZFWnRlT2dmZFdrMXI1UlEyU0srMFB1WFB1THAKVGVlN0l6WHRrc1JlWmtWRWFkVUN4bi9oaVJYWmEwZEFCZ2tGZTNrU1hiRHI1dEtYT0YwRkN0TEtoWkJJOXorTmJYK2FUU0tPbUFPcQo0anl5bW9vNUVQM0wraVBlY3JVd0hpakQwQm04OWgxSmp4UDUyMWZrWWUzU2krMEo0MG9rcm1DQ1FIQnIrSXpCMXVYOThwS2h2czdYCjZyUGpPSjZsQndQN1hqSzdEMTI4UC9jZzRlSDZ2NThjQ2ZiTGNRPT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJCjxkc2lnOlNpZ25hdHVyZSBJZD0ic2lnbmF0dXJlLTEtMSIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyI+PGRzaWc6U2lnbmVkSW5mbz48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9InJlZmVyZW5jZS0xLTEiIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8+PC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiLz48ZHNpZzpEaWdlc3RWYWx1ZT5FK0JYSDBDMkY2RVlIamRKck9VS3IrRHNLVDg9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWU+SHZqNDBtOXJpZHAySE96ODFNVEFxemYwcStzWkM1WWVLcEpQNDNlSzVHMUhOSDEvRE5HVS9yLzZJVlBpYlU5WQpZR1lKb1hwem54UkZpYkVRNmRGQ0hBYU5QeUFEbWRHSHlKU1dyeUk1eXBBYXA0WThNSm5hVUdTV1k0OUlaYmh0ClBqZktXQjJqVU56ajFUMnU2ZWJJaWZBVGhBSzhacUlFK2U1dWFSK3FyckxpY3hJaFhjU1pveVNjYkt4TXVUMVEKcDZ6TnNOQk9IdWpiVkFmS0ZVRThXbUdJbnl2dW9EZ2VyVXJBMFhzdFdXZzJNOWdoeXRjREp3WnBUWXdYdm1tbwpHVjQ3dWUwSVRydE0rUXFXVmJ0K2RITzgzNjlKRm5HUTloLzZoLzRqOWl5TnV4Zkc3dS9FeUhRaVN1eTArRlA4CjFsa0xzZzFZWCsycE4wSEVseVhWcXc9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlFcXpDQ0JCU2dBd0lCQWdJSEFOdXg4MW9OZXpBTkJna3Foa2lHOXcwQkFRVUZBREJBTVNJd0lBWURWUVFECkV4bEpRVWxMSUZSbGMzUWdTVzUwWlhKdFpXUnBZWFJsSUVOQk1RMHdDd1lEVlFRS0V3UkpRVWxMTVFzd0NRWUQKVlFRR0V3SkJWREFlRncweE16QTVNamN3TlRNek16ZGFGdzB5TXpBNU1qY3dOVE16TXpkYU1JSGtNUXN3Q1FZRApWUVFHRXdKQlZERU5NQXNHQTFVRUJ4TUVSM0poZWpFbU1DUUdBMVVFQ2hNZFIzSmhlaUJWYm1sMlpYSnphWFI1CklHOW1JRlJsWTJodWIyeHZaM2t4U0RCR0JnTlZCQXNUUDBsdWMzUnBkSFYwWlNCbWIzSWdRWEJ3YkdsbFpDQkoKYm1admNtMWhkR2x2YmlCUWNtOWpaWE56YVc1bklHRnVaQ0JEYjIxdGRXNXBZMkYwYVc5dWN6RVVNQklHQTFVRQpCQk1MVFU5QkxWTlRJRlJsYzNReEdEQVdCZ05WQkNvVEQwVkhTVm9nVkdWemRIQnZjblJoYkRFa01DSUdBMVVFCkF4TWJSVWRKV2lCVVpYTjBjRzl5ZEdGc0lFMVBRUzFUVXlCVVpYTjBNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUYKQUFPQ0FROEFNSUlCQ2dLQ0FRRUF1RGpPeWYrbVkrb1FMMkZRenp1YWlDOEMyM3ZWS2JxL24yWmk3QnFTaWJaSAptdHFNSmZtajRwVCtoV1NOSHZWdldzYXhGY3g0S2VOcWRDTXp3bncxcjRQM1NmKzJvNXVGa3U1S0hFTUxNb2tSCnlZUUc5VnFZL0trQjk0eWU3UHY2elQ4Z3ZLcXhHRmc5NlVhbUVDZXA0c3dQYVNackE4QU9FUjVXQXR5R0R6S0kKVHorYTV6ZkZhVFhEb2JhN2Y5OFBDV1I5NnlLaUZqVk9oenAzOFdWejRWSmd6K2I4WlNZN1hzdjVLbjdEWGpPTApTVFg0TWV2RkxraTNyRlB1cDMrNHZHVG9hTUJXM1BFajY3SFhCZHFSODU1TGU2K0U2clZ4T1Jxc1hxbFZ3aHNJCjZudVMwQ08yTFdZbUJOUjFJQjBtWHRlZVlIL0hmeHZ1WmMrN3lEamRQUUlEQVFBQm80SUJoRENDQVlBd0RnWUQKVlIwUEFRSC9CQVFEQWdiQU1Bd0dBMVVkRXdFQi93UUNNQUF3SFFZRFZSME9CQllFRkVtY0g2Vlk0QkcxRUFHQgpUTG9OUjl2SC9nNnlNRkFHQTFVZEh3UkpNRWN3UmFCRG9FR0dQMmgwZEhBNkx5OWpZUzVwWVdsckxuUjFaM0poCmVpNWhkQzlqWVhCemJ5OWpjbXh6TDBsQlNVdFVaWE4wWDBsdWRHVnliV1ZrYVdGMFpVTkJMbU55YkRDQnFnWUkKS3dZQkJRVUhBUUVFZ1owd2dab3dTZ1lJS3dZQkJRVUhNQUdHUG1oMGRIQTZMeTlqWVM1cFlXbHJMblIxWjNKaAplaTVoZEM5allYQnpieTlQUTFOUVAyTmhQVWxCU1V0VVpYTjBYMGx1ZEdWeWJXVmthV0YwWlVOQk1Fd0dDQ3NHCkFRVUZCekFDaGtCb2RIUndPaTh2WTJFdWFXRnBheTUwZFdkeVlYb3VZWFF2WTJGd2MyOHZZMlZ5ZEhNdlNVRkoKUzFSbGMzUmZTVzUwWlhKdFpXUnBZWFJsUTBFdVkyVnlNQ0VHQTFVZEVRUWFNQmlCRm5Sb2IyMWhjeTVzWlc1NgpRR1ZuYVhvdVozWXVZWFF3SHdZRFZSMGpCQmd3Rm9BVWFLSmVFZHJlTDRCclJFUy9qZnBsTm9Fa3AyOHdEUVlKCktvWklodmNOQVFFRkJRQURnWUVBbEZHalV4WExzN1NBVDhOdFhTcnYyV3JqbGtsYVJuSFRGSExRd3lWbzhKV2IKZ3ZSa0hIRFV2Mm84b2ZYVVkyUjJXSjM4ZHhlRG9jY2diWHJKYi9RaGk4SVk3WWhDd3YvVHVJWkRpc3lBcW84VwpPUktTaXAvNkhXbEdDU1IvVmdvZXQxR3RDbUYwRm9VeEZVSUdTQXVRMnl5dDRmSXp0NUdKclUxWDV1ampJMXc9PC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE+PC9kc2lnOktleUluZm8+PC9kc2lnOlNpZ25hdHVyZT48L3NhbWw6QXNzZXJ0aW9uPg==", + "EID-CITIZEN-QAA-LEVEL": "http://eidas.europa.eu/LoA/substantial", + "EID-CCS-URL": "https://localhost.org/demovda", + "EID-AUTH-BLOCK": "PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiBJRD0iXzU3MDEwYjdmY2M5M2NjNGNmM2YyYjc2NDM4OTEzN2MyIiBJc3N1ZUluc3RhbnQ9IjIwMTYtMDYtMDZUMTA6NDA6MDAuMDAwIiBWZXJzaW9uPSIyLjAiPg0KCTxzYW1sMjpJc3N1ZXIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDplbnRpdHkiPmh0dHBzOi8vZGVtby12ZGEuYXQvdmRhLXNlcnZpY2U8L3NhbWwyOklzc3Vlcj48ZHNpZzpTaWduYXR1cmUgSWQ9IlNpZ25hdHVyZS03NmUyZDZmYi0xIiB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48ZHNpZzpTaWduZWRJbmZvIElkPSJTaWduZWRJbmZvLTc2ZTJkNmZiLTEiPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNlY2RzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0xIiBVUkk9IiI+PGRzaWc6VHJhbnNmb3JtcyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj4NCgkJCQk8ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk5L1JFQy14c2x0LTE5OTkxMTE2Ij48eHNsOnN0eWxlc2hlZXQgeG1sbnM6eHNsPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L1hTTC9UcmFuc2Zvcm0iIGV4Y2x1ZGUtcmVzdWx0LXByZWZpeGVzPSJzYW1sMiIgdmVyc2lvbj0iMS4wIiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI+PHhzbDpvdXRwdXQgbWV0aG9kPSJ4bWwiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4c2w6dGVtcGxhdGUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIG1hdGNoPSIvIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94aHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3RpdGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+DQogICAgICAgICAgICAgIAkJCQkJLm5vcm1hbHN0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IH0gDQogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQ0KCQkJCQkJCQkudGl0bGVzdHlsZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IA0KCQkJCQkJCQkuaDRzdHlsZSB7IGZvbnQtc2l6ZTogbGFyZ2U7IH0gICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIA0KCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IA0KICAgICAgICAgICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxlIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40MiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xsbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0PkljaCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hyaXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFyZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVuIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1ciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIvPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNUb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+DQoJCQkJCQkJCQkJCVZvbGxtYWNodGVuLVJlZmVyZW56OiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIi8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiPjx0ciBjbGFzcz0iaGlkZGVuIj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5BdXRoQmxvY2tWYWxpZFRvOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMvQE5vdE9uT3JBZnRlciIvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjwvYm9keT48L2h0bWw+PC94c2w6dGVtcGxhdGU+PC94c2w6c3R5bGVzaGVldD48L2RzaWc6VHJhbnNmb3JtPg0KCQkJCTxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzIwMDEvUkVDLXhtbC1jMTRuLTIwMDEwMzE1I1dpdGhDb21tZW50cyIvPg0KCQkJPC9kc2lnOlRyYW5zZm9ybXM+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+QWFqRkVkQWx5NW45MWkyVVZvcVNuL0JKcjREVlpZeFBYM2RIcE9aUC9vdz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2UgSWQ9IlJlZmVyZW5jZS03NmUyZDZmYi0yIiBUeXBlPSJodHRwOi8vdXJpLmV0c2kub3JnLzAxOTAzI1NpZ25lZFByb3BlcnRpZXMiIFVSST0iI1NpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzaWc6RGlnZXN0VmFsdWU+Nldac3lKNkYySUJLS3BsWDNacHJzQ0FJOVN0OXVmS0UyNWFlUDI1cDRkQT08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6U2lnbmVkSW5mbz48ZHNpZzpTaWduYXR1cmVWYWx1ZSBJZD0iU2lnbmF0dXJlVmFsdWUtNzZlMmQ2ZmItMSI+NzY1NndpVGRGWVZCTDlyOGdXemprWVhJWXNhTk9EWDBVUHVQVXRyTlpSYnhZY3BJdDNhVUpVaUZuR0FBVzhiRw0KSytGdnZXYkYweDMzMm9zeFFYRDZtUT09PC9kc2lnOlNpZ25hdHVyZVZhbHVlPjxkc2lnOktleUluZm8+PGRzaWc6WDUwOURhdGE+PGRzaWc6WDUwOUNlcnRpZmljYXRlPk1JSUZDVENDQS9HZ0F3SUJBZ0lFWDcxL21qQU5CZ2txaGtpRzl3MEJBUVVGQURDQm9URUxNQWtHQTFVRUJoTUMNClFWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWcNCmFXMGdaV3hsYTNSeUxpQkVZWFJsYm5abGNtdGxhSElnUjIxaVNERWpNQ0VHQTFVRUN3d2FZUzF6YVdkdUxWQnkNClpXMXBkVzB0VkdWemRDMVRhV2N0TURJeEl6QWhCZ05WQkFNTUdtRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXQNClUybG5MVEF5TUI0WERURTJNRGN3TkRBM01qRXdPRm9YRFRJd01ETXpNVEExTWpFd09Gb3dnYmN4Q3pBSkJnTlYNCkJBWU1Ba0ZVTVRzd09RWURWUVFERERKWVdGaE5ZWEpwWVMxVWFHVnlaWE5wWVNCTGRXNXBaM1Z1WkdFZ1dGaFkNClNHRmljMkoxY21jdFRHOTBhSEpwYm1kbGJqRWZNQjBHQTFVRUJBd1dXRmhZU0dGaWMySjFjbWN0VEc5MGFISnANCmJtZGxiakVrTUNJR0ExVUVLZ3diV0ZoWVRXRnlhV0V0VkdobGNtVnphV0VnUzNWdWFXZDFibVJoTVJVd0V3WUQNClZRUUZEQXc0TWpnM05EZ3hNamM0TVRJeERUQUxCZ05WQkF3TUJFMWhaeTR3V1RBVEJnY3Foa2pPUFFJQkJnZ3ENCmhrak9QUU1CQndOQ0FBUnR1UWdLYTdpR013RHdVM0E3a1J2VzM0NXA2dVU1bUFRQURRWlpHVUZmN0twN21NRGkNCnZUWVNLcFREMjI2MTcrRXVrRGJ2dHVxdVpGd2ZscEtOZkhITW80SUIrakNDQWZZd2dZVUdDQ3NHQVFVRkJ3RUINCkJIa3dkekJIQmdnckJnRUZCUWN3QW9ZN2FIUjBjRG92TDNkM2R5NWhMWFJ5ZFhOMExtRjBMMk5sY25SekwyRXQNCmMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5WVM1amNuUXdMQVlJS3dZQkJRVUhNQUdHSUdoMGRIQTYNCkx5OXZZM053TFhSbGMzUXVZUzEwY25WemRDNWhkQzl2WTNOd01BNEdBMVVkRHdFQi93UUVBd0lHd0RBbkJnZ3INCkJnRUZCUWNCQXdFQi93UVlNQll3Q0FZR0JBQ09SZ0VCTUFvR0NDc0dBUVVGQndzQk1JR2tCZ05WSFI4RWdad3cNCmdaa3dnWmFnZ1pPZ2daQ0dnWTFzWkdGd09pOHZiR1JoY0MxMFpYTjBMbUV0ZEhKMWMzUXVZWFF2YjNVOVlTMXoNCmFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNRElzYnoxQkxWUnlkWE4wTEdNOVFWUS9ZMlZ5ZEdsbWFXTmgNCmRHVnlaWFp2WTJGMGFXOXViR2x6ZEQ5aVlYTmxQMjlpYW1WamRHTnNZWE56UFdWcFpFTmxjblJwWm1sallYUnANCmIyNUJkWFJvYjNKcGRIa3dDUVlEVlIwVEJBSXdBREJaQmdOVkhTQUVVakJRTUFnR0JnUUFpekFCQVRCRUJnWXENCktBQVJBUXN3T2pBNEJnZ3JCZ0VGQlFjQ0FSWXNhSFIwY0RvdkwzZDNkeTVoTFhSeWRYTjBMbUYwTDJSdlkzTXYNClkzQXZZUzF6YVdkdUxWQnlaVzFwZFcwd0V3WURWUjBqQkF3d0NvQUlSZ2FmamtHT0ZiMHdFUVlEVlIwT0JBb0UNCkNFTVFVRXBMcjZNa01BMEdDU3FHU0liM0RRRUJCUVVBQTRJQkFRQ2x5Mm1IbVhZNTUybHRNdm4xUTkzb3dweDMNCkwxMGJ4UVRIV3dZN2c4YnlVdlhBdDc3bW9USkU5aHNlZW90ZVkzQ1Y2c3VOL1h6VFZIeVlBRFZKMHkyR3lCWDANCjFvaGhNcjE0TDVuQ0YzNC81WUJ3bkdSYzhxWDhtMGxaZEhaajVmZkJqQTNreWRLWHQvTFhRSEpYYlBtU0VuYnMNCkc1NWMvRjNTc3A4OC93Q1M2ZC9WZ3d0S1RxMnN1RnNHR0RJbGhic1RKN0p6TnpLNm9pdEUzVXZLd05nbzdKWUMNCkZJM1R4bXhpUy84dm5qRnc4V3o1M016bjBaTjAwUERqYi9Nb24vT2hUMUN1Y3dBMmh2eW1KeWhwcG9JN2tQbm8NCmRxZGV3Y0toZzNPcGJHUkVGL3Z5N2pNRjRUSXhBMGJ3VkNvdUFsdmZqSnZoM2MvSElnQS84WlpTTVdrbTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPjxkc2lnOk9iamVjdCBJZD0iT2JqZWN0LTc2ZTJkNmZiLTEiPjx4YWRlczpRdWFsaWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiB4bWxuczpuczM9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMvdjEuNC4xIyIgVGFyZ2V0PSIjU2lnbmF0dXJlLTc2ZTJkNmZiLTEiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNsPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3NlY3VyaXR5bGF5ZXIvMS4yIyI+PHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtNzZlMmQ2ZmItMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDZUMTE6NTg6MDRaPC94YWRlczpTaWduaW5nVGltZT48eGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpDZXJ0Pjx4YWRlczpDZXJ0RGlnZXN0Pjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPkZaTHZCVERTdEVMM0k1VEJZVmJaRjk2alcvMVRCcXhqdDJZYnNJUTN4OGM9PC9kc2lnOkRpZ2VzdFZhbHVlPjwveGFkZXM6Q2VydERpZ2VzdD48eGFkZXM6SXNzdWVyU2VyaWFsPjxkc2lnOlg1MDlJc3N1ZXJOYW1lPkNOPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE9VPWEtc2lnbi1QcmVtaXVtLVRlc3QtU2lnLTAyLE89QS1UcnVzdCBHZXMuIGYuIFNpY2hlcmhlaXRzc3lzdGVtZSBpbSBlbGVrdHIuIERhdGVudmVya2VociBHbWJILEM9QVQ8L2RzaWc6WDUwOUlzc3Vlck5hbWU+PGRzaWc6WDUwOVNlcmlhbE51bWJlcj4xNjA2MjU0NDkwPC9kc2lnOlg1MDlTZXJpYWxOdW1iZXI+PC94YWRlczpJc3N1ZXJTZXJpYWw+PC94YWRlczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjx4YWRlczpTaWduYXR1cmVQb2xpY3lJbXBsaWVkLz48L3hhZGVzOlNpZ25hdHVyZVBvbGljeUlkZW50aWZpZXI+PC94YWRlczpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjx4YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48eGFkZXM6RGF0YU9iamVjdEZvcm1hdCBPYmplY3RSZWZlcmVuY2U9IiNSZWZlcmVuY2UtNzZlMmQ2ZmItMSI+PHhhZGVzOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwveGFkZXM6TWltZVR5cGU+PC94YWRlczpEYXRhT2JqZWN0Rm9ybWF0PjwveGFkZXM6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC94YWRlczpTaWduZWRQcm9wZXJ0aWVzPjwveGFkZXM6UXVhbGlmeWluZ1Byb3BlcnRpZXM+PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPg0KCTxzYW1sMjpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAxOC0wNi0wNlQxMDo0MDowMC4wMDBaIiBOb3RPbk9yQWZ0ZXI9IjIwMTgtMDYtMDZUMTU6MDA6MDAuMDAwWiI+DQoJCTxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPg0KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL3Bvc3Q8L3NhbWwyOkF1ZGllbmNlPg0KCQk8L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+DQoJPC9zYW1sMjpDb25kaXRpb25zPg0KCTxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQVlAtVkVSU0lPTiIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlBSSU5DSVBBTC1OQU1FIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlhYWEhhYnNidXJnLUxvdGhyaW5nZW48L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkdJVkVOLU5BTUUiIE5hbWU9InVybjpvaWQ6Mi41LjQuNDIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5YWFhNYXJpYS1UaGVyZXNpYSBLdW5pZ3VuZGE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkJJUlRIREFURSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjE5ODAtMDItMjk8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1VbmlxdWVJZCIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJVbmlxdWVJZCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vZGVtby5lZ2l6Lmd2LmF0L2RlbW8tU1AvcHZwL21ldGFkYXRhPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkRlbW9sb2dpbiBTZXJ2aWNlIHByb3ZpZGVkIGJ5IEVHSVo8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPg0KCQk8L3NhbWwyOkF0dHJpYnV0ZT4NCgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPg0KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFUPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJNQU5EQVRFLVJFRkVSRU5DRS1WQUxVRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4NCgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5fYXNkZmFkZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzZmFzPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT4NCgkJPC9zYW1sMjpBdHRyaWJ1dGU+DQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+DQo8L3NhbWwyOkFzc2VydGlvbj4=" } } \ No newline at end of file -- cgit v1.2.3 From ea49cd41d7ae571f8156f7b2ac02c9e2a6f86ca6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 11 Jun 2018 20:08:41 +0200 Subject: add jUnit for user-restrication whitelist-store --- .../id/config/auth/data/UserWhitelistStore.java | 40 ++- .../moa/id/config/auth/data/DummyAuthConfig.java | 387 +++++++++++++++++++++ .../auth/data/UserRestrictionWhiteListTest.java | 136 ++++++++ .../src/test/resources/BPK-Whitelist_20180607.csv | 10 + .../SpringTest-context_basic_user_whitelist.xml | 18 + .../modules/sl20_auth/eIDDataVerifierTest.java | 2 +- 6 files changed, 589 insertions(+), 4 deletions(-) create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java create mode 100644 id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv create mode 100644 id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java index 38bcfa2af..a90d71a18 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java @@ -43,8 +43,24 @@ public class UserWhitelistStore { try { InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); String whiteListString = IOUtils.toString(new InputStreamReader(is)); - whitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString)); + List preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString)); + + //remove prefix if required + for (String bPK : preWhitelist) { + String[] bPKSplit = bPK.split(":"); + if (bPKSplit.length == 1) + whitelist.add(bPK); + + else if (bPKSplit.length ==2 ) + whitelist.add(bPKSplit[1]); + + else + Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ..."); + + } + Logger.info("User whitelist is initialized with " + whitelist.size() + " entries."); + } catch (FileNotFoundException e) { Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e); @@ -61,6 +77,15 @@ public class UserWhitelistStore { } + /** + * Get the number of entries of the static whitelist + * + * @return + */ + public int getNumberOfEntries() { + return whitelist.size(); + } + /** * Check if bPK is in whitelist * @@ -76,6 +101,11 @@ public class UserWhitelistStore { } public boolean isUserbPKInWhitelistDynamic(String bPK) { + return isUserbPKInWhitelistDynamic(bPK, false); + + } + + public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) { try { if (absWhiteListUrl != null) { InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); @@ -86,7 +116,8 @@ public class UserWhitelistStore { } else { Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... "); - return isUserbPKInWhitelist(bPK); + if (!onlyDynamic) + return isUserbPKInWhitelist(bPK); } } @@ -94,8 +125,11 @@ public class UserWhitelistStore { Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e); } + if (!onlyDynamic) + return isUserbPKInWhitelist(bPK); - return isUserbPKInWhitelist(bPK); + + return false; } } diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java new file mode 100644 index 000000000..d72e2f28c --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java @@ -0,0 +1,387 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.IOException; +import java.util.List; +import java.util.Map; +import java.util.Properties; + +import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask; +import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.IStorkConfig; +import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; +import at.gv.util.config.EgovUtilPropertiesConfiguration; + +public class DummyAuthConfig implements AuthConfiguration { + + @Override + public String getRootConfigFileDir() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultChainingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getTrustedCACertificates() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isTrustmanagerrevoationchecking() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getActiveProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralPVP2ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Properties getGeneralOAuth20ProperiesConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public ProtocolAllowed getAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map getConfigurationWithPrefix(String Prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationWithKey(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBasicMOAIDConfiguration(String key) { + if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE.equals(key)) { + String current; + try { + current = new java.io.File( "." ).getCanonicalPath(); + return "file:" + current + "/src/test/resources/BPK-Whitelist_20180607.csv"; + } catch (IOException e) { + e.printStackTrace(); + } + } + + return null; + } + + @Override + public String getBasicMOAIDConfiguration(String key, String defaultValue) { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { + // TODO Auto-generated method stub + return null; + } + + @Override + public int getTransactionTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOCreatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public int getSSOUpdatedTimeOut() { + // TODO Auto-generated method stub + return 0; + } + + @Override + public String getAlternativeSourceID() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getLegacyAllowedProtocols() { + // TODO Auto-generated method stub + return null; + } + + @Override + public IOAAuthParameters getOnlineApplicationParameter(String oaURL) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten"; + else + return "MOAIDBuergerkarteAuthentisierungsDaten"; + } + + @Override + public List getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters) + throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException { + if (useTestTrustStore) + return "MOAIDBuergerkartePersonenbindungMitTestkarten"; + else + return "MOAIDBuergerkartePersonenbindung"; + } + + @Override + public List getTransformsInfos() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getIdentityLinkX509SubjectNames() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getSLRequestTemplates() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSLRequestTemplates(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getDefaultBKUURLs() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDefaultBKUURL(String type) throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOTagetIdentifier() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getSSOSpecialText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOASessionEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMOAConfigurationEncryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isIdentityLinkResigning() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getIdentityLinkResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isMonitoringActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getMonitoringTestIdentityLinkURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMonitoringMessageSuccess() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isAdvancedLoggingActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getPublicURLPrefix() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isVirtualIDPsEnabled() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPVP2AssertionEncryptionActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isCertifiacteQCActive() { + return true; + } + + @Override + public IStorkConfig getStorkConfig() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public EgovUtilPropertiesConfiguration geteGovUtilsConfig() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDocumentServiceUrl() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isStorkFakeIdLActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getStorkFakeIdLCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getStorkNoSignatureCountries() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getStorkFakeIdLResigningKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPVPSchemaValidationActive() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Map getConfigurationWithWildCard(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getDefaultRevisionsLogEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isHTTPAuthAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String[] getRevocationMethodOrder() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) { + // TODO Auto-generated method stub + return false; + } + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java new file mode 100644 index 000000000..71956990e --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.xml.ConfigurationException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_basic_user_whitelist.xml") +public class UserRestrictionWhiteListTest { + + @Autowired(required=true) UserWhitelistStore whitelistStore; + + private static String bPK_1 = "/7eNkLgqP71U8dBwa0lSI8/2EFY="; + private static String bPK_2 = "gr88V4oH5KLlurBCcCAbKJNMF18="; + private static String bPK_3 = "0Fq3KqgYTbK8MsxymLe7tbuXhpA="; + private static String bPK_4 = "JWiLzwktCITGg+ztRKEAwWloSNM="; + + private static String bPK_5 = "JWiLzwktCIXXX+ztRKEAwWloSNM="; + private static String bPK_6 = "WtHxBxLqOThNU9YF8fzXXXcZLBs="; + + @Test + public void checkNumberOfEntries() throws Exception { + if (whitelistStore.getNumberOfEntries() != 12) + throw new Exception("Number of entries not valid"); + + } + + + @Test + public void checkEntry_1() throws Exception { + String bPK = bPK_1; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_1() throws Exception { + String bPK = bPK_1; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_2() throws Exception { + String bPK = bPK_2; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_2() throws Exception { + String bPK = bPK_2; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + + @Test + public void checkEntry_3() throws Exception { + String bPK = bPK_3; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_3() throws Exception { + String bPK = bPK_3; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_4() throws Exception { + String bPK = bPK_4; + if (!whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_4() throws Exception { + String bPK = bPK_4; + if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_5() throws Exception { + String bPK = bPK_5; + if (whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_5() throws Exception { + String bPK = bPK_5; + if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntry_6() throws Exception { + String bPK = bPK_6; + if (whitelistStore.isUserbPKInWhitelist(bPK)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + @Test + public void checkEntryDynamic_6() throws Exception { + String bPK = bPK_6; + if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true)) + throw new Exception("bPK: " + bPK + " is NOT found in whitelist"); + + } + + +} diff --git a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv new file mode 100644 index 000000000..099fc0f7e --- /dev/null +++ b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv @@ -0,0 +1,10 @@ +/7eNkLgqP71U8dBwa0lSI8/2EFY=,ZP-MH:xm1zT43aGLfTRLnDsxYoFk3XwDU=,ZP-MH:gr88V4oH5KLlurBCcCAbKJNMF18=, +ZP-MH:LvrdIGoL4MXTjy7EJgPhoz3koL4=, +ZP-MH:EcILNYQIZ4qfhLlZFzHivCu0Hfc=, +ZP-MH:WtHxBxLqOThNU9YF8fzyvXcZLBs=, +ZP-MH:0Fq3KqgYTbK8MsxymLe7tbuXhpA=, +ZP-MH:DJ6nGg2JgcPH768BhqTNXVsGhOY=, +JWiLzwktCITGg+ztRKEAwWloSNM=, +ZP-MH:+cyQbhr1fQ8hLhazL62tFRq47iY=, +ZP-MH:AFmfywfYPHcl2Lxp138upielmrs=, +ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0= diff --git a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml new file mode 100644 index 000000000..85788714a --- /dev/null +++ b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml @@ -0,0 +1,18 @@ + + + + + + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index 32d623b88..35a8fd9c6 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -41,7 +41,7 @@ public abstract class eIDDataVerifierTest { Logger.info("Loading Java security providers."); //System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml"); String current = new java.io.File( "." ).getCanonicalPath(); - System.setProperty("moa.spss.server.configuration", current + "\\src\\test\\resources\\moaspss_config\\MOASPSSConfiguration.xml"); + System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); IAIK.addAsProvider(); ECCelerate.addAsProvider(); -- cgit v1.2.3 From 23201ce112d9aa132783f984e0765c0cacca95a5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 06:25:12 +0200 Subject: update SL20 module and add an additional jUnit test --- .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 2 +- .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 15 +++----- .../sl20_auth/tasks/ReceiveQualeIDTask.java | 9 +++++ .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 2 +- .../modules/sl20_auth/EIDDataVerifier_SIC.java | 41 ++++++++++++++++++++ .../auth/modules/sl20_auth/dummydata/DummyOA.java | 6 +++ .../modules/sl20_auth/eIDDataVerifierTest.java | 7 ++-- .../A25C55270C21A4581BC3372639AE36F2CCC94C19 | Bin 0 -> 2048 bytes .../821E494DF27F9938F7E58CFCE8CE70029DB0EC5D | Bin 0 -> 1587 bytes .../SIC_TEST_USER.crt | 37 ++++++++++++++++++ .../SIC_IDL_SIGNER.crt | 42 +++++++++++++++++++++ .../src/test/resources/tests/eIDdata_atrust.json | 8 ++-- .../src/test/resources/tests/eIDdata_sic.json | 6 +++ 13 files changed, 157 insertions(+), 18 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index c95e0b731..a5696d36d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -148,7 +148,7 @@ public class JsonSecurityUtils implements IJOSETools{ jws.setKey(signPrivKey); //TODO: - //jws.setCertificateChainHeaderValue(signCertChain); + jws.setCertificateChainHeaderValue(signCertChain); jws.setX509CertSha256ThumbprintHeaderValue(signCertChain[0]); return jws.getCompactSerialization(); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index fa52634a3..0dc2e762d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -172,16 +172,10 @@ public class SL20JSONExtractorUtils { if (result == null && encryptedResult == null) throw new SLCommandoParserException("NO result OR encryptedResult FOUND."); - - else if (result == null && encryptedResult == null) - throw new SLCommandoParserException("result AND encryptedResultFOUND. Can not used twice"); - + else if (encryptedResult == null && mustBeEncrypted) throw new SLCommandoParserException("result MUST be signed."); - - else if (result != null) - return result; - + else if (encryptedResult != null && encryptedResult.isJsonPrimitive()) { try { return decrypter.decryptPayload(encryptedResult.getAsString()); @@ -200,7 +194,10 @@ public class SL20JSONExtractorUtils { throw e; } - + + } else if (result != null) { + return result; + } else throw new SLCommandoParserException("Internal build error"); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index bb66f452a..2f062b71d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -140,6 +140,15 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { String ccsURL = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_CCSURL); String LoA = eIDData.get(SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_LOA); + + + if (MiscUtil.isEmpty(idlB64) || MiscUtil.isEmpty(authBlockB64) + || MiscUtil.isEmpty(LoA) || MiscUtil.isEmpty(ccsURL)) { + Logger.info("SL20 'qualifiedeID' result does NOT contain all required attributes."); + throw new SLCommandoParserException("SL20 'qualifiedeID' result does NOT contain all required attributes."); + + } + //cache qualified eID data into pending request pendingReq.setGenericDataToSession( Constants.PENDING_REQ_STORAGE_PREFIX + SL20Constants.SL20_COMMAND_PARAM_EID_RESULT_IDL, diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index 6ebbd0704..6e4df144f 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -36,6 +36,6 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Override protected String getSl20ReqId() { - return "_ae0f0cbf2997125832e80b3a0082848a"; + return "_0ab3d7fd5ff8eb0bb15486ce48464fad"; } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java new file mode 100644 index 000000000..bb8598483 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_SIC.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.auth.modules.sl20_auth; + +import java.io.IOException; +import java.io.InputStreamReader; + +import org.apache.commons.io.IOUtils; +import org.junit.Before; +import org.junit.runner.RunWith; +import org.opensaml.xml.ConfigurationException; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.gson.JsonElement; +import com.google.gson.JsonParser; + +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/SpringTest-context.xml" }) +public class EIDDataVerifier_SIC extends eIDDataVerifierTest { + + @Before + public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_sic.json"))); + JsonParser jsonParser = new JsonParser(); + JsonElement result = jsonParser.parse(eIDDataString).getAsJsonObject(); + + eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); + if (eIDData == null || eIDData.isEmpty()) + throw new SLCommandoParserException("Can not load eID data"); + + } + + @Override + protected String getSl20ReqId() { + return "_40972fd777c59da1ebeed2b8d633a300"; + } + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java index 2df20edb4..7e1037fc7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyOA.java @@ -261,4 +261,10 @@ public class DummyOA implements IOAAuthParameters { return null; } + @Override + public List foreignbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index 32d623b88..85c823258 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -4,6 +4,7 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.Map; +import org.jose4j.base64url.Base64Url; import org.junit.BeforeClass; import org.junit.Test; import org.opensaml.DefaultBootstrap; @@ -74,8 +75,8 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(idlB64)) throw new Exception("NO IDL found"); - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); - + //IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); if (idl == null) throw new Exception("IDL parsing FAILED"); @@ -87,7 +88,7 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(idlB64)) throw new Exception("NO IDL found"); - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); if (idl == null) throw new Exception("IDL parsing FAILED"); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 new file mode 100644 index 000000000..c478bf0fc Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/7E88ED7A37EB47BEA6F3B901876349C58F5ED9A6/A25C55270C21A4581BC3372639AE36F2CCC94C19 differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D new file mode 100644 index 000000000..8e513a9f0 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/certstore/subjectdn/CE2DBD86D9F08AA2721680FD9A6B7F1B9A0D4E9D/821E494DF27F9938F7E58CFCE8CE70029DB0EC5D differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt new file mode 100644 index 000000000..203c416fe --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten/SIC_TEST_USER.crt @@ -0,0 +1,37 @@ +-----BEGIN CERTIFICATE----- +MIIGfzCCBGegAwIBAgIHAJZY0iYXUjANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQG +EwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5IG9m +IFRlY2hub2xvZ3kxDTALBgNVBAsTBElBSUsxIjAgBgNVBAMTGUlBSUsgVGVzdCBJ +bnRlcm1lZGlhdGUgQ0EwHhcNMTgwNTI4MTQ0NTIxWhcNMjEwNTI4MTQ0NTIxWjAw +MQwwCgYDVQQqEwNFaWQxDTALBgNVBAQTBFRlc3QxETAPBgNVBAMTCEVpZCBUZXN0 +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEKs+u9OdjFmRGF1Cbsa+XSuvzPoIG +pPtcJs+4thMbCubwSQMvUOssrCzrC1Ji9YVxeqHs3DU2RDEosoSUROJH3KOCAyAw +ggMcMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8EAjAAMIIBNgYIKwYBBQUHAQEE +ggEoMIIBJDCBggYIKwYBBQUHMAKGdmxkYXA6Ly9jYXBzby10ZXN0LmlhaWsudHVn +cmF6LmF0OjEzODkvY249aWFpay10ZXN0LWludGVybWVkaWF0ZS1jYSxvdT1wa2ks +ZGM9aWFpayxkYz10dWdyYXosZGM9YXQ/Y0FDZXJ0aWZpY2F0ZTtiaW5hcnkwUAYI +KwYBBQUHMAKGRGh0dHA6Ly9jYXBzby10ZXN0LmlhaWsudHVncmF6LmF0L2NlcnRz +L2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEsGCCsGAQUFBzABhj9odHRw +Oi8vY2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdC9vY3NwL2lhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2EwHwYDVR0jBBgwFoAUedgPAoHlywvut/xEv9Nn+hCGURIwgaAG +A1UdIASBmDCBlTCBkgYMKwYBBAGVEgECBwEBMIGBMH8GCCsGAQUFBwICMHMMcVRo +aXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBieSBhICoqY29weSoqIG9mIGFuIElB +SUsgVGVzdCBJbnRlcm1lZGlhdGUgQ0EgYW5kIG1heSBiZSB1c2VkIGZvciB0ZXN0 +IHB1cnBvc2VzIG9ubHkuMIHeBgNVHR8EgdYwgdMwgdCggc2ggcqGgYJsZGFwOi8v +Y2Fwc28tdGVzdC5pYWlrLnR1Z3Jhei5hdDoxMzg5L2NuPWlhaWstdGVzdC1pbnRl +cm1lZGlhdGUtY2Esb3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRp +ZmljYXRlUmV2b2NhdGlvbkxpc3Q7YmluYXJ5hkNodHRwOi8vY2Fwc28tdGVzdC5p +YWlrLnR1Z3Jhei5hdC9jcmxzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY3Js +MB0GA1UdDgQWBBSOwKEfd5HkkkiziZBb5Yj4HWy1DDANBgkqhkiG9w0BAQsFAAOC +AgEAAjjDMSWxbUHvklPKS4xTJJV7Bl5Gy++/LZ39Mb8ZCgjIsGIP9w3hhz0kfi4z +Iz6hvf/Yx9zlKZ/wRIU8R4iygqQSY5Zm28WKVm3Vbhfs4ewN4FJTP8w8LgUSHJ02 +V+JIHtUt5i9U2a/I01bmzIIfBYL0IW8s1K3VMAzADyHDGW/U6h9ck7dayw8OWi8t +NT4tnKX4mEhH6z2kUPnv7fqFlSRrD0uqkeKZad3A1a155S0Dgj1cZmNjR4sRhQhh +gba/EGuHNyEXchVasIITohORuJV9BAq4CckbSLo/qCSf+uiQUJm336LwavjGZked +O/auvRTETctPipjdONSxF/jbjAQ3fmYR/VqvoCm6K3ZgWTzxk0S4mfarrwooDvlE +rkSnrlLf+D6EyQt9LCw/i5LvH/+E+ZQ4AKwTHmJok4xdSgywyNrxsciZrvUGgwe9 +n+CV3IzEymYfL28qykKWpqbPTlSHqa3SlImdl8ywJI4hAW7mzZDp4OjhibRydJsR +7uiFnfhIKMTDicnZGgPZZqIuS4qGwYBszU77R+XmwmZqZBkNP88eYW1qnxCFGEtI +OiiETwO4zxXFF21CeB06PEwRCVgebBg0zBnX+hIsT/nJqwHK8I0Yh24BCudESUC2 +gE9xrujrk3e7r+lOqbYbzeWRJnXILg+SnflzC9kS3LxRfJI= +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt new file mode 100644 index 000000000..b2de9da56 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/trustProfiles/MOAIDBuergerkartePersonenbindungMitTestkarten/SIC_IDL_SIGNER.crt @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIHajCCBVKgAwIBAgIGRUnF8D5SMA0GCSqGSIb3DQEBCwUAMHcxCzAJBgNVBAYT +AkFUMQ0wCwYDVQQHEwRHcmF6MSYwJAYDVQQKEx1HcmF6IFVuaXZlcnNpdHkgb2Yg +VGVjaG5vbG9neTENMAsGA1UECxMESUFJSzEiMCAGA1UEAxMZSUFJSyBUZXN0IElu +dGVybWVkaWF0ZSBDQTAeFw0xNjA4MjUxMzA4MzhaFw0xOTA4MjUxMzA4MzhaMIH8 +MQswCQYDVQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2 +ZXJzaXR5IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBw +bGllZCBJbmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEa +MBgGA1UEBBMRU2lnbmF0dXJlIFNlcnZpY2UxHjAcBgNVBCoTFVNlcnZlckJLVSBE +ZXZlbG9wbWVudDEwMC4GA1UEAxMnU2VydmVyQktVIERldmVsb3BtZW50IFNpZ25h +dHVyZSBTZXJ2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxd/3 +9il61ghIH781wRGg5m+12MRxFB/eKLTn8Aj3YpTmI9+4CTG8ESmu20i/d+mRc/Bg +5tzvITi+964gIsovynCdU9QEwWF9SKTQ7vjTMfkTWDll+KfSWjO71l7Dm9F/dRVW +xKcx1j6oSxbnYZio3UBsSF+vfEz7cJz2DzAgAtM9s/2wSiYyWwfQMQcgEgA4uWtW +/7vre8FDgxxtA3XOV7IgKoEfFA2c7a6gVGUjN90OWxn4ZdDGpjDY9mAnEJS2rQoZ +EnkI47rfx35FrEPt7Rdc5mTSwDvbJqLlxkCUrPi+CV/esMxryX4+mivaghxVy3GT +SpTxf2IAgX2uX2VbUwIDAQABo4ICdDCCAnAwDgYDVR0PAQH/BAQDAgeAMAwGA1Ud +EwEB/wQCMAAwggEXBggrBgEFBQcBAQSCAQkwggEFMHcGCCsGAQUFBzAChmtsZGFw +Oi8vbGRhcC5pYWlrLnR1Z3Jhei5hdC9jbj1pYWlrLXRlc3QtaW50ZXJtZWRpYXRl +LWNhLG91PXBraSxkYz1pYWlrLGRjPXR1Z3JheixkYz1hdD9jQUNlcnRpZmljYXRl +O2JpbmFyeTBIBggrBgEFBQcwAoY8aHR0cDovL2NhLmlhaWsudHVncmF6LmF0L2Nl +cnRzL2lhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2EuY2VyMEAGCCsGAQUFBzABhjRo +dHRwOi8vb2NzcC5pYWlrLnR1Z3Jhei5hdC9pYWlrLXRlc3QtaW50ZXJtZWRpYXRl +LWNhMB8GA1UdIwQYMBaAFEJur6/qQSp/lFcFhYLgkUYhyVdCMBkGA1UdIAQSMBAw +DgYMKwYBBAGVEgECBwEBMIHKBgNVHR8EgcIwgb8wgbyggbmggbaGd2xkYXA6Ly9s +ZGFwLmlhaWsudHVncmF6LmF0L2NuPWlhaWstdGVzdC1pbnRlcm1lZGlhdGUtY2Es +b3U9cGtpLGRjPWlhaWssZGM9dHVncmF6LGRjPWF0P2NlcnRpZmljYXRlUmV2b2Nh +dGlvbkxpc3Q7YmluYXJ5hjtodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY3Jscy9p +YWlrLXRlc3QtaW50ZXJtZWRpYXRlLWNhLmNybDANBgcqKAAKAQcBBAIFADAdBgNV +HQ4EFgQUCGcmNEgrFLwredMpRpa/34jEqY8wDQYJKoZIhvcNAQELBQADggIBAIAg +/Ft+vM0DUKKipcF2xSZCweqEr6bF9I8FruxKyHg4WcWiUvFs96Wkwj/GA8YMJkjE +SKad1nP+hFjiraYU6dSfpOnAUJyLV0q5DM8Y0cl8GDqazE2kNGNzjmH9HvGY9CWp +vwF8htBnBX8N4Evw2t86eD4V507k2Ev8JOPWKifZwO0OCnPkkBfq30H5GVm9JA8W +joEXYQzzX2TBYrxqkWNosAsN9StcOvv9sfTTtW+ozK5/VPvAp9SUOjC5Eww7BuKq +yBxDrTSQ8hlfW2j8cMtCmg00LISnspiq8PdvIWktDO0sriyh3YuIIUx86OE9rBcG +20qr9s2oXYzVxq+T6hIEzDC1v/sPbpeYFdU6DW7bz/3ObPcKjkGD7J06ZDZFbgXr +aucr01ZFjdgBcdH0UzmsIaAMG+HY5RU99AZ5bP5RH+DbSTZLlcm8Zzne5/b0rN+a +2Q1ctptQnaPlZYQMcTSqXcbM7Umzn4LgnOedjfAcp8Pk0r+bZojrzFGuoi9fqkqe +qTup+PkGj+I8D+pOG/sSMaPx/gPZ4llO9v17VGHKH+OyGIsefwd+jXhMTJMdt5kO +6fLyTFF1MP4Ld64pRuboagZqe3dmy9HCy7AVnq9dIl/BlhLjhLSTYWvwtduh33WV +qegwBldr6P9vuJTsOrre7bRvkA+VnuZhlNW9AC1/ +-----END CERTIFICATE----- diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json index 141bd6741..826430b0d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -1,14 +1,14 @@ { "v": 10, - "respID": "kYZ6Mj143nTk7HSzVHxG", - "inResponseTo": "_ae0f0cbf2997125832e80b3a0082848a", + "respID": "FabhEfKEOBUW1jZryBqp", + "inResponseTo": "_0ab3d7fd5ff8eb0bb15486ce48464fad", "payload": { "name": "qualifiedeID", "result": { "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", - "EID-CITIZEN-QAA-LEVEL": "substantial", + "EID-CITIZEN-QAA-LEVEL": "http://eidas.europa.eu/LoA/substantial", "EID-CCS-URL": "https://www.a-trust.at/todo", - "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il9hZTBmMGNiZjI5OTcxMjU4MzJlODBiM2EwMDgyODQ4YSIgSXNzdWVJbnN0YW50PSIyMDE4LTA2LTA2VDA5OjIzOjQzKzAyOjAwIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvPC9zYW1sMjpJc3N1ZXI+PHNhbWwyOkNvbmRpdGlvbnMgTm90QmVmb3JlPSIyMDE4LTA2LTA2VDA5OjIzOjQzKzAyOjAwIiBOb3RPbk9yQWZ0ZXI9IjIwMTgtMDYtMDZUMDk6Mzg6NDMrMDI6MDAiPjxzYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uPjxzYW1sMjpBdWRpZW5jZT5odHRwczovL2VpZC5ndi5hdC9tb2EtaWQtYXV0aC9zbDIwL2RhdGFVcmw/cGVuZGluZ2lkPTU3NTg5NzU3OTA5MTc5NjMyMjU8L3NhbWwyOkF1ZGllbmNlPjwvc2FtbDI6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWwyOkNvbmRpdGlvbnM+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiIC8+PHhzbDp0ZW1wbGF0ZSBtYXRjaD0iLyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48aGVhZD48dGl0bGU+U2lnbmF0dXIgZGVyIEFubWVsZGVkYXRlbjwvdGl0bGU+PHN0eWxlIG1lZGlhPSJzY3JlZW4iIHR5cGU9InRleHQvY3NzIj4KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IAogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQoJCQkJCQkJCS50aXRsZXN0eWxlIHsgdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTsgZm9udC13ZWlnaHQ6Ym9sZDsgZm9udC1zaXplOiBtZWRpdW07IH0gCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IAogICAgICAgICAgICAgIAkJCQk8L3N0eWxlPjwvaGVhZD48Ym9keT48aDQgY2xhc3M9Img0c3R5bGUiPkFubWVsZGVkYXRlbjo8L2g0PjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgUGVyc29uPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9ybmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiIC8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvbGxtYWNodDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnRleHQ+SWNoIG1lbGRlIG1pY2ggaW4gVmVydHJldHVuZyBhbi4gSW0gbsOkY2hzdGVuIFNjaHJpdHQgd2lyZCBtaXIgZWluZSBMaXN0ZSBkZXIgZsO8ciBtaWNoIHZlcmbDvGdiYXJlbiBWZXJ0cmV0dW5nc3ZlcmjDpGx0bmlzc2UgYW5nZXplaWd0LCBhdXMgZGVuZW4gaWNoIGVpbmVzIGF1c3fDpGhsZW4gd2VyZGUuPC94c2w6dGV4dD48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIEFud2VuZHVuZzwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5JZGVudGlmaWthdG9yOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5UZWNobmlzY2hlIFBhcmFtZXRlcjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXR1bTo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDksMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiIC8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5VaHJ6ZWl0OjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMTIsMikiIC8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIiAvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIgLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlRyYW5zYWt0aW9uc1Rva2tlbjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9ASUQiIC8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIiAvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiIC8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpzdHlsZXNoZWV0PjwvZHNpZzpUcmFuc2Zvcm0+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIiAvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48ZHNpZzpEaWdlc3RWYWx1ZT4vdExReXEvU2dkTGZEUEk4MG9yRytxbEJWQTQ1c1JQZTZySnZHY0x0NWxnPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjZXRzaS1zaWduZWRwcm9wZXJ0aWVzLTEtMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjA2cUtPVkJqRWdVTk1XV3RTMis2WG1VWXBGV3NUT0o0V3pkMDNISlpTeW89PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWUgSWQ9InNpZ25hdHVyZXZhbHVlLTEtMSI+WW5zV01EY01wWExMR3dCb0tpYW45WHpZUWdiamordVVtSkNIRjZWVVZybGpNejlUeC9yeWpnNkNVaklMNjVGb0JQNHU0Zmc3a1JPRDFEeWlGYUtwMUVhaWxLQWtpWlE4WWJtRlNnZW1mNkdENUl6QklZblI1VlMxM1J4ZVMxRDdVUXhEU3c1TkpKaHdXelpFZFFRMnFyaUdsUW5sdUpBNlpuRmk2WFpHUXpUYmd1SFd3b3ZwT05UZ1BYaEJkcG9rb2VnZUkvS3dDNU9WTWt2dnNrVXRXSDZTaUlDRWVGclBpY054dGh3Ym4wZHA0ak1DNEI5TE5aZGRnQ0picUNkelIvNlF6YXBqWmQwYUVKNThWVncvQW5xa2dUL1krRmUwNkVUQXMwZ3FuL3M5dWJ3N0RmMGJqS3NrUE5xU3ZKc0EvWDN2Szk3U3FPeStNNWhvL25KTHpnPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRjFqQ0NCTDZnQXdJQkFnSUVmZ1MzL1RBTkJna3Foa2lHOXcwQkFRc0ZBRENCb1RFTE1Ba0dBMVVFQmd3Q1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVqTUNFR0ExVUVDd3dhWVMxemFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNREl4SXpBaEJnTlZCQU1NR21FdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TUI0WERURTRNRFV6TURBNE16SXlPVm9YRFRJek1EVXpNREE0TXpJeU9Wb3dZREVMTUFrR0ExVUVCZ3dDUVZReEZ6QVZCZ05WQkFNTURrMWhlQ0JOZFhOMFpYSnRZVzV1TVJNd0VRWURWUVFFREFwTmRYTjBaWEp0WVc1dU1Rd3dDZ1lEVlFRcURBTk5ZWGd4RlRBVEJnTlZCQVVNRERVeE56WTJNRGN4T0RrNU16Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxOR1lYUm12QXg5Q0ptelZPNHVLcmVKaHB3VHdIaS9mUWhuWDNRZkIxVnpRZVlNTUhpM0dmVnpFbUFhRDZoclZJODRjeXFMQlFzdHlvNVJ4Sk05TGY2ejg0VFUzWlZka093QlZ4WGpvZTk4RG8rT3hqN3pvbE8rNlFkZTJhMmZNalpwaUROZGtFUGRVclEybFJSUHBCcWp5SEJIYjIzenNaMVBJWElwTWw2bm1zVlZGczlabGxqYmFNaTlsNTZaRk9BUlZBYnVlWWZTcEYwd0Q2NlU1UUMzL2Z3OVNZMzFhRFpvNWFTbU1jd3F3Q1d2Q2MvRWY1ZXZ1RWhPMnNPN1g1NU4yRU10YVZIK1gzODJIY3J6eW42bE5FekJDZis0dlpqUTZnWDFLYWx3Qkk5TG5pYUJKT0QvNHBIZlViNTFDSlVoTHU5UnQvcmt5SnlLV1l1N3o2TUNBd0VBQWFPQ0FsUXdnZ0pRTUlHREJnZ3JCZ0VGQlFjQkFRUjNNSFV3UlFZSUt3WUJCUVVITUFLR09XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlqWlhKMGN5OWhMWE5wWjI0dGNISmxiV2wxYlMxdGIySnBiR1V0TUROaExtTnlkREFzQmdnckJnRUZCUWN3QVlZZ2FIUjBjRG92TDI5amMzQXRkR1Z6ZEM1aExYUnlkWE4wTG1GMEwyOWpjM0F3RXdZRFZSMGpCQXd3Q29BSVJnYWZqa0dPRmIwd2NnWUlLd1lCQlFVSEFRTUVaakJrTUFvR0NDc0dBUVVGQndzQ01BZ0dCZ1FBamtZQkFUQUlCZ1lFQUk1R0FRUXdFd1lHQkFDT1JnRUdNQWtHQndRQWprWUJCZ0V3TFFZR0JBQ09SZ0VGTUNNd0lSWWJhSFIwY0hNNkx5OTNkM2N1WVMxMGNuVnpkQzVoZEM5d1pITXZFd0pGVGpBUkJnTlZIUTRFQ2dRSVFXeVM1ZFhrL3RZd0RnWURWUjBQQVFIL0JBUURBZ2JBTUFrR0ExVWRFd1FDTUFBd1lBWURWUjBnQkZrd1Z6QUlCZ1lFQUlzd0FRRXdTd1lHS2lnQUVRRVVNRUV3UHdZSUt3WUJCUVVIQWdFV00yaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrYjJOekwyTndMMkV0YzJsbmJpMXdjbVZ0YVhWdExXMXZZbWxzWlRDQnJnWURWUjBmQklHbU1JR2pNSUdnb0lHZG9JR2Fob0dYYkdSaGNEb3ZMMnhrWVhBdGRHVnpkQzVoTFhSeWRYTjBMbUYwTDI5MVBXRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXRVMmxuTFRBeUlDaFRTRUV0TWpVMktTeHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wUDJKaGMyVS9iMkpxWldOMFkyeGhjM005Wldsa1EyVnlkR2xtYVdOaGRHbHZia0YxZEdodmNtbDBlVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBeUVtZ09EdDAyeGF4SGI0RStPOVhnSW1FQzBBb0g0UTk3UHE3QmQ0ditQcXFkNmk1Um9kdndmVGdJYVcxSitmdkg4S1VUekkwWFg5d3BVV3dJbVZFR01INjNWQUpjWFZIMHk5aWZFV0lIZGhPTHRSWVZpZjBTUUs5WVJhY2h2SkRtRjVoTHdBUVJFZUdzWDJpTm1QN2RZZTR4aU5LQXRRbjBwaHZsUHFnaGE2b0tER01ROEZOQWZSejNrQXRYSndQYkZnNlFFNGtJaGtUZ2QzMnVPaUFKVzdHMlRhSlpYV2ZLOVRwVjVMUTEzKzExRkoyUzNLUWM4dWIvKzFHZGdpcktTVzRKMXpoc2ZUK1dDci9PYXlVMk16UVhLdjhPV2IwU3hXSUpIaU1UZXhIN3I5bXVHay9aTGthUVFWMkN0U09ZcVRBTjhBd2VDaUoxMXVWRkhlTHBRPT08L2RzaWc6WDUwOUNlcnRpZmljYXRlPjwvZHNpZzpYNTA5RGF0YT48L2RzaWc6S2V5SW5mbz48ZHNpZzpPYmplY3QgSWQ9ImV0c2ktc2lnbmVkLTEtMSI+PGV0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMgeG1sbnM6ZXRzaT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNzaWduYXR1cmUtMS0xIj48ZXRzaTpTaWduZWRQcm9wZXJ0aWVzIElkPSJldHNpLXNpZ25lZHByb3BlcnRpZXMtMS0xIj48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDZUMDc6MjM6NDNaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjZhVGtoYS9ZOXhZUzRiUU1aYndJWDhURnNEMkNlemRodXFIcFR0Q0kzZjA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPVT1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPPUEtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSCxDPUFUPC9kc2lnOlg1MDlJc3N1ZXJOYW1lPjxkc2lnOlg1MDlTZXJpYWxOdW1iZXI+MjExNDIzODQ2MTwvZHNpZzpYNTA5U2VyaWFsTnVtYmVyPjwvZXRzaTpJc3N1ZXJTZXJpYWw+PC9ldHNpOkNlcnQ+PC9ldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjxldHNpOlNpZ25hdHVyZVBvbGljeUltcGxpZWQgLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT48c2FtbDI6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQVlAtVkVSU0lPTiIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMTAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+Mi4xPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iUFJJTkNJUEFMLU5BTUUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjIwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPk11c3Rlcm1hbm48L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIuNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPk1heDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkJJUlRIREFURSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4xOTQwLTAxLTAxPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLVVuaXF1ZUlkIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlclVuaXF1ZUlkIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vbGFiZGEuaWFpay50dWdyYXouYXQ6NTU1My9kZW1vbG9naW4vPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUZyaWVuZGx5TmFtZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+bGFiZGEgLSBEZXZlbG9wbWVudDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5BVDwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PC9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PC9zYW1sMjpBc3NlcnRpb24+" + "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il8wYWIzZDdmZDVmZjhlYjBiYjE1NDg2Y2U0ODQ2NGZhZCIgSXNzdWVJbnN0YW50PSIyMDE4LTA2LTA3VDE1OjI2OjI1KzAyOjAwIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvPC9zYW1sMjpJc3N1ZXI+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiIC8+PHhzbDp0ZW1wbGF0ZSBtYXRjaD0iLyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48aGVhZD48dGl0bGU+U2lnbmF0dXIgZGVyIEFubWVsZGVkYXRlbjwvdGl0bGU+PHN0eWxlIG1lZGlhPSJzY3JlZW4iIHR5cGU9InRleHQvY3NzIj4KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IAogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQoJCQkJCQkJCS50aXRsZXN0eWxlIHsgdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTsgZm9udC13ZWlnaHQ6Ym9sZDsgZm9udC1zaXplOiBtZWRpdW07IH0gCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IAogICAgICAgICAgICAgIAkJCQk8L3N0eWxlPjwvaGVhZD48Ym9keT48aDQgY2xhc3M9Img0c3R5bGUiPkFubWVsZGVkYXRlbjo8L2g0PjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgUGVyc29uPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9ybmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiIC8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvbGxtYWNodDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnRleHQ+SWNoIG1lbGRlIG1pY2ggaW4gVmVydHJldHVuZyBhbi4gSW0gbsOkY2hzdGVuIFNjaHJpdHQgd2lyZCBtaXIgZWluZSBMaXN0ZSBkZXIgZsO8ciBtaWNoIHZlcmbDvGdiYXJlbiBWZXJ0cmV0dW5nc3ZlcmjDpGx0bmlzc2UgYW5nZXplaWd0LCBhdXMgZGVuZW4gaWNoIGVpbmVzIGF1c3fDpGhsZW4gd2VyZGUuPC94c2w6dGV4dD48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIEFud2VuZHVuZzwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5JZGVudGlmaWthdG9yOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5UZWNobmlzY2hlIFBhcmFtZXRlcjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXR1bTo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDksMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiIC8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5VaHJ6ZWl0OjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMTIsMikiIC8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIiAvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIgLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlRyYW5zYWt0aW9uc1Rva2tlbjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9ASUQiIC8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIiAvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiIC8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpzdHlsZXNoZWV0PjwvZHNpZzpUcmFuc2Zvcm0+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIiAvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48ZHNpZzpEaWdlc3RWYWx1ZT5iL1B5K3oweXIzQTVvaWsyRjJqSDZycXBYdTk0V2JZZzVBd0QrZGFUSmRFPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjZXRzaS1zaWduZWRwcm9wZXJ0aWVzLTEtMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPmdHNkxyS3JHcU5nWEtWZDVwaWIwdko2OVh1b0pRZlltNXhqZTFkOHFMSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWUgSWQ9InNpZ25hdHVyZXZhbHVlLTEtMSI+ZzR2OTlpV2R3K05jWnM4bWs5TnhPdVVxQ2Q3RnZXNXRKK3NLMkZzdEdoZkRnK0NMZmRiWVh4eWoxeTBYKzJpOGdJUjVLVVhybTRndEs0T09aT3Z4RlFzeWRtbkJqMW10QjRzM0V3MVhHK1pNeFJSRm5NTHpzWFdVQlhUTUxJcEozdlFpNW9qNHZmak5TdGRYL2NZWlFncEJ5OStJSVg3eDFjeVBGaWJtQk1CMzV3L2FEL1JQckhKOUVZalFEZ21IbGNHQXROZm96UFpJdS9MM0RXUGxDU2xJclBHNXZDS3BKSFBRcUt1QlFISy9nREFiUGI0WEx5ZVovR1BXNmsvRExMV1djWG04V1FyNysvYURvdHRtSWZwR0Z5YUIwSVlEWlpDdi82ZmxFRnpZMng4UXdyQmQ0cDkzeVZhMmJpUUZmd013VFNPQjVYVmJlODhQTW1jWDBnPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRjFqQ0NCTDZnQXdJQkFnSUVmZ1MzL1RBTkJna3Foa2lHOXcwQkFRc0ZBRENCb1RFTE1Ba0dBMVVFQmd3Q1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVqTUNFR0ExVUVDd3dhWVMxemFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNREl4SXpBaEJnTlZCQU1NR21FdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TUI0WERURTRNRFV6TURBNE16SXlPVm9YRFRJek1EVXpNREE0TXpJeU9Wb3dZREVMTUFrR0ExVUVCZ3dDUVZReEZ6QVZCZ05WQkFNTURrMWhlQ0JOZFhOMFpYSnRZVzV1TVJNd0VRWURWUVFFREFwTmRYTjBaWEp0WVc1dU1Rd3dDZ1lEVlFRcURBTk5ZWGd4RlRBVEJnTlZCQVVNRERVeE56WTJNRGN4T0RrNU16Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxOR1lYUm12QXg5Q0ptelZPNHVLcmVKaHB3VHdIaS9mUWhuWDNRZkIxVnpRZVlNTUhpM0dmVnpFbUFhRDZoclZJODRjeXFMQlFzdHlvNVJ4Sk05TGY2ejg0VFUzWlZka093QlZ4WGpvZTk4RG8rT3hqN3pvbE8rNlFkZTJhMmZNalpwaUROZGtFUGRVclEybFJSUHBCcWp5SEJIYjIzenNaMVBJWElwTWw2bm1zVlZGczlabGxqYmFNaTlsNTZaRk9BUlZBYnVlWWZTcEYwd0Q2NlU1UUMzL2Z3OVNZMzFhRFpvNWFTbU1jd3F3Q1d2Q2MvRWY1ZXZ1RWhPMnNPN1g1NU4yRU10YVZIK1gzODJIY3J6eW42bE5FekJDZis0dlpqUTZnWDFLYWx3Qkk5TG5pYUJKT0QvNHBIZlViNTFDSlVoTHU5UnQvcmt5SnlLV1l1N3o2TUNBd0VBQWFPQ0FsUXdnZ0pRTUlHREJnZ3JCZ0VGQlFjQkFRUjNNSFV3UlFZSUt3WUJCUVVITUFLR09XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlqWlhKMGN5OWhMWE5wWjI0dGNISmxiV2wxYlMxdGIySnBiR1V0TUROaExtTnlkREFzQmdnckJnRUZCUWN3QVlZZ2FIUjBjRG92TDI5amMzQXRkR1Z6ZEM1aExYUnlkWE4wTG1GMEwyOWpjM0F3RXdZRFZSMGpCQXd3Q29BSVJnYWZqa0dPRmIwd2NnWUlLd1lCQlFVSEFRTUVaakJrTUFvR0NDc0dBUVVGQndzQ01BZ0dCZ1FBamtZQkFUQUlCZ1lFQUk1R0FRUXdFd1lHQkFDT1JnRUdNQWtHQndRQWprWUJCZ0V3TFFZR0JBQ09SZ0VGTUNNd0lSWWJhSFIwY0hNNkx5OTNkM2N1WVMxMGNuVnpkQzVoZEM5d1pITXZFd0pGVGpBUkJnTlZIUTRFQ2dRSVFXeVM1ZFhrL3RZd0RnWURWUjBQQVFIL0JBUURBZ2JBTUFrR0ExVWRFd1FDTUFBd1lBWURWUjBnQkZrd1Z6QUlCZ1lFQUlzd0FRRXdTd1lHS2lnQUVRRVVNRUV3UHdZSUt3WUJCUVVIQWdFV00yaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrYjJOekwyTndMMkV0YzJsbmJpMXdjbVZ0YVhWdExXMXZZbWxzWlRDQnJnWURWUjBmQklHbU1JR2pNSUdnb0lHZG9JR2Fob0dYYkdSaGNEb3ZMMnhrWVhBdGRHVnpkQzVoTFhSeWRYTjBMbUYwTDI5MVBXRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXRVMmxuTFRBeUlDaFRTRUV0TWpVMktTeHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wUDJKaGMyVS9iMkpxWldOMFkyeGhjM005Wldsa1EyVnlkR2xtYVdOaGRHbHZia0YxZEdodmNtbDBlVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBeUVtZ09EdDAyeGF4SGI0RStPOVhnSW1FQzBBb0g0UTk3UHE3QmQ0ditQcXFkNmk1Um9kdndmVGdJYVcxSitmdkg4S1VUekkwWFg5d3BVV3dJbVZFR01INjNWQUpjWFZIMHk5aWZFV0lIZGhPTHRSWVZpZjBTUUs5WVJhY2h2SkRtRjVoTHdBUVJFZUdzWDJpTm1QN2RZZTR4aU5LQXRRbjBwaHZsUHFnaGE2b0tER01ROEZOQWZSejNrQXRYSndQYkZnNlFFNGtJaGtUZ2QzMnVPaUFKVzdHMlRhSlpYV2ZLOVRwVjVMUTEzKzExRkoyUzNLUWM4dWIvKzFHZGdpcktTVzRKMXpoc2ZUK1dDci9PYXlVMk16UVhLdjhPV2IwU3hXSUpIaU1UZXhIN3I5bXVHay9aTGthUVFWMkN0U09ZcVRBTjhBd2VDaUoxMXVWRkhlTHBRPT08L2RzaWc6WDUwOUNlcnRpZmljYXRlPjwvZHNpZzpYNTA5RGF0YT48L2RzaWc6S2V5SW5mbz48ZHNpZzpPYmplY3QgSWQ9ImV0c2ktc2lnbmVkLTEtMSI+PGV0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMgeG1sbnM6ZXRzaT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNzaWduYXR1cmUtMS0xIj48ZXRzaTpTaWduZWRQcm9wZXJ0aWVzIElkPSJldHNpLXNpZ25lZHByb3BlcnRpZXMtMS0xIj48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDdUMTM6MjY6MjVaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjZhVGtoYS9ZOXhZUzRiUU1aYndJWDhURnNEMkNlemRodXFIcFR0Q0kzZjA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPVT1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPPUEtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSCxDPUFUPC9kc2lnOlg1MDlJc3N1ZXJOYW1lPjxkc2lnOlg1MDlTZXJpYWxOdW1iZXI+MjExNDIzODQ2MTwvZHNpZzpYNTA5U2VyaWFsTnVtYmVyPjwvZXRzaTpJc3N1ZXJTZXJpYWw+PC9ldHNpOkNlcnQ+PC9ldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjxldHNpOlNpZ25hdHVyZVBvbGljeUltcGxpZWQgLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT48c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTgtMDYtMDdUMTU6MjY6MjUrMDI6MDAiIE5vdE9uT3JBZnRlcj0iMjAxOC0wNi0wN1QxNTo0MToyNSswMjowMCI+PHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vZWlkLmd2LmF0L21vYS1pZC1hdXRoL3NsMjAvZGF0YVVybD9wZW5kaW5naWQ9MTYxOTMyOTI0MzMwMjE3MjQ2PC9zYW1sMjpBdWRpZW5jZT48L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sMjpDb25kaXRpb25zPjxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlBWUC1WRVJTSU9OIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4xMCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TXVzdGVybWFubjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkdJVkVOLU5BTUUiIE5hbWU9InVybjpvaWQ6Mi41LjQuNDIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TWF4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iQklSVEhEQVRFIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1IiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjE5NDAtMDEtMDE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+aHR0cHM6Ly9sYWJkYS5pYWlrLnR1Z3Jhei5hdDo1NTUzL2RlbW9sb2dpbi88L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5sYWJkYSAtIERldmVsb3BtZW50PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUNvdW50cnlDb2RlIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFUPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48L3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWwyOkFzc2VydGlvbj4=" } } } \ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json new file mode 100644 index 000000000..8acd1986d --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_sic.json @@ -0,0 +1,6 @@ +{ + "EID-IDENTITY-LINK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDpBc3NlcnRpb24geG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmFzc2VydGlvbiIgeG1sbnM6ZHNpZz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnIyIgeG1sbnM6ZWNkc2E9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlIyIgeG1sbnM6bnMzPSJodHRwOi8vd3d3LmJ1ZXJnZXJrYXJ0ZS5hdC9uYW1lc3BhY2VzL3BlcnNvbmVuYmluZHVuZy8yMDAyMDUwNiMiIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIEFzc2VydGlvbklEPSJsb2NhbGhvc3QtMjAxOC0wNS0yOFQxNjo0NDo0MSswMjowMCIgSXNzdWVJbnN0YW50PSIyMDE4LTA1LTI4VDE0OjQ0OjQxLjM2N1oiIElzc3Vlcj0iaHR0cDovL3Rlcm1pbmFsLmlhaWsudHVncmF6LmF0IiBNYWpvclZlcnNpb249IjEiIE1pbm9yVmVyc2lvbj0iMCI-PHNhbWw6QXR0cmlidXRlU3RhdGVtZW50PjxzYW1sOlN1YmplY3Q-PHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48c2FtbDpDb25maXJtYXRpb25NZXRob2Q-dXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6MS4wOmNtOnNlbmRlci12b3VjaGVzPC9zYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD48c2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT48cHI6UGVyc29uIHhzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU-QnMwbWNSWWVBTW5XeG5pVVlsM256QT09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24-PHByOk5hbWU-PHByOkdpdmVuTmFtZT5FaWQ8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPlRlc3Q8L3ByOkZhbWlseU5hbWU-PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4yMDAwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE-PC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24-PC9zYW1sOlN1YmplY3Q-PHNhbWw6QXR0cmlidXRlIEF0dHJpYnV0ZU5hbWU9IkNpdGl6ZW5QdWJsaWNLZXkiIEF0dHJpYnV0ZU5hbWVzcGFjZT0idXJuOnB1YmxpY2lkOmd2LmF0Om5hbWVzcGFjZXM6aWRlbnRpdHlsaW5rOjEuMiI-PHNhbWw6QXR0cmlidXRlVmFsdWU-PGVjZHNhOkVDRFNBS2V5VmFsdWU-PGVjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOk5hbWVkQ3VydmUgVVJOPSJ1cm46b2lkOjEuMi44NDAuMTAwNDUuMy4xLjciLz48L2VjZHNhOkRvbWFpblBhcmFtZXRlcnM-PGVjZHNhOlB1YmxpY0tleT48ZWNkc2E6WCBWYWx1ZT0iMTkzNjQwODQ0ODkzNjU1NDM4MDYwNTQ2NjYxOTczNDAzODMzNzUxODUzNjU4MDgzMzA2MDY5NzQ2OTk5ODg2Mjc2ODc1Mjk0NTAyMTQiIHhzaTp0eXBlPSJlY2RzYTpQcmltZUZpZWxkRWxlbVR5cGUiLz48ZWNkc2E6WSBWYWx1ZT0iMTA4Njg0MDg1NDc2NTkxMDE3NTA1NjkyODQzMTE0NzMwNDU5MzUxODYzMTI5NDE4Mjg3NTUzMzg2OTM2MjE0NDQwODQxNjY4ODcyMTU2IiB4c2k6dHlwZT0iZWNkc2E6UHJpbWVGaWVsZEVsZW1UeXBlIi8-PC9lY2RzYTpQdWJsaWNLZXk-PC9lY2RzYTpFQ0RTQUtleVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjwvc2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ-PGRzaWc6U2lnbmF0dXJlPjxkc2lnOlNpZ25lZEluZm8-PGRzaWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48ZHNpZzpSZWZlcmVuY2UgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM-PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPjxkc2lnOlhQYXRoPm5vdChhbmNlc3Rvci1vci1zZWxmOjpwcjpJZGVudGlmaWNhdGlvbik8L2RzaWc6WFBhdGg-PC9kc2lnOlRyYW5zZm9ybT48ZHNpZzpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPm5JUlRucWZraUpETDhEc3A5ZHRuWUU4YnZxbTRrbUFRVVhOUDRyMzU5Qnc9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkc2lnOkRpZ2VzdFZhbHVlPnk5bXNyVmIxR2FOczNmZ3lkcVp2WnorYnp5cVFHeGRQRDhzazNyL1BnYTA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U-PC9kc2lnOlNpZ25lZEluZm8-PGRzaWc6U2lnbmF0dXJlVmFsdWU-WHNhNjlWaUFlTjcvTlBQeWlycXAzYWxwY1RsS2ZVMlJaUTBWS1FpTU1mSzExTnRHaFNlRE9aR1BvR1lnQjdaTApLbkw4UWxmVzRUK2I3eHNCcDM5WE5iSS9jVi9zY0c5ZUIweWhYa0x6MjVsdE1jUUJNcUdEcDJHcmNpOEpYQmRaCkFIQWVBS2IrNUZzVHR4MllyMUZIUGhyWnEwN3RFK2NhSXlNb2VOdi95bVBrSWFhT0lUcTZHWTdndFZReFJGNWwKMi9uUmFKWExwc1JIdnVpNmIrWHBxUlFuZFJvaVEvSW41N3lSY0JLVk5lbFBhcUJmekRSMmtjVEt1RCtxWFAvawpaMU1nRUErY1dXcVI0Y085UEdxQms4NUR1MTBBVXMvTjNCbzRqWDZrcTYvMWVKdWlnSDVhTmlTNnVTcnFHZktLCklxUWxYc2N6a0oxLzIxUDgzQmFYZUE9PTwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlIYWpDQ0JWS2dBd0lCQWdJR1JVbkY4RDVTTUEwR0NTcUdTSWIzRFFFQkN3VUFNSGN4Q3pBSkJnTlZCQVlUCkFrRlVNUTB3Q3dZRFZRUUhFd1JIY21GNk1TWXdKQVlEVlFRS0V4MUhjbUY2SUZWdWFYWmxjbk5wZEhrZ2IyWWcKVkdWamFHNXZiRzluZVRFTk1Bc0dBMVVFQ3hNRVNVRkpTekVpTUNBR0ExVUVBeE1aU1VGSlN5QlVaWE4wSUVsdQpkR1Z5YldWa2FXRjBaU0JEUVRBZUZ3MHhOakE0TWpVeE16QTRNemhhRncweE9UQTRNalV4TXpBNE16aGFNSUg4Ck1Rc3dDUVlEVlFRR0V3SkJWREVOTUFzR0ExVUVCeE1FUjNKaGVqRW1NQ1FHQTFVRUNoTWRSM0poZWlCVmJtbDIKWlhKemFYUjVJRzltSUZSbFkyaHViMnh2WjNreFNEQkdCZ05WQkFzVFAwbHVjM1JwZEhWMFpTQm1iM0lnUVhCdwpiR2xsWkNCSmJtWnZjbTFoZEdsdmJpQlFjbTlqWlhOemFXNW5JR0Z1WkNCRGIyMXRkVzVwWTJGMGFXOXVjekVhCk1CZ0dBMVVFQkJNUlUybG5ibUYwZFhKbElGTmxjblpwWTJVeEhqQWNCZ05WQkNvVEZWTmxjblpsY2tKTFZTQkUKWlhabGJHOXdiV1Z1ZERFd01DNEdBMVVFQXhNblUyVnlkbVZ5UWt0VklFUmxkbVZzYjNCdFpXNTBJRk5wWjI1aApkSFZ5WlNCVFpYSjJhV05sTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF4ZC8zCjlpbDYxZ2hJSDc4MXdSR2c1bSsxMk1SeEZCL2VLTFRuOEFqM1lwVG1JOSs0Q1RHOEVTbXUyMGkvZCttUmMvQmcKNXR6dklUaSs5NjRnSXNvdnluQ2RVOVFFd1dGOVNLVFE3dmpUTWZrVFdEbGwrS2ZTV2pPNzFsN0RtOUYvZFJWVwp4S2N4MWo2b1N4Ym5ZWmlvM1VCc1NGK3ZmRXo3Y0p6MkR6QWdBdE05cy8yd1NpWXlXd2ZRTVFjZ0VnQTR1V3RXCi83dnJlOEZEZ3h4dEEzWE9WN0lnS29FZkZBMmM3YTZnVkdVak45ME9XeG40WmRER3BqRFk5bUFuRUpTMnJRb1oKRW5rSTQ3cmZ4MzVGckVQdDdSZGM1bVRTd0R2YkpxTGx4a0NVclBpK0NWL2VzTXhyeVg0K21pdmFnaHhWeTNHVApTcFR4ZjJJQWdYMnVYMlZiVXdJREFRQUJvNElDZERDQ0FuQXdEZ1lEVlIwUEFRSC9CQVFEQWdlQU1Bd0dBMVVkCkV3RUIvd1FDTUFBd2dnRVhCZ2dyQmdFRkJRY0JBUVNDQVFrd2dnRUZNSGNHQ0NzR0FRVUZCekFDaG10c1pHRncKT2k4dmJHUmhjQzVwWVdsckxuUjFaM0poZWk1aGRDOWpiajFwWVdsckxYUmxjM1F0YVc1MFpYSnRaV1JwWVhSbApMV05oTEc5MVBYQnJhU3hrWXoxcFlXbHJMR1JqUFhSMVozSmhlaXhrWXoxaGREOWpRVU5sY25ScFptbGpZWFJsCk8ySnBibUZ5ZVRCSUJnZ3JCZ0VGQlFjd0FvWThhSFIwY0RvdkwyTmhMbWxoYVdzdWRIVm5jbUY2TG1GMEwyTmwKY25SekwybGhhV3N0ZEdWemRDMXBiblJsY20xbFpHbGhkR1V0WTJFdVkyVnlNRUFHQ0NzR0FRVUZCekFCaGpSbwpkSFJ3T2k4dmIyTnpjQzVwWVdsckxuUjFaM0poZWk1aGRDOXBZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsCkxXTmhNQjhHQTFVZEl3UVlNQmFBRkVKdXI2L3FRU3AvbEZjRmhZTGdrVVloeVZkQ01Ca0dBMVVkSUFRU01CQXcKRGdZTUt3WUJCQUdWRWdFQ0J3RUJNSUhLQmdOVkhSOEVnY0l3Z2I4d2dieWdnYm1nZ2JhR2QyeGtZWEE2THk5cwpaR0Z3TG1saGFXc3VkSFZuY21GNkxtRjBMMk51UFdsaGFXc3RkR1Z6ZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkVzCmIzVTljR3RwTEdSalBXbGhhV3NzWkdNOWRIVm5jbUY2TEdSalBXRjBQMk5sY25ScFptbGpZWFJsVW1WMmIyTmgKZEdsdmJreHBjM1E3WW1sdVlYSjVoanRvZEhSd09pOHZZMkV1YVdGcGF5NTBkV2R5WVhvdVlYUXZZM0pzY3k5cApZV2xyTFhSbGMzUXRhVzUwWlhKdFpXUnBZWFJsTFdOaExtTnliREFOQmdjcUtBQUtBUWNCQkFJRkFEQWRCZ05WCkhRNEVGZ1FVQ0djbU5FZ3JGTHdyZWRNcFJwYS8zNGpFcVk4d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dJQkFJQWcKL0Z0K3ZNMERVS0tpcGNGMnhTWkN3ZXFFcjZiRjlJOEZydXhLeUhnNFdjV2lVdkZzOTZXa3dqL0dBOFlNSmtqRQpTS2FkMW5QK2hGamlyYVlVNmRTZnBPbkFVSnlMVjBxNURNOFkwY2w4R0RxYXpFMmtOR056am1IOUh2R1k5Q1dwCnZ3RjhodEJuQlg4TjRFdncydDg2ZUQ0VjUwN2syRXY4Sk9QV0tpZlp3TzBPQ25Qa2tCZnEzMEg1R1ZtOUpBOFcKam9FWFlRenpYMlRCWXJ4cWtXTm9zQXNOOVN0Y092djlzZlRUdFcrb3pLNS9WUHZBcDlTVU9qQzVFd3c3QnVLcQp5QnhEclRTUThobGZXMmo4Y010Q21nMDBMSVNuc3BpcThQZHZJV2t0RE8wc3JpeWgzWXVJSVV4ODZPRTlyQmNHCjIwcXI5czJvWFl6VnhxK1Q2aElFekRDMXYvc1BicGVZRmRVNkRXN2J6LzNPYlBjS2prR0Q3SjA2WkRaRmJnWHIKYXVjcjAxWkZqZGdCY2RIMFV6bXNJYUFNRytIWTVSVTk5QVo1YlA1UkgrRGJTVFpMbGNtOFp6bmU1L2Iwck4rYQoyUTFjdHB0UW5hUGxaWVFNY1RTcVhjYk03VW16bjRMZ25PZWRqZkFjcDhQazByK2Jab2pyekZHdW9pOWZxa3FlCnFUdXArUGtHaitJOEQrcE9HL3NTTWFQeC9nUFo0bGxPOXYxN1ZHSEtIK095R0lzZWZ3ZCtqWGhNVEpNZHQ1a08KNmZMeVRGRjFNUDRMZDY0cFJ1Ym9hZ1pxZTNkbXk5SEN5N0FWbnE5ZElsL0JsaExqaExTVFlXdnd0ZHVoMzNXVgpxZWd3QmxkcjZQOXZ1SlRzT3JyZTdiUnZrQStWbnVaaGxOVzlBQzEvPC9kc2lnOlg1MDlDZXJ0aWZpY2F0ZT48L2RzaWc6WDUwOURhdGE-PC9kc2lnOktleUluZm8-PGRzaWc6T2JqZWN0Pjxkc2lnOk1hbmlmZXN0IElkPSJtYW5pZmVzdCI-PGRzaWc6UmVmZXJlbmNlIFVSST0iIj48ZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTkvUkVDLXhwYXRoLTE5OTkxMTE2Ij48ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6ZHNpZzpTaWduYXR1cmUpPC9kc2lnOlhQYXRoPjwvZHNpZzpUcmFuc2Zvcm0-PC9kc2lnOlRyYW5zZm9ybXM-PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8-PGRzaWc6RGlnZXN0VmFsdWU-QWZHRytDVVAvZUY3bFpCaTgzMkVZYk9lS1MwYzNpYTljQ1p5OEUvYS9QZz08L2RzaWc6RGlnZXN0VmFsdWU-PC9kc2lnOlJlZmVyZW5jZT48L2RzaWc6TWFuaWZlc3Q-PC9kc2lnOk9iamVjdD48L2RzaWc6U2lnbmF0dXJlPjwvc2FtbDpBc3NlcnRpb24-", + "EID-CITIZEN-QAA-LEVEL": "eid-citizen-qaa-level", + "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbDI6QXNz\r\nZXJ0aW9uIHhtbG5zOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXNzZXJ0aW9uIiBJRD0iXzQwOTcyZmQ3NzdjNTlkYTFlYmVlZDJiOGQ2MzNhMzAw\r\nIiBJc3N1ZUluc3RhbnQ9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBWZXJzaW9uPSIy\r\nLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+\r\nCgk8c2FtbDI6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6\r\nMi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5Ij5odHRwczovL3NlcnZlcmJrdWRlbW8u\r\naWFpay50dWdyYXouYXQvZWlkPC9zYW1sMjpJc3N1ZXI+Cgk8ZHM6U2lnbmF0dXJl\r\nIHhtbG5zOmRzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIiBJ\r\nZD0iU2lnbmF0dXJlLWx1cmx5d2ZjLTEiPjxkczpTaWduZWRJbmZvIElkPSJTaWdu\r\nZWRJbmZvLWx1cmx5d2ZjLTEiPjxkczpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFs\r\nZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4j\r\nIi8+PGRzOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMu\r\nb3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI2VjZHNhLXNoYTI1NiIvPjxkczpSZWZl\r\ncmVuY2UgSWQ9IlJlZmVyZW5jZS1sdXJseXdmYy0xIiBVUkk9IiI+PGRzOlRyYW5z\r\nZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3Jn\r\nL1RSLzE5OTkvUkVDLXhzbHQtMTk5OTExMTYiPjx4c2w6c3R5bGVzaGVldCB4bWxu\r\nczp4c2w9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvWFNML1RyYW5zZm9ybSIgZXhj\r\nbHVkZS1yZXN1bHQtcHJlZml4ZXM9InNhbWwyIiB2ZXJzaW9uPSIxLjAiIHhtbG5z\r\nOnNhbWwyPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48\r\neHNsOm91dHB1dCBtZXRob2Q9InhtbCIgeG1sbnM6eG1sPSJodHRwOi8vd3d3Lncz\r\nLm9yZy9YTUwvMTk5OC9uYW1lc3BhY2UiIHhtbDpzcGFjZT0iZGVmYXVsdCIvPjx4\r\nc2w6dGVtcGxhdGUgbWF0Y2g9Ii8iIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8x\r\nOTk5L3hodG1sIj48aHRtbCB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMTk5OS94\r\naHRtbCI+PGhlYWQ+PHRpdGxlPlNpZ25hdHVyIGRlciBBbm1lbGRlZGF0ZW48L3Rp\r\ndGxlPjxzdHlsZSBtZWRpYT0ic2NyZWVuIiB0eXBlPSJ0ZXh0L2NzcyI+CiAgICAg\r\nICAgICAgICAgCQkJCQkubm9ybWFsc3R5bGUgeyBmb250LXNpemU6IG1lZGl1bTsg\r\nfSAKICAgICAgICAgICAgICAJCQkJCS5pdGFsaWNzdHlsZSB7IGZvbnQtc2l6ZTog\r\nbWVkaXVtOyBmb250LXN0eWxlOiBpdGFsaWM7IH0KCQkJCQkJCQkudGl0bGVzdHls\r\nZSB7IHRleHQtZGVjb3JhdGlvbjp1bmRlcmxpbmU7IGZvbnQtd2VpZ2h0OmJvbGQ7\r\nIGZvbnQtc2l6ZTogbWVkaXVtOyB9IAoJCQkJCQkJCS5oNHN0eWxlIHsgZm9udC1z\r\naXplOiBsYXJnZTsgfSAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg\r\nICAgCgkJCQkJCQkJLmhpZGRlbiB7ZGlzcGxheTogbm9uZTsgfSAKICAgICAgICAg\r\nICAgICAJCQkJPC9zdHlsZT48L2hlYWQ+PGJvZHk+PGg0IGNsYXNzPSJoNHN0eWxl\r\nIj5Bbm1lbGRlZGF0ZW46PC9oND48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4g\r\nenVyIFBlcnNvbjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx4c2w6aWYg\r\ndGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3Rh\r\ndGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40Midd\r\nL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5\r\nbGUiPlZvcm5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2\r\nYWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRl\r\nU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoyLjUuNC40\r\nMiddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4\r\nc2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIu\r\nNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0\r\ncj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwy\r\nOkF0dHJpYnV0ZVZhbHVlIi8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVz\r\ndD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVt\r\nZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4y\r\nLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0i\r\naXRhbGljc3R5bGUiPkdlYnVydHNkYXR1bTogPC90ZD48dGQgY2xhc3M9Im5vcm1h\r\nbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9z\r\nYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1\r\ncm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1J10vc2FtbDI6QXR0cmlidXRlVmFs\r\ndWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNz\r\nZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVb\r\nQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYxLjkwJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5Wb2xs\r\nbWFjaHQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp0ZXh0Pklj\r\naCBtZWxkZSBtaWNoIGluIFZlcnRyZXR1bmcgYW4uIEltIG7DpGNoc3RlbiBTY2hy\r\naXR0IHdpcmQgbWlyIGVpbmUgTGlzdGUgZGVyIGbDvHIgbWljaCB2ZXJmw7xnYmFy\r\nZW4gVmVydHJldHVuZ3N2ZXJow6RsdG5pc3NlIGFuZ2V6ZWlndCwgYXVzIGRlbmVu\r\nIGljaCBlaW5lcyBhdXN3w6RobGVuIHdlcmRlLjwveHNsOnRleHQ+PC90ZD48L3Ry\r\nPjwveHNsOmlmPjwvdGFibGU+PHAgY2xhc3M9InRpdGxlc3R5bGUiPkRhdGVuIHp1\r\nciBBbndlbmR1bmc8L3A+PHRhYmxlIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRk\r\nIGNsYXNzPSJpdGFsaWNzdHlsZSI+SWRlbnRpZmlrYXRvcjogPC90ZD48dGQgY2xh\r\nc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFz\r\nc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRl\r\nW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQ\r\ncm92aWRlclVuaXF1ZUlkJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiLz48L3RkPjwv\r\ndHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpB\r\ndHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8v\r\nZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5\r\nTmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhz\r\nbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmli\r\ndXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5n\r\ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUn\r\nXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDppZj48eHNs\r\nOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0\r\nZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3Yu\r\nYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyQ291bnRyeUNvZGUnXS9z\r\nYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxl\r\nIj5TdGFhdDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVl\r\nLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJ\r\nRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6\r\nQXR0cmlidXRlVmFsdWUiLz48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBj\r\nbGFzcz0idGl0bGVzdHlsZSI+VGVjaG5pc2NoZSBQYXJhbWV0ZXI8L3A+PHRhYmxl\r\nIGNsYXNzPSJwYXJhbWV0ZXJzIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+\r\nRGF0dW06PC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFu\r\ndCw5LDIpIi8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2Vs\r\nZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYs\r\nMikiLz48eHNsOnRleHQ+LjwveHNsOnRleHQ+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9\r\nInN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMSw0KSIv\r\nPjwvdGQ+PC90cj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+VWhyemVpdDo8\r\nL3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0\r\nPSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEyLDIp\r\nIi8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJz\r\ndWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIi8+\r\nPHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJz\r\ndHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE4LDIpIi8+PC90\r\nZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5UcmFuc2FrdGlvbnNU\r\nb2trZW46IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1v\r\nZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vQElEIi8+PC90ZD48L3RyPjx4c2w6\r\naWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1l\r\nbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIu\r\nMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNz\r\nPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6\r\nIDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxl\r\nY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3Nh\r\nbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4y\r\nNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIvPjwvdGQ+PC90cj48L3hzbDpp\r\nZj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+RGF0\r\nYVVSTDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9m\r\nIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL3NhbWwy\r\nOkF1ZGllbmNlUmVzdHJpY3Rpb24vc2FtbDI6QXVkaWVuY2UiLz48L3RkPjwvdHI+\r\nPHhzbDppZiB0ZXN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkNvbmRpdGlvbnMv\r\nQE5vdE9uT3JBZnRlciI+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRh\r\nbGljc3R5bGUiPkF1dGhCbG9ja1ZhbGlkVG86IDwvdGQ+PHRkIGNsYXNzPSJub3Jt\r\nYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24v\r\nc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIi8+PC90ZD48L3RyPjwveHNs\r\nOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpz\r\ndHlsZXNoZWV0PjwvZHM6VHJhbnNmb3JtPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGht\r\nPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L2Rz\r\nOlRyYW5zZm9ybXM+PGRzOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93\r\nd3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxkczpEaWdlc3RWYWx1\r\nZT5IbEk0T0lNbG1sVlpJQWtBdkQ1bGdGNWRGeXdxWVhES0wzVEVSaXRZeHlVPTwv\r\nZHM6RGlnZXN0VmFsdWU+PC9kczpSZWZlcmVuY2U+PGRzOlJlZmVyZW5jZSBJZD0i\r\nUmVmZXJlbmNlLWx1cmx5d2ZjLTIiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcv\r\nMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjU2lnbmVkUHJvcGVydGllcy1s\r\ndXJseXdmYy0xIj48ZHM6VHJhbnNmb3Jtcz48ZHM6VHJhbnNmb3JtIEFsZ29yaXRo\r\nbT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8+PC9k\r\nczpUcmFuc2Zvcm1zPjxkczpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8v\r\nd3d3LnczLm9yZy8yMDAxLzA0L3htbGVuYyNzaGEyNTYiLz48ZHM6RGlnZXN0VmFs\r\ndWU+a3lFdzl5bUlLbm9KSlF3bW85bitmdjF1VGpCUXdaNGpsZk5oSll5akpKTT08\r\nL2RzOkRpZ2VzdFZhbHVlPjwvZHM6UmVmZXJlbmNlPjwvZHM6U2lnbmVkSW5mbz48\r\nZHM6U2lnbmF0dXJlVmFsdWUgSWQ9IlNpZ25hdHVyZVZhbHVlLWx1cmx5d2ZjLTEi\r\nPlQrOTN3ejU3dUVsQUFFb1dZTVNYcVA3YnVIU0drZW9YVlQvTnN5Q1hrM056Zmpn\r\nbC9ERlgreFJqOGJqUDNkUEgKenVtejVUV1N3R25NRUU4bUNJTUxRQT09PC9kczpT\r\naWduYXR1cmVWYWx1ZT48ZHM6S2V5SW5mbyBJZD0iS2V5SW5mbyI+PGRzOlg1MDlE\r\nYXRhPjxkczpYNTA5Q2VydGlmaWNhdGU+TUlJR2Z6Q0NCR2VnQXdJQkFnSUhBSlpZ\r\nMGlZWFVqQU5CZ2txaGtpRzl3MEJBUXNGQURCM01Rc3dDUVlEVlFRRwpFd0pCVkRF\r\nTk1Bc0dBMVVFQnhNRVIzSmhlakVtTUNRR0ExVUVDaE1kUjNKaGVpQlZibWwyWlhK\r\nemFYUjVJRzltCklGUmxZMmh1YjJ4dloza3hEVEFMQmdOVkJBc1RCRWxCU1VzeElq\r\nQWdCZ05WQkFNVEdVbEJTVXNnVkdWemRDQkoKYm5SbGNtMWxaR2xoZEdVZ1EwRXdI\r\naGNOTVRnd05USTRNVFEwTlRJeFdoY05NakV3TlRJNE1UUTBOVEl4V2pBdwpNUXd3\r\nQ2dZRFZRUXFFd05GYVdReERUQUxCZ05WQkFRVEJGUmxjM1F4RVRBUEJnTlZCQU1U\r\nQ0VWcFpDQlVaWE4wCk1Ga3dFd1lIS29aSXpqMENBUVlJS29aSXpqMERBUWNEUWdB\r\nRUtzK3U5T2RqRm1SR0YxQ2JzYStYU3V2elBvSUcKcFB0Y0pzKzR0aE1iQ3Vid1NR\r\nTXZVT3NzckN6ckMxSmk5WVZ4ZXFIczNEVTJSREVvc29TVVJPSkgzS09DQXlBdwpn\r\nZ01jTUE0R0ExVWREd0VCL3dRRUF3SUhnREFNQmdOVkhSTUJBZjhFQWpBQU1JSUJO\r\nZ1lJS3dZQkJRVUhBUUVFCmdnRW9NSUlCSkRDQmdnWUlLd1lCQlFVSE1BS0dkbXhr\r\nWVhBNkx5OWpZWEJ6YnkxMFpYTjBMbWxoYVdzdWRIVm4KY21GNkxtRjBPakV6T0Rr\r\ndlkyNDlhV0ZwYXkxMFpYTjBMV2x1ZEdWeWJXVmthV0YwWlMxallTeHZkVDF3YTJr\r\ncwpaR005YVdGcGF5eGtZejEwZFdkeVlYb3NaR005WVhRL1kwRkRaWEowYVdacFky\r\nRjBaVHRpYVc1aGNua3dVQVlJCkt3WUJCUVVITUFLR1JHaDBkSEE2THk5allYQnpi\r\neTEwWlhOMExtbGhhV3N1ZEhWbmNtRjZMbUYwTDJObGNuUnoKTDJsaGFXc3RkR1Z6\r\nZEMxcGJuUmxjbTFsWkdsaGRHVXRZMkV1WTJWeU1Fc0dDQ3NHQVFVRkJ6QUJoajlv\r\nZEhSdwpPaTh2WTJGd2MyOHRkR1Z6ZEM1cFlXbHJMblIxWjNKaGVpNWhkQzl2WTNO\r\nd0wybGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXdId1lEVlIwakJC\r\nZ3dGb0FVZWRnUEFvSGx5d3Z1dC94RXY5Tm4raENHVVJJd2dhQUcKQTFVZElBU0Jt\r\nRENCbFRDQmtnWU1Ld1lCQkFHVkVnRUNCd0VCTUlHQk1IOEdDQ3NHQVFVRkJ3SUNN\r\nSE1NY1ZSbwphWE1nWTJWeWRHbG1hV05oZEdVZ2QyRnpJR2x6YzNWbFpDQmllU0Jo\r\nSUNvcVkyOXdlU29xSUc5bUlHRnVJRWxCClNVc2dWR1Z6ZENCSmJuUmxjbTFsWkds\r\naGRHVWdRMEVnWVc1a0lHMWhlU0JpWlNCMWMyVmtJR1p2Y2lCMFpYTjAKSUhCMWNu\r\nQnZjMlZ6SUc5dWJIa3VNSUhlQmdOVkhSOEVnZFl3Z2RNd2dkQ2dnYzJnZ2NxR2dZ\r\nSnNaR0Z3T2k4dgpZMkZ3YzI4dGRHVnpkQzVwWVdsckxuUjFaM0poZWk1aGREb3hN\r\nemc1TDJOdVBXbGhhV3N0ZEdWemRDMXBiblJsCmNtMWxaR2xoZEdVdFkyRXNiM1U5\r\nY0d0cExHUmpQV2xoYVdzc1pHTTlkSFZuY21GNkxHUmpQV0YwUDJObGNuUnAKWm1s\r\nallYUmxVbVYyYjJOaGRHbHZia3hwYzNRN1ltbHVZWEo1aGtOb2RIUndPaTh2WTJG\r\nd2MyOHRkR1Z6ZEM1cApZV2xyTG5SMVozSmhlaTVoZEM5amNteHpMMmxoYVdzdGRH\r\nVnpkQzFwYm5SbGNtMWxaR2xoZEdVdFkyRXVZM0pzCk1CMEdBMVVkRGdRV0JCU093\r\nS0VmZDVIa2traXppWkJiNVlqNEhXeTFEREFOQmdrcWhraUc5dzBCQVFzRkFBT0MK\r\nQWdFQUFqakRNU1d4YlVIdmtsUEtTNHhUSkpWN0JsNUd5KysvTFozOU1iOFpDZ2pJ\r\nc0dJUDl3M2hoejBrZmk0egpJejZodmYvWXg5emxLWi93UklVOFI0aXlncVFTWTVa\r\nbTI4V0tWbTNWYmhmczRld040RkpUUDh3OExnVVNISjAyClYrSklIdFV0NWk5VTJh\r\nL0kwMWJteklJZkJZTDBJVzhzMUszVk1BekFEeUhER1cvVTZoOWNrN2RheXc4T1dp\r\nOHQKTlQ0dG5LWDRtRWhINnoya1VQbnY3ZnFGbFNSckQwdXFrZUtaYWQzQTFhMTU1\r\nUzBEZ2oxY1ptTmpSNHNSaFFoaApnYmEvRUd1SE55RVhjaFZhc0lJVG9oT1J1SlY5\r\nQkFxNENja2JTTG8vcUNTZit1aVFVSm0zMzZMd2F2akdaa2VkCk8vYXV2UlRFVGN0\r\nUGlwamRPTlN4Ri9qYmpBUTNmbVlSL1Zxdm9DbTZLM1pnV1R6eGswUzRtZmFycndv\r\nb0R2bEUKcmtTbnJsTGYrRDZFeVF0OUxDdy9pNUx2SC8rRStaUTRBS3dUSG1Kb2s0\r\neGRTZ3l3eU5yeHNjaVpydlVHZ3dlOQpuK0NWM0l6RXltWWZMMjhxeWtLV3BxYlBU\r\nbFNIcWEzU2xJbWRsOHl3Skk0aEFXN216WkRwNE9qaGliUnlkSnNSCjd1aUZuZmhJ\r\nS01URGljblpHZ1BaWnFJdVM0cUd3WUJzelU3N1IrWG13bVpxWkJrTlA4OGVZVzFx\r\nbnhDRkdFdEkKT2lpRVR3TzR6eFhGRjIxQ2VCMDZQRXdSQ1ZnZWJCZzB6Qm5YK2hJ\r\nc1Qvbkpxd0hLOEkwWWgyNEJDdWRFU1VDMgpnRTl4cnVqcmszZTdyK2xPcWJZYnpl\r\nV1JKblhJTGcrU25mbHpDOWtTM0x4UmZKST08L2RzOlg1MDlDZXJ0aWZpY2F0ZT48\r\nL2RzOlg1MDlEYXRhPjwvZHM6S2V5SW5mbz48ZHM6T2JqZWN0Pjx4YWRlczpRdWFs\r\naWZ5aW5nUHJvcGVydGllcyB4bWxuczp4YWRlcz0iaHR0cDovL3VyaS5ldHNpLm9y\r\nZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNTaWduYXR1cmUtbHVybHl3ZmMtMSI+\r\nPHhhZGVzOlNpZ25lZFByb3BlcnRpZXMgSWQ9IlNpZ25lZFByb3BlcnRpZXMtbHVy\r\nbHl3ZmMtMSI+PHhhZGVzOlNpZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVz\r\nOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDdUMTY6NTc6MzcrMDI6MDA8L3hhZGVzOlNp\r\nZ25pbmdUaW1lPjx4YWRlczpTaWduaW5nQ2VydGlmaWNhdGVWMj48eGFkZXM6Q2Vy\r\ndD48eGFkZXM6Q2VydERpZ2VzdD48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0i\r\naHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8+PGRzOkRp\r\nZ2VzdFZhbHVlPmRXV01DZ29LL09Uc1Bkemk1S0orSFV0RUE5YWhxVitsQkVEK3BD\r\na1d0OFU9PC9kczpEaWdlc3RWYWx1ZT48L3hhZGVzOkNlcnREaWdlc3Q+PC94YWRl\r\nczpDZXJ0PjwveGFkZXM6U2lnbmluZ0NlcnRpZmljYXRlVjI+PHhhZGVzOlNpZ25h\r\ndHVyZVBvbGljeUlkZW50aWZpZXI+PHhhZGVzOlNpZ25hdHVyZVBvbGljeUltcGxp\r\nZWQvPjwveGFkZXM6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L3hhZGVzOlNp\r\nZ25lZFNpZ25hdHVyZVByb3BlcnRpZXM+PHhhZGVzOlNpZ25lZERhdGFPYmplY3RQ\r\ncm9wZXJ0aWVzPjx4YWRlczpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5j\r\nZT0iI1JlZmVyZW5jZS1sdXJseXdmYy0xIj48eGFkZXM6TWltZVR5cGU+YXBwbGlj\r\nYXRpb24veGh0bWwreG1sPC94YWRlczpNaW1lVHlwZT48L3hhZGVzOkRhdGFPYmpl\r\nY3RGb3JtYXQ+PC94YWRlczpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48L3hh\r\nZGVzOlNpZ25lZFByb3BlcnRpZXM+PC94YWRlczpRdWFsaWZ5aW5nUHJvcGVydGll\r\ncz48L2RzOk9iamVjdD48L2RzOlNpZ25hdHVyZT48c2FtbDI6Q29uZGl0aW9ucyBO\r\nb3RCZWZvcmU9IjIwMTgtMDYtMDdUMTQ6NTc6MzdaIiBOb3RPbk9yQWZ0ZXI9IjIw\r\nMTgtMDYtMDdUMTU6MDI6MzdaIj4KCQk8c2FtbDI6QXVkaWVuY2VSZXN0cmljdGlv\r\nbj4KCQkJPHNhbWwyOkF1ZGllbmNlPmh0dHA6Ly9sYWJkYS5pYWlrLnR1Z3Jhei5h\r\ndDo4MDgwL21vYS1pZC1hdXRoL3NsMjAvZGF0YVVybD9wZW5kaW5naWQ9Nzg0NTg4\r\nMDkxNDYxODg5MjM2MTwvc2FtbDI6QXVkaWVuY2U+CgkJPC9zYW1sMjpBdWRpZW5j\r\nZVJlc3RyaWN0aW9uPgoJPC9zYW1sMjpDb25kaXRpb25zPgoJPHNhbWwyOkF0dHJp\r\nYnV0ZVN0YXRlbWVudD4KCQk8c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0i\r\nUFZQLVZFUlNJT04iIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuMjYx\r\nLjEwIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0\r\ncm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxu\r\nczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNl\r\nIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5k\r\nbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4x\r\nMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpT\r\nQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0\r\nZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hl\r\nbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPlRlc3Q8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJHSVZFTi1OQU1FIiBOYW1lPSJ1cm46b2lkOjIu\r\nNS40LjQyIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6\r\nYXR0cm5hbWUtZm9ybWF0OnVyaSI+CgkJCTxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4\r\nbWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3Rh\r\nbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5FaWQ8L3NhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJp\r\nZW5kbHlOYW1lPSJCSVJUSERBVEUiIE5hbWU9InVybjpvaWQ6MS4yLjQwLjAuMTAu\r\nMi4xLjEuNTUiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIu\r\nMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZhbHVl\r\nIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5z\r\ndGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjIwMDAtMDEtMDE8L3NhbWwyOkF0\r\ndHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRlPgoJCTxzYW1sMjpBdHRy\r\naWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5h\r\nbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3Zp\r\nZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1M\r\nOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj4KCQkJPHNhbWwyOkF0dHJpYnV0ZVZh\r\nbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEt\r\naW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmh0dHBzOi8vbGFiZGEuaWFp\r\nay50dWdyYXouYXQ6NTU1My9kZW1vbG9naW4vTG9naW5TZXJ2bGV0RXhhbXBsZS5h\r\nY3Rpb248L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJCTwvc2FtbDI6QXR0cmlidXRl\r\nPgoJCTxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlk\r\nZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRy\r\naWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0i\r\ndXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmki\r\nPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3\r\nLnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0\r\ncmluZyI+RGVtbyBBcHBsaWNhdGlvbjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+CgkJ\r\nPC9zYW1sMjpBdHRyaWJ1dGU+CgkJPHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5h\r\nbWU9IlNlcnZpY2VQcm92aWRlci1Db3VudHJ5Q29kZSIgTmFtZT0iaHR0cDovL2Vp\r\nZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29k\r\nZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJu\r\nYW1lLWZvcm1hdDp1cmkiPgoJCQk8c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6\r\neHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIg\r\neHNpOnR5cGU9InhzOnN0cmluZyI+QVQ8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPgoJ\r\nCTwvc2FtbDI6QXR0cmlidXRlPgoJCQoJCQoJPC9zYW1sMjpBdHRyaWJ1dGVTdGF0\r\nZW1lbnQ+Cjwvc2FtbDI6QXNzZXJ0aW9uPg==", + "EID-CCS-URL": "eid-ccs-url" +} \ No newline at end of file -- cgit v1.2.3 From b53d2f387282b731ea72806ec7d410a1c27a878d Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 06:25:41 +0200 Subject: add foreign bPK generation into AuthenticationDataBuilder --- .../data/oa/OATargetConfiguration.java | 40 ++++++++++ .../validation/oa/OATargetConfigValidation.java | 4 + .../resources/applicationResources_de.properties | 3 + .../resources/applicationResources_en.properties | 2 + .../webapp/jsp/snippets/OA/targetConfiguration.jsp | 15 ++++ .../validation/task/impl/ServicesTargetTask.java | 10 ++- .../id/auth/builder/AuthenticationDataBuilder.java | 87 +++++++++++++++++++++- .../moa/id/auth/builder/BPKBuilder.java | 26 +++++-- .../parser/VerifyXMLSignatureResponseParser.java | 2 +- .../moa/id/config/auth/OAAuthParameter.java | 14 +++- .../config/auth/data/DynamicOAAuthParameters.java | 6 ++ .../moa/id/data/AuthenticationData.java | 2 + .../attributes/EncryptedBPKAttributeBuilder.java | 2 +- .../moa/id/commons/api/IOAAuthParameters.java | 7 ++ .../config/ConfigurationMigrationUtils.java | 6 ++ .../config/MOAIDConfigurationConstants.java | 2 + .../dao/config/deprecated/OnlineApplication.java | 14 +++- 17 files changed, 228 insertions(+), 14 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index b4b3aaf13..f67d4fa27 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletRequest; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentOA; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.IdentificationNumber; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.OnlineApplication; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.TargetValidator; import at.gv.egovernment.moa.id.configuration.Constants; import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser; @@ -56,6 +57,8 @@ public class OATargetConfiguration implements IOnlineApplicationData { private String identificationNumber = null; private String identificationType = null; private static List identificationTypeList = null; + + private String foreignbPKTargets = null; public OATargetConfiguration() { targetList = TargetValidator.getListOfTargets(); @@ -145,6 +148,24 @@ public class OATargetConfiguration implements IOnlineApplicationData { } } + + //parse foreign bPK sector list + if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) + foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); + + else { + if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, + dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + foreignbPKTargets = dbOA.getForeignbPKTargetList(); + + } + + + return null; } @@ -253,6 +274,9 @@ public class OATargetConfiguration implements IOnlineApplicationData { } } } + + dbOA.setForeignbPKTargetList(getForeignbPKTargets()); + return null; } @@ -401,6 +425,22 @@ public class OATargetConfiguration implements IOnlineApplicationData { public void setSubTargetSet(boolean subTargetSet) { this.subTargetSet = subTargetSet; } + + + public String getForeignbPKTargets() { + return foreignbPKTargets; + } + + + public void setForeignbPKTargets(String foreignbPKTargets) { + if (MiscUtil.isNotEmpty(foreignbPKTargets)) + this.foreignbPKTargets = + KeyValueUtils.removeAllNewlineFromString(foreignbPKTargets); + else + this.foreignbPKTargets = foreignbPKTargets; + } + + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java index ca0231577..4807d479e 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OATargetConfigValidation.java @@ -161,6 +161,10 @@ public class OATargetConfigValidation { } } + + //foreign bPK configuration + + return errors; } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 4b29f901a..2006625ff 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -243,6 +243,7 @@ webpages.oaconfig.general.friendlyname=Name der Online-Applikation webpages.oaconfig.general.isbusinessservice=Privatwirtschaftliche Applikation webpages.oaconfig.general.isstorkservice=Stork Applikation webpages.oaconfig.general.public.header=Öffentlicher Bereich +webpages.oaconfig.general.foreignbpk.header=Fremd-bPK Konfiguration webpages.oaconfig.general.stork.header=STORK Bereich webpages.oaconfig.general.stork.countrycode=Landesvorwahl webpages.oaconfig.general.target.friendlyname=Bezeichnung des Bereichs (Frei w\u00E4hlbar) @@ -262,6 +263,8 @@ webpages.oaconfig.general.aditional.iframe=B\u00FCrgerkartenauswahl im IFrame webpages.oaconfig.general.aditional.useUTC=UTC Zeit verwenden webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=bPK/wbPK im AuthBlock ausblenden +webpages.oaconfig.general.foreign.sectors=Sektoren f\u00FCr Fremd-bPKs (CSV) + webpages.oaconfig.general.szrgw.header=SZR-Gateway Service webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index d642994de..694294df7 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -249,6 +249,7 @@ webpages.oaconfig.general.friendlyname=Name of the Online-Application webpages.oaconfig.general.isbusinessservice=Private sector application webpages.oaconfig.general.isstorkservice=Stork application webpages.oaconfig.general.public.header=Public sector +webpages.oaconfig.general.foreignbpk.header=Foreign sectors configuration webpages.oaconfig.general.stork.header=STORK sector webpages.oaconfig.general.stork.countrycode=Country code webpages.oaconfig.general.target.friendlyname=Name of the sector (arbitrary defined) @@ -268,6 +269,7 @@ webpages.oaconfig.general.aditional.iframe=Selection of citizen card in IFrame webpages.oaconfig.general.aditional.useUTC=Use UTC time webpages.oaconfig.general.aditional.calculateHPI="TODO!" webpages.oaconfig.general.isHideBPKAuthBlock=Hide bPK/wbPK from AuthBlock +webpages.oaconfig.general.foreign.sectors=Sectors for foreign pseudonyms (CSV) webpages.oaconfig.general.szrgw.header=SZR-Gateway Service webpages.oaconfig.general.szrgw.selected=SZR-Gateway Service URL diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp index b8bd1dc02..a61ce3053 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/targetConfiguration.jsp @@ -111,5 +111,20 @@ + +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.foreignbpk.header", request) %>

+ + + +
+ \ No newline at end of file diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java index e8d49a391..27b45fa78 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesTargetTask.java @@ -206,7 +206,15 @@ public class ServicesTargetTask extends AbstractTaskValidator implements ITaskVa } } } - + + + //validate foreign bPK targets + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN); + if (MiscUtil.isNotEmpty(check)) { + log.debug("Find foreign bPK targets, but no validation is required"); + + } + if (!errors.isEmpty()) throw new ConfigurationTaskValidationException(errors); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index b93de5119..91159ad4e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -30,9 +30,13 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Collection; import java.util.Date; +import java.util.HashMap; import java.util.Iterator; import java.util.List; +import java.util.Map; +import java.util.Map.Entry; +import javax.annotation.PostConstruct; import javax.naming.ldap.LdapName; import javax.naming.ldap.Rdn; @@ -102,12 +106,32 @@ import iaik.x509.X509Certificate; @Service("AuthenticationDataBuilder") public class AuthenticationDataBuilder extends MOAIDAuthConstants { + private static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey"; + @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; @Autowired protected AuthConfiguration authConfig; @Autowired private AttributQueryBuilder attributQueryBuilder; @Autowired private SAMLVerificationEngineSP samlVerificationEngine; @Autowired(required=true) private MOAMetadataProvider metadataProvider; + private Map encKeyMap = new HashMap(); + + @PostConstruct + private void initialize() { + Map pubKeyMap = authConfig.getBasicMOAIDConfigurationWithPrefix(CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS); + for (Entry el : pubKeyMap.entrySet()) { + try { + encKeyMap.put(el.getKey(), new X509Certificate(Base64Utils.decode(el.getValue(), false))); + Logger.info("Load foreign bPK encryption certificate for sector: " + el.getKey()); + + } catch (Exception e) { + Logger.warn("Can NOT load foreign bPK encryption certificate for sector: \" + el.getKey()", e); + + } + + } + } + public IAuthData buildAuthenticationData(IRequest pendingReq, IAuthenticationSession session) throws ConfigurationException, BuildException, WrongParametersException, DynamicOABuildException { @@ -648,7 +672,7 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { Logger.info("Can NOT set Organwalter IdentityLink. Msg: No IdentityLink found"); - //set bPK and IdenityLink for all other + //set bPK and IdentityLink for all other } else { //build bPK String pvpbPKValue = getbPKValueFromPVPAttribute(session); @@ -724,7 +748,11 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } } - + + //build foreign bPKs + generateForeignbPK(authData, oaParam.foreignbPKSectorsRequested()); + + //build IdentityLink if (identityLink != null) authData.setIdentityLink(buildOAspecificIdentityLink(oaParam, identityLink, authData.getBPK(), authData.getBPKType())); @@ -810,6 +838,61 @@ public class AuthenticationDataBuilder extends MOAIDAuthConstants { } + private void generateForeignbPK(AuthenticationData authData, List foreignSectors) { + if (foreignSectors != null && !foreignSectors.isEmpty()) { + Logger.debug("Sectors for foreign bPKs are configurated. Starting foreign bPK generation ... "); + for (String foreignSector : foreignSectors) { + Logger.trace("Process sector: " + foreignSector + " ... "); + if (encKeyMap.containsKey(foreignSector)) { + try { + String sector = null; + //splitt sector into VKZ and target + if (foreignSector.startsWith("wbpk")) { + Logger.trace("Find foreign private sector " + foreignSector); + sector = Constants.URN_PREFIX + ":" + foreignSector; + + } else { + String[] split = foreignSector.split("+"); + if (split.length != 2) { + Logger.warn("Foreign sector: " + foreignSector + " looks WRONG. IGNORE IT!"); + + } else { + Logger.trace("Find foreign public sector. VKZ: " + split[0] + " Target: " + split[1]); + sector = Constants.URN_PREFIX_CDID + "+" + split[1]; + + } + + } + + if (sector != null) { + Pair bpk = new BPKBuilder().generateAreaSpecificPersonIdentifier( + authData.getIdentificationValue(), + authData.getIdentificationType(), + sector); + String foreignbPK = BPKBuilder.encryptBPK(bpk.getFirst(), bpk.getSecond(), encKeyMap.get(foreignSector).getPublicKey()); + authData.getEncbPKList().add("(" + foreignSector + "|" + foreignbPK + ")"); + Logger.debug("Foreign bPK for sector: " + foreignSector + " created."); + + } + + } catch (Exception e) { + Logger.warn("Foreign bPK generation FAILED for sector: " + foreignSector, e); + + } + + } else { + Logger.info("NO encryption cerfificate FOUND in configuration for sector: " + foreignSector); + Logger.info("Foreign bPK for sector: " + foreignSector + " is NOT possible"); + + } + } + + } else + Logger.debug("No foreign bPKs required for this service provider"); + + } + + /** * Check a bPK-Type against a Service-Provider configuration
* If bPK-Type is null the result is false. diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index a7f6e873f..04df32309 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -266,16 +266,21 @@ public class BPKBuilder { public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException { MiscUtil.assertNotNull(bpk, "BPK"); + MiscUtil.assertNotNull(target, "sector"); MiscUtil.assertNotNull(publicKey, "publicKey"); - + SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss"); - if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) - target = target.substring((Constants.URN_PREFIX_CDID + "+").length()); - String input = "V1::urn:publicid:gv.at:cdid+" + target + "::" + if (!target.startsWith(Constants.URN_PREFIX)) { + throw new BuildException("bPK encryption FAILED. bPK target does NOT starts with a valid prefix", null); + + } + + String input = "V1::" + + target + "::" + bpk + "::" + sdf.format(new Date()); - System.out.println(input); + Logger.trace("Foreign bPK: " + input); byte[] result; try { byte[] inputBytes = input.getBytes("ISO-8859-1"); @@ -287,6 +292,17 @@ public class BPKBuilder { } } + + /** + * Currently only works for bPKs!!!! + * + * + * @param encryptedBpk + * @param target + * @param privateKey + * @return + * @throws BuildException + */ public static String decryptBPK(String encryptedBpk, String target, PrivateKey privateKey) throws BuildException { MiscUtil.assertNotEmpty(encryptedBpk, "Encrypted BPK"); MiscUtil.assertNotNull(privateKey, "Private key"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java index 0fba2d3f6..3a0a002e8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/parser/VerifyXMLSignatureResponseParser.java @@ -209,7 +209,7 @@ public class VerifyXMLSignatureResponseParser { String signingTimeElement = XPathUtils.getElementValue(verifyXMLSignatureResponse,SIGNING_TIME_XPATH,""); if (MiscUtil.isNotEmpty(signingTimeElement)) { - DateTime datetime = ISODateTimeFormat.dateTimeNoMillis().parseDateTime(signingTimeElement); + DateTime datetime = ISODateTimeFormat.dateOptionalTimeParser().parseDateTime(signingTimeElement); respData.setSigningDateTime(datetime.toDate()); } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java index 59bd3893d..140ebcfc8 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/OAAuthParameter.java @@ -54,10 +54,8 @@ import java.util.Arrays; import java.util.Collection; import java.util.Collections; import java.util.HashMap; -import java.util.Iterator; import java.util.List; import java.util.Map; -import java.util.Map.Entry; import java.util.Set; import org.apache.commons.lang.SerializationUtils; @@ -935,4 +933,16 @@ public String toString() { return "Object not initialized"; } + +@Override +public List foreignbPKSectorsRequested() { + String value = oaConfiguration.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN); + if (MiscUtil.isNotEmpty(value)) + return KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(value)); + + else + return null; + +} + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java index f3db82315..31b894604 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/DynamicOAAuthParameters.java @@ -531,5 +531,11 @@ public class DynamicOAAuthParameters implements IOAAuthParameters, Serializable{ return false; } + @Override + public List foreignbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java index 7f56f519b..4cd9ecd6a 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/data/AuthenticationData.java @@ -691,6 +691,8 @@ public class AuthenticationData implements IAuthData, Serializable { * @return the encbPKList */ public List getEncbPKList() { + if (encbPKList == null) + encbPKList = new ArrayList(); return encbPKList; } diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index 9dfbe00b2..f5c48b826 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -41,7 +41,7 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { if (authData.getEncbPKList() != null && authData.getEncbPKList().size() > 0) { - String value = authData.getEncbPKList().get(0); + String value = "(" + authData.getEncbPKList().get(0) + ")"; for (int i=1; i getReversionsLoggingEventCodes(); + /** + * Get a List of sectors for that this service provider requires foreign bPKs + * + * @return list of sectors, or null if no sectors are defined + */ + public List foreignbPKSectorsRequested(); + } \ No newline at end of file diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 93f26051c..b49278947 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -174,6 +174,9 @@ public class ConfigurationMigrationUtils { } } + if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); + //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); @@ -826,6 +829,9 @@ public class ConfigurationMigrationUtils { } } + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN))) + dbOA.setForeignbPKTargetList(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN)); + //store BKU-URLs BKUURLS bkuruls = new BKUURLS(); authoa.setBKUURLS(bkuruls); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 695df3123..8b52e4e0c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -61,6 +61,8 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { private static final String SERVICE_AUTH_TARGET_BUSINESS = SERVICE_AUTH_TARGET + ".business"; public static final String SERVICE_AUTH_TARGET_BUSINESS_TYPE = SERVICE_AUTH_TARGET_BUSINESS + ".type"; public static final String SERVICE_AUTH_TARGET_BUSINESS_VALUE = SERVICE_AUTH_TARGET_BUSINESS + ".value"; + public static final String SERVICE_AUTH_TARGET_FOREIGN = SERVICE_AUTH_TARGET + ".foreign"; + public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET = SERVICE_AUTH_TARGET_PUBLIC + ".target"; public static final String SERVICE_AUTH_TARGET_PUBLIC_TARGET_SUB = SERVICE_AUTH_TARGET_PUBLIC + ".target.sub"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java index 196923ce6..e37873a72 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/OnlineApplication.java @@ -115,10 +115,20 @@ public class OnlineApplication @XmlTransient protected String mandateServiceSelectionTemplateURL = null; + @XmlTransient + protected String foreignbPKTargetList = null; + - - /** + public String getForeignbPKTargetList() { + return foreignbPKTargetList; + } + + public void setForeignbPKTargetList(String foreignbPKTargetList) { + this.foreignbPKTargetList = foreignbPKTargetList; + } + + /** * @return the saml2PostBindingTemplateURL */ public String getSaml2PostBindingTemplateURL() { -- cgit v1.2.3 From 721d4261b72a12dc6147687d72b81738014be20b Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 09:20:52 +0200 Subject: add jUnit simple test for AuthDataBuilder and foreign bPK generation --- .../id/auth/builder/AuthenticationDataBuilder.java | 13 +- .../moa/id/auth/builder/BPKBuilder.java | 158 +++-------- .../id/config/auth/data/UserWhitelistStore.java | 39 ++- .../auth/data/AuthenticationDataBuilderTest.java | 85 ++++++ .../moa/id/config/auth/data/DummyAuthConfig.java | 49 +++- .../moa/id/config/auth/data/DummyAuthSession.java | 287 ++++++++++++++++++++ .../moa/id/config/auth/data/DummyAuthStorage.java | 186 +++++++++++++ .../moa/id/config/auth/data/DummyOAConfig.java | 289 +++++++++++++++++++++ .../auth/data/UserRestrictionWhiteListTest.java | 8 +- .../moa/id/module/test/TestRequestImpl.java | 5 +- .../src/test/resources/BPK-Whitelist_20180607.csv | 4 +- .../SpringTest-context_basic_user_whitelist.xml | 11 + .../moa/id/commons/validation/IPKIXValidator.java | 6 + .../commons/validation/MOASPPKIXCertValidator.java | 9 + .../validation/PKIXValidatorConfiguration.java | 21 ++ .../modules/sl20_auth/eIDDataVerifierTest.java | 8 +- .../data/SSOTransferOnlineApplication.java | 6 + 17 files changed, 1037 insertions(+), 147 deletions(-) create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java create mode 100644 id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java create mode 100644 id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java index 91159ad4e..afac80df9 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/AuthenticationDataBuilder.java @@ -106,13 +106,14 @@ import iaik.x509.X509Certificate; @Service("AuthenticationDataBuilder") public class AuthenticationDataBuilder extends MOAIDAuthConstants { - private static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey"; + public static final String CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS = "configuration.foreignsectors.pubkey"; + + @Autowired(required=true) private IAuthenticationSessionStoreage authenticatedSessionStorage; + @Autowired(required=true) protected AuthConfiguration authConfig; + @Autowired(required=false) private MOAMetadataProvider metadataProvider; + @Autowired(required=false) private AttributQueryBuilder attributQueryBuilder; + @Autowired(required=false) private SAMLVerificationEngineSP samlVerificationEngine; - @Autowired private IAuthenticationSessionStoreage authenticatedSessionStorage; - @Autowired protected AuthConfiguration authConfig; - @Autowired private AttributQueryBuilder attributQueryBuilder; - @Autowired private SAMLVerificationEngineSP samlVerificationEngine; - @Autowired(required=true) private MOAMetadataProvider metadataProvider; private Map encKeyMap = new HashMap(); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 04df32309..14de65e36 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -149,121 +149,7 @@ public class BPKBuilder { } } } - - - /** - * Builds the storkeid from the given parameters. - * - * @param baseID baseID of the citizen - * @param baseIDType Type of the baseID - * @param sourceCountry CountryCode of that country, which build the eIDAs ID - * @param destinationCountry CountryCode of that country, which receives the eIDAs ID - * - * @return Pair in a BASE64 encoding - * @throws BuildException if an error occurs on building the wbPK - */ - private Pair buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) - throws BuildException { - String bPK = null; - String bPKType = null; - - // check if we have been called by public sector application - if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { - bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; - Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType); - bPK = calculatebPKwbPK(baseID + "+" + bPKType); - - } else { // if not, sector identification value is already calculated by BKU - Logger.debug("eIDAS eIdentifier already provided by BKU"); - bPK = baseID; - } - - if ((MiscUtil.isEmpty(bPK) || - MiscUtil.isEmpty(sourceCountry) || - MiscUtil.isEmpty(destinationCountry))) { - throw new BuildException("builder.00", - new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + - bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); - } - - Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); - String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; - - return Pair.newInstance(eIdentifier, bPKType); - } - -// /** -// * Builds the bPK from the given parameters. -// * -// * @param identificationValue Base64 encoded "Stammzahl" -// * @param target "Bereich lt. Verordnung des BKA" -// * @return bPK in a BASE64 encoding -// * @throws BuildException if an error occurs on building the bPK -// */ -// private String buildBPK(String identificationValue, String target) -// throws BuildException { -// -// if ((identificationValue == null || -// identificationValue.length() == 0 || -// target == null || -// target.length() == 0)) { -// throw new BuildException("builder.00", -// new Object[]{"BPK", "Unvollständige Parameterangaben: identificationValue=" + -// identificationValue + ",target=" + target}); -// } -// String basisbegriff; -// if (target.startsWith(Constants.URN_PREFIX_CDID + "+")) -// basisbegriff = identificationValue + "+" + target; -// else -// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_CDID + "+" + target; -// -// return calculatebPKwbPK(basisbegriff); -// } -// -// /** -// * Builds the wbPK from the given parameters. -// * -// * @param identificationValue Base64 encoded "Stammzahl" -// * @param registerAndOrdNr type of register + "+" + number in register. -// * @return wbPK in a BASE64 encoding -// * @throws BuildException if an error occurs on building the wbPK -// */ -// private String buildWBPK(String identificationValue, String registerAndOrdNr) -// throws BuildException { -// -// if ((identificationValue == null || -// identificationValue.length() == 0 || -// registerAndOrdNr == null || -// registerAndOrdNr.length() == 0)) { -// throw new BuildException("builder.00", -// new Object[]{"wbPK", "Unvollständige Parameterangaben: identificationValue=" + -// identificationValue + ",Register+Registernummer=" + registerAndOrdNr}); -// } -// -// String basisbegriff; -// if (registerAndOrdNr.startsWith(Constants.URN_PREFIX_WBPK + "+")) -// basisbegriff = identificationValue + "+" + registerAndOrdNr; -// else -// basisbegriff = identificationValue + "+" + Constants.URN_PREFIX_WBPK + "+" + registerAndOrdNr; -// -// return calculatebPKwbPK(basisbegriff); -// } -// -// private String buildbPKorwbPK(String baseID, String bPKorwbPKTarget) throws BuildException { -// if (MiscUtil.isEmpty(baseID) || -// !(bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_CDID + "+") || -// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_WBPK + "+") || -// bPKorwbPKTarget.startsWith(Constants.URN_PREFIX_STORK + "+")) ) { -// throw new BuildException("builder.00", -// new Object[]{"bPK/wbPK", "bPK or wbPK target " + bPKorwbPKTarget -// + " has an unkown prefix."}); -// -// } -// -// return calculatebPKwbPK(baseID + "+" + bPKorwbPKTarget); -// -// } - + public static String encryptBPK(String bpk, String target, PublicKey publicKey) throws BuildException { MiscUtil.assertNotNull(bpk, "BPK"); MiscUtil.assertNotNull(target, "sector"); @@ -332,6 +218,48 @@ public class BPKBuilder { } } + + /** + * Builds the storkeid from the given parameters. + * + * @param baseID baseID of the citizen + * @param baseIDType Type of the baseID + * @param sourceCountry CountryCode of that country, which build the eIDAs ID + * @param destinationCountry CountryCode of that country, which receives the eIDAs ID + * + * @return Pair in a BASE64 encoding + * @throws BuildException if an error occurs on building the wbPK + */ + private Pair buildeIDASIdentifer(String baseID, String baseIDType, String sourceCountry, String destinationCountry) + throws BuildException { + String bPK = null; + String bPKType = null; + + // check if we have been called by public sector application + if (baseIDType.startsWith(Constants.URN_PREFIX_BASEID)) { + bPKType = Constants.URN_PREFIX_EIDAS + "+" + sourceCountry + "+" + destinationCountry; + Logger.debug("Building eIDAS identification from: [identValue]+" + bPKType); + bPK = calculatebPKwbPK(baseID + "+" + bPKType); + + } else { // if not, sector identification value is already calculated by BKU + Logger.debug("eIDAS eIdentifier already provided by BKU"); + bPK = baseID; + } + + if ((MiscUtil.isEmpty(bPK) || + MiscUtil.isEmpty(sourceCountry) || + MiscUtil.isEmpty(destinationCountry))) { + throw new BuildException("builder.00", + new Object[]{"eIDAS-ID", "Unvollständige Parameterangaben: identificationValue=" + + bPK + ", Zielland=" + destinationCountry + ", Ursprungsland=" + sourceCountry}); + } + + Logger.debug("Building eIDAS identification from: " + sourceCountry+"/"+destinationCountry+"/" + "[identValue]"); + String eIdentifier = sourceCountry + "/" + destinationCountry + "/" + bPK; + + return Pair.newInstance(eIdentifier, bPKType); + } + private String calculatebPKwbPK(String basisbegriff) throws BuildException { try { MessageDigest md = MessageDigest.getInstance("SHA-1"); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java index a90d71a18..a32159dd0 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java @@ -18,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.util.FileUtils; @@ -35,26 +36,44 @@ public class UserWhitelistStore { @PostConstruct private void initialize() { String whiteListUrl = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE); - if (MiscUtil.isEmpty(whiteListUrl)) - Logger.debug("Do not initialize user whitelist. Reason: No configuration path to CSV file."); + String internalTarget = authConfig.getBasicMOAIDConfiguration(UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR); + if (MiscUtil.isEmpty(whiteListUrl) || MiscUtil.isEmpty(internalTarget)) + Logger.debug("Do not initialize user whitelist. Reason: NO configuration path to CSV file or NO internal bPK target for whitelist"); else { - absWhiteListUrl = FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir()); - try { - InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); + if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_CDID)) + internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_CDID.length()); + else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_WPBK)) + internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_WPBK.length()); + else if (internalTarget.startsWith(MOAIDAuthConstants.PREFIX_EIDAS)) + internalTarget = internalTarget.substring(MOAIDAuthConstants.PREFIX_EIDAS.length()); + else { + Logger.warn("Sector: " + internalTarget + " is NOT supported for user whitelist."); + Logger.info("User whitelist-store MAY NOT contains all user from whitelist"); + } + + try { + absWhiteListUrl = new URL(FileUtils.makeAbsoluteURL(whiteListUrl, authConfig.getRootConfigFileDir())) + .toURI().toString().substring("file:".length()); + InputStream is = new FileInputStream(new File(absWhiteListUrl)); String whiteListString = IOUtils.toString(new InputStreamReader(is)); List preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString)); + + //remove prefix if required for (String bPK : preWhitelist) { String[] bPKSplit = bPK.split(":"); if (bPKSplit.length == 1) whitelist.add(bPK); - else if (bPKSplit.length ==2 ) - whitelist.add(bPKSplit[1]); - - else + else if (bPKSplit.length ==2 ) { + if (internalTarget.equals(bPKSplit[0])) + whitelist.add(bPKSplit[1]); + else + Logger.info("Whitelist entry: " + bPK + " has an unsupported target. Entry will be removed ..."); + + } else Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ..."); } @@ -108,7 +127,7 @@ public class UserWhitelistStore { public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) { try { if (absWhiteListUrl != null) { - InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI())); + InputStream is = new FileInputStream(new File(absWhiteListUrl)); String whiteListString = IOUtils.toString(new InputStreamReader(is)); if (whiteListString != null && whiteListString.contains(bPK)) { Logger.trace("Find user with dynamic whitelist check"); diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java new file mode 100644 index 000000000..e300c8ec8 --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/AuthenticationDataBuilderTest.java @@ -0,0 +1,85 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.io.ByteArrayInputStream; +import java.util.Arrays; +import java.util.List; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.data.IAuthData; +import at.gv.egovernment.moa.id.module.test.TestRequestImpl; +import at.gv.egovernment.moa.util.Base64Utils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration("/SpringTest-context_basic_user_whitelist.xml") +public class AuthenticationDataBuilderTest { + + @Autowired private AuthenticationDataBuilder authBuilder; + + private static final String DUMMY_IDL = "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg=="; + + @Test + public void dummyTest() throws Exception { + + + } + + + @Test + public void buildAuthDataWithIDLOnly() throws Exception { + IRequest pendingReq = new TestRequestImpl(); + DummyOAConfig oaParam = new DummyOAConfig(); + oaParam.setHasBaseIdTransferRestriction(false); + oaParam.setTarget("urn:publicid:gv.at:cdid+ZP-MH"); + oaParam.setForeignbPKSectors(Arrays.asList("wbpk+FN+195738a")); + + IAuthenticationSession session = new DummyAuthSession(); + session.setIdentityLink(new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(DUMMY_IDL, false))).parseIdentityLink()); + + IAuthData authData = authBuilder.buildAuthenticationData(pendingReq, session, oaParam); + + if (!authData.getFamilyName().equals("Mustermann")) + throw new Exception("Familyname wrong"); + + if (!authData.getGivenName().equals("Max")) + throw new Exception("GivenName wrong"); + + if (!authData.getFormatedDateOfBirth().equals("1940-01-01")) + throw new Exception("DateOfBirth wrong"); + + + if (!authData.getIdentificationValue().equals("tqCQEC7+AqGEeeL390V5Jg==")) + throw new Exception("baseId wrong"); + + if (!authData.getIdentificationType().equals("urn:publicid:gv.at:baseid")) + throw new Exception("baseIdType wrong"); + + + if (!authData.getBPK().equals("DJ6nGg2JgcPH768BhqTNXVsGhOY=")) + throw new Exception("bPK wrong"); + + if (!authData.getBPKType().equals("urn:publicid:gv.at:cdid+ZP-MH")) + throw new Exception("bPKType wrong"); + + + List foreignbPKs = authData.getEncbPKList(); + if (foreignbPKs.isEmpty()) + throw new Exception("NO foreign bPK list is null"); + + if (foreignbPKs.size() != 1) + throw new Exception("NO or MORE THAN ONE foreign bPK"); + + if (!foreignbPKs.get(0).startsWith("(wbpk+FN+195738a|") && !(foreignbPKs.get(0).endsWith(")"))) + throw new Exception("foreign bPK has wrong prefix"); + + } + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java index d72e2f28c..2c31d82f9 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java @@ -1,10 +1,12 @@ package at.gv.egovernment.moa.id.config.auth.data; import java.io.IOException; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.Properties; +import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataBuilder; import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface; @@ -86,8 +88,13 @@ public class DummyAuthConfig implements AuthConfiguration { } catch (IOException e) { e.printStackTrace(); } + + } else if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_SECTOR.equals(key)) { + return "urn:publicid:gv.at:cdid+ZP-MH"; + } + return null; } @@ -99,8 +106,46 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public Map getBasicMOAIDConfigurationWithPrefix(String prefix) { - // TODO Auto-generated method stub - return null; + Map result = new HashMap(); + if (AuthenticationDataBuilder.CONFIGURATION_PROP_FOREIGN_BPK_ENC_KEYS.equals(prefix)) { + result.put("BMI+T1", "MIICuTCCAaGgAwIBAgIEWQMr6TANBgkqhkiG9w0BAQsFADAPMQ0wCwYDVQQDDARyb290MB4XDTE3MDQyODExNDgyN1oXDTE4MDQyODExNDgyN1owDzENMAsGA1UEAwwEcm9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKavdekY9h6te6UoCvahSKqhlNk+ZMGq1aBvj129J10wJoz3BsO86cK/ounvzrE9g6FOOeEtlb/lRRTwhO601o9/dXhIvSalpKgAF4owTuhxKUEhEUNJr4pUxFSm8OkPHEXqSXsn6W7tg/G0r12z246RAApw5jpzDDdYYY8gEZFXURf1xYnbKFPoNlPIyFj0vN7Afe+Fo8v3Brb05iQkC3wBxMnL2LZ7XLK8uu93VG/mOrUrEtZkFzOWg0c3WBKQgxCD/F5BMouXBSsNu7lzV2qEyX0uIiEQrv75Fk32DjQqx41S31lByFnL8YbYWX4lsCv0O9Smhjrn6+k91JsvcDECAwEAAaMdMBswDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAb4wDQYJKoZIhvcNAQELBQADggEBAAFQVd6PHrpBDTw+YUYj3yOgjFlKiSTEb4s59O74CZGbgElE2k36bqEJwki8W2ZiK+L3aeA1XCYF9cuI8QBWHJXg3UQFtDMF2zieOy/BBEA0HN6q4IjQKbt9cNR3w7nMp+lJ/BUlX6AIqfmSgJ6bKVlUsu4yuhstDBXy7QOAuQ8q76qkk7j6uiahWCyBRb5R9TDj7mQn0nM/tbeUUZa7Mxje/W4YhdatNYasTnExCyEE4S6lpSiJQdrkFGlRWp6Ia41/r6GZsAZ6pss+xyxDbJySqbVn2ro6WV4kMbrh/gX1HbmrF5UGIO/qvM+5yM6+wUfLtqPCK0PtLkI940E3WfM="); + result.put("wbpk+FN+468924i", "MIIDCzCCAfMCBFr9aB4wDQYJKoZIhvcNAQELBQAwSjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxEzARBgNVBAsMCnZpZHAuZ3YuYXQxFzAVBgNVBAMMDlNBTUwyIG1ldGFkYXRhMB4XDTE4MDUxNzExMzE0MloXDTE5MDUxNzExMzE0MlowSjELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxEzARBgNVBAsMCnZpZHAuZ3YuYXQxFzAVBgNVBAMMDlNBTUwyIG1ldGFkYXRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi5yyZCJCW2MLQKmupDZTQBNItpIqMlLNAUMF5U8vwJ0uoAWqetOyJ65Q9Wx9TixcIIxXa+0qA/7xVr44LoE4sRXZtZvkS5TGXUgD81FLXU5WJdeJQeUa63TdKjpdcL6wCbMIDs+2fDClIB7gKUV7S56NMhdiQzfW6OLFFQyfu6aXzpLcAOqq+FVo5paPjvGNgmVGwMS/4W0c8FeaPceno98rjslYslKUu3gCMezhYmvson7fEsgRf6s/Ko4pZev4rK7N+ib25g0x0L+gJkq6gb46wH4TBemXr/WTi5II1pxdG0CuLLKewDgMCymeneXPFIewiIPF9ydSPdq2XsHlTwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBbNeQGGDB0RjWRtCoMPQ1tF4pTMOy1QXd362Qx6kbuScEsG/9fGLE3mgpyLx3zyjX/pP0hkVtygDu/5684KEj0aJ65dx6kgFkmvLNq4YUpvQUBjylQHmpO4fsL57q8ZMnoWow8rX4g18sP8lHvW1g+tfWa3r+RRN/NlHm0RYb559xq7NgfPu11gxp9O6RsSkrf0IkWnJ1dit4bx7RR8PY+ZZjPAfg8/eAZ98DSP8FPdlLkKQvRV5NCIjG4tU5tIV4z5yvZ/npdKMdqjiQxmA002U+inOzCcciRRZSdXhYgqvkuMEHYsaoGlLwj+wJbEviobPpWxcEeQoqEwIj6QpwX"); + result.put("wbpk+FN+195738a", "MIIF2TCCA8GgAwIBAgIEL2AV4zANBgkqhkiG9w0BAQsFADCBizELMAkGA1UEBhMC\r\n" + + "QVQxSDBGBgNVBAoMP0EtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUg\r\n" + + "aW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSDEYMBYGA1UECwwPYS1zaWduLWxp\r\n" + + "Z2h0LTA1MRgwFgYDVQQDDA9hLXNpZ24tbGlnaHQtMDUwHhcNMTgwNjA4MTA0MzEy\r\n" + + "WhcNMjMwNjA4MDg0MzEyWjBoMQswCQYDVQQGEwJBVDEbMBkGA1UEAwwSZS1UcmVz\r\n" + + "b3IgRnJlbWQtYlBLMRIwEAYDVQQEDAlGcmVtZC1iUEsxETAPBgNVBCoMCGUtVHJl\r\n" + + "c29yMRUwEwYDVQQFEwwxMTc3MDQwMzU4MjUwggEgMA0GCSqGSIb3DQEBAQUAA4IB\r\n" + + "DQAwggEIAoIBAQC9jQHCrCK4r8bKsist/h53yP7RzqDZhDGy3j6BLiGMGeQ8Qekf\r\n" + + "k+Onmy6k7PfOfBZgiOd/Zs8JXZMISycz5/G9WJp0d1iFjmRDNWmM4MEN8k+mAnW+\r\n" + + "Omn7sTJStaL5hRME/YdJpI/k08MasQuc13M6i6szpKA0eMfLf0nTWgEWt5e/x3Gj\r\n" + + "+Br7dxYtv8RDeHHVhk5EkXwbhuVi9fO/UCNEAEsKCkiTGCwVRek/c+LQ42cnuLKN\r\n" + + "Kg4LKJaIrr9uyMkibYpDZi1nXwQR9Jxsg4lzfpyAvSJIZtqMN0C66cwnzflLt9M8\r\n" + + "GwO08KzvONEo4oiodKx7IcMGGbjukHX2NY7BAgERo4IBZzCCAWMwdAYIKwYBBQUH\r\n" + + "AQEEaDBmMDsGCCsGAQUFBzAChi9odHRwOi8vd3d3LmEtdHJ1c3QuYXQvY2VydHMv\r\n" + + "YS1zaWduLWxpZ2h0LTA1LmNydDAnBggrBgEFBQcwAYYbaHR0cDovL29jc3AuYS10\r\n" + + "cnVzdC5hdC9vY3NwMBMGA1UdIwQMMAqACEhCh7VWr5ysMB0GA1UdEQQWMBSBEnRl\r\n" + + "Y2huaWtAYS10cnVzdC5hdDARBgNVHQ4ECgQIRnNIDj8iCQcwDgYDVR0PAQH/BAQD\r\n" + + "AgSwMAkGA1UdEwQCMAAwTQYDVR0gBEYwRDBCBgYqKAARAQkwODA2BggrBgEFBQcC\r\n" + + "ARYqaHR0cDovL3d3dy5hLXRydXN0LmF0L2RvY3MvY3AvYS1zaWduLWxpZ2h0MDoG\r\n" + + "A1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuYS10cnVzdC5hdC9jcmwvYS1zaWdu\r\n" + + "LWxpZ2h0LTA1MA0GCSqGSIb3DQEBCwUAA4ICAQAh7plfW9U3hh5brYS0OmWhKJrM\r\n" + + "jBDn9TyKsdetZ3AU3/GJONSq1GrZbTv6dq6vAH0G20cNQaLSNl2/9U3WBqX2T2Ik\r\n" + + "vek8925+9HAFRVZiwnNX5CT0dQGNkqkagVzfd8dj8n+KiQZZZN9WroR9MoRXNlw1\r\n" + + "DERzlXLlYFtK+F4323LtbolSLnN793p/6al4k8RheKG0Jy+pEtpCy6KNohkl34ZE\r\n" + + "xtGrQLrJDtRtbCJcJ1t2fsM8iP9vi+K+0hOolIM7qwELRftwhvLyB+Gtlke2zLod\r\n" + + "SR0AA6fLoNISdKpSEIu1OJ88R70T3q3sEYWLHc8GHPO6WjaF/tq8iI/lPeUc0c2u\r\n" + + "gZOpH6Q3jWZo9UmhAbcyIwQTtVg9lS35EM3xPt+GC9DTsyNkTJObICZXUGsUswCp\r\n" + + "Vj76888biAR/ey9pr6fctj11w4jEwOP5pIcKdv1vX6KZl58O8kIUV3IUbvFY/M1n\r\n" + + "bfCrmm8uT4780NAIv3v8jgB/wK6EjntXoACPyGwB3lbdWJ2lZ4y5QCYEbW/8LLzJ\r\n" + + "6kGERNrFGBn4pK8GhZg8Tq1GigOyUrGteHeYUylKqLRoIvby53tYHnMx5fS/N/OU\r\n" + + "uKuAqGNHDTNkYI2jWhS6gFjUdTiaVVdKo/GSS4eDU5hsKOBRHTKWLT9E1DryCUkD\r\n" + + "u4SwB63SrCEshSczfA==\r\n"); + + } + + return result; } @Override diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java new file mode 100644 index 000000000..e340d4c86 --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthSession.java @@ -0,0 +1,287 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.util.Date; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.data.ExtendedSAMLAttribute; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; +import at.gv.egovernment.moa.id.commons.api.data.IMISMandate; +import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; +import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageException; +import iaik.x509.X509Certificate; + +public class DummyAuthSession implements IAuthenticationSession { + + private IIdentityLink idl; + + @Override + public boolean isAuthenticated() { + return true; + } + + @Override + public void setAuthenticated(boolean authenticated) { + // TODO Auto-generated method stub + + } + + @Override + public X509Certificate getSignerCertificate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getEncodedSignerCertificate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setSignerCertificate(X509Certificate signerCertificate) { + // TODO Auto-generated method stub + + } + + @Override + public IIdentityLink getIdentityLink() { + return this.idl; + } + + @Override + public String getSessionID() { + return "123456789abcd"; + } + + @Override + public void setIdentityLink(IIdentityLink identityLink) { + this.idl = identityLink; + + } + + @Override + public void setSessionID(String sessionId) { + // TODO Auto-generated method stub + + } + + @Override + public String getBkuURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setBkuURL(String bkuURL) { + // TODO Auto-generated method stub + + } + + @Override + public String getAuthBlock() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setAuthBlock(String authBlock) { + // TODO Auto-generated method stub + + } + + @Override + public List getExtendedSAMLAttributesAUTH() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setExtendedSAMLAttributesAUTH(List extendedSAMLAttributesAUTH) { + // TODO Auto-generated method stub + + } + + @Override + public List getExtendedSAMLAttributesOA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setExtendedSAMLAttributesOA(List extendedSAMLAttributesOA) { + // TODO Auto-generated method stub + + } + + @Override + public boolean getSAMLAttributeGebeORwbpk() { + // TODO Auto-generated method stub + return false; + } + + @Override + public void setSAMLAttributeGebeORwbpk(boolean samlAttributeGebeORwbpk) { + // TODO Auto-generated method stub + + } + + @Override + public String getIssueInstant() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setIssueInstant(String issueInstant) { + // TODO Auto-generated method stub + + } + + @Override + public void setUseMandate(String useMandate) { + // TODO Auto-generated method stub + + } + + @Override + public void setUseMandates(boolean useMandates) { + // TODO Auto-generated method stub + + } + + @Override + public boolean isMandateUsed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public void setMISSessionID(String misSessionID) { + // TODO Auto-generated method stub + + } + + @Override + public String getMISSessionID() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getMandateReferenceValue() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setMandateReferenceValue(String mandateReferenceValue) { + // TODO Auto-generated method stub + + } + + @Override + public boolean isForeigner() { + // TODO Auto-generated method stub + return false; + } + + @Override + public void setForeigner(boolean isForeigner) { + // TODO Auto-generated method stub + + } + + @Override + public IVerifiyXMLSignatureResponse getXMLVerifySignatureResponse() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setXMLVerifySignatureResponse(IVerifiyXMLSignatureResponse xMLVerifySignatureResponse) { + // TODO Auto-generated method stub + + } + + @Override + public IMISMandate getMISMandate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setMISMandate(IMISMandate mandate) { + // TODO Auto-generated method stub + + } + + @Override + public boolean isOW() { + // TODO Auto-generated method stub + return false; + } + + @Override + public void setOW(boolean isOW) { + // TODO Auto-generated method stub + + } + + @Override + public String getAuthBlockTokken() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setAuthBlockTokken(String authBlockTokken) { + // TODO Auto-generated method stub + + } + + @Override + public String getQAALevel() { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setQAALevel(String qAALevel) { + // TODO Auto-generated method stub + + } + + @Override + public Date getSessionCreated() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Map getGenericSessionDataStorage() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Object getGenericDataFromSession(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public T getGenericDataFromSession(String key, Class clazz) { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setGenericDataToSession(String key, Object object) throws SessionDataStorageException { + // TODO Auto-generated method stub + + } + + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java new file mode 100644 index 000000000..76e0a83c6 --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthStorage.java @@ -0,0 +1,186 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.util.Date; +import java.util.List; + +import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionExtensions; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.id.commons.api.IRequest; +import at.gv.egovernment.moa.id.commons.api.data.IAuthenticationSession; +import at.gv.egovernment.moa.id.commons.db.dao.session.AuthenticatedSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore; +import at.gv.egovernment.moa.id.commons.db.dao.session.OldSSOSessionIDStore; +import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException; +import at.gv.egovernment.moa.id.data.SLOInformationInterface; +import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.AssertionAttributeExtractorExeption; +import at.gv.egovernment.moa.id.protocols.pvp2x.utils.AssertionAttributeExtractor; +import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage; + +public class DummyAuthStorage implements IAuthenticationSessionStoreage { + + @Override + public boolean isAuthenticated(String internalSsoSessionID) { + // TODO Auto-generated method stub + return false; + } + + @Override + public AuthenticationSession createInternalSSOSession(IRequest target) throws MOADatabaseException, BuildException { + // TODO Auto-generated method stub + return null; + } + + @Override + public AuthenticationSession getInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException { + // TODO Auto-generated method stub + return null; + } + + @Override + public AuthenticationSessionExtensions getAuthenticationSessionExtensions(String internalSsoSessionID) + throws MOADatabaseException { + // TODO Auto-generated method stub + return null; + } + + @Override + public void setAuthenticationSessionExtensions(String internalSsoSessionID, + AuthenticationSessionExtensions sessionExtensions) throws MOADatabaseException { + // TODO Auto-generated method stub + + } + + @Override + public void destroyInternalSSOSession(String internalSsoSessionID) throws MOADatabaseException { + // TODO Auto-generated method stub + + } + + @Override + public void setAuthenticated(String internalSsoSessionID, boolean isAuthenticated) { + // TODO Auto-generated method stub + + } + + @Override + public AuthenticationSession getInternalMOASessionWithSSOID(String SSOSessionID) throws MOADatabaseException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isSSOSession(String sessionID) throws MOADatabaseException { + // TODO Auto-generated method stub + return false; + } + + @Override + public AuthenticatedSessionStore isValidSessionWithSSOID(String SSOId) { + // TODO Auto-generated method stub + return null; + } + + @Override + public void addSSOInformation(String moaSessionID, String SSOSessionID, SLOInformationInterface SLOInfo, + IRequest protocolRequest) throws AuthenticationException { + // TODO Auto-generated method stub + + } + + @Override + public List getAllActiveOAFromMOASession(IAuthenticationSession moaSession) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getAllActiveIDPsFromMOASession(IAuthenticationSession moaSession) { + // TODO Auto-generated method stub + return null; + } + + @Override + public IAuthenticationSession searchMOASessionWithNameIDandOAID(String oaID, String userNameID) { + // TODO Auto-generated method stub + return null; + } + + @Override + public OASessionStore searchActiveOASSOSession(IAuthenticationSession moaSession, String oaID, + String protocolType) { + // TODO Auto-generated method stub + return null; + } + + @Override + public IAuthenticationSession getSessionWithUserNameID(String nameID) { + // TODO Auto-generated method stub + return null; + } + + @Override + public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASession(String sessionID) { + // TODO Auto-generated method stub + return null; + } + + @Override + public InterfederationSessionStore searchInterfederatedIDPFORSSOWithMOASessionIDPID(String sessionID, + String idpID) { + // TODO Auto-generated method stub + return null; + } + + @Override + public void addFederatedSessionInformation(IRequest req, String idpEntityID, AssertionAttributeExtractor extractor) + throws MOADatabaseException, AssertionAttributeExtractorExeption, BuildException { + // TODO Auto-generated method stub + + } + + @Override + public InterfederationSessionStore searchInterfederatedIDPFORAttributeQueryWithSessionID(String moaSessionID) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean removeInterfederetedSession(String entityID, String pedingRequestID) { + // TODO Auto-generated method stub + return false; + } + + @Override + public void clean(Date now, long authDataTimeOutCreated, long authDataTimeOutUpdated) { + // TODO Auto-generated method stub + + } + + @Override + public void markOAWithAttributeQueryUsedFlag(IAuthenticationSession session, String oaurl, String requestedModule) { + // TODO Auto-generated method stub + + } + + @Override + public void deleteIdpInformation(InterfederationSessionStore nextIDPInformation) { + // TODO Auto-generated method stub + + } + + @Override + public void persistIdpInformation(InterfederationSessionStore nextIDPInformation) { + // TODO Auto-generated method stub + + } + + @Override + public OldSSOSessionIDStore checkSSOTokenAlreadyUsed(String ssoId) { + // TODO Auto-generated method stub + return null; + } + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java new file mode 100644 index 000000000..44e3d5e2a --- /dev/null +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyOAConfig.java @@ -0,0 +1,289 @@ +package at.gv.egovernment.moa.id.config.auth.data; + +import java.security.PrivateKey; +import java.util.Collection; +import java.util.List; +import java.util.Map; + +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.api.data.CPEPS; +import at.gv.egovernment.moa.id.commons.api.data.SAML1ConfigurationParameters; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttribute; +import at.gv.egovernment.moa.id.commons.api.data.StorkAttributeProviderPlugin; +import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; + +public class DummyOAConfig implements IOAAuthParameters { + + private List foreignbPKSectors; + private String target; + private boolean hasBaseIdTransferRestriction; + + @Override + public Map getFullConfiguration() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getConfigurationValue(String key) { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFriendlyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getPublicURLPrefix() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() throws ConfigurationException { + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() throws ConfigurationException { + return hasBaseIdTransferRestriction; + } + + @Override + public String getAreaSpecificTargetIdentifier() throws ConfigurationException { + return target; + } + + @Override + public String getAreaSpecificTargetIdentifierFriendlyName() throws ConfigurationException { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInderfederationIDP() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isSTORKPVPGateway() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isRemovePBKFromAuthBlock() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getKeyBoxIdentifier() { + // TODO Auto-generated method stub + return null; + } + + @Override + public SAML1ConfigurationParameters getSAML1Parameter() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getTemplateURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAditionalAuthBlockText() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getBKUURL(String bkutype) { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getBKUURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean useSSO() { + return false; + } + + @Override + public boolean useSSOQuestion() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getMandateProfiles() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isShowMandateCheckBox() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOnlyMandateAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isShowStorkLogin() { + // TODO Auto-generated method stub + return false; + } + + @Override + public String getQaaLevel() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isRequireConsentForStorkAttributes() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection getRequestedSTORKAttributes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getBKUSelectionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public byte[] getSendAssertionTemplate() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Collection getPepsList() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIDPAttributQueryServiceURL() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isInboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isInterfederationSSOStorageAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isOutboundSSOInterfederationAllowed() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isTestCredentialEnabled() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List getTestCredentialOIDs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isUseIDLTestTrustStore() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isUseAuthBlockTestTestStore() { + // TODO Auto-generated method stub + return false; + } + + @Override + public PrivateKey getBPKDecBpkDecryptionKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean isPassivRequestUsedForInterfederation() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean isPerformLocalAuthenticationOnInterfederationError() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Collection getStorkAPs() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List getReversionsLoggingEventCodes() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List foreignbPKSectorsRequested() { + return foreignbPKSectors; + + } + + public void setForeignbPKSectors(List foreignSectors) { + this.foreignbPKSectors = foreignSectors; + + } + + public void setTarget(String target) { + this.target = target; + } + + public void setHasBaseIdTransferRestriction(boolean hasBaseIdTransferRestriction) { + this.hasBaseIdTransferRestriction = hasBaseIdTransferRestriction; + } + + +} diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java index 71956990e..3cd9d9476 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java @@ -1,16 +1,10 @@ package at.gv.egovernment.moa.id.config.auth.data; -import java.io.IOException; -import java.io.InputStreamReader; - -import org.apache.commons.io.IOUtils; -import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.opensaml.xml.ConfigurationException; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; @RunWith(SpringJUnit4ClassRunner.class) diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java index 3ecbb84a2..ebed519f1 100644 --- a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java +++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/module/test/TestRequestImpl.java @@ -38,6 +38,8 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.SessionDataStorageExcepti public class TestRequestImpl implements IRequest { private String processInstanceID = null; + + public static final String DUMMY_AUTH_URL = "http://dummyIDP/"; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.moduls.IRequest#requestedModule() @@ -152,8 +154,7 @@ public class TestRequestImpl implements IRequest { */ @Override public String getAuthURL() { - // TODO Auto-generated method stub - return null; + return DUMMY_AUTH_URL; } /* (non-Javadoc) diff --git a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv index 099fc0f7e..c33de9970 100644 --- a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv +++ b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv @@ -7,4 +7,6 @@ ZP-MH:DJ6nGg2JgcPH768BhqTNXVsGhOY=, JWiLzwktCITGg+ztRKEAwWloSNM=, ZP-MH:+cyQbhr1fQ8hLhazL62tFRq47iY=, ZP-MH:AFmfywfYPHcl2Lxp138upielmrs=, -ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0= +ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=, +ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=:asdfadsfasdf, +ZP-AT:yPAOTsc9LY5/jnbkWn2MWY6hjg0= diff --git a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml index 85788714a..65e48987a 100644 --- a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml +++ b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml @@ -9,10 +9,21 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java new file mode 100644 index 000000000..ce32cbd0d --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/IPKIXValidator.java @@ -0,0 +1,6 @@ +package at.gv.egovernment.moa.id.commons.validation; + +public interface IPKIXValidator { + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java new file mode 100644 index 000000000..fda567452 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/MOASPPKIXCertValidator.java @@ -0,0 +1,9 @@ +package at.gv.egovernment.moa.id.commons.validation; + +import org.springframework.stereotype.Service; + +@Service +public class MOASPPKIXCertValidator implements IPKIXValidator { + + +} diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java new file mode 100644 index 000000000..20235c4b6 --- /dev/null +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/validation/PKIXValidatorConfiguration.java @@ -0,0 +1,21 @@ +package at.gv.egovernment.moa.id.commons.validation; + +public class PKIXValidatorConfiguration { + + public enum CHAININGMODE { + pkix, chaining + } + + public enum REVOCATIONCHECKMETHODES { + crl, ocsp + } + + private String trustStorePath = null; + private String certStorePath = null; + private boolean revocationChecking = true; + private REVOCATIONCHECKMETHODES[] revocationCheckMode = {REVOCATIONCHECKMETHODES.ocsp, REVOCATIONCHECKMETHODES.crl}; + private CHAININGMODE chaining = CHAININGMODE.pkix; + + + +} diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index a131e5e29..da0b7ac90 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -4,7 +4,6 @@ import java.io.ByteArrayInputStream; import java.io.IOException; import java.util.Map; -import org.jose4j.base64url.Base64Url; import org.junit.BeforeClass; import org.junit.Test; import org.opensaml.DefaultBootstrap; @@ -75,8 +74,8 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(idlB64)) throw new Exception("NO IDL found"); - //IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); + //IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); if (idl == null) throw new Exception("IDL parsing FAILED"); @@ -88,7 +87,8 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(idlB64)) throw new Exception("NO IDL found"); - IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); + IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); +// IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Url.decode(idlB64))).parseIdentityLink(); if (idl == null) throw new Exception("IDL parsing FAILED"); diff --git a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java index c2132c1f9..a97e5944a 100644 --- a/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java +++ b/id/server/modules/moa-id-module-ssoTransfer/src/main/java/at/gv/egovernment/moa/id/auth/modules/ssotransfer/data/SSOTransferOnlineApplication.java @@ -424,4 +424,10 @@ public class SSOTransferOnlineApplication implements IOAAuthParameters { return null; } + @Override + public List foreignbPKSectorsRequested() { + // TODO Auto-generated method stub + return null; + } + } -- cgit v1.2.3 From c84abdc4d7216564fd0639a60f0e06c1c4f08131 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 09:21:47 +0200 Subject: fix problem at foreign bPK configuration in configuration tool --- .../data/oa/OATargetConfiguration.java | 24 ++++++++++++---------- .../config/ConfigurationMigrationUtils.java | 4 ++++ 2 files changed, 17 insertions(+), 11 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java index f67d4fa27..8f7557b98 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OATargetConfiguration.java @@ -150,18 +150,20 @@ public class OATargetConfiguration implements IOnlineApplicationData { //parse foreign bPK sector list - if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) - foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); - - else { - if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { - //remove trailing comma if exist - foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, - dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); - - } else - foreignbPKTargets = dbOA.getForeignbPKTargetList(); + if (dbOA.getForeignbPKTargetList() != null) { + if (KeyValueUtils.isCSVValueString(dbOA.getForeignbPKTargetList())) + foreignbPKTargets = KeyValueUtils.normalizeCSVValueString(dbOA.getForeignbPKTargetList()); + else { + if (dbOA.getForeignbPKTargetList().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + foreignbPKTargets = dbOA.getForeignbPKTargetList().substring(0, + dbOA.getForeignbPKTargetList().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + foreignbPKTargets = dbOA.getForeignbPKTargetList(); + + } } diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index b49278947..48d64225c 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -32,6 +32,8 @@ import java.util.Iterator; import java.util.List; import java.util.Map; +import org.apache.commons.lang3.StringUtils; + import at.gv.egovernment.moa.id.commons.MOAIDConstants; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AttributeProviderPlugin; import at.gv.egovernment.moa.id.commons.db.dao.config.deprecated.AuthComponentGeneral; @@ -176,6 +178,8 @@ public class ConfigurationMigrationUtils { if (MiscUtil.isNotEmpty(oa.getForeignbPKTargetList())) result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, oa.getForeignbPKTargetList()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY); //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) -- cgit v1.2.3 From c4405efdb0177c6319c0a3a0b9f5d3f4d0967748 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 12:07:41 +0200 Subject: add log message --- .../moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java | 2 ++ 1 file changed, 2 insertions(+) (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index a5696d36d..f7e635b3b 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -223,8 +223,10 @@ public class JsonSecurityUtils implements IJOSETools{ throw new SL20SecurityException("JWS signature invalide."); } + //load payLoad + Logger.debug("SL2.0 commando signature validation sucessfull"); JsonElement sl20Req = new JsonParser().parse(jws.getPayload()); return new VerificationResult(sl20Req.getAsJsonObject(), null, valid) ; -- cgit v1.2.3 From 92982d1ee7f13e5206ea192776b0a042d2ddea2f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 12:08:12 +0200 Subject: fix wrong encoding in EncryptedBPKAttributeBuilder --- .../egovernment/moa/id/auth/builder/BPKBuilder.java | 3 ++- .../attributes/EncryptedBPKAttributeBuilder.java | 19 +++++++++++++------ 2 files changed, 15 insertions(+), 7 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java index 14de65e36..865f7e6b4 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/builder/BPKBuilder.java @@ -171,7 +171,8 @@ public class BPKBuilder { try { byte[] inputBytes = input.getBytes("ISO-8859-1"); result = encrypt(inputBytes, publicKey); - return new String(Base64Utils.encode(result, "ISO-8859-1")).replaceAll("\r\n", ""); + + return new String(java.util.Base64.getEncoder().encode(result), "ISO-8859-1").replaceAll("\r\n", ""); } catch (Exception e) { throw new BuildException("bPK encryption FAILED", null, e); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java index f5c48b826..d15f545ae 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/builder/attributes/EncryptedBPKAttributeBuilder.java @@ -23,12 +23,9 @@ package at.gv.egovernment.moa.id.protocols.builder.attributes; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; -import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.IAuthData; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.AttributeException; import at.gv.egovernment.moa.id.protocols.pvp2x.builder.attributes.exceptions.UnavailableAttributeException; -import at.gv.egovernment.moa.logging.Logger; -import at.gv.egovernment.moa.util.Constants; public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { @@ -40,10 +37,10 @@ public class EncryptedBPKAttributeBuilder implements IPVPAttributeBuilder { IAttributeGenerator g) throws AttributeException { if (authData.getEncbPKList() != null && - authData.getEncbPKList().size() > 0) { - String value = "(" + authData.getEncbPKList().get(0) + ")"; + authData.getEncbPKList().size() > 0) { + String value = addPreAndSufix(authData.getEncbPKList().get(0)); for (int i=1; i Date: Tue, 12 Jun 2018 12:59:02 +0200 Subject: update XAdES scheme 1.3.2 and 1.4.1 --- .../java/at/gv/egovernment/moa/util/Constants.java | 4 +- .../resources/resources/schemas/XAdES-1.3.2.xsd | 466 ------------------ .../resources/resources/schemas/XAdES-1.4.1.xsd | 15 - .../resources/schemas/XAdES01903v132-201601.xsd | 533 +++++++++++++++++++++ .../resources/schemas/XAdES01903v141-201601.xsd | 64 +++ 5 files changed, 599 insertions(+), 483 deletions(-) delete mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd delete mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd create mode 100644 id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd (limited to 'id') diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java index c94222ea0..47abbf29a 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/util/Constants.java @@ -281,7 +281,7 @@ public interface Constants { /** Local location of the XAdES v1.1.1 schema definition */ public static final String XADES_1_3_2_SCHEMA_LOCATION = - SCHEMA_ROOT + "XAdES-1.3.2.xsd"; + SCHEMA_ROOT + "XAdES01903v132-201601.xsd"; /** URI of the XAdES v1.3.2 namespace */ public static final String XADES_1_3_2_NS_URI = "http://uri.etsi.org/01903/v1.3.2#"; @@ -290,7 +290,7 @@ public interface Constants { /** Local location of the XAdES v1.4.1 schema definition */ public static final String XADES_1_4_1_SCHEMA_LOCATION = - SCHEMA_ROOT + "XAdES-1.4.1.xsd"; + SCHEMA_ROOT + "XAdES01903v141-201601.xsd"; /** URI of the XAdES v1.4.1 namespace */ public static final String XADES_1_4_1_NS_URI = "http://uri.etsi.org/01903/v1.4.1#"; diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd deleted file mode 100644 index b05691515..000000000 --- a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.3.2.xsd +++ /dev/null @@ -1,466 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd deleted file mode 100644 index 274dbdca1..000000000 --- a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES-1.4.1.xsd +++ /dev/null @@ -1,15 +0,0 @@ - - - - - - - - - - - - - - - diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd new file mode 100644 index 000000000..e7a5f3a02 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v132-201601.xsd @@ -0,0 +1,533 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd new file mode 100644 index 000000000..1f3aaf935 --- /dev/null +++ b/id/server/moa-id-commons/src/main/resources/resources/schemas/XAdES01903v141-201601.xsd @@ -0,0 +1,64 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3 From fcb3d17f73a880fb19c4a6a2ea7f7009051553cf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 12 Jun 2018 12:59:26 +0200 Subject: update jUnit tests for SIC mobile-phone signature --- .../sl20/verifier/QualifiedeIDVerifier.java | 24 +--------------------- .../sl20_auth/dummydata/DummyAuthConfig.java | 10 ++++++++- .../modules/sl20_auth/eIDDataVerifierTest.java | 3 ++- .../profiles/SL20_authblock_v1.0.xml | 8 -------- .../profiles/SL20_authblock_v1.0_sic.xml | 8 ++++++++ 5 files changed, 20 insertions(+), 33 deletions(-) delete mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java index a437e3411..18428e554 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/verifier/QualifiedeIDVerifier.java @@ -5,7 +5,6 @@ import java.io.IOException; import java.util.Date; import java.util.List; -import org.jaxen.SimpleNamespaceContext; import org.opensaml.Configuration; import org.opensaml.saml2.core.Assertion; import org.opensaml.xml.XMLObject; @@ -33,31 +32,10 @@ import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.sig.tsl.utils.MiscUtil; import at.gv.egovernment.moa.util.Base64Utils; -import at.gv.egovernment.moa.util.Constants; import at.gv.egovernment.moa.util.DOMUtils; -public class QualifiedeIDVerifier { - - /** Xpath expression to the dsig:Signature element */ - private static final String SIGNATURE_XPATH = Constants.DSIG_PREFIX + ":Signature"; - - private static final String XADES_1_1_1_SIGNINGTIME_PATH = "//" + Constants.XADES_1_1_1_NS_PREFIX + ":SigningTime"; - private static final String XADES_1_3_2_SIGNINGTIME_PATH = "//" + Constants.XADES_1_3_2_NS_PREFIX + ":SigningTime"; - - - private static final long MAX_DIFFERENCE_IN_MILLISECONDS = 600000; // 10min - - - private static SimpleNamespaceContext NS_CONTEXT; - static { - NS_CONTEXT = new SimpleNamespaceContext(); - NS_CONTEXT.addNamespace(Constants.XADES_1_1_1_NS_PREFIX, Constants.XADES_1_1_1_NS_URI); - NS_CONTEXT.addNamespace(Constants.XADES_1_2_2_NS_PREFIX, Constants.XADES_1_2_2_NS_URI); - NS_CONTEXT.addNamespace(Constants.XADES_1_3_2_NS_PREFIX, Constants.XADES_1_3_2_NS_URI); - NS_CONTEXT.addNamespace(Constants.XADES_1_4_1_NS_PREFIX, Constants.XADES_1_4_1_NS_URI); - } - +public class QualifiedeIDVerifier { public static void verifyIdentityLink(IIdentityLink idl, IOAAuthParameters oaParam, AuthConfiguration authConfig) throws MOAIDException { // validates the identity link IdentityLinkValidator.getInstance().validate(idl); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index bba4ade82..af47bc942 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -14,6 +14,14 @@ import at.gv.util.config.EgovUtilPropertiesConfiguration; public class DummyAuthConfig implements AuthConfiguration { + private boolean requireAuthBlockQC = true; + + + + public void setRequireAuthBlockQC(boolean requireAuthBlockQC) { + this.requireAuthBlockQC = requireAuthBlockQC; + } + @Override public String getRootConfigFileDir() { // TODO Auto-generated method stub @@ -295,7 +303,7 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public boolean isCertifiacteQCActive() { - return true; + return this.requireAuthBlockQC; } @Override diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index da0b7ac90..c2784181a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -119,7 +119,8 @@ public abstract class eIDDataVerifierTest { throw new Exception("NO AuthBlock found"); IOAAuthParameters dummyOA = new DummyOA(); - AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); + DummyAuthConfig dummyAuthConfig = new DummyAuthConfig(); + dummyAuthConfig.setRequireAuthBlockQC(false); QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml deleted file mode 100644 index 08e24fe92..000000000 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml +++ /dev/null @@ -1,8 +0,0 @@ -Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
- Vollmachten-Referenz:
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml new file mode 100644 index 000000000..c2c984e33 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
+ Vollmachten-Referenz:
-- cgit v1.2.3 From e67ec48b9c27b718b7ca961267f690c44964255e Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 13 Jun 2018 08:08:14 +0200 Subject: change moa-spss transformation profile for SL20 authblock --- .../moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java | 4 +--- .../resources/moaspss_config/profiles/SL20_authblock_v1.0.xml | 8 ++++++++ .../resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml | 8 -------- 3 files changed, 9 insertions(+), 11 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml delete mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java index 419142c7d..ceff0e516 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -5,10 +5,8 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; -import org.junit.runner.RunWith; import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -17,7 +15,7 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -@RunWith(SpringJUnit4ClassRunner.class) +//@RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/SpringTest-context.xml" }) public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 000000000..c2c984e33 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
+ Vollmachten-Referenz:
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml deleted file mode 100644 index c2c984e33..000000000 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_sic.xml +++ /dev/null @@ -1,8 +0,0 @@ -Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
- Vollmachten-Referenz:
-- cgit v1.2.3 From 17f4b996ccdf1b96675fa835c0f51f43d9690b34 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jun 2018 07:16:39 +0200 Subject: update SL20 authblock transformation --- .../conf/moa-spss/SampleMOASPSSConfiguration.xml | 11 ++++++++ .../conf/moa-spss/profiles/SL20_authblock_v1.0.xml | 8 ++++++ .../moa-spss/profiles/SL20_authblock_v1.0_SIC.xml | 8 ++++++ .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 22 ++++++++++----- .../sl20_auth/dummydata/DummyAuthConfig.java | 30 ++++++++++++++++++--- .../modules/sl20_auth/eIDDataVerifierTest.java | 27 ++++++++----------- .../src/test/resources/SpringTest-context.xml | 7 ++++- .../moaspss_config/MOASPSSConfiguration.xml | 6 ++++- .../profiles/SL20_authblock_v1.0.xml | 6 ++--- .../profiles/SL20_authblock_v1.0_SIC.xml | 8 ++++++ .../src/test/resources/sl20.jks | Bin 0 -> 8439 bytes .../src/test/resources/tests/eIDdata_atrust.json | 14 +++------- 12 files changed, 106 insertions(+), 41 deletions(-) create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0.xml create mode 100644 id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0_SIC.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks (limited to 'id') diff --git a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml index 31fc8a16c..82a88bd2e 100644 --- a/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml +++ b/id/server/data/deploy/conf/moa-spss/SampleMOASPSSConfiguration.xml @@ -125,5 +125,16 @@ MOAIDTransformAuthBlockTable_EN profiles/MOAIDTransformAuthBlockTable_EN.xml + + + + SL20Authblock_v1.0 + profiles/SL20_authblock_v1.0.xml + + + SL20Authblock_v1.0_SIC + profiles/SL20_authblock_v1.0_SIC.xml + + diff --git a/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0.xml b/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0.xml new file mode 100644 index 000000000..e67b1f5ce --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsToken:
+ Vollmachten-Referenz:
diff --git a/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0_SIC.xml b/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0_SIC.xml new file mode 100644 index 000000000..741013cd1 --- /dev/null +++ b/id/server/data/deploy/conf/moa-spss/profiles/SL20_authblock_v1.0_SIC.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
+ Vollmachten-Referenz:
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index 6e4df144f..6a989dd47 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -5,27 +5,37 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; +import org.junit.runner.RunWith; import org.opensaml.xml.ConfigurationException; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.data.VerificationResult; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20Exception; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; +import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.IJOSETools; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -//@RunWith(SpringJUnit4ClassRunner.class) +@RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/SpringTest-context.xml") public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { - + + @Autowired IJOSETools joseTools; + + @Before - public void init() throws SLCommandoParserException, IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException { + public void init() throws IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException, SL20Exception { String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); JsonParser jsonParser = new JsonParser(); JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); - JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); - JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad, "result", true); + //JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); + VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true); + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); @@ -36,6 +46,6 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Override protected String getSl20ReqId() { - return "_0ab3d7fd5ff8eb0bb15486ce48464fad"; + return "_63ff9ef67370024c4d2d8b9bfd380578"; } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index af47bc942..31275e492 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -1,5 +1,6 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata; +import java.io.IOException; import java.util.List; import java.util.Map; import java.util.Properties; @@ -24,8 +25,13 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public String getRootConfigFileDir() { - // TODO Auto-generated method stub - return null; + try { + return new java.io.File( "." ).getCanonicalPath(); + + } catch (IOException e) { + return null; + + } } @Override @@ -85,7 +91,25 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public String getBasicMOAIDConfiguration(String key) { if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID.equals(key)) - return "SL20Authblock_v1.0"; + return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key)) + return "/src/test/resources/sl20.jks"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD.equals(key)) + return "password"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS.equals(key)) + return "pvpIDP"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD.equals(key)) + return "password"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS.equals(key)) + return "pvpIDP"; + + else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD.equals(key)) + return "password"; else return null; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java index c2784181a..54ea882de 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java @@ -8,13 +8,13 @@ import org.junit.BeforeClass; import org.junit.Test; import org.opensaml.DefaultBootstrap; import org.opensaml.saml2.core.Assertion; +import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyAuthConfig; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.dummydata.DummyOA; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; -import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.data.IIdentityLink; import at.gv.egovernment.moa.id.commons.api.data.IVerifiyXMLSignatureResponse; @@ -31,10 +31,10 @@ import iaik.security.ec.provider.ECCelerate; import iaik.security.provider.IAIK; public abstract class eIDDataVerifierTest { - - protected Map eIDData = null; + protected Map eIDData = null; + @Autowired DummyAuthConfig authConfig; @BeforeClass public static void moaSPSSInitialize() throws ConfigurationException, org.opensaml.xml.ConfigurationException, IOException { @@ -94,8 +94,7 @@ public abstract class eIDDataVerifierTest { throw new Exception("IDL parsing FAILED"); IOAAuthParameters dummyOA = new DummyOA(); - AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); - QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , dummyAuthConfig); + QualifiedeIDVerifier.verifyIdentityLink(idl, dummyOA , authConfig); } @@ -118,11 +117,11 @@ public abstract class eIDDataVerifierTest { if (MiscUtil.isEmpty(authBlockB64)) throw new Exception("NO AuthBlock found"); - IOAAuthParameters dummyOA = new DummyOA(); - DummyAuthConfig dummyAuthConfig = new DummyAuthConfig(); - dummyAuthConfig.setRequireAuthBlockQC(false); - QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); - + IOAAuthParameters dummyOA = new DummyOA(); + authConfig.setRequireAuthBlockQC(false); + QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , authConfig); + authConfig.setRequireAuthBlockQC(true); + } @Test @@ -136,12 +135,8 @@ public abstract class eIDDataVerifierTest { IIdentityLink idl = new IdentityLinkAssertionParser(new ByteArrayInputStream(Base64Utils.decode(idlB64, false))).parseIdentityLink(); Assertion authBlock = QualifiedeIDVerifier.parseAuthBlockToSaml2Assertion(authBlockB64); - AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); - - IOAAuthParameters dummyOA = new DummyOA(); - AuthConfiguration dummyAuthConfig = new DummyAuthConfig(); - - IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, dummyOA , dummyAuthConfig); + AssertionAttributeExtractor authBlockExtractor = new AssertionAttributeExtractor(authBlock); + IVerifiyXMLSignatureResponse authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock(authBlockB64, new DummyOA() , authConfig); QualifiedeIDVerifier.checkConsistencyOfeIDData(getSl20ReqId(), idl, authBlockExtractor, authBlockVerificationResult); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml index 011d1ed64..c1f185208 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/SpringTest-context.xml @@ -9,5 +9,10 @@ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> - + + + + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml index 99e60de85..6cd4db122 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml @@ -74,9 +74,13 @@ - + SL20Authblock_v1.0 profiles/SL20_authblock_v1.0.xml + + SL20Authblock_v1.0_SIC + profiles/SL20_authblock_v1.0_SIC.xml + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml index c2c984e33..e67b1f5ce 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0.xml @@ -1,8 +1,8 @@ -Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
- Vollmachten-Referenz:
+

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsToken:
+ Vollmachten-Referenz:
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml new file mode 100644 index 000000000..741013cd1 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_SIC.xml @@ -0,0 +1,8 @@ +Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
+ Vollmachten-Referenz:
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks new file mode 100644 index 000000000..a9d1fc7d1 Binary files /dev/null and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json index 826430b0d..8fef32927 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -1,14 +1,6 @@ { "v": 10, - "respID": "FabhEfKEOBUW1jZryBqp", - "inResponseTo": "_0ab3d7fd5ff8eb0bb15486ce48464fad", - "payload": { - "name": "qualifiedeID", - "result": { - "EID-IDENTITY-LINK": "PHNhbWw6QXNzZXJ0aW9uIEFzc2VydGlvbklEPSJzenIuYm1pLmd2LmF0LUFzc2VydGlvbklEMTUyNzY2OTEwMDU5MTI3NDQiIElzc3VlSW5zdGFudD0iMjAxOC0wNS0zMFQxMDozMTo0MCswMTowMCIgSXNzdWVyPSJodHRwOi8vcG9ydGFsLmJtaS5ndi5hdC9yZWYvc3pyL2lzc3VlciIgTWFqb3JWZXJzaW9uPSIxIiBNaW5vclZlcnNpb249IjAiIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMDphc3NlcnRpb24iIHhtbG5zOnByPSJodHRwOi8vcmVmZXJlbmNlLmUtZ292ZXJubWVudC5ndi5hdC9uYW1lc3BhY2UvcGVyc29uZGF0YS8yMDAyMDIyOCMiIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOmVjZHNhPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSMiIHhtbG5zOnNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSI+Cgk8c2FtbDpBdHRyaWJ1dGVTdGF0ZW1lbnQ+CgkJPHNhbWw6U3ViamVjdD4KCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbj4KCQkJCTxzYW1sOkNvbmZpcm1hdGlvbk1ldGhvZD51cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoxLjA6Y206c2VuZGVyLXZvdWNoZXM8L3NhbWw6Q29uZmlybWF0aW9uTWV0aG9kPgoJCQkJPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbkRhdGE+CgkJCQkJPHByOlBlcnNvbiBzaTp0eXBlPSJwcjpQaHlzaWNhbFBlcnNvblR5cGUiPjxwcjpJZGVudGlmaWNhdGlvbj48cHI6VmFsdWU+dHFDUUVDNytBcUdFZWVMMzkwVjVKZz09PC9wcjpWYWx1ZT48cHI6VHlwZT51cm46cHVibGljaWQ6Z3YuYXQ6YmFzZWlkPC9wcjpUeXBlPjwvcHI6SWRlbnRpZmljYXRpb24+PHByOk5hbWU+PHByOkdpdmVuTmFtZT5NYXg8L3ByOkdpdmVuTmFtZT48cHI6RmFtaWx5TmFtZSBwcmltYXJ5PSJ1bmRlZmluZWQiPk11c3Rlcm1hbm48L3ByOkZhbWlseU5hbWU+PC9wcjpOYW1lPjxwcjpEYXRlT2ZCaXJ0aD4xOTQwLTAxLTAxPC9wcjpEYXRlT2ZCaXJ0aD48L3ByOlBlcnNvbj4KCQkJCTwvc2FtbDpTdWJqZWN0Q29uZmlybWF0aW9uRGF0YT4KCQkJPC9zYW1sOlN1YmplY3RDb25maXJtYXRpb24+CgkJPC9zYW1sOlN1YmplY3Q+Cgk8c2FtbDpBdHRyaWJ1dGUgQXR0cmlidXRlTmFtZT0iQ2l0aXplblB1YmxpY0tleSIgQXR0cmlidXRlTmFtZXNwYWNlPSJ1cm46cHVibGljaWQ6Z3YuYXQ6bmFtZXNwYWNlczppZGVudGl0eWxpbms6MS4yIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZT48ZHNpZzpSU0FLZXlWYWx1ZT48ZHNpZzpNb2R1bHVzPnMwWmhkR2E4REgwSW1iTlU3aTRxdDRtR25CUEFlTDk5Q0dkZmRCOEhWWE5CNWd3d2VMY1o5WE1TWUJvUHFHdFVqemh6S29zRkN5M0sNCmpsSEVrejB0L3JQemhOVGRsVjJRN0FGWEZlT2g3M3dPajQ3R1B2T2lVNzdwQjE3WnJaOHlObW1JTTEyUVE5MVN0RGFWRkUra0dxUEkNCmNFZHZiZk94blU4aGNpa3lYcWVheFZVV3oxbVdXTnRveUwyWG5wa1U0QkZVQnU1NWg5S2tYVEFQcnBUbEFMZjkvRDFKamZWb05tamwNCnBLWXh6Q3JBSmE4Sno4Ui9sNis0U0U3YXc3dGZuazNZUXkxcFVmNWZmellkeXZQS2ZxVTBUTUVKLzdpOW1ORHFCZlVwcVhBRWowdWUNCkpvRWs0UC9pa2Q5UnZuVUlsU0V1NzFHMyt1VEluSXBaaTd2UG93PT08L2RzaWc6TW9kdWx1cz48ZHNpZzpFeHBvbmVudD5BUUFCPC9kc2lnOkV4cG9uZW50PjwvZHNpZzpSU0FLZXlWYWx1ZT48L3NhbWw6QXR0cmlidXRlVmFsdWU+PC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50PgoJPGRzaWc6U2lnbmF0dXJlPgoJCTxkc2lnOlNpZ25lZEluZm8+CgkJCTxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIC8+CgkJCTxkc2lnOlNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNyc2Etc2hhMSIgLz4KCQkJPGRzaWc6UmVmZXJlbmNlIFVSST0iIj4KCQkJCTxkc2lnOlRyYW5zZm9ybXM+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQk8ZHNpZzpYUGF0aD5ub3QoYW5jZXN0b3Itb3Itc2VsZjo6cHI6SWRlbnRpZmljYXRpb24pPC9kc2lnOlhQYXRoPgoJCQkJCTwvZHNpZzpUcmFuc2Zvcm0+CgkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2VudmVsb3BlZC1zaWduYXR1cmUiIC8+CgkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCTxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIiAvPgoJCQkJPGRzaWc6RGlnZXN0VmFsdWU+QmVIdUFyYXUzSFVQcXg5dHV3QTRGaDNOSDB3PTwvZHNpZzpEaWdlc3RWYWx1ZT4KCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPGRzaWc6UmVmZXJlbmNlIFR5cGU9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNNYW5pZmVzdCIgVVJJPSIjbWFuaWZlc3QiPgoJCQkJPGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiIC8+CgkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5mVEUrMjRnRHlkUlgvd0p2QlAxOUlucU54Rkk9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQk8L2RzaWc6UmVmZXJlbmNlPgoJCTwvZHNpZzpTaWduZWRJbmZvPgoJCTxkc2lnOlNpZ25hdHVyZVZhbHVlPgogICAgUHpLMWR2N2JFMGhQcGxlc1ZaRFhHSWxhbTlUK0JxWkd4ZWs5RHVuYkhNK21GWWI3a1NaZTN2eEszUmhRZjNBV3djbXFtVWZPRlJObg0KWndxYnovNGRZd2hJRld6VGdMelVmMlZkR0JsN2szbS8wSmJXSkV1bEtobE5vV2ZSTkRrdTRZcmI2THVrWjdaQzJFcWd2UXYxa1BRTg0Kb1BvQ1I5d3hUc1RKWFNCaHdLc0lERG9vZHY3aUVpWGFCM0xmVHQrQWdYdEdvbWRRaktjby9WamJSSzRUUEkvQUVNVU1KWm9zZlJYMg0KdmE2U1BaUnV4QjBlWkwwVGVzYittRjlFaUlOVnNTSU9nbTVSRE95V1ZRZkJnVG9nYjNoWmlLVmh0a1IvaWlSNmhZNlA2b1cwTDh4ag0KMG5ZVldPRHAxSlJML3Z0ZDFhUklVYzNCQTJQaFkrRmdJR1FHTUE9PQogIDwvZHNpZzpTaWduYXR1cmVWYWx1ZT48ZHNpZzpLZXlJbmZvPjxkc2lnOlg1MDlEYXRhPjxkc2lnOlg1MDlDZXJ0aWZpY2F0ZT5NSUlGdXpDQ0JLT2dBd0lCQWdJREdTa2VNQTBHQ1NxR1NJYjNEUUVCQlFVQU1JR2ZNUXN3Q1FZRFZRUUdFd0pCDQpWREZJTUVZR0ExVUVDZ3cvUVMxVWNuVnpkQ0JIWlhNdUlHWXVJRk5wWTJobGNtaGxhWFJ6YzNsemRHVnRaU0JwDQpiU0JsYkdWcmRISXVJRVJoZEdWdWRtVnlhMlZvY2lCSGJXSklNU0l3SUFZRFZRUUxEQmxoTFhOcFoyNHRZMjl5DQpjRzl5WVhSbExXeHBaMmgwTFRBeU1TSXdJQVlEVlFRRERCbGhMWE5wWjI0dFkyOXljRzl5WVhSbExXeHBaMmgwDQpMVEF5TUI0WERURTFNRGN5T0RFMU5Ea3dOVm9YRFRJd01EY3lPREV6TkRrd05Wb3dnYll4Q3pBSkJnTlZCQVlUDQpBa0ZVTVI0d0hBWURWUVFLREJWRVlYUmxibk5qYUhWMGVtdHZiVzFwYzNOcGIyNHhJakFnQmdOVkJBc01HVk4wDQpZVzF0ZW1Gb2JISmxaMmx6ZEdWeVltVm9iMlZ5WkdVeExqQXNCZ05WQkFNTUpWTnBaMjVoZEhWeWMyVnlkbWxqDQpaU0JFWVhSbGJuTmphSFYwZW10dmJXMXBjM05wYjI0eEZUQVRCZ05WQkFVVERETXlOVGt5T0RNeU16azVPREVjDQpNQm9HQ1NxR1NJYjNEUUVKQVF3TlpITnJRR1J6YXk1bmRpNWhkRENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEDQpnZ0VQQURDQ0FRb0NnZ0VCQU4rZEJTRUJHajJqVVhJSzFNcDNsVnhjL1phK3BKTWl5S3JYM0cxWnhnWC9pa3g3DQpEOXNjc1BZTXQ0NzNMbEFXbDljbUNiSGJKSytQVjJYTk5kVVJMTVVDSVgrNHZVTnMyTUhlRFRRdFg4QlhqSkZwDQp3SllTb2FSSlEzOUZWUy8xcjVzV2NyYTlIaGRtN3c1R3R4LzJ1a3lEWDBrZGt4YXdraFA0RVFFemkvU0krRnVnDQpuK1dxZ1ExbkFkbGJ4Yi9kY0J3NXcxaDliM2xtdXdVZjR6M29vUVdVRDJEZ0Eva0tkMUtlak5SNDNtTFVzbXZTDQp6ZXZQeFQ5enM3OHBPUjFPYWNCN0lzelRWSlBYZU9FYWFOWkhubkIvVWVPM2c4TEVWLzNPa1hjVWdjTWtiSUlpDQphQkhsbGw3MVBxMENPajlrcWpYb2U3T3JSakxZNWkzS3dPcGE2VE1DQXdFQUFhT0NBZVV3Z2dIaE1CRUdBMVVkDQpEZ1FLQkFoTUNBNmVHdlMxdWpBT0JnTlZIUThCQWY4RUJBTUNCTEF3RGdZSEtpZ0FDZ0VIQVFRREFRSC9NQk1HDQpBMVVkSXdRTU1BcUFDRWtjV0RwUDZBMERNQWtHQTFVZEV3UUNNQUF3RkFZSEtpZ0FDZ0VCQVFRSkRBZENVMEl0DQpSRk5MTUg4R0NDc0dBUVVGQndFQkJITXdjVEJHQmdnckJnRUZCUWN3QW9ZNmFIUjBjRG92TDNkM2R5NWhMWFJ5DQpkWE4wTG1GMEwyTmxjblJ6TDJFdGMybG5iaTFqYjNKd2IzSmhkR1V0YkdsbmFIUXRNREpoTG1OeWREQW5CZ2dyDQpCZ0VGQlFjd0FZWWJhSFIwY0RvdkwyOWpjM0F1WVMxMGNuVnpkQzVoZEM5dlkzTndNRlFHQTFVZElBUk5NRXN3DQpTUVlHS2lnQUVRRVNNRDh3UFFZSUt3WUJCUVVIQWdFV01XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrDQpiMk56TDJOd0wyRXRjMmxuYmkxQmJYUnpjMmxuYm1GMGRYSXdnWjRHQTFVZEh3U0JsakNCa3pDQmtLQ0JqYUNCDQppb2FCaDJ4a1lYQTZMeTlzWkdGd0xtRXRkSEoxYzNRdVlYUXZiM1U5WVMxemFXZHVMV052Y25CdmNtRjBaUzFzDQphV2RvZEMwd01peHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wDQpQMkpoYzJVL2IySnFaV04wWTJ4aGMzTTlaV2xrUTJWeWRHbG1hV05oZEdsdmJrRjFkR2h2Y21sMGVUQU5CZ2txDQpoa2lHOXcwQkFRVUZBQU9DQVFFQUhRM1pDTXRBYmF6ZU1IbVdBMnpoWWxIcUhnS1ZvY1ZYRURnbU5tV0xHcUZlDQo4RUFERklzOHVHcmt0Qm1XQ1VJWGJYczdUSGNmeHMySjQ3dkh1Y29wc2RrYWJObFhFanpuZFJmbmMrMVZJbmJvDQp6TXJZZDdqZUROVEsvdElqaU9FWWRyeUlwZWtWOUNmYXc3eXU2bWVmTXpldTFhQXdmN0JuSy9odWl3SlduZW5wDQpCN2lEL1B2WittenVDN1JOZkpmRisrU3RpQlR4aTNWWXhOR01qTTFjVThHdzlWV2MwUjNFdWpPYVhXZ0NDOGk1DQpGR2hWdk9ZaE5YZnN4SlhiTnhld0VDanBBTHZEbEZMTCtpQzQ5RytBRFNvUnYwU2s5MU9QdStjSW1DajNyczNRDQp0YXNJL3A5TFlhY0c2Yy9nSTN0RTBpaHFnOVJic0tIWFFsM1BPdkVSSkE9PTwvZHNpZzpYNTA5Q2VydGlmaWNhdGU+PC9kc2lnOlg1MDlEYXRhPjwvZHNpZzpLZXlJbmZvPgoJCTxkc2lnOk9iamVjdD4KCQkJPGRzaWc6TWFuaWZlc3QgSWQ9Im1hbmlmZXN0Ij4KCQkJCTxkc2lnOlJlZmVyZW5jZSBVUkk9IiI+CgkJCQkJPGRzaWc6VHJhbnNmb3Jtcz4KCQkJCQkJPGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHBhdGgtMTk5OTExMTYiPgoJCQkJCQkJPGRzaWc6WFBhdGg+bm90KGFuY2VzdG9yLW9yLXNlbGY6OmRzaWc6U2lnbmF0dXJlKTwvZHNpZzpYUGF0aD4KCQkJCQkJPC9kc2lnOlRyYW5zZm9ybT4KCQkJCQk8L2RzaWc6VHJhbnNmb3Jtcz4KCQkJCQk8ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSIgLz4KCQkJCQk8ZHNpZzpEaWdlc3RWYWx1ZT5wM1pwS1BvK0ZYT3ZXdEhidFJzR2VLWm9lSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPgoJCQkJPC9kc2lnOlJlZmVyZW5jZT4KCQkJPC9kc2lnOk1hbmlmZXN0PgoJCTwvZHNpZzpPYmplY3Q+Cgk8L2RzaWc6U2lnbmF0dXJlPgo8L3NhbWw6QXNzZXJ0aW9uPg==", - "EID-CITIZEN-QAA-LEVEL": "http://eidas.europa.eu/LoA/substantial", - "EID-CCS-URL": "https://www.a-trust.at/todo", - "EID-AUTH-BLOCK": "PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiIHN0YW5kYWxvbmU9Im5vIj8+PHNhbWwyOkFzc2VydGlvbiB4bWxuczpzYW1sMj0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgSUQ9Il8wYWIzZDdmZDVmZjhlYjBiYjE1NDg2Y2U0ODQ2NGZhZCIgSXNzdWVJbnN0YW50PSIyMDE4LTA2LTA3VDE1OjI2OjI1KzAyOjAwIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI+PHNhbWwyOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSI+aHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvPC9zYW1sMjpJc3N1ZXI+PGRzaWc6U2lnbmF0dXJlIHhtbG5zOmRzaWc9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIElkPSJzaWduYXR1cmUtMS0xIj48ZHNpZzpTaWduZWRJbmZvPjxkc2lnOkNhbm9uaWNhbGl6YXRpb25NZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy9UUi8yMDAxL1JFQy14bWwtYzE0bi0yMDAxMDMxNSIgLz48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2IiAvPjxkc2lnOlJlZmVyZW5jZSBJZD0icmVmZXJlbmNlLTEtMSIgVVJJPSIiPjxkc2lnOlRyYW5zZm9ybXM+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS9SRUMteHNsdC0xOTk5MTExNiI+PHhzbDpzdHlsZXNoZWV0IHhtbG5zOnhzbD0iaHR0cDovL3d3dy53My5vcmcvMTk5OS9YU0wvVHJhbnNmb3JtIiBleGNsdWRlLXJlc3VsdC1wcmVmaXhlcz0ic2FtbDIiIHZlcnNpb249IjEuMCIgeG1sbnM6c2FtbDI9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjx4c2w6b3V0cHV0IG1ldGhvZD0ieG1sIiB4bWw6c3BhY2U9ImRlZmF1bHQiIC8+PHhzbDp0ZW1wbGF0ZSBtYXRjaD0iLyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiPjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1sIj48aGVhZD48dGl0bGU+U2lnbmF0dXIgZGVyIEFubWVsZGVkYXRlbjwvdGl0bGU+PHN0eWxlIG1lZGlhPSJzY3JlZW4iIHR5cGU9InRleHQvY3NzIj4KICAgICAgICAgICAgICAJCQkJCS5ub3JtYWxzdHlsZSB7IGZvbnQtc2l6ZTogbWVkaXVtOyB9IAogICAgICAgICAgICAgIAkJCQkJLml0YWxpY3N0eWxlIHsgZm9udC1zaXplOiBtZWRpdW07IGZvbnQtc3R5bGU6IGl0YWxpYzsgfQoJCQkJCQkJCS50aXRsZXN0eWxlIHsgdGV4dC1kZWNvcmF0aW9uOnVuZGVybGluZTsgZm9udC13ZWlnaHQ6Ym9sZDsgZm9udC1zaXplOiBtZWRpdW07IH0gCgkJCQkJCQkJLmg0c3R5bGUgeyBmb250LXNpemU6IGxhcmdlOyB9ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKCQkJCQkJCQkuaGlkZGVuIHtkaXNwbGF5OiBub25lOyB9IAogICAgICAgICAgICAgIAkJCQk8L3N0eWxlPjwvaGVhZD48Ym9keT48aDQgY2xhc3M9Img0c3R5bGUiPkFubWVsZGVkYXRlbjo8L2g0PjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5EYXRlbiB6dXIgUGVyc29uPC9wPjx0YWJsZSBjbGFzcz0icGFyYW1ldGVycyI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+Vm9ybmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjIuNS40LjQyJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUiIC8+PC90ZD48L3RyPjwveHNsOmlmPjx4c2w6aWYgdGVzdD0ic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5OYWNobmFtZTogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4yMCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9InN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J3VybjpvaWQ6MS4yLjQwLjAuMTAuMi4xLjEuNTUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSkiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5HZWJ1cnRzZGF0dW06IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS41NSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlZvbGxtYWNodDogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnRleHQ+SWNoIG1lbGRlIG1pY2ggaW4gVmVydHJldHVuZyBhbi4gSW0gbsOkY2hzdGVuIFNjaHJpdHQgd2lyZCBtaXIgZWluZSBMaXN0ZSBkZXIgZsO8ciBtaWNoIHZlcmbDvGdiYXJlbiBWZXJ0cmV0dW5nc3ZlcmjDpGx0bmlzc2UgYW5nZXplaWd0LCBhdXMgZGVuZW4gaWNoIGVpbmVzIGF1c3fDpGhsZW4gd2VyZGUuPC94c2w6dGV4dD48L3RkPjwvdHI+PC94c2w6aWY+PC90YWJsZT48cCBjbGFzcz0idGl0bGVzdHlsZSI+RGF0ZW4genVyIEFud2VuZHVuZzwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5JZGVudGlmaWthdG9yOiA8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSIvc2FtbDI6QXNzZXJ0aW9uL3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudC9zYW1sMjpBdHRyaWJ1dGVbQE5hbWU9J2h0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlKSI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPk5hbWU6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJGcmllbmRseU5hbWUnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHhzbDppZiB0ZXN0PSJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSdodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlJ10vc2FtbDI6QXR0cmlidXRlVmFsdWUpIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+U3RhYXQ6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0naHR0cDovL2VpZC5ndi5hdC9lSUQvYXR0cmlidXRlcy9TZXJ2aWNlUHJvdmlkZXJDb3VudHJ5Q29kZSddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIiAvPjwvdGQ+PC90cj48L3hzbDppZj48L3RhYmxlPjxwIGNsYXNzPSJ0aXRsZXN0eWxlIj5UZWNobmlzY2hlIFBhcmFtZXRlcjwvcD48dGFibGUgY2xhc3M9InBhcmFtZXRlcnMiPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5EYXR1bTo8L3RkPjx0ZCBjbGFzcz0ibm9ybWFsc3R5bGUiPjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDksMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDYsMikiIC8+PHhzbDp0ZXh0Pi48L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDEsNCkiIC8+PC90ZD48L3RyPjx0cj48dGQgY2xhc3M9Iml0YWxpY3N0eWxlIj5VaHJ6ZWl0OjwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9InN1YnN0cmluZygvc2FtbDI6QXNzZXJ0aW9uL0BJc3N1ZUluc3RhbnQsMTIsMikiIC8+PHhzbDp0ZXh0Pjo8L3hzbDp0ZXh0Pjx4c2w6dmFsdWUtb2Ygc2VsZWN0PSJzdWJzdHJpbmcoL3NhbWwyOkFzc2VydGlvbi9ASXNzdWVJbnN0YW50LDE1LDIpIiAvPjx4c2w6dGV4dD46PC94c2w6dGV4dD48eHNsOnZhbHVlLW9mIHNlbGVjdD0ic3Vic3RyaW5nKC9zYW1sMjpBc3NlcnRpb24vQElzc3VlSW5zdGFudCwxOCwyKSIgLz48L3RkPjwvdHI+PHRyPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPlRyYW5zYWt0aW9uc1Rva2tlbjogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9ASUQiIC8+PC90ZD48L3RyPjx4c2w6aWYgdGVzdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQvc2FtbDI6QXR0cmlidXRlW0BOYW1lPSd1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS45MCddL3NhbWwyOkF0dHJpYnV0ZVZhbHVlIj48dHI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+CgkJCQkJCQkJCQkJVm9sbG1hY2h0ZW4tUmVmZXJlbno6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6QXR0cmlidXRlU3RhdGVtZW50L3NhbWwyOkF0dHJpYnV0ZVtATmFtZT0ndXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuOTAnXS9zYW1sMjpBdHRyaWJ1dGVWYWx1ZSIgLz48L3RkPjwvdHI+PC94c2w6aWY+PHRyIGNsYXNzPSJoaWRkZW4iPjx0ZCBjbGFzcz0iaXRhbGljc3R5bGUiPkRhdGFVUkw6IDwvdGQ+PHRkIGNsYXNzPSJub3JtYWxzdHlsZSI+PHhzbDp2YWx1ZS1vZiBzZWxlY3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9zYW1sMjpBdWRpZW5jZVJlc3RyaWN0aW9uL3NhbWwyOkF1ZGllbmNlIiAvPjwvdGQ+PC90cj48eHNsOmlmIHRlc3Q9Ii9zYW1sMjpBc3NlcnRpb24vc2FtbDI6Q29uZGl0aW9ucy9ATm90T25PckFmdGVyIj48dHIgY2xhc3M9ImhpZGRlbiI+PHRkIGNsYXNzPSJpdGFsaWNzdHlsZSI+QXV0aEJsb2NrVmFsaWRUbzogPC90ZD48dGQgY2xhc3M9Im5vcm1hbHN0eWxlIj48eHNsOnZhbHVlLW9mIHNlbGVjdD0iL3NhbWwyOkFzc2VydGlvbi9zYW1sMjpDb25kaXRpb25zL0BOb3RPbk9yQWZ0ZXIiIC8+PC90ZD48L3RyPjwveHNsOmlmPjwvdGFibGU+PC9ib2R5PjwvaHRtbD48L3hzbDp0ZW1wbGF0ZT48L3hzbDpzdHlsZXNoZWV0PjwvZHNpZzpUcmFuc2Zvcm0+PGRzaWc6VHJhbnNmb3JtIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIiAvPjwvZHNpZzpUcmFuc2Zvcm1zPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIgLz48ZHNpZzpEaWdlc3RWYWx1ZT5iL1B5K3oweXIzQTVvaWsyRjJqSDZycXBYdTk0V2JZZzVBd0QrZGFUSmRFPTwvZHNpZzpEaWdlc3RWYWx1ZT48L2RzaWc6UmVmZXJlbmNlPjxkc2lnOlJlZmVyZW5jZSBJZD0iZXRzaS1kYXRhLXJlZmVyZW5jZS0xLTEiIFR5cGU9Imh0dHA6Ly91cmkuZXRzaS5vcmcvMDE5MDMjU2lnbmVkUHJvcGVydGllcyIgVVJJPSIjZXRzaS1zaWduZWRwcm9wZXJ0aWVzLTEtMSI+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPmdHNkxyS3JHcU5nWEtWZDVwaWIwdko2OVh1b0pRZlltNXhqZTFkOHFMSTQ9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PC9kc2lnOlNpZ25lZEluZm8+PGRzaWc6U2lnbmF0dXJlVmFsdWUgSWQ9InNpZ25hdHVyZXZhbHVlLTEtMSI+ZzR2OTlpV2R3K05jWnM4bWs5TnhPdVVxQ2Q3RnZXNXRKK3NLMkZzdEdoZkRnK0NMZmRiWVh4eWoxeTBYKzJpOGdJUjVLVVhybTRndEs0T09aT3Z4RlFzeWRtbkJqMW10QjRzM0V3MVhHK1pNeFJSRm5NTHpzWFdVQlhUTUxJcEozdlFpNW9qNHZmak5TdGRYL2NZWlFncEJ5OStJSVg3eDFjeVBGaWJtQk1CMzV3L2FEL1JQckhKOUVZalFEZ21IbGNHQXROZm96UFpJdS9MM0RXUGxDU2xJclBHNXZDS3BKSFBRcUt1QlFISy9nREFiUGI0WEx5ZVovR1BXNmsvRExMV1djWG04V1FyNysvYURvdHRtSWZwR0Z5YUIwSVlEWlpDdi82ZmxFRnpZMng4UXdyQmQ0cDkzeVZhMmJpUUZmd013VFNPQjVYVmJlODhQTW1jWDBnPT08L2RzaWc6U2lnbmF0dXJlVmFsdWU+PGRzaWc6S2V5SW5mbz48ZHNpZzpYNTA5RGF0YT48ZHNpZzpYNTA5Q2VydGlmaWNhdGU+TUlJRjFqQ0NCTDZnQXdJQkFnSUVmZ1MzL1RBTkJna3Foa2lHOXcwQkFRc0ZBRENCb1RFTE1Ba0dBMVVFQmd3Q1FWUXhTREJHQmdOVkJBb01QMEV0VkhKMWMzUWdSMlZ6TGlCbUxpQlRhV05vWlhKb1pXbDBjM041YzNSbGJXVWdhVzBnWld4bGEzUnlMaUJFWVhSbGJuWmxjbXRsYUhJZ1IyMWlTREVqTUNFR0ExVUVDd3dhWVMxemFXZHVMVkJ5WlcxcGRXMHRWR1Z6ZEMxVGFXY3RNREl4SXpBaEJnTlZCQU1NR21FdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TUI0WERURTRNRFV6TURBNE16SXlPVm9YRFRJek1EVXpNREE0TXpJeU9Wb3dZREVMTUFrR0ExVUVCZ3dDUVZReEZ6QVZCZ05WQkFNTURrMWhlQ0JOZFhOMFpYSnRZVzV1TVJNd0VRWURWUVFFREFwTmRYTjBaWEp0WVc1dU1Rd3dDZ1lEVlFRcURBTk5ZWGd4RlRBVEJnTlZCQVVNRERVeE56WTJNRGN4T0RrNU16Q0NBU0l3RFFZSktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQUxOR1lYUm12QXg5Q0ptelZPNHVLcmVKaHB3VHdIaS9mUWhuWDNRZkIxVnpRZVlNTUhpM0dmVnpFbUFhRDZoclZJODRjeXFMQlFzdHlvNVJ4Sk05TGY2ejg0VFUzWlZka093QlZ4WGpvZTk4RG8rT3hqN3pvbE8rNlFkZTJhMmZNalpwaUROZGtFUGRVclEybFJSUHBCcWp5SEJIYjIzenNaMVBJWElwTWw2bm1zVlZGczlabGxqYmFNaTlsNTZaRk9BUlZBYnVlWWZTcEYwd0Q2NlU1UUMzL2Z3OVNZMzFhRFpvNWFTbU1jd3F3Q1d2Q2MvRWY1ZXZ1RWhPMnNPN1g1NU4yRU10YVZIK1gzODJIY3J6eW42bE5FekJDZis0dlpqUTZnWDFLYWx3Qkk5TG5pYUJKT0QvNHBIZlViNTFDSlVoTHU5UnQvcmt5SnlLV1l1N3o2TUNBd0VBQWFPQ0FsUXdnZ0pRTUlHREJnZ3JCZ0VGQlFjQkFRUjNNSFV3UlFZSUt3WUJCUVVITUFLR09XaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlqWlhKMGN5OWhMWE5wWjI0dGNISmxiV2wxYlMxdGIySnBiR1V0TUROaExtTnlkREFzQmdnckJnRUZCUWN3QVlZZ2FIUjBjRG92TDI5amMzQXRkR1Z6ZEM1aExYUnlkWE4wTG1GMEwyOWpjM0F3RXdZRFZSMGpCQXd3Q29BSVJnYWZqa0dPRmIwd2NnWUlLd1lCQlFVSEFRTUVaakJrTUFvR0NDc0dBUVVGQndzQ01BZ0dCZ1FBamtZQkFUQUlCZ1lFQUk1R0FRUXdFd1lHQkFDT1JnRUdNQWtHQndRQWprWUJCZ0V3TFFZR0JBQ09SZ0VGTUNNd0lSWWJhSFIwY0hNNkx5OTNkM2N1WVMxMGNuVnpkQzVoZEM5d1pITXZFd0pGVGpBUkJnTlZIUTRFQ2dRSVFXeVM1ZFhrL3RZd0RnWURWUjBQQVFIL0JBUURBZ2JBTUFrR0ExVWRFd1FDTUFBd1lBWURWUjBnQkZrd1Z6QUlCZ1lFQUlzd0FRRXdTd1lHS2lnQUVRRVVNRUV3UHdZSUt3WUJCUVVIQWdFV00yaDBkSEE2THk5M2QzY3VZUzEwY25WemRDNWhkQzlrYjJOekwyTndMMkV0YzJsbmJpMXdjbVZ0YVhWdExXMXZZbWxzWlRDQnJnWURWUjBmQklHbU1JR2pNSUdnb0lHZG9JR2Fob0dYYkdSaGNEb3ZMMnhrWVhBdGRHVnpkQzVoTFhSeWRYTjBMbUYwTDI5MVBXRXRjMmxuYmkxUWNtVnRhWFZ0TFZSbGMzUXRVMmxuTFRBeUlDaFRTRUV0TWpVMktTeHZQVUV0VkhKMWMzUXNZejFCVkQ5alpYSjBhV1pwWTJGMFpYSmxkbTlqWVhScGIyNXNhWE4wUDJKaGMyVS9iMkpxWldOMFkyeGhjM005Wldsa1EyVnlkR2xtYVdOaGRHbHZia0YxZEdodmNtbDBlVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBeUVtZ09EdDAyeGF4SGI0RStPOVhnSW1FQzBBb0g0UTk3UHE3QmQ0ditQcXFkNmk1Um9kdndmVGdJYVcxSitmdkg4S1VUekkwWFg5d3BVV3dJbVZFR01INjNWQUpjWFZIMHk5aWZFV0lIZGhPTHRSWVZpZjBTUUs5WVJhY2h2SkRtRjVoTHdBUVJFZUdzWDJpTm1QN2RZZTR4aU5LQXRRbjBwaHZsUHFnaGE2b0tER01ROEZOQWZSejNrQXRYSndQYkZnNlFFNGtJaGtUZ2QzMnVPaUFKVzdHMlRhSlpYV2ZLOVRwVjVMUTEzKzExRkoyUzNLUWM4dWIvKzFHZGdpcktTVzRKMXpoc2ZUK1dDci9PYXlVMk16UVhLdjhPV2IwU3hXSUpIaU1UZXhIN3I5bXVHay9aTGthUVFWMkN0U09ZcVRBTjhBd2VDaUoxMXVWRkhlTHBRPT08L2RzaWc6WDUwOUNlcnRpZmljYXRlPjwvZHNpZzpYNTA5RGF0YT48L2RzaWc6S2V5SW5mbz48ZHNpZzpPYmplY3QgSWQ9ImV0c2ktc2lnbmVkLTEtMSI+PGV0c2k6UXVhbGlmeWluZ1Byb3BlcnRpZXMgeG1sbnM6ZXRzaT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMy92MS4zLjIjIiBUYXJnZXQ9IiNzaWduYXR1cmUtMS0xIj48ZXRzaTpTaWduZWRQcm9wZXJ0aWVzIElkPSJldHNpLXNpZ25lZHByb3BlcnRpZXMtMS0xIj48ZXRzaTpTaWduZWRTaWduYXR1cmVQcm9wZXJ0aWVzPjxldHNpOlNpZ25pbmdUaW1lPjIwMTgtMDYtMDdUMTM6MjY6MjVaPC9ldHNpOlNpZ25pbmdUaW1lPjxldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpDZXJ0PjxldHNpOkNlcnREaWdlc3Q+PGRzaWc6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2IiAvPjxkc2lnOkRpZ2VzdFZhbHVlPjZhVGtoYS9ZOXhZUzRiUU1aYndJWDhURnNEMkNlemRodXFIcFR0Q0kzZjA9PC9kc2lnOkRpZ2VzdFZhbHVlPjwvZXRzaTpDZXJ0RGlnZXN0PjxldHNpOklzc3VlclNlcmlhbD48ZHNpZzpYNTA5SXNzdWVyTmFtZT5DTj1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPVT1hLXNpZ24tUHJlbWl1bS1UZXN0LVNpZy0wMixPPUEtVHJ1c3QgR2VzLiBmLiBTaWNoZXJoZWl0c3N5c3RlbWUgaW0gZWxla3RyLiBEYXRlbnZlcmtlaHIgR21iSCxDPUFUPC9kc2lnOlg1MDlJc3N1ZXJOYW1lPjxkc2lnOlg1MDlTZXJpYWxOdW1iZXI+MjExNDIzODQ2MTwvZHNpZzpYNTA5U2VyaWFsTnVtYmVyPjwvZXRzaTpJc3N1ZXJTZXJpYWw+PC9ldHNpOkNlcnQ+PC9ldHNpOlNpZ25pbmdDZXJ0aWZpY2F0ZT48ZXRzaTpTaWduYXR1cmVQb2xpY3lJZGVudGlmaWVyPjxldHNpOlNpZ25hdHVyZVBvbGljeUltcGxpZWQgLz48L2V0c2k6U2lnbmF0dXJlUG9saWN5SWRlbnRpZmllcj48L2V0c2k6U2lnbmVkU2lnbmF0dXJlUHJvcGVydGllcz48ZXRzaTpTaWduZWREYXRhT2JqZWN0UHJvcGVydGllcz48ZXRzaTpEYXRhT2JqZWN0Rm9ybWF0IE9iamVjdFJlZmVyZW5jZT0iI3JlZmVyZW5jZS0xLTEiPjxldHNpOk1pbWVUeXBlPmFwcGxpY2F0aW9uL3hodG1sK3htbDwvZXRzaTpNaW1lVHlwZT48L2V0c2k6RGF0YU9iamVjdEZvcm1hdD48L2V0c2k6U2lnbmVkRGF0YU9iamVjdFByb3BlcnRpZXM+PC9ldHNpOlNpZ25lZFByb3BlcnRpZXM+PC9ldHNpOlF1YWxpZnlpbmdQcm9wZXJ0aWVzPjwvZHNpZzpPYmplY3Q+PC9kc2lnOlNpZ25hdHVyZT48c2FtbDI6Q29uZGl0aW9ucyBOb3RCZWZvcmU9IjIwMTgtMDYtMDdUMTU6MjY6MjUrMDI6MDAiIE5vdE9uT3JBZnRlcj0iMjAxOC0wNi0wN1QxNTo0MToyNSswMjowMCI+PHNhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PHNhbWwyOkF1ZGllbmNlPmh0dHBzOi8vZWlkLmd2LmF0L21vYS1pZC1hdXRoL3NsMjAvZGF0YVVybD9wZW5kaW5naWQ9MTYxOTMyOTI0MzMwMjE3MjQ2PC9zYW1sMjpBdWRpZW5jZT48L3NhbWwyOkF1ZGllbmNlUmVzdHJpY3Rpb24+PC9zYW1sMjpDb25kaXRpb25zPjxzYW1sMjpBdHRyaWJ1dGVTdGF0ZW1lbnQ+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IlBWUC1WRVJTSU9OIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjI2MS4xMCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj4yLjE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJQUklOQ0lQQUwtTkFNRSIgTmFtZT0idXJuOm9pZDoxLjIuNDAuMC4xMC4yLjEuMS4yNjEuMjAiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TXVzdGVybWFubjwvc2FtbDI6QXR0cmlidXRlVmFsdWU+PC9zYW1sMjpBdHRyaWJ1dGU+PHNhbWwyOkF0dHJpYnV0ZSBGcmllbmRseU5hbWU9IkdJVkVOLU5BTUUiIE5hbWU9InVybjpvaWQ6Mi41LjQuNDIiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+TWF4PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iQklSVEhEQVRFIiBOYW1lPSJ1cm46b2lkOjEuMi40MC4wLjEwLjIuMS4xLjU1IiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPjE5NDAtMDEtMDE8L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItVW5pcXVlSWQiIE5hbWU9Imh0dHA6Ly9laWQuZ3YuYXQvZUlEL2F0dHJpYnV0ZXMvU2VydmljZVByb3ZpZGVyVW5pcXVlSWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dXJpIj48c2FtbDI6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI+aHR0cHM6Ly9sYWJkYS5pYWlrLnR1Z3Jhei5hdDo1NTUzL2RlbW9sb2dpbi88L3NhbWwyOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDI6QXR0cmlidXRlPjxzYW1sMjpBdHRyaWJ1dGUgRnJpZW5kbHlOYW1lPSJTZXJ2aWNlUHJvdmlkZXItRnJpZW5kbHlOYW1lIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckZyaWVuZGx5TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1cmkiPjxzYW1sMjpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5sYWJkYSAtIERldmVsb3BtZW50PC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48c2FtbDI6QXR0cmlidXRlIEZyaWVuZGx5TmFtZT0iU2VydmljZVByb3ZpZGVyLUNvdW50cnlDb2RlIiBOYW1lPSJodHRwOi8vZWlkLmd2LmF0L2VJRC9hdHRyaWJ1dGVzL1NlcnZpY2VQcm92aWRlckNvdW50cnlDb2RlIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVyaSI+PHNhbWwyOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPkFUPC9zYW1sMjpBdHRyaWJ1dGVWYWx1ZT48L3NhbWwyOkF0dHJpYnV0ZT48L3NhbWwyOkF0dHJpYnV0ZVN0YXRlbWVudD48L3NhbWwyOkFzc2VydGlvbj4=" - } - } + "respID": "2LVPaGlWAwzxURkrcTQX", + "inResponseTo": "_63ff9ef67370024c4d2d8b9bfd380578", + "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAicmVzdWx0Ijogew0KICAgICJFSUQtSURFTlRJVFktTElOSyI6ICJQSE5oYld3NlFYTnpaWEowYVc5dUlFRnpjMlZ5ZEdsdmJrbEVQU0p6ZW5JdVltMXBMbWQyTG1GMExVRnpjMlZ5ZEdsdmJrbEVNVFV5T0RnNE1ESTJORE0wTURJNU5EVWlJRWx6YzNWbFNXNXpkR0Z1ZEQwaU1qQXhPQzB3TmkweE0xUXhNRG8xTnpvME5Dc3dNVG93TUNJZ1NYTnpkV1Z5UFNKb2RIUndPaTh2Y0c5eWRHRnNMbUp0YVM1bmRpNWhkQzl5WldZdmMzcHlMMmx6YzNWbGNpSWdUV0ZxYjNKV1pYSnphVzl1UFNJeElpQk5hVzV2Y2xabGNuTnBiMjQ5SWpBaUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qRXVNRHBoYzNObGNuUnBiMjRpSUhodGJHNXpPbkJ5UFNKb2RIUndPaTh2Y21WbVpYSmxibU5sTG1VdFoyOTJaWEp1YldWdWRDNW5kaTVoZEM5dVlXMWxjM0JoWTJVdmNHVnljMjl1WkdGMFlTOHlNREF5TURJeU9DTWlJSGh0Ykc1ek9tUnphV2M5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU1pSUhodGJHNXpPbVZqWkhOaFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU01pSUhodGJHNXpPbk5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0krQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblErQ2drSlBITmhiV3c2VTNWaWFtVmpkRDRLQ1FrSlBITmhiV3c2VTNWaWFtVmpkRU52Ym1acGNtMWhkR2x2Ymo0S0NRa0pDVHh6WVcxc09rTnZibVpwY20xaGRHbHZiazFsZEdodlpENTFjbTQ2YjJGemFYTTZibUZ0WlhNNmRHTTZVMEZOVERveExqQTZZMjA2YzJWdVpHVnlMWFp2ZFdOb1pYTThMM05oYld3NlEyOXVabWx5YldGMGFXOXVUV1YwYUc5a1Bnb0pDUWtKUEhOaGJXdzZVM1ZpYW1WamRFTnZibVpwY20xaGRHbHZia1JoZEdFK0Nna0pDUWtKUEhCeU9sQmxjbk52YmlCemFUcDBlWEJsUFNKd2NqcFFhSGx6YVdOaGJGQmxjbk52YmxSNWNHVWlQanh3Y2pwSlpHVnVkR2xtYVdOaGRHbHZiajQ4Y0hJNlZtRnNkV1UrZEhGRFVVVkROeXRCY1VkRlpXVk1Nemt3VmpWS1p6MDlQQzl3Y2pwV1lXeDFaVDQ4Y0hJNlZIbHdaVDUxY200NmNIVmliR2xqYVdRNlozWXVZWFE2WW1GelpXbGtQQzl3Y2pwVWVYQmxQand2Y0hJNlNXUmxiblJwWm1sallYUnBiMjQrUEhCeU9rNWhiV1UrUEhCeU9rZHBkbVZ1VG1GdFpUNU5ZWGc4TDNCeU9rZHBkbVZ1VG1GdFpUNDhjSEk2Um1GdGFXeDVUbUZ0WlNCd2NtbHRZWEo1UFNKMWJtUmxabWx1WldRaVBrMTFjM1JsY20xaGJtNDhMM0J5T2taaGJXbHNlVTVoYldVK1BDOXdjanBPWVcxbFBqeHdjanBFWVhSbFQyWkNhWEowYUQ0eE9UUXdMVEF4TFRBeFBDOXdjanBFWVhSbFQyWkNhWEowYUQ0OEwzQnlPbEJsY25OdmJqNEtDUWtKQ1R3dmMyRnRiRHBUZFdKcVpXTjBRMjl1Wm1seWJXRjBhVzl1UkdGMFlUNEtDUWtKUEM5ellXMXNPbE4xWW1wbFkzUkRiMjVtYVhKdFlYUnBiMjQrQ2drSlBDOXpZVzFzT2xOMVltcGxZM1ErQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1VnUVhSMGNtbGlkWFJsVG1GdFpUMGlRMmwwYVhwbGJsQjFZbXhwWTB0bGVTSWdRWFIwY21saWRYUmxUbUZ0WlhOd1lXTmxQU0oxY200NmNIVmliR2xqYVdRNlozWXVZWFE2Ym1GdFpYTndZV05sY3pwcFpHVnVkR2wwZVd4cGJtczZNUzR5SWo0OGMyRnRiRHBCZEhSeWFXSjFkR1ZXWVd4MVpUNDhaSE5wWnpwU1UwRkxaWGxXWVd4MVpUNDhaSE5wWnpwTmIyUjFiSFZ6UG5sMlIwMVFSRFZaYWtobVpXOHhkbHBoU0VGNFEwWkNNeXRCUW0xaVlWQnpjRE5HTVhGRGRHY3ZaWFpsVVZSSWNsQnlSVXhPVDJaT1VuWTBhV0V3WlhjNFRsQnlaVFpRUjJKRFZHTU5DbnBrT1ZGdVZqSmlSRE5yVFhCa1VqUlRjMlpRVFVnd2VGQkdXRFV4T0dsUlZEQTFUWHBhT1dRM01WVnpiRGxzZHpack1HcHdTMjFGVlVWMlpWcGpRVVZKTVhGa00ySjNTWEJVTURnTkNtRjZabG8xTDFCa1JUWlpSVmcyVlhwUE5FSk1VbHB3ZUdOTlJtTXdhRGxaYW5vclZ6QktjRVYxVTFKUE0xZFFjRVpvY2xZeVZVOUtVU3R4ZUhrdk5EWklZek5JVERkTlFsRlNWMm9OQ2twVU9XUndlV0l2T0dSbFpWQkRialJGTldoTFRWSlRjblZGUjJwaGFFOVlMMHcwTTNWSFVVOU5VRVZ4V1hCTFNIZzRhazlTTDBsUE16WnJTSFZWWm5GT1RuVlhiRWhDYlVzMldFME5DbmN3TUZsclYyTkRVRUkwYW1KUk5URTBSVk16UjFJMlJIQkpNbGRVVVRCaFRGbHRWR1YzUFQwOEwyUnphV2M2VFc5a2RXeDFjejQ4WkhOcFp6cEZlSEJ2Ym1WdWRENUJVVUZDUEM5a2MybG5Pa1Y0Y0c5dVpXNTBQand2WkhOcFp6cFNVMEZMWlhsV1lXeDFaVDQ4TDNOaGJXdzZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzT2tGMGRISnBZblYwWlQ0OEwzTmhiV3c2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwUGdvSlBHUnphV2M2VTJsbmJtRjBkWEpsUGdvSkNUeGtjMmxuT2xOcFoyNWxaRWx1Wm04K0Nna0pDVHhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekV3TDNodGJDMWxlR010WXpFMGJpTWlJQzgrQ2drSkNUeGtjMmxuT2xOcFoyNWhkSFZ5WlUxbGRHaHZaQ0JCYkdkdmNtbDBhRzA5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU55YzJFdGMyaGhNU0lnTHo0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGVlNTVDBpSWo0S0NRa0pDVHhrYzJsbk9sUnlZVzV6Wm05eWJYTStDZ2tKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrOFpITnBaenBZVUdGMGFENXViM1FvWVc1alpYTjBiM0l0YjNJdGMyVnNaam82Y0hJNlNXUmxiblJwWm1sallYUnBiMjRwUEM5a2MybG5PbGhRWVhSb1Bnb0pDUWtKQ1R3dlpITnBaenBVY21GdWMyWnZjbTArQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdElFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkyVnVkbVZzYjNCbFpDMXphV2R1WVhSMWNtVWlJQzgrQ2drSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1R4a2MybG5Pa1JwWjJWemRFMWxkR2h2WkNCQmJHZHZjbWwwYUcwOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREF2TURrdmVHMXNaSE5wWnlOemFHRXhJaUF2UGdvSkNRa0pQR1J6YVdjNlJHbG5aWE4wVm1Gc2RXVSthVXN6TW10cmJVNWtVelZIV2xSemJHOHhTbVJDWVdsRFRsVnJQVHd2WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDRLQ1FrSlBDOWtjMmxuT2xKbFptVnlaVzVqWlQ0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGUjVjR1U5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU5OWVc1cFptVnpkQ0lnVlZKSlBTSWpiV0Z1YVdabGMzUWlQZ29KQ1FrSlBHUnphV2M2UkdsblpYTjBUV1YwYUc5a0lFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkzTm9ZVEVpSUM4K0Nna0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDQ0TWtadVlVeGxja2x6YVVOM1RFRlhVVEZYUVVjcmJVUlVWVTA5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRazhMMlJ6YVdjNlVtVm1aWEpsYm1ObFBnb0pDVHd2WkhOcFp6cFRhV2R1WldSSmJtWnZQZ29KQ1R4a2MybG5PbE5wWjI1aGRIVnlaVlpoYkhWbFBnb2dJQ0FnY1UxMU1uTXJkV2xwVlhVMk0zRmpOWEZhYmxWWFpVeEZSREpuVm5GRFkwTmtRMGN4ZHpFMVoxSkdTV3Q0UzNOWVZGRlRRVE5LVjBoRFJYaHhjams1ZDBjMFYwMXRjRTF0U21oaFR3MEtkRGc0TjJOUlRtOUdURFJaYTBzMVRXcEhOR28wUjI1Q1ZHZFRhRVpXY0c0MWRXaFBkblpITUZsd1lVSlhNMlYyYVdSYVRYWkllV0psV1VSSVZHeHBia2sxVWtaU1pVaEdXRU5zVGcwS1dGQmhUMWxWTHpVek5GRnhaMWhLU1hrMFpXdHVkRFJ2UXk5TE0xRnVaVWhoU1VKbmVrSjFkMlpIUjIxbGEwVnlPVGROUkV0NllXWjBhMDVwTVVSS1dFNDRkMkZJVmtWTVdubHRPUTBLUjJGM1JraExjRUpGY2s5aGVqQXZVRVpxZUZGUVpsQkRaVW93UzJoNGRqbFFWVmh5YUZkUlMySkhZWEp1VlU1MUx5dFRNVEZqUzA5eGMzQmpiR2htUzFac2QxUlNhQzlXVkdsaFZBMEtSbUU0THpoYVMwSTVNM2cyV21SSVQwMHlZblY1VERaMVRqQTFjblpMWW05d1ozcG5ObEU5UFFvZ0lEd3ZaSE5wWnpwVGFXZHVZWFIxY21WV1lXeDFaVDQ4WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2xnMU1EbEVZWFJoUGp4a2MybG5PbGcxTURsRFpYSjBhV1pwWTJGMFpUNU5TVWxHZFhwRFEwSkxUMmRCZDBsQ1FXZEpSRWRUYTJWTlFUQkhRMU54UjFOSllqTkVVVVZDUWxGVlFVMUpSMlpOVVhOM1ExRlpSRlpSVVVkRmQwcENEUXBXUkVaSlRVVlpSMEV4VlVWRFozY3ZVVk14VldOdVZucGtRMEpJV2xoTmRVbEhXWFZKUms1d1dUSm9iR050YUd4aFdGSjZZek5zZW1SSFZuUmFVMEp3RFFwaVUwSnNZa2RXY21SSVNYVkpSVkpvWkVkV2RXUnRWbmxoTWxadlkybENTR0pYU2tsTlUwbDNTVUZaUkZaUlVVeEVRbXhvVEZoT2NGb3lOSFJaTWpsNURRcGpSemw1V1ZoU2JFeFhlSEJhTW1nd1RGUkJlVTFUU1hkSlFWbEVWbEZSUkVSQ2JHaE1XRTV3V2pJMGRGa3lPWGxqUnpsNVdWaFNiRXhYZUhCYU1tZ3dEUXBNVkVGNVRVSTBXRVJVUlRGTlJHTjVUMFJGTVU1RWEzZE9WbTlZUkZSSmQwMUVZM2xQUkVWNlRrUnJkMDVXYjNkbllsbDRRM3BCU2tKblRsWkNRVmxVRFFwQmEwWlZUVkkwZDBoQldVUldVVkZMUkVKV1JWbFlVbXhpYms1cVlVaFdNR1Z0ZEhaaVZ6RndZek5PY0dJeU5IaEpha0ZuUW1kT1ZrSkJjMDFIVms0d0RRcFpWekYwWlcxR2IySklTbXhhTW14NlpFZFdlVmx0Vm05aU1sWjVXa2RWZUV4cVFYTkNaMDVXUWtGTlRVcFdUbkJhTWpWb1pFaFdlV015Vm5sa2JXeHFEUXBhVTBKRldWaFNiR0p1VG1waFNGWXdaVzEwZG1KWE1YQmpNMDV3WWpJMGVFWlVRVlJDWjA1V1FrRlZWRVJFVFhsT1ZHdDVUMFJOZVUxNmF6VlBSRVZqRFFwTlFtOUhRMU54UjFOSllqTkVVVVZLUVZGM1RscElUbkpSUjFKNllYazFibVJwTldoa1JFTkRRVk5KZDBSUldVcExiMXBKYUhaalRrRlJSVUpDVVVGRURRcG5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVNHJaRUpUUlVKSGFqSnFWVmhKU3pGTmNETnNWbmhqTDFwaEszQktUV2w1UzNKWU0wY3hXbmhuV0M5cGEzZzNEUXBFT1hOamMxQlpUWFEwTnpOTWJFRlhiRGxqYlVOaVNHSktTeXRRVmpKWVRrNWtWVkpNVFZWRFNWZ3JOSFpWVG5NeVRVaGxSRlJSZEZnNFFsaHFTa1p3RFFwM1NsbFRiMkZTU2xFek9VWldVeTh4Y2pWelYyTnlZVGxJYUdSdE4zYzFSM1I0THpKMWEzbEVXREJyWkd0NFlYZHJhRkEwUlZGRmVta3ZVMGtyUm5WbkRRcHVLMWR4WjFFeGJrRmtiR0o0WWk5a1kwSjNOWGN4YURsaU0yeHRkWGRWWmpSNk0yOXZVVmRWUkRKRVowRXZhMHRrTVV0bGFrNVNORE50VEZWemJYWlREUXA2WlhaUWVGUTVlbk0zT0hCUFVqRlBZV05DTjBsemVsUldTbEJZWlU5RllXRk9Xa2h1YmtJdlZXVlBNMmM0VEVWV0x6TlBhMWhqVldkalRXdGlTVWxwRFFwaFFraHNiR3czTVZCeE1FTlBhamxyY1dwWWIyVTNUM0pTYWt4Wk5Xa3pTM2RQY0dFMlZFMURRWGRGUVVGaFQwTkJaVlYzWjJkSWFFMUNSVWRCTVZWa0RRcEVaMUZMUWtGb1RVTkJObVZIZGxNeGRXcEJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkNURUYzUkdkWlNFdHBaMEZEWjBWSVFWRlJSRUZSU0M5TlFrMUhEUXBCTVZWa1NYZFJUVTFCY1VGRFJXdGpWMFJ3VURaQk1FUk5RV3RIUVRGVlpFVjNVVU5OUVVGM1JrRlpTRXRwWjBGRFowVkNRVkZSU2tSQlpFTlZNRWwwRFFwU1JrNU1UVWc0UjBORGMwZEJVVlZHUW5kRlFrSklUWGRqVkVKSFFtZG5ja0puUlVaQ1VXTjNRVzlaTm1GSVVqQmpSRzkyVEROa00yUjVOV2hNV0ZKNURRcGtXRTR3VEcxR01Fd3lUbXhqYmxKNlRESkZkR015Ykc1aWFURnFZak5LZDJJelNtaGtSMVYwWWtkc2JtRklVWFJOUkVwb1RHMU9lV1JFUVc1Q1oyZHlEUXBDWjBWR1FsRmpkMEZaV1dKaFNGSXdZMFJ2ZGt3eU9XcGpNMEYxV1ZNeE1HTnVWbnBrUXpWb1pFTTVkbGt6VG5kTlJsRkhRVEZWWkVsQlVrNU5SWE4zRFFwVFVWbEhTMmxuUVVWUlJWTk5SRGgzVUZGWlNVdDNXVUpDVVZWSVFXZEZWMDFYYURCa1NFRTJUSGs1TTJRelkzVlpVekV3WTI1V2VtUkROV2hrUXpsckRRcGlNazU2VERKT2Qwd3lSWFJqTW14dVlta3hRbUpZVW5wak1teHVZbTFHTUdSWVNYZG5XalJIUVRGVlpFaDNVMEpzYWtOQ2EzcERRbXRMUTBKcVlVTkNEUXBwYjJGQ2FESjRhMWxZUVRaTWVUbHpXa2RHZDB4dFJYUmtTRW94WXpOUmRWbFlVWFppTTFVNVdWTXhlbUZYWkhWTVYwNTJZMjVDZG1OdFJqQmFVekZ6RFFwaFYyUnZaRU13ZDAxcGVIWlFWVVYwVmtoS01XTXpVWE5aZWpGQ1ZrUTVhbHBZU2pCaFYxcHdXVEpHTUZwWVNteGtiVGxxV1ZoU2NHSXlOWE5oV0U0d0RRcFFNa3BvWXpKVkwySXlTbkZhVjA0d1dUSjRhR016VFRsYVYyeHJVVEpXZVdSSGJHMWhWMDVvWkVkc2RtSnJSakZrUjJoMlkyMXNNR1ZVUVU1Q1oydHhEUXBvYTJsSE9YY3dRa0ZSVlVaQlFVOURRVkZGUVVoUk0xcERUWFJCWW1GNlpVMUliVmRCTW5wb1dXeEljVWhuUzFadlkxWllSVVJuYlU1dFYweEhjVVpsRFFvNFJVRkVSa2x6T0hWSGNtdDBRbTFYUTFWSldHSlljemRVU0dObWVITXlTalEzZGtoMVkyOXdjMlJyWVdKT2JGaEZhbnB1WkZKbWJtTXJNVlpKYm1KdkRRcDZUWEpaWkRkcVpVUk9WRXN2ZEVscWFVOUZXV1J5ZVVsd1pXdFdPVU5tWVhjM2VYVTJiV1ZtVFhwbGRURmhRWGRtTjBKdVN5OW9kV2wzU2xkdVpXNXdEUXBDTjJsRUwxQjJXaXR0ZW5WRE4xSk9aa3BtUmlzclUzUnBRbFI0YVROV1dYaE9SMDFxVFRGalZUaEhkemxXVjJNd1VqTkZkV3BQWVZoWFowTkRPR2sxRFFwR1IyaFdkazlaYUU1WVpuTjRTbGhpVG5obGQwVkRhbkJCVEhaRWJFWk1UQ3RwUXpRNVJ5dEJSRk52VW5Zd1UyczVNVTlRZFN0alNXMURhak55Y3pOUkRRcDBZWE5KTDNBNVRGbGhZMGMyWXk5blNUTjBSVEJwYUhGbk9WSmljMHRJV0ZGc00xQlBka1ZTU2tFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBnb0pDVHhrYzJsbk9rOWlhbVZqZEQ0S0NRa0pQR1J6YVdjNlRXRnVhV1psYzNRZ1NXUTlJbTFoYm1sbVpYTjBJajRLQ1FrSkNUeGtjMmxuT2xKbFptVnlaVzVqWlNCVlVrazlJaUkrQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrSlBHUnphV2M2V0ZCaGRHZytibTkwS0dGdVkyVnpkRzl5TFc5eUxYTmxiR1k2T21SemFXYzZVMmxuYm1GMGRYSmxLVHd2WkhOcFp6cFlVR0YwYUQ0S0NRa0pDUWtKUEM5a2MybG5PbFJ5WVc1elptOXliVDRLQ1FrSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrOFpITnBaenBFYVdkbGMzUk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF3THpBNUwzaHRiR1J6YVdjamMyaGhNU0lnTHo0S0NRa0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDV0TWpWR056UXZOMWRMVlV4QmIwVXlWemRDYzBneVdVWlFUelE5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRa0pQQzlrYzJsbk9sSmxabVZ5Wlc1alpUNEtDUWtKUEM5a2MybG5PazFoYm1sbVpYTjBQZ29KQ1R3dlpITnBaenBQWW1wbFkzUStDZ2s4TDJSemFXYzZVMmxuYm1GMGRYSmxQZ284TDNOaGJXdzZRWE56WlhKMGFXOXVQZz09IiwNCiAgICAiRUlELUNJVElaRU4tUUFBLUxFVkVMIjogImh0dHA6Ly9laWRhcy5ldXJvcGEuZXUvTG9BL3N1YnN0YW50aWFsIiwNCiAgICAiRUlELUNDUy1VUkwiOiAiaHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvIiwNCiAgICAiRUlELUFVVEgtQkxPQ0siOiAiUEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpSUhOMFlXNWtZV3h2Ym1VOUltNXZJajgrUEhOaGJXd3lPa0Z6YzJWeWRHbHZiaUI0Yld4dWN6cHpZVzFzTWowaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRnpjMlZ5ZEdsdmJpSWdTVVE5SWw4Mk0yWm1PV1ZtTmpjek56QXdNalJqTkdReVpEaGlPV0ptWkRNNE1EVTNPQ0lnU1hOemRXVkpibk4wWVc1MFBTSXlNREU0TFRBMkxURXpWREUzT2pRMk9qQTVLekF5T2pBd0lpQldaWEp6YVc5dVBTSXlMakFpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0krUEhOaGJXd3lPa2x6YzNWbGNpQkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcHVZVzFsYVdRdFptOXliV0YwT21WdWRHbDBlU0krYUhSMGNITTZMeTkzZDNjdVlTMTBjblZ6ZEM1aGRDOTBiMlJ2UEM5ellXMXNNanBKYzNOMVpYSStQR1J6YVdjNlUybG5ibUYwZFhKbElIaHRiRzV6T21SemFXYzlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURBdk1Ea3ZlRzFzWkhOcFp5TWlJRWxrUFNKemFXZHVZWFIxY21VdE1TMHhJajQ4WkhOcFp6cFRhV2R1WldSSmJtWnZQanhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk5VVVpOHlNREF4TDFKRlF5MTRiV3d0WXpFMGJpMHlNREF4TURNeE5TSWdMejQ4WkhOcFp6cFRhV2R1WVhSMWNtVk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU055YzJFdGMyaGhNalUySWlBdlBqeGtjMmxuT2xKbFptVnlaVzVqWlNCSlpEMGljbVZtWlhKbGJtTmxMVEV0TVNJZ1ZWSkpQU0lpUGp4a2MybG5PbFJ5WVc1elptOXliWE0rUEdSemFXYzZWSEpoYm5ObWIzSnRJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2VkZJdk1UazVPUzlTUlVNdGVITnNkQzB4T1RrNU1URXhOaUkrUEhoemJEcHpkSGxzWlhOb1pXVjBJSGh0Ykc1ek9uaHpiRDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TVRrNU9TOVlVMHd2VkhKaGJuTm1iM0p0SWlCbGVHTnNkV1JsTFhKbGMzVnNkQzF3Y21WbWFYaGxjejBpYzJGdGJESWlJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02YzJGdGJESTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUGp4NGMydzZiM1YwY0hWMElHMWxkR2h2WkQwaWVHMXNJaUI0Yld3NmMzQmhZMlU5SW1SbFptRjFiSFFpSUM4K1BIaHpiRHAwWlcxd2JHRjBaU0J0WVhSamFEMGlMeUlnZUcxc2JuTTlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5MekU1T1RrdmVHaDBiV3dpUGp4b2RHMXNJSGh0Ykc1elBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDNob2RHMXNJajQ4YUdWaFpENDhkR2wwYkdVK1UybG5ibUYwZFhJZ1pHVnlJRUZ1YldWc1pHVmtZWFJsYmp3dmRHbDBiR1UrUEhOMGVXeGxJRzFsWkdsaFBTSnpZM0psWlc0aUlIUjVjR1U5SW5SbGVIUXZZM056SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FKQ1FrSkNTNXViM0p0WVd4emRIbHNaU0I3SUdadmJuUXRjMmw2WlRvZ2JXVmthWFZ0T3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRa0pMbWwwWVd4cFkzTjBlV3hsSUhzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lHWnZiblF0YzNSNWJHVTZJR2wwWVd4cFl6c2dmUW9KQ1FrSkNRa0pDUzUwYVhSc1pYTjBlV3hsSUhzZ2RHVjRkQzFrWldOdmNtRjBhVzl1T25WdVpHVnliR2x1WlRzZ1ptOXVkQzEzWldsbmFIUTZZbTlzWkRzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lIMGdDZ2tKQ1FrSkNRa0pMbWcwYzNSNWJHVWdleUJtYjI1MExYTnBlbVU2SUd4aGNtZGxPeUI5SUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtDUWtKQ1FrSkNRa3VhR2xrWkdWdUlIdGthWE53YkdGNU9pQnViMjVsT3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRazhMM04wZVd4bFBqd3ZhR1ZoWkQ0OFltOWtlVDQ4YURRZ1kyeGhjM005SW1nMGMzUjViR1VpUGtGdWJXVnNaR1ZrWVhSbGJqbzhMMmcwUGp4d0lHTnNZWE56UFNKMGFYUnNaWE4wZVd4bElqNUVZWFJsYmlCNmRYSWdVR1Z5YzI5dVBDOXdQangwWVdKc1pTQmpiR0Z6Y3owaWNHRnlZVzFsZEdWeWN5SStQSGh6YkRwcFppQjBaWE4wUFNKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUXZjMkZ0YkRJNlFYUjBjbWxpZFhSbFcwQk9ZVzFsUFNkMWNtNDZiMmxrT2pJdU5TNDBMalF5SjEwdmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVXBJajQ4ZEhJK1BIUmtJR05zWVhOelBTSnBkR0ZzYVdOemRIbHNaU0krVm05eWJtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakl1TlM0MExqUXlKMTB2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVaUlDOCtQQzkwWkQ0OEwzUnlQand2ZUhOc09tbG1Qang0YzJ3NmFXWWdkR1Z6ZEQwaWMzUnlhVzVuS0M5ellXMXNNanBCYzNObGNuUnBiMjR2YzJGdGJESTZRWFIwY21saWRYUmxVM1JoZEdWdFpXNTBMM05oYld3eU9rRjBkSEpwWW5WMFpWdEFUbUZ0WlQwbmRYSnVPbTlwWkRveExqSXVOREF1TUM0eE1DNHlMakV1TVM0eU5qRXVNakFuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTa2lQangwY2o0OGRHUWdZMnhoYzNNOUltbDBZV3hwWTNOMGVXeGxJajVPWVdOb2JtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhlSE5zT21sbUlIUmxjM1E5SW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMM05oYld3eU9rRjBkSEpwWW5WMFpWTjBZWFJsYldWdWRDOXpZVzFzTWpwQmRIUnlhV0oxZEdWYlFFNWhiV1U5SjNWeWJqcHZhV1E2TVM0eUxqUXdMakF1TVRBdU1pNHhMakV1TlRVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU2tpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SFpXSjFjblJ6WkdGMGRXMDZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNDFOU2RkTDNOaGJXd3lPa0YwZEhKcFluVjBaVlpoYkhWbElpQXZQand2ZEdRK1BDOTBjajQ4TDNoemJEcHBaajQ4ZUhOc09tbG1JSFJsYzNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNHlOakV1T1RBblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGxadmJHeHRZV05vZERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25SbGVIUStTV05vSUcxbGJHUmxJRzFwWTJnZ2FXNGdWbVZ5ZEhKbGRIVnVaeUJoYmk0Z1NXMGdic09rWTJoemRHVnVJRk5qYUhKcGRIUWdkMmx5WkNCdGFYSWdaV2x1WlNCTWFYTjBaU0JrWlhJZ1pzTzhjaUJ0YVdOb0lIWmxjbWJEdkdkaVlYSmxiaUJXWlhKMGNtVjBkVzVuYzNabGNtakRwR3gwYm1semMyVWdZVzVuWlhwbGFXZDBMQ0JoZFhNZ1pHVnVaVzRnYVdOb0lHVnBibVZ6SUdGMWMzZkRwR2hzWlc0Z2QyVnlaR1V1UEM5NGMydzZkR1Y0ZEQ0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BDOTBZV0pzWlQ0OGNDQmpiR0Z6Y3owaWRHbDBiR1Z6ZEhsc1pTSStSR0YwWlc0Z2VuVnlJRUZ1ZDJWdVpIVnVaend2Y0Q0OGRHRmliR1VnWTJ4aGMzTTlJbkJoY21GdFpYUmxjbk1pUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SlpHVnVkR2xtYVd0aGRHOXlPaUE4TDNSa1BqeDBaQ0JqYkdGemN6MGlibTl5YldGc2MzUjViR1VpUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKMmgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblF2YzJGdGJESTZRWFIwY21saWRYUmxXMEJPWVcxbFBTZG9kSFJ3T2k4dlpXbGtMbWQyTG1GMEwyVkpSQzloZEhSeWFXSjFkR1Z6TDFObGNuWnBZMlZRY205MmFXUmxja1p5YVdWdVpHeDVUbUZ0WlNkZEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxLU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGs1aGJXVTZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5hSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpHY21sbGJtUnNlVTVoYldVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0lnTHo0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BIaHpiRHBwWmlCMFpYTjBQU0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2RvZEhSd09pOHZaV2xrTG1kMkxtRjBMMlZKUkM5aGRIUnlhV0oxZEdWekwxTmxjblpwWTJWUWNtOTJhV1JsY2tOdmRXNTBjbmxEYjJSbEoxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VwSWo0OGRISStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1UzUmhZWFE2SUR3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJaTl6WVcxc01qcEJjM05sY25ScGIyNHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFUzUmhkR1Z0Wlc1MEwzTmhiV3d5T2tGMGRISnBZblYwWlZ0QVRtRnRaVDBuYUhSMGNEb3ZMMlZwWkM1bmRpNWhkQzlsU1VRdllYUjBjbWxpZFhSbGN5OVRaWEoyYVdObFVISnZkbWxrWlhKRGIzVnVkSEo1UTI5a1pTZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhMM1JoWW14bFBqeHdJR05zWVhOelBTSjBhWFJzWlhOMGVXeGxJajVVWldOb2JtbHpZMmhsSUZCaGNtRnRaWFJsY2p3dmNENDhkR0ZpYkdVZ1kyeGhjM005SW5CaGNtRnRaWFJsY25NaVBqeDBjajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUVZWFIxYlRvOEwzUmtQangwWkNCamJHRnpjejBpYm05eWJXRnNjM1I1YkdVaVBqeDRjMnc2ZG1Gc2RXVXRiMllnYzJWc1pXTjBQU0p6ZFdKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTlBU1hOemRXVkpibk4wWVc1MExEa3NNaWtpSUM4K1BIaHpiRHAwWlhoMFBpNDhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMRFlzTWlraUlDOCtQSGh6YkRwMFpYaDBQaTQ4TDNoemJEcDBaWGgwUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSnpkV0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOUFTWE56ZFdWSmJuTjBZVzUwTERFc05Da2lJQzgrUEM5MFpENDhMM1J5UGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1VmFISjZaV2wwT2p3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJbk4xWW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMMEJKYzNOMVpVbHVjM1JoYm5Rc01USXNNaWtpSUM4K1BIaHpiRHAwWlhoMFBqbzhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMREUxTERJcElpQXZQang0YzJ3NmRHVjRkRDQ2UEM5NGMydzZkR1Y0ZEQ0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGljM1ZpYzNSeWFXNW5LQzl6WVcxc01qcEJjM05sY25ScGIyNHZRRWx6YzNWbFNXNXpkR0Z1ZEN3eE9Dd3lLU0lnTHo0OEwzUmtQand2ZEhJK1BIUnlQangwWkNCamJHRnpjejBpYVhSaGJHbGpjM1I1YkdVaVBsUnlZVzV6WVd0MGFXOXVjMVJ2YTJWdU9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDBCSlJDSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKM1Z5YmpwdmFXUTZNUzR5TGpRd0xqQXVNVEF1TWk0eExqRXVNall4TGprd0oxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo0S0NRa0pDUWtKQ1FrSkNRbFdiMnhzYldGamFIUmxiaTFTWldabGNtVnVlam9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0NU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhkSElnWTJ4aGMzTTlJbWhwWkdSbGJpSStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1JHRjBZVlZTVERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25aaGJIVmxMVzltSUhObGJHVmpkRDBpTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcERiMjVrYVhScGIyNXpMM05oYld3eU9rRjFaR2xsYm1ObFVtVnpkSEpwWTNScGIyNHZjMkZ0YkRJNlFYVmthV1Z1WTJVaUlDOCtQQzkwWkQ0OEwzUnlQang0YzJ3NmFXWWdkR1Z6ZEQwaUwzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBEYjI1a2FYUnBiMjV6TDBCT2IzUlBiazl5UVdaMFpYSWlQangwY2lCamJHRnpjejBpYUdsa1pHVnVJajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUJkWFJvUW14dlkydFdZV3hwWkZSdk9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDNOaGJXd3lPa052Ym1ScGRHbHZibk12UUU1dmRFOXVUM0pCWm5SbGNpSWdMejQ4TDNSa1Bqd3ZkSEkrUEM5NGMydzZhV1krUEM5MFlXSnNaVDQ4TDJKdlpIaytQQzlvZEcxc1Bqd3ZlSE5zT25SbGJYQnNZWFJsUGp3dmVITnNPbk4wZVd4bGMyaGxaWFErUEM5a2MybG5PbFJ5WVc1elptOXliVDQ4WkhOcFp6cFVjbUZ1YzJadmNtMGdRV3huYjNKcGRHaHRQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEx6RXdMM2h0YkMxbGVHTXRZekUwYmlNaUlDOCtQQzlrYzJsbk9sUnlZVzV6Wm05eWJYTStQR1J6YVdjNlJHbG5aWE4wVFdWMGFHOWtJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOHdOQzk0Yld4bGJtTWpjMmhoTWpVMklpQXZQanhrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQbXBoTUhSSlVEQkJVVEU0ZGk4NFpsVmpOR1kxYVhsSGNIWXhXVGhFYWpGUGJDODVNa2RTU0V0Q2EyYzlQQzlrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQand2WkhOcFp6cFNaV1psY21WdVkyVStQR1J6YVdjNlVtVm1aWEpsYm1ObElFbGtQU0psZEhOcExXUmhkR0V0Y21WbVpYSmxibU5sTFRFdE1TSWdWSGx3WlQwaWFIUjBjRG92TDNWeWFTNWxkSE5wTG05eVp5OHdNVGt3TXlOVGFXZHVaV1JRY205d1pYSjBhV1Z6SWlCVlVrazlJaU5sZEhOcExYTnBaMjVsWkhCeWIzQmxjblJwWlhNdE1TMHhJajQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrTVZGVWFXNTBPR1Y1UXpsNFVFbExXR0ZxYzJ0cmVUWmlMM2MzY20xV1JEUldZMjQwUjFkMVJrMVZjejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5a2MybG5PbEpsWm1WeVpXNWpaVDQ4TDJSemFXYzZVMmxuYm1Wa1NXNW1iejQ4WkhOcFp6cFRhV2R1WVhSMWNtVldZV3gxWlNCSlpEMGljMmxuYm1GMGRYSmxkbUZzZFdVdE1TMHhJajVLT0ROMFdUUnhUMWhGWVhWNWMxVXhMM1pUZWtzMk1EbDBNRWRKUm5sQlJUZFVkR05LYmpsRmNXZGFXa3RHTmxNMWVVRllURTlzZEhsc1JVdFBZV015TW1zMUsxaHlaRlZ0ZFV0NGFtNHdMekZQWTNwSFJqRTNlR1pYYXpORWFtbHdUMDlqZFVOM2VYQlZTV3BWTW5KVEt6RldkMnhxVUU4NGNIY3hTSGR3VEZaa1JtbFJjVzkzZVU5NFRGTkJlV05VUlV4Ukx6bHhRVTFaTm05UFpscFBiMEZhVTNaVFpXOVJVazVhVFN0YUwyTjZOalZDZUhwdFZrUklkMjgwYmxkemJTOXdVWEpSYmtkblVGQTFORmRNVWpSc1YyOXZWV2xqU1ZkdVEyMW5ZbVV6WVdkUVoybFBNVTlITVV4SWNuTkVNbXBrY0VKeGJITkJjWGR2Y0U1Qk5ta3dXbkE1Y3pFNVNEWk1VbWxsTjBKNE9EUnpSbmxLWlhNMU5qWTFaRkp4WlhoWFpub3ZOVGhaU0ZndmMzWkdOWEpDZUhjMVVHcEtZbGhYYmxKNlptcHpORXM0YzBSeVdsQmFhSEZSU0hwQ1Zub3pTV2M5UFR3dlpITnBaenBUYVdkdVlYUjFjbVZXWVd4MVpUNDhaSE5wWnpwTFpYbEpibVp2UGp4a2MybG5PbGcxTURsRVlYUmhQanhrYzJsbk9sZzFNRGxEWlhKMGFXWnBZMkYwWlQ1TlNVbEdNV3BEUTBKTU5tZEJkMGxDUVdkSlJWRnpNVEpxVkVGT1FtZHJjV2hyYVVjNWR6QkNRVkZ6UmtGRVEwSnZWRVZNVFVGclIwRXhWVVZDWjNkRFVWWlJlRk5FUWtkQ1owNVdRa0Z2VFZBd1JYUldTRW94WXpOUloxSXlWbnBNYVVKdFRHbENWR0ZYVG05YVdFcHZXbGRzTUdNelRqVmpNMUpzWWxkVloyRlhNR2RhVjNoc1lUTlNlVXhwUWtWWldGSnNZbTVhYkdOdGRHeGhTRWxuVWpJeGFWTkVSV3BOUTBWSFFURlZSVU4zZDJGWlV6RjZZVmRrZFV4V1FubGFWekZ3WkZjd2RGWkhWbnBrUXpGVVlWZGpkRTFFU1hoSmVrRm9RbWRPVmtKQlRVMUhiVVYwWXpKc2JtSnBNVkZqYlZaMFlWaFdkRXhXVW14ak0xRjBWVEpzYmt4VVFYbE5RalJZUkZSRk5FMUVXWGhOZWtFMFRsUmpNVTlHYjFoRVZFbDZUVVJaZUUxNlFUUk9WR014VDBadmQxbEVSVXhOUVd0SFFURlZSVUpuZDBOUlZsRjRSbnBCVmtKblRsWkNRVTFOUkdzeGFHVkRRazVrV0U0d1dsaEtkRmxYTlhWTlVrMTNSVkZaUkZaUlVVVkVRWEJPWkZoT01GcFlTblJaVnpWMVRWRjNkME5uV1VSV1VWRnhSRUZPVGxsWVozaEdWRUZVUW1kT1ZrSkJWVTFFUkZWNFRVUmpNVTFFV1RCUFJFMTRUVlJEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUWEo0YWtSM0sxZEplRE16Y1U1aU1sZG9kMDFSYUZGa0wyZEJXbTB5YWpkTFpIaGtZV2R5V1ZBemNqTnJSWGcyZWpaNFEzcFVibnBWWWl0SmJYUkljMUJFVkRZemRXcDRiWGRyTTAwelpsVktNV1J0ZHprMVJFdFlWV1ZGY2toNmVrSTVUVlI0Vml0a1prbHJSVGxQVkUweVpsaGxPVlpNU21aYVkwOXdUa2syVTNCb1JrSk1NMjFZUVVKRFRtRnVaREk0UTB0Vk9WQkhjek15WldaNk0xSlBiVUpHSzJ4TmVuVkJVekJYWVdOWVJFSllUa2xtVjBrNEwyeDBRMkZTVEd0clZIUXhhalpTV1dFeFpHeEVhVlZRY1hOamRpdFBhRE5PZUhrcmVrRlZSVlp2ZVZVdldHRmpiUzh2U0ZodWFuZHdLMEpQV1ZOcVJWVnhOMmhDYnpKdlZHd3ZlU3RPTjJoclJHcEVlRXR0UzFOb09HWkplbXRtZVVSMEszQkNOMnhJTm1wVVlteHdVbmRhYVhWc2VrMU9Ua2RLUm01QmFuZGxTVEl3VDJSbFFrVjBlR3RsWnpaVFRteHJNRTVIYVRKS2F6TnpRMEYzUlVGQllVOURRV3hSZDJkblNsRk5TVWRFUW1kbmNrSm5SVVpDVVdOQ1FWRlNNMDFJVlhkU1VWbEpTM2RaUWtKUlZVaE5RVXRIVDFkb01HUklRVFpNZVRrelpETmpkVmxUTVRCamJsWjZaRU0xYUdSRE9XcGFXRW93WTNrNWFFeFlUbkJhTWpSMFkwaEtiR0pYYkRGaVV6RjBZakpLY0dKSFZYUk5SRTVvVEcxT2VXUkVRWE5DWjJkeVFtZEZSa0pSWTNkQldWbG5ZVWhTTUdORWIzWk1NamxxWXpOQmRHUkhWbnBrUXpWb1RGaFNlV1JZVGpCTWJVWXdUREk1YW1NelFYZEZkMWxFVmxJd2FrSkJkM2REYjBGSlVtZGhabXByUjA5R1lqQjNZMmRaU1V0M1dVSkNVVlZJUVZGTlJWcHFRbXROUVc5SFEwTnpSMEZSVlVaQ2QzTkRUVUZuUjBKblVVRnFhMWxDUVZSQlNVSm5XVVZCU1RWSFFWRlJkMFYzV1VkQ1FVTlBVbWRGUjAxQmEwZENkMUZCYW10WlFrSm5SWGRNVVZsSFFrRkRUMUpuUlVaTlEwMTNTVkpaWW1GSVVqQmpTRTAyVEhrNU0yUXpZM1ZaVXpFd1kyNVdlbVJETldoa1F6bDNXa2hOZGtWM1NrWlVha0ZTUW1kT1ZraFJORVZEWjFGSlVqWjRPRVZqYzNGUGVITjNSR2RaUkZaU01GQkJVVWd2UWtGUlJFRm5Za0ZOUVd0SFFURlZaRVYzVVVOTlFVRjNXVUZaUkZaU01HZENSbXQzVm5wQlNVSm5XVVZCU1hOM1FWRkZkMU4zV1VkTGFXZEJSVkZGVlUxRlJYZFFkMWxKUzNkWlFrSlJWVWhCWjBWWFRUSm9NR1JJUVRaTWVUa3paRE5qZFZsVE1UQmpibFo2WkVNMWFHUkRPV3RpTWs1NlRESk9kMHd5UlhSak1teHVZbWt4ZDJOdFZuUmhXRlowVEZjeGRsbHRiSE5hVkVOQ2NtZFpSRlpTTUdaQ1NVZHRUVWxIYWsxSlIyZHZTVWRrYjBsSFlXaHZSMWhpUjFKb1kwUnZka3d5ZUd0WldFRjBaRWRXZW1SRE5XaE1XRko1WkZoT01FeHRSakJNTWpreFVGZEZkR015Ykc1aWFURlJZMjFXZEdGWVZuUk1WbEpzWXpOUmRGVXliRzVNVkVGNVNVTm9WRk5GUlhSTmFsVXlTMU40ZGxCVlJYUldTRW94WXpOUmMxbDZNVUpXUkRscVdsaEtNR0ZYV25CWk1rWXdXbGhLYkdSdE9XcFpXRkp3WWpJMWMyRllUakJRTWtwb1l6SlZMMkl5U25GYVYwNHdXVEo0YUdNelRUbGFWMnhyVVRKV2VXUkhiRzFoVjA1b1pFZHNkbUpyUmpGa1IyaDJZMjFzTUdWVVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGTk1GQkVMekl6U20xUE16Wk5Uazk1SzNwYVFpOVVUSE5oUmpjNE1HMXRUMHRxY0dzeFdITllRWHBWVGt0YU5sTnlkQ3R0TUhVcksybFhiemxNT0VoR0wyeHllRk5FT0VkWVNtTkVURmxYUm1aNE56QnlORW81ZDFVNFN6ZHdSRWt4YmpsRmNXSkJjekJTSzNaWlZtNU1OVlZXVUM5MVZWRmxkekpYYkhBMU9GQkdjR2RCV0N0VUwxTkZNR05sWlV0NVRUaFlSVzVZVTNwbFRpOUZVM1JzUml0S1EyRkJPSFZ0Y1dwdFJFVnVZV1V6Y1hWeFUxVnNLMHhsYTFCVk9HazRSME56YmpVNWRYaDBibFZ1ZUVsTlMzY3paR2N2TjBRM1dUaE1ObFoxTkU1WE5FeGpiemRtYVRsRGNtRklRelJTVEV4MFpIaFliSFpQZGxGcFJWbHZSU3Q1TVRkbk1Ia3ZRemhPTkVSelkyaGFhWHBaZDNBd2NFOVNUMkpqWmt0V1RuQndWWFZMZFhOTmFIUnRVMnBzTUZaeEx5OWhkamhVVlhGU2NEVkdlalpYWTNwMFVFZEhVM2N3Um1WbGRsVkxSRzlETDBFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2s5aWFtVmpkQ0JKWkQwaVpYUnphUzF6YVdkdVpXUXRNUzB4SWo0OFpYUnphVHBSZFdGc2FXWjVhVzVuVUhKdmNHVnlkR2xsY3lCNGJXeHVjenBsZEhOcFBTSm9kSFJ3T2k4dmRYSnBMbVYwYzJrdWIzSm5MekF4T1RBekwzWXhMak11TWlNaUlGUmhjbWRsZEQwaUkzTnBaMjVoZEhWeVpTMHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGQnliM0JsY25ScFpYTWdTV1E5SW1WMGMya3RjMmxuYm1Wa2NISnZjR1Z5ZEdsbGN5MHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGTnBaMjVoZEhWeVpWQnliM0JsY25ScFpYTStQR1YwYzJrNlUybG5ibWx1WjFScGJXVStNakF4T0Mwd05pMHhNMVF4TlRvME5qb3dPVm84TDJWMGMyazZVMmxuYm1sdVoxUnBiV1UrUEdWMGMyazZVMmxuYm1sdVowTmxjblJwWm1sallYUmxQanhsZEhOcE9rTmxjblErUEdWMGMyazZRMlZ5ZEVScFoyVnpkRDQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrYW1WQmJFcHdTVEZIWkV0WlVXMVNOM1pRY25KVWNrZFdPVWRNT1M5MVdXeExNM0JyU1ROUWVtNHpiejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5bGRITnBPa05sY25SRWFXZGxjM1ErUEdWMGMyazZTWE56ZFdWeVUyVnlhV0ZzUGp4a2MybG5PbGcxTURsSmMzTjFaWEpPWVcxbFBrTk9QV0V0YzJsbmJpMVFjbVZ0YVhWdExWUmxjM1F0VTJsbkxUQXlMRTlWUFdFdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TEU4OVFTMVVjblZ6ZENCSFpYTXVJR1l1SUZOcFkyaGxjbWhsYVhSemMzbHpkR1Z0WlNCcGJTQmxiR1ZyZEhJdUlFUmhkR1Z1ZG1WeWEyVm9jaUJIYldKSUxFTTlRVlE4TDJSemFXYzZXRFV3T1VsemMzVmxjazVoYldVK1BHUnphV2M2V0RVd09WTmxjbWxoYkU1MWJXSmxjajR4TVRJd056WXhORGcxUEM5a2MybG5PbGcxTURsVFpYSnBZV3hPZFcxaVpYSStQQzlsZEhOcE9rbHpjM1ZsY2xObGNtbGhiRDQ4TDJWMGMyazZRMlZ5ZEQ0OEwyVjBjMms2VTJsbmJtbHVaME5sY25ScFptbGpZWFJsUGp4bGRITnBPbE5wWjI1aGRIVnlaVkJ2YkdsamVVbGtaVzUwYVdacFpYSStQR1YwYzJrNlUybG5ibUYwZFhKbFVHOXNhV041U1cxd2JHbGxaQ0F2UGp3dlpYUnphVHBUYVdkdVlYUjFjbVZRYjJ4cFkzbEpaR1Z1ZEdsbWFXVnlQand2WlhSemFUcFRhV2R1WldSVGFXZHVZWFIxY21WUWNtOXdaWEowYVdWelBqeGxkSE5wT2xOcFoyNWxaRVJoZEdGUFltcGxZM1JRY205d1pYSjBhV1Z6UGp4bGRITnBPa1JoZEdGUFltcGxZM1JHYjNKdFlYUWdUMkpxWldOMFVtVm1aWEpsYm1ObFBTSWpjbVZtWlhKbGJtTmxMVEV0TVNJK1BHVjBjMms2VFdsdFpWUjVjR1UrWVhCd2JHbGpZWFJwYjI0dmVHaDBiV3dyZUcxc1BDOWxkSE5wT2sxcGJXVlVlWEJsUGp3dlpYUnphVHBFWVhSaFQySnFaV04wUm05eWJXRjBQand2WlhSemFUcFRhV2R1WldSRVlYUmhUMkpxWldOMFVISnZjR1Z5ZEdsbGN6NDhMMlYwYzJrNlUybG5ibVZrVUhKdmNHVnlkR2xsY3o0OEwyVjBjMms2VVhWaGJHbG1lV2x1WjFCeWIzQmxjblJwWlhNK1BDOWtjMmxuT2s5aWFtVmpkRDQ4TDJSemFXYzZVMmxuYm1GMGRYSmxQanh6WVcxc01qcERiMjVrYVhScGIyNXpJRTV2ZEVKbFptOXlaVDBpTWpBeE9DMHdOaTB4TTFReE56bzBOam93T1Nzd01qb3dNQ0lnVG05MFQyNVBja0ZtZEdWeVBTSXlNREU0TFRBMkxURXpWREU0T2pBeE9qQTVLekF5T2pBd0lqNDhjMkZ0YkRJNlFYVmthV1Z1WTJWU1pYTjBjbWxqZEdsdmJqNDhjMkZ0YkRJNlFYVmthV1Z1WTJVK2FIUjBjSE02THk5bGFXUXVaM1l1WVhRdmJXOWhMV2xrTFdGMWRHZ3ZjMnd5TUM5a1lYUmhWWEpzUDNCbGJtUnBibWRwWkQwME9UYzFOelUxTXpjNE16azBNRFF4TkRnMlBDOXpZVzFzTWpwQmRXUnBaVzVqWlQ0OEwzTmhiV3d5T2tGMVpHbGxibU5sVW1WemRISnBZM1JwYjI0K1BDOXpZVzFzTWpwRGIyNWthWFJwYjI1elBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbEJXVUMxV1JWSlRTVTlPSWlCT1lXMWxQU0oxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eE1DSWdUbUZ0WlVadmNtMWhkRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T21GMGRISnVZVzFsTFdadmNtMWhkRHAxY21raVBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0I0Yld4dWN6cDRjMms5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01ERXZXRTFNVTJOb1pXMWhMV2x1YzNSaGJtTmxJaUI0YzJrNmRIbHdaVDBpZUhNNmMzUnlhVzVuSWo0eUxqRThMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsUGp3dmMyRnRiREk2UVhSMGNtbGlkWFJsUGp4ellXMXNNanBCZEhSeWFXSjFkR1VnUm5KcFpXNWtiSGxPWVcxbFBTSlFVa2xPUTBsUVFVd3RUa0ZOUlNJZ1RtRnRaVDBpZFhKdU9tOXBaRG94TGpJdU5EQXVNQzR4TUM0eUxqRXVNUzR5TmpFdU1qQWlJRTVoYldWR2IzSnRZWFE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaGRIUnlibUZ0WlMxbWIzSnRZWFE2ZFhKcElqNDhjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VnZUcxc2JuTTZlSE5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0lnZUhOcE9uUjVjR1U5SW5oek9uTjBjbWx1WnlJK1RYVnpkR1Z5YldGdWJqd3ZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1UrUEM5ellXMXNNanBCZEhSeWFXSjFkR1UrUEhOaGJXd3lPa0YwZEhKcFluVjBaU0JHY21sbGJtUnNlVTVoYldVOUlrZEpWa1ZPTFU1QlRVVWlJRTVoYldVOUluVnlianB2YVdRNk1pNDFMalF1TkRJaUlFNWhiV1ZHYjNKdFlYUTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoZEhSeWJtRnRaUzFtYjNKdFlYUTZkWEpwSWo0OGMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVWdlRzFzYm5NNmVITnBQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEwxaE5URk5qYUdWdFlTMXBibk4wWVc1alpTSWdlSE5wT25SNWNHVTlJbmh6T25OMGNtbHVaeUkrVFdGNFBDOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaVDQ4TDNOaGJXd3lPa0YwZEhKcFluVjBaVDQ4YzJGdGJESTZRWFIwY21saWRYUmxJRVp5YVdWdVpHeDVUbUZ0WlQwaVFrbFNWRWhFUVZSRklpQk9ZVzFsUFNKMWNtNDZiMmxrT2pFdU1pNDBNQzR3TGpFd0xqSXVNUzR4TGpVMUlpQk9ZVzFsUm05eWJXRjBQU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WVhSMGNtNWhiV1V0Wm05eWJXRjBPblZ5YVNJK1BITmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxJSGh0Ykc1ek9uaHphVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOVlUVXhUWTJobGJXRXRhVzV6ZEdGdVkyVWlJSGh6YVRwMGVYQmxQU0o0Y3pwemRISnBibWNpUGpFNU5EQXRNREV0TURFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Vlc1cGNYVmxTV1FpSUU1aGJXVTlJbWgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FpSUU1aGJXVkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcGhkSFJ5Ym1GdFpTMW1iM0p0WVhRNmRYSnBJajQ4YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVZ2VHMXNibk02ZUhOcFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4TDFoTlRGTmphR1Z0WVMxcGJuTjBZVzVqWlNJZ2VITnBPblI1Y0dVOUluaHpPbk4wY21sdVp5SSthSFIwY0hNNkx5OWlhVzVrYVc1bkxtOWxjM1JsY25KbGFXTm9MbWQyTG1GMEwyRjFkR2d2YzNBdlRXVjBZV1JoZEdFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Um5KcFpXNWtiSGxPWVcxbElpQk9ZVzFsUFNKb2RIUndPaTh2Wldsa0xtZDJMbUYwTDJWSlJDOWhkSFJ5YVdKMWRHVnpMMU5sY25acFkyVlFjbTkyYVdSbGNrWnlhV1Z1Wkd4NVRtRnRaU0lnVG1GdFpVWnZjbTFoZEQwaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRjBkSEp1WVcxbExXWnZjbTFoZERwMWNta2lQanh6WVcxc01qcEJkSFJ5YVdKMWRHVldZV3gxWlNCNGJXeHVjenA0YzJrOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREV2V0UxTVUyTm9aVzFoTFdsdWMzUmhibU5sSWlCNGMyazZkSGx3WlQwaWVITTZjM1J5YVc1bklqNUNhVzVrYVc1bklGTmxjblpwWTJVZ1pzTzhjaUJ2WlM1bmRpNWhkRHd2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzTWpwQmRIUnlhV0oxZEdVK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbE5sY25acFkyVlFjbTkyYVdSbGNpMURiM1Z1ZEhKNVEyOWtaU0lnVG1GdFpUMGlhSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpEYjNWdWRISjVRMjlrWlNJZ1RtRnRaVVp2Y20xaGREMGlkWEp1T205aGMybHpPbTVoYldWek9uUmpPbE5CVFV3Nk1pNHdPbUYwZEhKdVlXMWxMV1p2Y20xaGREcDFjbWtpUGp4ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTQjRiV3h1Y3pwNGMyazlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURFdldFMU1VMk5vWlcxaExXbHVjM1JoYm1ObElpQjRjMms2ZEhsd1pUMGllSE02YzNSeWFXNW5JajVCVkR3dmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUStQQzl6WVcxc01qcEJjM05sY25ScGIyNCsiDQogIH0NCn0.WgPyI2KiVzp2DzbC6AfbDlQbXEYk-hL78-bfzj_b_IXwyHmuENwHA8MslDHOe1bYd3mlSTnoAUE20igmXM6gnFOe4pQes2i5d8YAnYRspbwhj86sn5_vMyGfHtBsApP3MqjcSHL24vo6DHqKYqN85FMGq6GnPub9HGbeIgMAvECuH0ZCqY5MDWj4FI2OA5Jrn2fyBY1CebF5NdTSUeBJMjG_q-cpTnWmkcELKXTNJg9ihkHR8FkBjt8xh2YWh9Opk_0RrUIZI5U9YC4Xc-Hgj7C7YplA4Pr0_SUHdqH_86xF7GcMMuC5Bs8EU22lejxhxwz0BzPPg2Ws0LJ8RGAm0A" } \ No newline at end of file -- cgit v1.2.3 From fc41c6901072a2711f577b96c38f894798ce7a31 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Thu, 14 Jun 2018 07:31:14 +0200 Subject: fix problem in Exception handling --- .../auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java | 3 +-- .../id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java | 4 +++- .../id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java | 2 +- .../test/resources/moaspss_config/MOASPSSConfiguration.xml | 6 +++++- .../moaspss_config/profiles/SL20_authblock_v1.0_own.xml | 11 +++++++++++ 5 files changed, 21 insertions(+), 5 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index cc74bb11a..f2a93e3ed 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -13,7 +13,6 @@ import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants; -import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SL20eIDDataValidationException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.verifier.QualifiedeIDVerifier; import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; @@ -79,7 +78,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //TODO: add LoA verification - } catch (SL20eIDDataValidationException e) { + } catch (MOAIDException e) { if (authConfig.getBasicMOAIDConfigurationBoolean(Constants.CONFIG_PROP_DISABLE_EID_VALIDATION, false)) { Logger.warn("SL20 eID data validation IS DISABLED!!"); Logger.warn("SL20 eID data IS NOT VALID!!! Reason: " + e.getMessage(), e); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java index ceff0e516..419142c7d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_OwnTest.java @@ -5,8 +5,10 @@ import java.io.InputStreamReader; import org.apache.commons.io.IOUtils; import org.junit.Before; +import org.junit.runner.RunWith; import org.opensaml.xml.ConfigurationException; import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -15,7 +17,7 @@ import com.google.gson.JsonParser; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.exceptions.SLCommandoParserException; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUtils; -//@RunWith(SpringJUnit4ClassRunner.class) +@RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/SpringTest-context.xml" }) public class EIDDataVerifier_OwnTest extends eIDDataVerifierTest { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index 31275e492..d50b31363 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -91,7 +91,7 @@ public class DummyAuthConfig implements AuthConfiguration { @Override public String getBasicMOAIDConfiguration(String key) { if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID.equals(key)) - return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC"; + return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key)) return "/src/test/resources/sl20.jks"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml index 6cd4db122..0840ecd94 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/MOASPSSConfiguration.xml @@ -81,6 +81,10 @@ SL20Authblock_v1.0_SIC profiles/SL20_authblock_v1.0_SIC.xml - + + + SL20Authblock_v1.0_OWN + profiles/SL20_authblock_v1.0_own.xml + diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml new file mode 100644 index 000000000..517f6437c --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/moaspss_config/profiles/SL20_authblock_v1.0_own.xml @@ -0,0 +1,11 @@ + + Signatur der Anmeldedaten

Anmeldedaten:

Daten zur Person

Vorname:
Nachname:
Geburtsdatum:
Vollmacht: Ich melde mich in Vertretung an. Im nächsten Schritt wird mir eine Liste der für mich verfügbaren Vertretungsverhältnisse angezeigt, aus denen ich eines auswählen werde.

Daten zur Anwendung

Identifikator:
Name:
Staat:

Technische Parameter

Datum:..
Uhrzeit:::
TransaktionsTokken:
+ Vollmachten-Referenz:
+ + -- cgit v1.2.3 From 55f71502a0b62624d5ebc0e4aa749b3f5d5a0bf2 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Fri, 15 Jun 2018 13:33:59 +0200 Subject: Add operation identifier for signature validation step --- .../moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java | 2 +- .../src/main/resources/resources/properties/id_messages_de.properties | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'id') diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java index 407454c2a..cc26b8b6e 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/validator/VerifyXMLSignatureResponseValidator.java @@ -118,7 +118,7 @@ public class VerifyXMLSignatureResponseValidator { throws ValidateException, ConfigurationException { if (verifyXMLSignatureResponse.getSignatureCheckCode() != 0) - throw new ValidateException("validator.06", null); + throw new ValidateException("validator.06", new Object[] {whatToCheck}); if (verifyXMLSignatureResponse.getCertificateCheckCode() != 0) { String checkFailedReason =""; diff --git a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties index 799b32025..49ef8220d 100644 --- a/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties +++ b/id/server/idserverlib/src/main/resources/resources/properties/id_messages_de.properties @@ -154,7 +154,7 @@ validator.03=Der Namespace eines \u00F6ffentlicher Schl\u00FCssels ist ung\u00FC validator.04=Es wurde ein SAML\:Attribut ohne \u00F6ffentlichen Schl\u00FCssel gefunden {0} validator.05=Es wurde {0} keine DSIG:Signature gefunden -validator.06=Die Signatur ist ung\u00FCltig +validator.06=Die Signatur ist ung\u00FCltig. Operation: {0} validator.07=Das Zertifikat der Personenbindung ist ung\u00FCltig.
{0} validator.08=Das Manifest ist ung\u00FCltig validator.09=Die \u00F6ffentlichen Schl\u00FCssel des Identitiy Link stimmen nicht mit dem retournierten Zertifikat \u00FCberein -- cgit v1.2.3 From 30e324851d67bd900471457e3c30a19b4073ec77 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 25 Jun 2018 13:22:20 +0200 Subject: add SP specific configuration for SL2.0 --- .../data/oa/OAAuthenticationData.java | 55 +++++++++++++++- .../oa/OAAuthenticationDataValidation.java | 61 ++++++++++++++++- .../resources/applicationResources_de.properties | 8 +++ .../resources/applicationResources_en.properties | 8 +++ .../main/webapp/jsp/snippets/OA/authentication.jsp | 21 ++++++ .../ServicesAuthenticationInformationTask.java | 76 ++++++++++++++++++++++ .../moa/id/moduls/AuthenticationManager.java | 4 +- .../moa/id/commons/MOAIDAuthConstants.java | 1 + .../moa/id/commons/api/IOAAuthParameters.java | 3 +- .../config/ConfigurationMigrationUtils.java | 24 +++++++ .../config/MOAIDConfigurationConstants.java | 3 + .../db/dao/config/deprecated/AuthComponentOA.java | 38 ++++++++--- .../moa/id/commons/utils/KeyValueUtils.java | 26 ++++++++ .../moa/id/auth/modules/sl20_auth/Constants.java | 5 +- .../sl20_auth/SL20AuthenticationModulImpl.java | 43 +++++++++--- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 37 +++++------ 16 files changed, 366 insertions(+), 47 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index ad99f5d22..2f51e68b4 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -85,6 +85,11 @@ public class OAAuthenticationData implements IOnlineApplicationData { private boolean useTestIDLValidationTrustStore = false; private boolean useTestAuthblockValidationTrustStore = false; + + //SL2.0 + private boolean sl20Active = false; + private String sl20EndPoints = null; + /** * */ @@ -253,6 +258,29 @@ public class OAAuthenticationData implements IOnlineApplicationData { useTestIDLValidationTrustStore = oaauth.getTestCredentials().isUseTestIDLTrustStore(); } + //parse SL2.0 information + if (oaauth.isSl20Active()) { + //parse SL2.0 endpoint information + if (oaauth.getSl20EndPoints() != null) { + if (KeyValueUtils.isCSVValueString(oaauth.getSl20EndPoints())) + sl20EndPoints = KeyValueUtils.normalizeCSVValueString(oaauth.getSl20EndPoints()); + + else { + if (oaauth.getSl20EndPoints().contains(KeyValueUtils.CSV_DELIMITER)) { + //remove trailing comma if exist + sl20EndPoints = oaauth.getSl20EndPoints().substring(0, + oaauth.getSl20EndPoints().indexOf(KeyValueUtils.CSV_DELIMITER)); + + } else + sl20EndPoints = oaauth.getSl20EndPoints(); + + } + } + sl20Active = oaauth.isSl20Active(); + + } + + return null; } @@ -392,7 +420,10 @@ public class OAAuthenticationData implements IOnlineApplicationData { testing.setUseTestIDLTrustStore(useTestIDLValidationTrustStore); - + //store SL2.0 information + authoa.setSl20Active(isSl20Active()); + authoa.setSl20EndPoints(getSl20EndPoints()); + return null; } @@ -768,6 +799,28 @@ public class OAAuthenticationData implements IOnlineApplicationData { public List getSzrgwServicesList() { return szrgwServicesList; } + + + public boolean isSl20Active() { + return sl20Active; + } + + public void setSl20Active(boolean sl20Active) { + this.sl20Active = sl20Active; + } + + public String getSl20EndPoints() { + return sl20EndPoints; + } + + public void setSl20EndPoints(String sl20EndPoints) { + if (MiscUtil.isNotEmpty(sl20EndPoints)) + this.sl20EndPoints = + KeyValueUtils.removeAllNewlineFromString(sl20EndPoints); + else + this.sl20EndPoints = sl20EndPoints; + } + } diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java index a758088b1..32ef4a6cc 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/oa/OAAuthenticationDataValidation.java @@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletRequest; import org.apache.log4j.Logger; import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.commons.validation.ValidationHelper; import at.gv.egovernment.moa.id.configuration.data.oa.OAAuthenticationData; import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper; @@ -187,7 +188,65 @@ public class OAAuthenticationDataValidation { } - + + if (form.isSl20Active()) { + if (MiscUtil.isNotEmpty(form.getSl20EndPoints())) { + log.debug("Validate SL2.0 configuration ... "); + List sl20Endpoints = KeyValueUtils.getListOfCSVValues(form.getSl20EndPoints()); + if (sl20Endpoints.size() == 1) { + String value = sl20Endpoints.get(0); + + if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + value + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] {value}, request )); + + } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) { + log.info("Find one SL2.0 endpoint without 'default='. Start update ... "); + form.setSl20EndPoints(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); + + } + + } else { + boolean findDefault = false; + for (String el : sl20Endpoints) { + if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] {el}, request )); + + } else { + if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { + log.debug("Find default endpoint."); + findDefault = true; + + } else { + String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; + try { + Integer.valueOf(firstPart); + + } catch (NumberFormatException e) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", + new Object[] {el}, request )); + + } + } + } + } + + if (!findDefault) { + log.warn("SL2.0 endpoints contains NO default endpoint"); + errors.add(LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", + new Object[] {}, request )); + + } + } + } + } + return errors; } } diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties index 2006625ff..047d4b200 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_de.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_de.properties @@ -562,3 +562,11 @@ validation.general.form.appletredirecttarget=Der RedirectTarget beinhaltet einen validation.general.form.fonttype=Der BKU-Auswahl Schrifttyp enth\u00E4lt nicht erlaubte Zeichen. Folgende Zeichen sind nicht erlaubt\: {0} validation.general.form.applet.width=Die Appleth\u00F6he ist keine g\\u00FCltige Zahl. validation.general.form.applet.height=Die Appletbreite ist keine g\\u00FCltige Zahl. + + +###new +webpages.oaconfig.general.sl20.header=Security Layer für mobile Authententifizierung +webpages.oaconfig.general.sl20.enable=SL2.0 aktivieren +webpages.oaconfig.general.sl20.endpoints=VDA Endpunkt URLs +validation.general.sl20.endpoints.default=SL2.0 Endpunkt beinhaltet keinen 'default' Endpunkt. +validation.general.sl20.endpoints.wrong=SL2.0 Endpunkt ist ung\\u00FCltig formatiert {0}. diff --git a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties index 694294df7..43fa0f3ae 100644 --- a/id/ConfigWebTool/src/main/resources/applicationResources_en.properties +++ b/id/ConfigWebTool/src/main/resources/applicationResources_en.properties @@ -559,3 +559,11 @@ validation.general.form.appletredirecttarget=RedirectTarget contains invalud val validation.general.form.fonttype=Font type for CCE selection contains forbidden characters. The following characters are not allowed\: {0} validation.general.form.applet.width=The height of applet is invalid number. validation.general.form.applet.height=The width of applet is invalid number. + + +###new +webpages.oaconfig.general.sl20.header=Security Layer for mobile Authentication +webpages.oaconfig.general.sl20.enable=Activate SL2.0 +webpages.oaconfig.general.sl20.endpoints=VDA endPoint URLs +validation.general.sl20.endpoints.default=SL2.0 endpoint contains NO 'default'. +validation.general.sl20.endpoints.wrong=SL2.0 endpoint {0} is not valid. \ No newline at end of file diff --git a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp index 59661091b..d2668e264 100644 --- a/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp +++ b/id/ConfigWebTool/src/main/webapp/jsp/snippets/OA/authentication.jsp @@ -67,6 +67,27 @@ +
+

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.sl20.header", request) %>

+ + + + + +
+ +

<%=LanguageHelper.getGUIString("webpages.oaconfig.general.testing.header", request) %>

diff --git a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java index 25855dcb6..956d07c44 100644 --- a/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java +++ b/id/moa-id-webgui/src/main/java/at/gv/egovernment/moa/id/config/webgui/validation/task/impl/ServicesAuthenticationInformationTask.java @@ -279,6 +279,82 @@ public class ServicesAuthenticationInformationTask extends AbstractTaskValidator LanguageHelper.getErrorString("validation.general.szrgw.url.valid", new Object[]{check}))); } + + + + + + check = input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); + if (input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED) != null && + Boolean.valueOf(input.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) { + if (MiscUtil.isNotEmpty(check)) { + log.debug("Validate SL2.0 configuration ... "); + List sl20Endpoints = KeyValueUtils.getListOfCSVValues(check); + if (sl20Endpoints.size() == 1) { + String value = sl20Endpoints.get(0); + + if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + value.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + value + "' has wrong format"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, + "SL2.0 - EndPoint URLs", + LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{value}))); + + } else if (!value.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER) && + !value.contains(KeyValueUtils.KEYVVALUEDELIMITER) ) { + log.info("Find one SL2.0 endpoint without 'default='. Start updateing ... "); + sl20Endpoints.remove(0); + sl20Endpoints.add(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER + value); + + } + + } else { + boolean findDefault = false; + for (String el : sl20Endpoints) { + if (!el.contains(KeyValueUtils.KEYVVALUEDELIMITER)) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, + "SL2.0 - EndPoint URLs", + LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el}))); + + } else { + if (el.startsWith(KeyValueUtils.DEFAULT_VALUE + KeyValueUtils.KEYVVALUEDELIMITER)) { + log.debug("Find default endpoint."); + findDefault = true; + + } else { + String firstPart = el.split(KeyValueUtils.KEYVVALUEDELIMITER)[0]; + try { + Integer.valueOf(firstPart); + + } catch (NumberFormatException e) { + log.warn("SL2.0 endpoint '" + el + "' has wrong format", e); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, + "SL2.0 - EndPoint URLs", + LanguageHelper.getErrorString("validation.general.sl20.endpoints.wrong", new Object[]{el}))); + + } + } + } + } + + if (!findDefault) { + log.warn("SL2.0 endpoints contains NO default endpoint"); + errors.add(new ValidationObjectIdentifier( + MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, + "SL2.0 - EndPoint URLs", + LanguageHelper.getErrorString("validation.general.sl20.endpoints.default", new Object[]{}))); + + } + } + } + } + + + if (!errors.isEmpty()) throw new ConfigurationTaskValidationException(errors); diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java index e093ce1e2..db0170e54 100644 --- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java +++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java @@ -476,7 +476,9 @@ public class AuthenticationManager extends MOAIDAuthConstants { try { //put pending-request ID on execurtionContext executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, pendingReq.getRequestID()); - + executionContext.put(MOAIDAuthConstants.PROCESSCONTEXT_SP_CONFIG, pendingReq.getOnlineApplicationConfiguration()); + + // create process instance String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java index 6f6735d48..58f930590 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/MOAIDAuthConstants.java @@ -190,6 +190,7 @@ public class MOAIDAuthConstants extends MOAIDConstants{ public static final String PROCESSCONTEXT_ISLEGACYREQUEST = "isLegacyRequest"; public static final String PROCESSCONTEXT_UNIQUE_OA_IDENTFIER = "uniqueSPId"; public static final String PROCESSCONTEXT_SSL_CLIENT_CERTIFICATE = MOASESSION_DATA_HOLDEROFKEY_CERTIFICATE; + public static final String PROCESSCONTEXT_SP_CONFIG = "spConfig"; //General protocol-request data-store keys public static final String AUTHPROCESS_DATA_SECURITYLAYERTEMPLATE = "authProces_SecurityLayerTemplate"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java index 332764edf..4e697f099 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/api/IOAAuthParameters.java @@ -22,6 +22,7 @@ */ package at.gv.egovernment.moa.id.commons.api; +import java.io.Serializable; import java.security.PrivateKey; import java.util.Collection; import java.util.List; @@ -37,7 +38,7 @@ import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException; * @author tlenz * */ -public interface IOAAuthParameters { +public interface IOAAuthParameters extends Serializable{ public static final String CONFIG_KEY_RESTRICTIONS_BASEID_INTERNAL = "configuration.restrictions.baseID.idpProcessing"; public static final String CONFIG_KEY_RESTRICTIONS_BASEID_TRANSMISSION = "configuration.restrictions.baseID.spTransmission"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java index 48d64225c..f42c1eb69 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/ConfigurationMigrationUtils.java @@ -181,12 +181,26 @@ public class ConfigurationMigrationUtils { else result.put(MOAIDConfigurationConstants.SERVICE_AUTH_TARGET_FOREIGN, StringUtils.EMPTY); + //convert selected SZR-GW service if (MiscUtil.isNotEmpty(oa.getSelectedSZRGWServiceURL())) result.put(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL, oa.getSelectedSZRGWServiceURL()); AuthComponentOA oaauth = oa.getAuthComponentOA(); if (oaauth != null) { + + //convert SL20 infos + if (oaauth.isSl20Active() != null) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, oaauth.isSl20Active().toString()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED, Boolean.FALSE.toString()); + + if (MiscUtil.isNotEmpty(oaauth.getSl20EndPoints())) + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, oaauth.getSl20EndPoints()); + else + result.put(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS, StringUtils.EMPTY); + + //convert business identifier IdentificationNumber idnumber = oaauth.getIdentificationNumber(); @@ -777,6 +791,16 @@ public class ConfigurationMigrationUtils { } + //set SL20 things + if (MiscUtil.isNotEmpty(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) + authoa.setSl20Active(Boolean.valueOf(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))); + else + authoa.setSl20Active(false); + + authoa.setSl20EndPoints(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS)); + + + dbOA.setSelectedSZRGWServiceURL(oa.get(MOAIDConfigurationConstants.SERVICE_EXTERNAL_SZRGW_SERVICE_URL)); dbOA.setMandateServiceSelectionTemplateURL(oa.get(MOAIDConfigurationConstants.SERVICE_AUTH_TEMPLATES_ELGAMANDATESERVICESELECTION_URL)); diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java index 8b52e4e0c..9d5553277 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/config/MOAIDConfigurationConstants.java @@ -84,6 +84,9 @@ public final class MOAIDConfigurationConstants extends MOAIDConstants { public static final String SERVICE_AUTH_BKU_AUTHBLOCKTEXT = AUTH + ".authblock.additionaltext"; public static final String SERVICE_AUTH_BKU_AUTHBLOCK_REMOVEBPK = AUTH + ".authblock.removebPK"; + public static final String SERVICE_AUTH_SL20_ENABLED = AUTH + ".sl20.enabled"; + public static final String SERVICE_AUTH_SL20_ENDPOINTS = AUTH + ".sl20.endpoints"; + private static final String SERVICE_AUTH_TEMPLATES = AUTH + "." + TEMPLATES; public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_DATA = SERVICE_AUTH_TEMPLATES + ".bkuselection.data"; public static final String SERVICE_AUTH_TEMPLATES_BKUSELECTION_PREVIEW = SERVICE_AUTH_TEMPLATES + ".bkuselection.preview"; diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java index 04efb0afe..852df16e6 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/db/dao/config/deprecated/AuthComponentOA.java @@ -11,23 +11,17 @@ package at.gv.egovernment.moa.id.commons.db.dao.config.deprecated; import java.io.Serializable; import java.util.ArrayList; import java.util.List; + import javax.persistence.CascadeType; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Inheritance; -import javax.persistence.InheritanceType; -import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.OneToMany; -import javax.persistence.Table; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlTransient; import javax.xml.bind.annotation.XmlType; + import org.jvnet.jaxb2_commons.lang.Equals; import org.jvnet.jaxb2_commons.lang.EqualsStrategy; import org.jvnet.jaxb2_commons.lang.HashCode; @@ -162,6 +156,13 @@ public class AuthComponentOA @XmlAttribute(name = "Hjid") protected Long hjid; + + @XmlTransient + protected Boolean sl20Active; + @XmlTransient + protected String sl20EndPoints; + + /** * Gets the value of the bkuurls property. * @@ -522,11 +523,28 @@ public class AuthComponentOA + public Long getHjid() { return hjid; } - /** + public Boolean isSl20Active() { + return sl20Active; + } + + public void setSl20Active(Boolean sl20Active) { + this.sl20Active = sl20Active; + } + + public String getSl20EndPoints() { + return sl20EndPoints; + } + + public void setSl20EndPoints(String sl20EndPoints) { + this.sl20EndPoints = sl20EndPoints; + } + + /** * Sets the value of the hjid property. * * @param value diff --git a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java index 40ef5a23a..a206c9125 100644 --- a/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java +++ b/id/server/moa-id-commons/src/main/java/at/gv/egovernment/moa/id/commons/utils/KeyValueUtils.java @@ -34,6 +34,7 @@ import java.util.Set; import org.apache.commons.lang3.StringUtils; +import at.gv.egovernment.moa.logging.Logger; import at.gv.egovernment.moa.util.MiscUtil; /** @@ -44,6 +45,8 @@ public class KeyValueUtils { public static final String KEY_DELIMITER = "."; public static final String CSV_DELIMITER = ","; + public static final String KEYVVALUEDELIMITER = "="; + public static final String DEFAULT_VALUE = "default"; /** * Convert Java properties into a Map @@ -327,6 +330,29 @@ public class KeyValueUtils { return list; } + /** + * Convert a List of String elements to a Map of Key/Value pairs + *
+ * Every List element used as a key/value pair and the '=' sign represents the delimiter between key and value + * + * @param elements List of key/value elements + * @return Map of Key / Value pairs, but never null + */ + public static Map convertListToMap(List elements) { + Map map = new HashMap(); + for (String el : elements) { + if (el.contains(KEYVVALUEDELIMITER)) { + String[] split = el.split(KEYVVALUEDELIMITER); + map.put(split[0], split[1]); + + } else + Logger.debug("Key/Value Mapper: '" + el + "' contains NO '='. Ignore it."); + + } + + return map; + } + /** * This method remove all newline delimiter (\n or \r\n) from input data * diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java index 9fcb3aa58..f474461bf 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/Constants.java @@ -6,7 +6,8 @@ public class Constants { public static final String HTTP_ENDPOINT_RESUME = "/sl20/resume"; public static final String CONFIG_PROP_PREFIX = "modules.sl20"; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint"; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID = CONFIG_PROP_PREFIX + ".vda.urls.qualeID.endpoint."; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT = "default"; public static final String CONFIG_PROP_VDA_AUTHBLOCK_ID = CONFIG_PROP_PREFIX + ".vda.authblock.id"; public static final String CONFIG_PROP_VDA_AUTHBLOCK_TRANSFORMATION_ID = CONFIG_PROP_PREFIX + ".vda.authblock.transformation.id"; public static final String CONFIG_PROP_SECURITY_KEYSTORE_PATH = CONFIG_PROP_PREFIX + ".security.keystore.path"; @@ -16,7 +17,7 @@ public class Constants { public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS = CONFIG_PROP_PREFIX + ".security.encryption.alias";; public static final String CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD = CONFIG_PROP_PREFIX + ".security.encryption.password"; - public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT + "."; + public static final String CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST = CONFIG_PROP_VDA_ENDPOINT_QUALeID; public static final String CONFIG_PROP_SP_LIST = CONFIG_PROP_PREFIX + ".sp.entityIds."; public static final String CONFIG_PROP_DISABLE_EID_VALIDATION = CONFIG_PROP_PREFIX + ".security.eID.validation.disable"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java index 367e7b604..2c106b52e 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/SL20AuthenticationModulImpl.java @@ -27,15 +27,18 @@ import java.util.List; import javax.annotation.PostConstruct; -import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import at.gv.egovernment.moa.id.auth.modules.AuthModule; import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20Constants; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; +import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.moduls.AuthenticationManager; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.logging.Logger; +import at.gv.egovernment.moa.util.MiscUtil; /** * @author tlenz @@ -75,23 +78,43 @@ public class SL20AuthenticationModulImpl implements AuthModule { */ @Override public String selectProcess(ExecutionContext context) { + Object spConfigObj = context.get(MOAIDAuthConstants.PROCESSCONTEXT_SP_CONFIG); + IOAAuthParameters spConfig = null; + if (spConfigObj != null && spConfigObj instanceof IOAAuthParameters) + spConfig = (IOAAuthParameters)spConfigObj; + String sl20ClientTypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE.toLowerCase()); String sl20VDATypeHeader = (String) context.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); - if ( StringUtils.isNotBlank(sl20ClientTypeHeader) -// && ( -// StringUtils.isNotBlank(sl20VDATypeHeader) -// //&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim()) -// ) - ) { - Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); + if (spConfig != null && + MiscUtil.isNotEmpty(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED)) && + Boolean.valueOf(spConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENABLED))) { + Logger.debug("SL2.0 is enabled for " + spConfig.getPublicURLPrefix()); + Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + ": " + sl20ClientTypeHeader); + Logger.trace(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE + ": " + sl20VDATypeHeader); return "SL20Authentication"; } else { - Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); + Logger.trace("SL2.0 is NOT enabled for " + spConfig.getPublicURLPrefix()); return null; - } + } + + +// if ( StringUtils.isNotBlank(sl20ClientTypeHeader) +//// && ( +//// StringUtils.isNotBlank(sl20VDATypeHeader) +//// //&& VDA_TYPE_IDS.contains(sl20VDATypeHeader.trim()) +//// ) +// ) { +// Logger.trace(SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); +// return "SL20Authentication"; +// +// } else { +// Logger.trace("No '" + SL20Constants.HTTP_HEADER_SL20_CLIENT_TYPE + "' header found"); +// return null; +// +// } } /* (non-Javadoc) diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index b87d614c5..883ae07f2 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -39,7 +39,9 @@ import at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20.SL20JSONExtractorUti import at.gv.egovernment.moa.id.commons.api.AuthConfiguration; import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters; import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.commons.config.MOAIDConfigurationConstants; import at.gv.egovernment.moa.id.commons.utils.HttpClientWithProxySupport; +import at.gv.egovernment.moa.id.commons.utils.KeyValueUtils; import at.gv.egovernment.moa.id.process.api.ExecutionContext; import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils; import at.gv.egovernment.moa.id.util.SSLUtils; @@ -202,30 +204,22 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { } private String extractVDAURLForSpecificOA(IOAAuthParameters oaConfig, ExecutionContext executionContext) { + String spSpecificVDAEndpoints = oaConfig.getConfigurationValue(MOAIDConfigurationConstants.SERVICE_AUTH_SL20_ENDPOINTS); + Map endPointMap = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); + if (MiscUtil.isNotEmpty(spSpecificVDAEndpoints)) { + endPointMap.putAll(KeyValueUtils.convertListToMap( + KeyValueUtils.getListOfCSVValues( + KeyValueUtils.normalizeCSVValueString(spSpecificVDAEndpoints)))); + Logger.debug("Find OA specific SL2.0 endpoints. Updating endPoint list ... "); + + } + + Logger.trace("Find #" + endPointMap.size() + " SL2.0 endpoints ... "); - //selection based on EntityID -// Map listOfVDAs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST); -// Map listOfSPs = authConfig.getBasicMOAIDConfigurationWithPrefix(Constants.CONFIG_PROP_SP_LIST); -// -// for (Entry el : listOfSPs.entrySet()) { -// List spEntityIds = KeyValueUtils.getListOfCSVValues(el.getValue()); -// if (spEntityIds.contains(oaConfig.getPublicURLPrefix())) { -// Logger.trace("Select VDA endPoint with Id: " + el.getKey()); -// if (listOfVDAs.containsKey(el.getKey())) -// return listOfVDAs.get(el.getKey()); -// -// else -// Logger.info("No VDA endPoint with Id: " + el.getKey()); -// -// } else -// Logger.trace("SP list: " + el.getKey() + " does not contain OAIdentifier: " + oaConfig.getPublicURLPrefix()); -// -// } - //selection based on request Header String sl20VDATypeHeader = (String) executionContext.get(SL20Constants.HTTP_HEADER_SL20_VDA_TYPE.toLowerCase()); if (MiscUtil.isNotEmpty(sl20VDATypeHeader)) { - String vdaURL = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_LIST + sl20VDATypeHeader); + String vdaURL = endPointMap.get(sl20VDATypeHeader); if (MiscUtil.isNotEmpty(vdaURL)) return vdaURL.trim(); @@ -235,7 +229,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { } Logger.info("NO SP specific VDA endpoint found. Use default VDA"); - return authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT); + return endPointMap.getOrDefault(Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT, + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID + Constants.CONFIG_PROP_VDA_ENDPOINT_QUALeID_DEFAULT); } -- cgit v1.2.3 From 7aded182c8ee6538c9b2fc55e1b73ada926ba6f6 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 26 Jun 2018 10:29:39 +0200 Subject: add logging add validation of decryption-key --- .../moa-id-module-sl20_authentication/pom.xml | 7 +++ .../modules/sl20_auth/sl20/JsonSecurityUtils.java | 50 ++++++++++++++++++--- .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 13 ++++-- .../sl20_auth/tasks/CreateQualeIDRequestTask.java | 5 +++ .../sl20_auth/tasks/ReceiveQualeIDTask.java | 4 +- .../sl20_auth/tasks/VerifyQualifiedeIDTask.java | 9 +++- .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 4 +- .../sl20_auth/dummydata/DummyAuthConfig.java | 6 +-- .../src/test/resources/sl20.jks | Bin 8439 -> 9986 bytes .../src/test/resources/tests/eIDdata_atrust.json | 6 +-- .../src/test/resources/tests/eIDdata_atrust2.json | 6 +++ 11 files changed, 91 insertions(+), 19 deletions(-) create mode 100644 id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/pom.xml b/id/server/modules/moa-id-module-sl20_authentication/pom.xml index 5b682538c..74aa6682b 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/pom.xml +++ b/id/server/modules/moa-id-module-sl20_authentication/pom.xml @@ -57,6 +57,13 @@ 0.6.3 + + org.bouncycastle + bcprov-jdk15on + 1.52 + + + org.springframework diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java index f7e635b3b..8456cfad5 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/JsonSecurityUtils.java @@ -20,6 +20,7 @@ import org.jose4j.jwe.JsonWebEncryption; import org.jose4j.jws.AlgorithmIdentifiers; import org.jose4j.jws.JsonWebSignature; import org.jose4j.jwx.JsonWebStructure; +import org.jose4j.keys.X509Util; import org.jose4j.keys.resolvers.X509VerificationKeyResolver; import org.jose4j.lang.JoseException; import org.springframework.beans.factory.annotation.Autowired; @@ -78,7 +79,7 @@ public class JsonSecurityUtils implements IJOSETools{ try { encPrivKey = keyStore.getKey(getEncryptionKeyAlias(), getEncryptionKeyPassword().toCharArray()); if (encPrivKey != null) { - Certificate[] certChainEncryption = keyStore.getCertificateChain(getSigningKeyAlias()); + Certificate[] certChainEncryption = keyStore.getCertificateChain(getEncryptionKeyAlias()); encCertChain = new X509Certificate[certChainEncryption.length]; for (int i=0; i x5cCerts = receiverJwe.getCertificateChainHeaderValue(); + String x5t256 = receiverJwe.getX509CertSha256ThumbprintHeaderValue(); + if (x5cCerts != null) { + Logger.debug("Found x509 certificate in JOSE header ... "); + Logger.trace("Sorting received X509 certificates ... "); + List sortedX5cCerts = X509Utils.sortCertificates(x5cCerts); + + if (!sortedX5cCerts.get(0).equals(encCertChain[0])) { + Logger.info("Certificate from JOSE header does NOT match encryption certificate"); + Logger.debug("JOSE certificate: " + sortedX5cCerts.get(0).toString()); - //TODO: validate key from header against key from config - - //decrypt payload + try { + Logger.debug("Cert: " + Base64Utils.encode(sortedX5cCerts.get(0).getEncoded())); + } catch (CertificateEncodingException | IOException e) { + e.printStackTrace(); + } + throw new SL20Exception("sl20.05", new Object[]{"Certificate from JOSE header does NOT match encryption certificate"}); + } + + } else if (MiscUtil.isNotEmpty(x5t256)) { + Logger.debug("Found x5t256 fingerprint in JOSE header .... "); + String certFingerPrint = X509Util.x5tS256(encCertChain[0]); + if (!certFingerPrint.equals(x5t256)) { + Logger.info("X5t256 from JOSE header does NOT match encryption certificate"); + Logger.debug("X5t256 from JOSE header: " + x5t256 + " Encrytption cert: " + certFingerPrint); + throw new SL20Exception("sl20.05", new Object[]{"X5t256 from JOSE header does NOT match encryption certificate"}); + + } + + } else { + Logger.info("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + throw new SLCommandoParserException("Signed SL2.0 response contains NO signature certificate or NO certificate fingerprint"); + + } + + //set key receiverJwe.setKey(encPrivKey); + + //decrypt payload return new JsonParser().parse(receiverJwe.getPlaintextString()); } catch (JoseException e) { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index 0dc2e762d..6d0a349f4 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -186,9 +186,16 @@ public class SL20JSONExtractorUtils { log.warn("Decrypted results are disabled by configuration. Parse result in plain if it is possible"); //dummy code - String[] signedPayload = encryptedResult.toString().split("\\."); - JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); - return payLoad; + try { + String[] signedPayload = encryptedResult.toString().split("\\."); + JsonElement payLoad = new JsonParser().parse(new String(Base64.getUrlDecoder().decode(signedPayload[1]))); + return payLoad; + + } catch (Exception e1) { + log.debug("DummyCode FAILED, Reason: " + e1.getMessage() + " Ignore it ..."); + throw new SL20Exception(e.getMessage(), null, e); + + } } else throw e; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java index 883ae07f2..04daa5999 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/CreateQualeIDRequestTask.java @@ -23,6 +23,7 @@ import org.springframework.stereotype.Component; import com.google.gson.JsonObject; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -59,6 +60,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { Logger.debug("Starting SL2.0 authentication process .... "); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUTYPE_SELECTED, "sl20auth"); + try { //get service-provider configuration IOAAuthParameters oaConfig = pendingReq.getOnlineApplicationConfiguration(); @@ -70,6 +73,8 @@ public class CreateQualeIDRequestTask extends AbstractAuthServletTask { throw new SL20Exception("sl20.03", new Object[]{"NO VDA URL for qualified eID"}); } + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_URL, vdaQualeIDUrl); + String authBlockId = authConfig.getBasicMOAIDConfiguration(Constants.CONFIG_PROP_VDA_AUTHBLOCK_ID); if (MiscUtil.isEmpty(authBlockId)) { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java index 2f062b71d..bf42ef9ca 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/ReceiveQualeIDTask.java @@ -21,6 +21,7 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import com.google.gson.JsonSyntaxException; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; @@ -74,7 +75,8 @@ public class ReceiveQualeIDTask extends AbstractAuthServletTask { } - Logger.trace("Received SL2.0 result: " + sl20Result); + Logger.trace("Received SL2.0 result: " + sl20Result); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_BKU_DATAURL_IP, request.getRemoteAddr()); //parse SL2.0 command/result into JSON try { diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java index f2a93e3ed..06b670d0a 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/tasks/VerifyQualifiedeIDTask.java @@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletResponse; import org.opensaml.saml2.core.Assertion; import org.springframework.stereotype.Component; +import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants; import at.gv.egovernment.moa.id.advancedlogging.TransactionIDUtils; import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask; import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException; @@ -72,6 +73,7 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { //validate eID data QualifiedeIDVerifier.verifyIdentityLink(idl, pendingReq.getOnlineApplicationConfiguration(), authConfig); + authBlockVerificationResult = QualifiedeIDVerifier.verifyAuthBlock( authBlockB64, pendingReq.getOnlineApplicationConfiguration(), authConfig); QualifiedeIDVerifier.checkConsistencyOfeIDData(sl20ReqId, idl, authBlockExtractor, authBlockVerificationResult); @@ -87,7 +89,12 @@ public class VerifyQualifiedeIDTask extends AbstractAuthServletTask { throw e; } - + + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_IDL_VALIDATED); + revisionsLogger.logEvent(pendingReq, MOAIDEventConstants.AUTHPROCESS_AUTHBLOCK_VALIDATED); + + + //add into session defaultTaskInitialization(request, executionContext); moasession.setIdentityLink(idl); diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index 6a989dd47..0e6c96f8d 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -35,8 +35,8 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { //JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true); - JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); - + //JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); + JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true); eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); if (eIDData == null || eIDData.isEmpty()) diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index d50b31363..88924500b 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -94,19 +94,19 @@ public class DummyAuthConfig implements AuthConfiguration { return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key)) - return "/src/test/resources/sl20.jks"; + return "/src/test/resources/prod_sl20.jks"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD.equals(key)) return "password"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_ALIAS.equals(key)) - return "pvpIDP"; + return "sl20signing"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_SIGN_PASSWORD.equals(key)) return "password"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_ALIAS.equals(key)) - return "pvpIDP"; + return "sl20encryption"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_KEY_ENCRYPTION_PASSWORD.equals(key)) return "password"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks index a9d1fc7d1..4413b8c8a 100644 Binary files a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks differ diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json index 8fef32927..5f0be5407 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -1,6 +1,6 @@ { "v": 10, - "respID": "2LVPaGlWAwzxURkrcTQX", - "inResponseTo": "_63ff9ef67370024c4d2d8b9bfd380578", - "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAicmVzdWx0Ijogew0KICAgICJFSUQtSURFTlRJVFktTElOSyI6ICJQSE5oYld3NlFYTnpaWEowYVc5dUlFRnpjMlZ5ZEdsdmJrbEVQU0p6ZW5JdVltMXBMbWQyTG1GMExVRnpjMlZ5ZEdsdmJrbEVNVFV5T0RnNE1ESTJORE0wTURJNU5EVWlJRWx6YzNWbFNXNXpkR0Z1ZEQwaU1qQXhPQzB3TmkweE0xUXhNRG8xTnpvME5Dc3dNVG93TUNJZ1NYTnpkV1Z5UFNKb2RIUndPaTh2Y0c5eWRHRnNMbUp0YVM1bmRpNWhkQzl5WldZdmMzcHlMMmx6YzNWbGNpSWdUV0ZxYjNKV1pYSnphVzl1UFNJeElpQk5hVzV2Y2xabGNuTnBiMjQ5SWpBaUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qRXVNRHBoYzNObGNuUnBiMjRpSUhodGJHNXpPbkJ5UFNKb2RIUndPaTh2Y21WbVpYSmxibU5sTG1VdFoyOTJaWEp1YldWdWRDNW5kaTVoZEM5dVlXMWxjM0JoWTJVdmNHVnljMjl1WkdGMFlTOHlNREF5TURJeU9DTWlJSGh0Ykc1ek9tUnphV2M5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU1pSUhodGJHNXpPbVZqWkhOaFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU01pSUhodGJHNXpPbk5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0krQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblErQ2drSlBITmhiV3c2VTNWaWFtVmpkRDRLQ1FrSlBITmhiV3c2VTNWaWFtVmpkRU52Ym1acGNtMWhkR2x2Ymo0S0NRa0pDVHh6WVcxc09rTnZibVpwY20xaGRHbHZiazFsZEdodlpENTFjbTQ2YjJGemFYTTZibUZ0WlhNNmRHTTZVMEZOVERveExqQTZZMjA2YzJWdVpHVnlMWFp2ZFdOb1pYTThMM05oYld3NlEyOXVabWx5YldGMGFXOXVUV1YwYUc5a1Bnb0pDUWtKUEhOaGJXdzZVM1ZpYW1WamRFTnZibVpwY20xaGRHbHZia1JoZEdFK0Nna0pDUWtKUEhCeU9sQmxjbk52YmlCemFUcDBlWEJsUFNKd2NqcFFhSGx6YVdOaGJGQmxjbk52YmxSNWNHVWlQanh3Y2pwSlpHVnVkR2xtYVdOaGRHbHZiajQ4Y0hJNlZtRnNkV1UrZEhGRFVVVkROeXRCY1VkRlpXVk1Nemt3VmpWS1p6MDlQQzl3Y2pwV1lXeDFaVDQ4Y0hJNlZIbHdaVDUxY200NmNIVmliR2xqYVdRNlozWXVZWFE2WW1GelpXbGtQQzl3Y2pwVWVYQmxQand2Y0hJNlNXUmxiblJwWm1sallYUnBiMjQrUEhCeU9rNWhiV1UrUEhCeU9rZHBkbVZ1VG1GdFpUNU5ZWGc4TDNCeU9rZHBkbVZ1VG1GdFpUNDhjSEk2Um1GdGFXeDVUbUZ0WlNCd2NtbHRZWEo1UFNKMWJtUmxabWx1WldRaVBrMTFjM1JsY20xaGJtNDhMM0J5T2taaGJXbHNlVTVoYldVK1BDOXdjanBPWVcxbFBqeHdjanBFWVhSbFQyWkNhWEowYUQ0eE9UUXdMVEF4TFRBeFBDOXdjanBFWVhSbFQyWkNhWEowYUQ0OEwzQnlPbEJsY25OdmJqNEtDUWtKQ1R3dmMyRnRiRHBUZFdKcVpXTjBRMjl1Wm1seWJXRjBhVzl1UkdGMFlUNEtDUWtKUEM5ellXMXNPbE4xWW1wbFkzUkRiMjVtYVhKdFlYUnBiMjQrQ2drSlBDOXpZVzFzT2xOMVltcGxZM1ErQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1VnUVhSMGNtbGlkWFJsVG1GdFpUMGlRMmwwYVhwbGJsQjFZbXhwWTB0bGVTSWdRWFIwY21saWRYUmxUbUZ0WlhOd1lXTmxQU0oxY200NmNIVmliR2xqYVdRNlozWXVZWFE2Ym1GdFpYTndZV05sY3pwcFpHVnVkR2wwZVd4cGJtczZNUzR5SWo0OGMyRnRiRHBCZEhSeWFXSjFkR1ZXWVd4MVpUNDhaSE5wWnpwU1UwRkxaWGxXWVd4MVpUNDhaSE5wWnpwTmIyUjFiSFZ6UG5sMlIwMVFSRFZaYWtobVpXOHhkbHBoU0VGNFEwWkNNeXRCUW0xaVlWQnpjRE5HTVhGRGRHY3ZaWFpsVVZSSWNsQnlSVXhPVDJaT1VuWTBhV0V3WlhjNFRsQnlaVFpRUjJKRFZHTU5DbnBrT1ZGdVZqSmlSRE5yVFhCa1VqUlRjMlpRVFVnd2VGQkdXRFV4T0dsUlZEQTFUWHBhT1dRM01WVnpiRGxzZHpack1HcHdTMjFGVlVWMlpWcGpRVVZKTVhGa00ySjNTWEJVTURnTkNtRjZabG8xTDFCa1JUWlpSVmcyVlhwUE5FSk1VbHB3ZUdOTlJtTXdhRGxaYW5vclZ6QktjRVYxVTFKUE0xZFFjRVpvY2xZeVZVOUtVU3R4ZUhrdk5EWklZek5JVERkTlFsRlNWMm9OQ2twVU9XUndlV0l2T0dSbFpWQkRialJGTldoTFRWSlRjblZGUjJwaGFFOVlMMHcwTTNWSFVVOU5VRVZ4V1hCTFNIZzRhazlTTDBsUE16WnJTSFZWWm5GT1RuVlhiRWhDYlVzMldFME5DbmN3TUZsclYyTkRVRUkwYW1KUk5URTBSVk16UjFJMlJIQkpNbGRVVVRCaFRGbHRWR1YzUFQwOEwyUnphV2M2VFc5a2RXeDFjejQ4WkhOcFp6cEZlSEJ2Ym1WdWRENUJVVUZDUEM5a2MybG5Pa1Y0Y0c5dVpXNTBQand2WkhOcFp6cFNVMEZMWlhsV1lXeDFaVDQ4TDNOaGJXdzZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzT2tGMGRISnBZblYwWlQ0OEwzTmhiV3c2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwUGdvSlBHUnphV2M2VTJsbmJtRjBkWEpsUGdvSkNUeGtjMmxuT2xOcFoyNWxaRWx1Wm04K0Nna0pDVHhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekV3TDNodGJDMWxlR010WXpFMGJpTWlJQzgrQ2drSkNUeGtjMmxuT2xOcFoyNWhkSFZ5WlUxbGRHaHZaQ0JCYkdkdmNtbDBhRzA5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU55YzJFdGMyaGhNU0lnTHo0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGVlNTVDBpSWo0S0NRa0pDVHhrYzJsbk9sUnlZVzV6Wm05eWJYTStDZ2tKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrOFpITnBaenBZVUdGMGFENXViM1FvWVc1alpYTjBiM0l0YjNJdGMyVnNaam82Y0hJNlNXUmxiblJwWm1sallYUnBiMjRwUEM5a2MybG5PbGhRWVhSb1Bnb0pDUWtKQ1R3dlpITnBaenBVY21GdWMyWnZjbTArQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdElFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkyVnVkbVZzYjNCbFpDMXphV2R1WVhSMWNtVWlJQzgrQ2drSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1R4a2MybG5Pa1JwWjJWemRFMWxkR2h2WkNCQmJHZHZjbWwwYUcwOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREF2TURrdmVHMXNaSE5wWnlOemFHRXhJaUF2UGdvSkNRa0pQR1J6YVdjNlJHbG5aWE4wVm1Gc2RXVSthVXN6TW10cmJVNWtVelZIV2xSemJHOHhTbVJDWVdsRFRsVnJQVHd2WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDRLQ1FrSlBDOWtjMmxuT2xKbFptVnlaVzVqWlQ0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGUjVjR1U5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU5OWVc1cFptVnpkQ0lnVlZKSlBTSWpiV0Z1YVdabGMzUWlQZ29KQ1FrSlBHUnphV2M2UkdsblpYTjBUV1YwYUc5a0lFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkzTm9ZVEVpSUM4K0Nna0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDQ0TWtadVlVeGxja2x6YVVOM1RFRlhVVEZYUVVjcmJVUlVWVTA5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRazhMMlJ6YVdjNlVtVm1aWEpsYm1ObFBnb0pDVHd2WkhOcFp6cFRhV2R1WldSSmJtWnZQZ29KQ1R4a2MybG5PbE5wWjI1aGRIVnlaVlpoYkhWbFBnb2dJQ0FnY1UxMU1uTXJkV2xwVlhVMk0zRmpOWEZhYmxWWFpVeEZSREpuVm5GRFkwTmtRMGN4ZHpFMVoxSkdTV3Q0UzNOWVZGRlRRVE5LVjBoRFJYaHhjams1ZDBjMFYwMXRjRTF0U21oaFR3MEtkRGc0TjJOUlRtOUdURFJaYTBzMVRXcEhOR28wUjI1Q1ZHZFRhRVpXY0c0MWRXaFBkblpITUZsd1lVSlhNMlYyYVdSYVRYWkllV0psV1VSSVZHeHBia2sxVWtaU1pVaEdXRU5zVGcwS1dGQmhUMWxWTHpVek5GRnhaMWhLU1hrMFpXdHVkRFJ2UXk5TE0xRnVaVWhoU1VKbmVrSjFkMlpIUjIxbGEwVnlPVGROUkV0NllXWjBhMDVwTVVSS1dFNDRkMkZJVmtWTVdubHRPUTBLUjJGM1JraExjRUpGY2s5aGVqQXZVRVpxZUZGUVpsQkRaVW93UzJoNGRqbFFWVmh5YUZkUlMySkhZWEp1VlU1MUx5dFRNVEZqUzA5eGMzQmpiR2htUzFac2QxUlNhQzlXVkdsaFZBMEtSbUU0THpoYVMwSTVNM2cyV21SSVQwMHlZblY1VERaMVRqQTFjblpMWW05d1ozcG5ObEU5UFFvZ0lEd3ZaSE5wWnpwVGFXZHVZWFIxY21WV1lXeDFaVDQ4WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2xnMU1EbEVZWFJoUGp4a2MybG5PbGcxTURsRFpYSjBhV1pwWTJGMFpUNU5TVWxHZFhwRFEwSkxUMmRCZDBsQ1FXZEpSRWRUYTJWTlFUQkhRMU54UjFOSllqTkVVVVZDUWxGVlFVMUpSMlpOVVhOM1ExRlpSRlpSVVVkRmQwcENEUXBXUkVaSlRVVlpSMEV4VlVWRFozY3ZVVk14VldOdVZucGtRMEpJV2xoTmRVbEhXWFZKUms1d1dUSm9iR050YUd4aFdGSjZZek5zZW1SSFZuUmFVMEp3RFFwaVUwSnNZa2RXY21SSVNYVkpSVkpvWkVkV2RXUnRWbmxoTWxadlkybENTR0pYU2tsTlUwbDNTVUZaUkZaUlVVeEVRbXhvVEZoT2NGb3lOSFJaTWpsNURRcGpSemw1V1ZoU2JFeFhlSEJhTW1nd1RGUkJlVTFUU1hkSlFWbEVWbEZSUkVSQ2JHaE1XRTV3V2pJMGRGa3lPWGxqUnpsNVdWaFNiRXhYZUhCYU1tZ3dEUXBNVkVGNVRVSTBXRVJVUlRGTlJHTjVUMFJGTVU1RWEzZE9WbTlZUkZSSmQwMUVZM2xQUkVWNlRrUnJkMDVXYjNkbllsbDRRM3BCU2tKblRsWkNRVmxVRFFwQmEwWlZUVkkwZDBoQldVUldVVkZMUkVKV1JWbFlVbXhpYms1cVlVaFdNR1Z0ZEhaaVZ6RndZek5PY0dJeU5IaEpha0ZuUW1kT1ZrSkJjMDFIVms0d0RRcFpWekYwWlcxR2IySklTbXhhTW14NlpFZFdlVmx0Vm05aU1sWjVXa2RWZUV4cVFYTkNaMDVXUWtGTlRVcFdUbkJhTWpWb1pFaFdlV015Vm5sa2JXeHFEUXBhVTBKRldWaFNiR0p1VG1waFNGWXdaVzEwZG1KWE1YQmpNMDV3WWpJMGVFWlVRVlJDWjA1V1FrRlZWRVJFVFhsT1ZHdDVUMFJOZVUxNmF6VlBSRVZqRFFwTlFtOUhRMU54UjFOSllqTkVVVVZLUVZGM1RscElUbkpSUjFKNllYazFibVJwTldoa1JFTkRRVk5KZDBSUldVcExiMXBKYUhaalRrRlJSVUpDVVVGRURRcG5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVNHJaRUpUUlVKSGFqSnFWVmhKU3pGTmNETnNWbmhqTDFwaEszQktUV2w1UzNKWU0wY3hXbmhuV0M5cGEzZzNEUXBFT1hOamMxQlpUWFEwTnpOTWJFRlhiRGxqYlVOaVNHSktTeXRRVmpKWVRrNWtWVkpNVFZWRFNWZ3JOSFpWVG5NeVRVaGxSRlJSZEZnNFFsaHFTa1p3RFFwM1NsbFRiMkZTU2xFek9VWldVeTh4Y2pWelYyTnlZVGxJYUdSdE4zYzFSM1I0THpKMWEzbEVXREJyWkd0NFlYZHJhRkEwUlZGRmVta3ZVMGtyUm5WbkRRcHVLMWR4WjFFeGJrRmtiR0o0WWk5a1kwSjNOWGN4YURsaU0yeHRkWGRWWmpSNk0yOXZVVmRWUkRKRVowRXZhMHRrTVV0bGFrNVNORE50VEZWemJYWlREUXA2WlhaUWVGUTVlbk0zT0hCUFVqRlBZV05DTjBsemVsUldTbEJZWlU5RllXRk9Xa2h1YmtJdlZXVlBNMmM0VEVWV0x6TlBhMWhqVldkalRXdGlTVWxwRFFwaFFraHNiR3czTVZCeE1FTlBhamxyY1dwWWIyVTNUM0pTYWt4Wk5Xa3pTM2RQY0dFMlZFMURRWGRGUVVGaFQwTkJaVlYzWjJkSWFFMUNSVWRCTVZWa0RRcEVaMUZMUWtGb1RVTkJObVZIZGxNeGRXcEJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkNURUYzUkdkWlNFdHBaMEZEWjBWSVFWRlJSRUZSU0M5TlFrMUhEUXBCTVZWa1NYZFJUVTFCY1VGRFJXdGpWMFJ3VURaQk1FUk5RV3RIUVRGVlpFVjNVVU5OUVVGM1JrRlpTRXRwWjBGRFowVkNRVkZSU2tSQlpFTlZNRWwwRFFwU1JrNU1UVWc0UjBORGMwZEJVVlZHUW5kRlFrSklUWGRqVkVKSFFtZG5ja0puUlVaQ1VXTjNRVzlaTm1GSVVqQmpSRzkyVEROa00yUjVOV2hNV0ZKNURRcGtXRTR3VEcxR01Fd3lUbXhqYmxKNlRESkZkR015Ykc1aWFURnFZak5LZDJJelNtaGtSMVYwWWtkc2JtRklVWFJOUkVwb1RHMU9lV1JFUVc1Q1oyZHlEUXBDWjBWR1FsRmpkMEZaV1dKaFNGSXdZMFJ2ZGt3eU9XcGpNMEYxV1ZNeE1HTnVWbnBrUXpWb1pFTTVkbGt6VG5kTlJsRkhRVEZWWkVsQlVrNU5SWE4zRFFwVFVWbEhTMmxuUVVWUlJWTk5SRGgzVUZGWlNVdDNXVUpDVVZWSVFXZEZWMDFYYURCa1NFRTJUSGs1TTJRelkzVlpVekV3WTI1V2VtUkROV2hrUXpsckRRcGlNazU2VERKT2Qwd3lSWFJqTW14dVlta3hRbUpZVW5wak1teHVZbTFHTUdSWVNYZG5XalJIUVRGVlpFaDNVMEpzYWtOQ2EzcERRbXRMUTBKcVlVTkNEUXBwYjJGQ2FESjRhMWxZUVRaTWVUbHpXa2RHZDB4dFJYUmtTRW94WXpOUmRWbFlVWFppTTFVNVdWTXhlbUZYWkhWTVYwNTJZMjVDZG1OdFJqQmFVekZ6RFFwaFYyUnZaRU13ZDAxcGVIWlFWVVYwVmtoS01XTXpVWE5aZWpGQ1ZrUTVhbHBZU2pCaFYxcHdXVEpHTUZwWVNteGtiVGxxV1ZoU2NHSXlOWE5oV0U0d0RRcFFNa3BvWXpKVkwySXlTbkZhVjA0d1dUSjRhR016VFRsYVYyeHJVVEpXZVdSSGJHMWhWMDVvWkVkc2RtSnJSakZrUjJoMlkyMXNNR1ZVUVU1Q1oydHhEUXBvYTJsSE9YY3dRa0ZSVlVaQlFVOURRVkZGUVVoUk0xcERUWFJCWW1GNlpVMUliVmRCTW5wb1dXeEljVWhuUzFadlkxWllSVVJuYlU1dFYweEhjVVpsRFFvNFJVRkVSa2x6T0hWSGNtdDBRbTFYUTFWSldHSlljemRVU0dObWVITXlTalEzZGtoMVkyOXdjMlJyWVdKT2JGaEZhbnB1WkZKbWJtTXJNVlpKYm1KdkRRcDZUWEpaWkRkcVpVUk9WRXN2ZEVscWFVOUZXV1J5ZVVsd1pXdFdPVU5tWVhjM2VYVTJiV1ZtVFhwbGRURmhRWGRtTjBKdVN5OW9kV2wzU2xkdVpXNXdEUXBDTjJsRUwxQjJXaXR0ZW5WRE4xSk9aa3BtUmlzclUzUnBRbFI0YVROV1dYaE9SMDFxVFRGalZUaEhkemxXVjJNd1VqTkZkV3BQWVZoWFowTkRPR2sxRFFwR1IyaFdkazlaYUU1WVpuTjRTbGhpVG5obGQwVkRhbkJCVEhaRWJFWk1UQ3RwUXpRNVJ5dEJSRk52VW5Zd1UyczVNVTlRZFN0alNXMURhak55Y3pOUkRRcDBZWE5KTDNBNVRGbGhZMGMyWXk5blNUTjBSVEJwYUhGbk9WSmljMHRJV0ZGc00xQlBka1ZTU2tFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBnb0pDVHhrYzJsbk9rOWlhbVZqZEQ0S0NRa0pQR1J6YVdjNlRXRnVhV1psYzNRZ1NXUTlJbTFoYm1sbVpYTjBJajRLQ1FrSkNUeGtjMmxuT2xKbFptVnlaVzVqWlNCVlVrazlJaUkrQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrSlBHUnphV2M2V0ZCaGRHZytibTkwS0dGdVkyVnpkRzl5TFc5eUxYTmxiR1k2T21SemFXYzZVMmxuYm1GMGRYSmxLVHd2WkhOcFp6cFlVR0YwYUQ0S0NRa0pDUWtKUEM5a2MybG5PbFJ5WVc1elptOXliVDRLQ1FrSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrOFpITnBaenBFYVdkbGMzUk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF3THpBNUwzaHRiR1J6YVdjamMyaGhNU0lnTHo0S0NRa0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDV0TWpWR056UXZOMWRMVlV4QmIwVXlWemRDYzBneVdVWlFUelE5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRa0pQQzlrYzJsbk9sSmxabVZ5Wlc1alpUNEtDUWtKUEM5a2MybG5PazFoYm1sbVpYTjBQZ29KQ1R3dlpITnBaenBQWW1wbFkzUStDZ2s4TDJSemFXYzZVMmxuYm1GMGRYSmxQZ284TDNOaGJXdzZRWE56WlhKMGFXOXVQZz09IiwNCiAgICAiRUlELUNJVElaRU4tUUFBLUxFVkVMIjogImh0dHA6Ly9laWRhcy5ldXJvcGEuZXUvTG9BL3N1YnN0YW50aWFsIiwNCiAgICAiRUlELUNDUy1VUkwiOiAiaHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvIiwNCiAgICAiRUlELUFVVEgtQkxPQ0siOiAiUEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpSUhOMFlXNWtZV3h2Ym1VOUltNXZJajgrUEhOaGJXd3lPa0Z6YzJWeWRHbHZiaUI0Yld4dWN6cHpZVzFzTWowaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRnpjMlZ5ZEdsdmJpSWdTVVE5SWw4Mk0yWm1PV1ZtTmpjek56QXdNalJqTkdReVpEaGlPV0ptWkRNNE1EVTNPQ0lnU1hOemRXVkpibk4wWVc1MFBTSXlNREU0TFRBMkxURXpWREUzT2pRMk9qQTVLekF5T2pBd0lpQldaWEp6YVc5dVBTSXlMakFpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0krUEhOaGJXd3lPa2x6YzNWbGNpQkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcHVZVzFsYVdRdFptOXliV0YwT21WdWRHbDBlU0krYUhSMGNITTZMeTkzZDNjdVlTMTBjblZ6ZEM1aGRDOTBiMlJ2UEM5ellXMXNNanBKYzNOMVpYSStQR1J6YVdjNlUybG5ibUYwZFhKbElIaHRiRzV6T21SemFXYzlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURBdk1Ea3ZlRzFzWkhOcFp5TWlJRWxrUFNKemFXZHVZWFIxY21VdE1TMHhJajQ4WkhOcFp6cFRhV2R1WldSSmJtWnZQanhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk5VVVpOHlNREF4TDFKRlF5MTRiV3d0WXpFMGJpMHlNREF4TURNeE5TSWdMejQ4WkhOcFp6cFRhV2R1WVhSMWNtVk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU055YzJFdGMyaGhNalUySWlBdlBqeGtjMmxuT2xKbFptVnlaVzVqWlNCSlpEMGljbVZtWlhKbGJtTmxMVEV0TVNJZ1ZWSkpQU0lpUGp4a2MybG5PbFJ5WVc1elptOXliWE0rUEdSemFXYzZWSEpoYm5ObWIzSnRJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2VkZJdk1UazVPUzlTUlVNdGVITnNkQzB4T1RrNU1URXhOaUkrUEhoemJEcHpkSGxzWlhOb1pXVjBJSGh0Ykc1ek9uaHpiRDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TVRrNU9TOVlVMHd2VkhKaGJuTm1iM0p0SWlCbGVHTnNkV1JsTFhKbGMzVnNkQzF3Y21WbWFYaGxjejBpYzJGdGJESWlJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02YzJGdGJESTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUGp4NGMydzZiM1YwY0hWMElHMWxkR2h2WkQwaWVHMXNJaUI0Yld3NmMzQmhZMlU5SW1SbFptRjFiSFFpSUM4K1BIaHpiRHAwWlcxd2JHRjBaU0J0WVhSamFEMGlMeUlnZUcxc2JuTTlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5MekU1T1RrdmVHaDBiV3dpUGp4b2RHMXNJSGh0Ykc1elBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDNob2RHMXNJajQ4YUdWaFpENDhkR2wwYkdVK1UybG5ibUYwZFhJZ1pHVnlJRUZ1YldWc1pHVmtZWFJsYmp3dmRHbDBiR1UrUEhOMGVXeGxJRzFsWkdsaFBTSnpZM0psWlc0aUlIUjVjR1U5SW5SbGVIUXZZM056SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FKQ1FrSkNTNXViM0p0WVd4emRIbHNaU0I3SUdadmJuUXRjMmw2WlRvZ2JXVmthWFZ0T3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRa0pMbWwwWVd4cFkzTjBlV3hsSUhzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lHWnZiblF0YzNSNWJHVTZJR2wwWVd4cFl6c2dmUW9KQ1FrSkNRa0pDUzUwYVhSc1pYTjBlV3hsSUhzZ2RHVjRkQzFrWldOdmNtRjBhVzl1T25WdVpHVnliR2x1WlRzZ1ptOXVkQzEzWldsbmFIUTZZbTlzWkRzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lIMGdDZ2tKQ1FrSkNRa0pMbWcwYzNSNWJHVWdleUJtYjI1MExYTnBlbVU2SUd4aGNtZGxPeUI5SUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtDUWtKQ1FrSkNRa3VhR2xrWkdWdUlIdGthWE53YkdGNU9pQnViMjVsT3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRazhMM04wZVd4bFBqd3ZhR1ZoWkQ0OFltOWtlVDQ4YURRZ1kyeGhjM005SW1nMGMzUjViR1VpUGtGdWJXVnNaR1ZrWVhSbGJqbzhMMmcwUGp4d0lHTnNZWE56UFNKMGFYUnNaWE4wZVd4bElqNUVZWFJsYmlCNmRYSWdVR1Z5YzI5dVBDOXdQangwWVdKc1pTQmpiR0Z6Y3owaWNHRnlZVzFsZEdWeWN5SStQSGh6YkRwcFppQjBaWE4wUFNKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUXZjMkZ0YkRJNlFYUjBjbWxpZFhSbFcwQk9ZVzFsUFNkMWNtNDZiMmxrT2pJdU5TNDBMalF5SjEwdmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVXBJajQ4ZEhJK1BIUmtJR05zWVhOelBTSnBkR0ZzYVdOemRIbHNaU0krVm05eWJtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakl1TlM0MExqUXlKMTB2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVaUlDOCtQQzkwWkQ0OEwzUnlQand2ZUhOc09tbG1Qang0YzJ3NmFXWWdkR1Z6ZEQwaWMzUnlhVzVuS0M5ellXMXNNanBCYzNObGNuUnBiMjR2YzJGdGJESTZRWFIwY21saWRYUmxVM1JoZEdWdFpXNTBMM05oYld3eU9rRjBkSEpwWW5WMFpWdEFUbUZ0WlQwbmRYSnVPbTlwWkRveExqSXVOREF1TUM0eE1DNHlMakV1TVM0eU5qRXVNakFuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTa2lQangwY2o0OGRHUWdZMnhoYzNNOUltbDBZV3hwWTNOMGVXeGxJajVPWVdOb2JtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhlSE5zT21sbUlIUmxjM1E5SW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMM05oYld3eU9rRjBkSEpwWW5WMFpWTjBZWFJsYldWdWRDOXpZVzFzTWpwQmRIUnlhV0oxZEdWYlFFNWhiV1U5SjNWeWJqcHZhV1E2TVM0eUxqUXdMakF1TVRBdU1pNHhMakV1TlRVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU2tpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SFpXSjFjblJ6WkdGMGRXMDZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNDFOU2RkTDNOaGJXd3lPa0YwZEhKcFluVjBaVlpoYkhWbElpQXZQand2ZEdRK1BDOTBjajQ4TDNoemJEcHBaajQ4ZUhOc09tbG1JSFJsYzNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNHlOakV1T1RBblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGxadmJHeHRZV05vZERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25SbGVIUStTV05vSUcxbGJHUmxJRzFwWTJnZ2FXNGdWbVZ5ZEhKbGRIVnVaeUJoYmk0Z1NXMGdic09rWTJoemRHVnVJRk5qYUhKcGRIUWdkMmx5WkNCdGFYSWdaV2x1WlNCTWFYTjBaU0JrWlhJZ1pzTzhjaUJ0YVdOb0lIWmxjbWJEdkdkaVlYSmxiaUJXWlhKMGNtVjBkVzVuYzNabGNtakRwR3gwYm1semMyVWdZVzVuWlhwbGFXZDBMQ0JoZFhNZ1pHVnVaVzRnYVdOb0lHVnBibVZ6SUdGMWMzZkRwR2hzWlc0Z2QyVnlaR1V1UEM5NGMydzZkR1Y0ZEQ0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BDOTBZV0pzWlQ0OGNDQmpiR0Z6Y3owaWRHbDBiR1Z6ZEhsc1pTSStSR0YwWlc0Z2VuVnlJRUZ1ZDJWdVpIVnVaend2Y0Q0OGRHRmliR1VnWTJ4aGMzTTlJbkJoY21GdFpYUmxjbk1pUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SlpHVnVkR2xtYVd0aGRHOXlPaUE4TDNSa1BqeDBaQ0JqYkdGemN6MGlibTl5YldGc2MzUjViR1VpUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKMmgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblF2YzJGdGJESTZRWFIwY21saWRYUmxXMEJPWVcxbFBTZG9kSFJ3T2k4dlpXbGtMbWQyTG1GMEwyVkpSQzloZEhSeWFXSjFkR1Z6TDFObGNuWnBZMlZRY205MmFXUmxja1p5YVdWdVpHeDVUbUZ0WlNkZEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxLU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGs1aGJXVTZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5hSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpHY21sbGJtUnNlVTVoYldVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0lnTHo0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BIaHpiRHBwWmlCMFpYTjBQU0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2RvZEhSd09pOHZaV2xrTG1kMkxtRjBMMlZKUkM5aGRIUnlhV0oxZEdWekwxTmxjblpwWTJWUWNtOTJhV1JsY2tOdmRXNTBjbmxEYjJSbEoxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VwSWo0OGRISStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1UzUmhZWFE2SUR3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJaTl6WVcxc01qcEJjM05sY25ScGIyNHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFUzUmhkR1Z0Wlc1MEwzTmhiV3d5T2tGMGRISnBZblYwWlZ0QVRtRnRaVDBuYUhSMGNEb3ZMMlZwWkM1bmRpNWhkQzlsU1VRdllYUjBjbWxpZFhSbGN5OVRaWEoyYVdObFVISnZkbWxrWlhKRGIzVnVkSEo1UTI5a1pTZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhMM1JoWW14bFBqeHdJR05zWVhOelBTSjBhWFJzWlhOMGVXeGxJajVVWldOb2JtbHpZMmhsSUZCaGNtRnRaWFJsY2p3dmNENDhkR0ZpYkdVZ1kyeGhjM005SW5CaGNtRnRaWFJsY25NaVBqeDBjajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUVZWFIxYlRvOEwzUmtQangwWkNCamJHRnpjejBpYm05eWJXRnNjM1I1YkdVaVBqeDRjMnc2ZG1Gc2RXVXRiMllnYzJWc1pXTjBQU0p6ZFdKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTlBU1hOemRXVkpibk4wWVc1MExEa3NNaWtpSUM4K1BIaHpiRHAwWlhoMFBpNDhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMRFlzTWlraUlDOCtQSGh6YkRwMFpYaDBQaTQ4TDNoemJEcDBaWGgwUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSnpkV0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOUFTWE56ZFdWSmJuTjBZVzUwTERFc05Da2lJQzgrUEM5MFpENDhMM1J5UGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1VmFISjZaV2wwT2p3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJbk4xWW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMMEJKYzNOMVpVbHVjM1JoYm5Rc01USXNNaWtpSUM4K1BIaHpiRHAwWlhoMFBqbzhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMREUxTERJcElpQXZQang0YzJ3NmRHVjRkRDQ2UEM5NGMydzZkR1Y0ZEQ0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGljM1ZpYzNSeWFXNW5LQzl6WVcxc01qcEJjM05sY25ScGIyNHZRRWx6YzNWbFNXNXpkR0Z1ZEN3eE9Dd3lLU0lnTHo0OEwzUmtQand2ZEhJK1BIUnlQangwWkNCamJHRnpjejBpYVhSaGJHbGpjM1I1YkdVaVBsUnlZVzV6WVd0MGFXOXVjMVJ2YTJWdU9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDBCSlJDSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKM1Z5YmpwdmFXUTZNUzR5TGpRd0xqQXVNVEF1TWk0eExqRXVNall4TGprd0oxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo0S0NRa0pDUWtKQ1FrSkNRbFdiMnhzYldGamFIUmxiaTFTWldabGNtVnVlam9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0NU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhkSElnWTJ4aGMzTTlJbWhwWkdSbGJpSStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1JHRjBZVlZTVERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25aaGJIVmxMVzltSUhObGJHVmpkRDBpTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcERiMjVrYVhScGIyNXpMM05oYld3eU9rRjFaR2xsYm1ObFVtVnpkSEpwWTNScGIyNHZjMkZ0YkRJNlFYVmthV1Z1WTJVaUlDOCtQQzkwWkQ0OEwzUnlQang0YzJ3NmFXWWdkR1Z6ZEQwaUwzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBEYjI1a2FYUnBiMjV6TDBCT2IzUlBiazl5UVdaMFpYSWlQangwY2lCamJHRnpjejBpYUdsa1pHVnVJajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUJkWFJvUW14dlkydFdZV3hwWkZSdk9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDNOaGJXd3lPa052Ym1ScGRHbHZibk12UUU1dmRFOXVUM0pCWm5SbGNpSWdMejQ4TDNSa1Bqd3ZkSEkrUEM5NGMydzZhV1krUEM5MFlXSnNaVDQ4TDJKdlpIaytQQzlvZEcxc1Bqd3ZlSE5zT25SbGJYQnNZWFJsUGp3dmVITnNPbk4wZVd4bGMyaGxaWFErUEM5a2MybG5PbFJ5WVc1elptOXliVDQ4WkhOcFp6cFVjbUZ1YzJadmNtMGdRV3huYjNKcGRHaHRQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEx6RXdMM2h0YkMxbGVHTXRZekUwYmlNaUlDOCtQQzlrYzJsbk9sUnlZVzV6Wm05eWJYTStQR1J6YVdjNlJHbG5aWE4wVFdWMGFHOWtJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOHdOQzk0Yld4bGJtTWpjMmhoTWpVMklpQXZQanhrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQbXBoTUhSSlVEQkJVVEU0ZGk4NFpsVmpOR1kxYVhsSGNIWXhXVGhFYWpGUGJDODVNa2RTU0V0Q2EyYzlQQzlrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQand2WkhOcFp6cFNaV1psY21WdVkyVStQR1J6YVdjNlVtVm1aWEpsYm1ObElFbGtQU0psZEhOcExXUmhkR0V0Y21WbVpYSmxibU5sTFRFdE1TSWdWSGx3WlQwaWFIUjBjRG92TDNWeWFTNWxkSE5wTG05eVp5OHdNVGt3TXlOVGFXZHVaV1JRY205d1pYSjBhV1Z6SWlCVlVrazlJaU5sZEhOcExYTnBaMjVsWkhCeWIzQmxjblJwWlhNdE1TMHhJajQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrTVZGVWFXNTBPR1Y1UXpsNFVFbExXR0ZxYzJ0cmVUWmlMM2MzY20xV1JEUldZMjQwUjFkMVJrMVZjejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5a2MybG5PbEpsWm1WeVpXNWpaVDQ4TDJSemFXYzZVMmxuYm1Wa1NXNW1iejQ4WkhOcFp6cFRhV2R1WVhSMWNtVldZV3gxWlNCSlpEMGljMmxuYm1GMGRYSmxkbUZzZFdVdE1TMHhJajVLT0ROMFdUUnhUMWhGWVhWNWMxVXhMM1pUZWtzMk1EbDBNRWRKUm5sQlJUZFVkR05LYmpsRmNXZGFXa3RHTmxNMWVVRllURTlzZEhsc1JVdFBZV015TW1zMUsxaHlaRlZ0ZFV0NGFtNHdMekZQWTNwSFJqRTNlR1pYYXpORWFtbHdUMDlqZFVOM2VYQlZTV3BWTW5KVEt6RldkMnhxVUU4NGNIY3hTSGR3VEZaa1JtbFJjVzkzZVU5NFRGTkJlV05VUlV4Ukx6bHhRVTFaTm05UFpscFBiMEZhVTNaVFpXOVJVazVhVFN0YUwyTjZOalZDZUhwdFZrUklkMjgwYmxkemJTOXdVWEpSYmtkblVGQTFORmRNVWpSc1YyOXZWV2xqU1ZkdVEyMW5ZbVV6WVdkUVoybFBNVTlITVV4SWNuTkVNbXBrY0VKeGJITkJjWGR2Y0U1Qk5ta3dXbkE1Y3pFNVNEWk1VbWxsTjBKNE9EUnpSbmxLWlhNMU5qWTFaRkp4WlhoWFpub3ZOVGhaU0ZndmMzWkdOWEpDZUhjMVVHcEtZbGhYYmxKNlptcHpORXM0YzBSeVdsQmFhSEZSU0hwQ1Zub3pTV2M5UFR3dlpITnBaenBUYVdkdVlYUjFjbVZXWVd4MVpUNDhaSE5wWnpwTFpYbEpibVp2UGp4a2MybG5PbGcxTURsRVlYUmhQanhrYzJsbk9sZzFNRGxEWlhKMGFXWnBZMkYwWlQ1TlNVbEdNV3BEUTBKTU5tZEJkMGxDUVdkSlJWRnpNVEpxVkVGT1FtZHJjV2hyYVVjNWR6QkNRVkZ6UmtGRVEwSnZWRVZNVFVGclIwRXhWVVZDWjNkRFVWWlJlRk5FUWtkQ1owNVdRa0Z2VFZBd1JYUldTRW94WXpOUloxSXlWbnBNYVVKdFRHbENWR0ZYVG05YVdFcHZXbGRzTUdNelRqVmpNMUpzWWxkVloyRlhNR2RhVjNoc1lUTlNlVXhwUWtWWldGSnNZbTVhYkdOdGRHeGhTRWxuVWpJeGFWTkVSV3BOUTBWSFFURlZSVU4zZDJGWlV6RjZZVmRrZFV4V1FubGFWekZ3WkZjd2RGWkhWbnBrUXpGVVlWZGpkRTFFU1hoSmVrRm9RbWRPVmtKQlRVMUhiVVYwWXpKc2JtSnBNVkZqYlZaMFlWaFdkRXhXVW14ak0xRjBWVEpzYmt4VVFYbE5RalJZUkZSRk5FMUVXWGhOZWtFMFRsUmpNVTlHYjFoRVZFbDZUVVJaZUUxNlFUUk9WR014VDBadmQxbEVSVXhOUVd0SFFURlZSVUpuZDBOUlZsRjRSbnBCVmtKblRsWkNRVTFOUkdzeGFHVkRRazVrV0U0d1dsaEtkRmxYTlhWTlVrMTNSVkZaUkZaUlVVVkVRWEJPWkZoT01GcFlTblJaVnpWMVRWRjNkME5uV1VSV1VWRnhSRUZPVGxsWVozaEdWRUZVUW1kT1ZrSkJWVTFFUkZWNFRVUmpNVTFFV1RCUFJFMTRUVlJEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUWEo0YWtSM0sxZEplRE16Y1U1aU1sZG9kMDFSYUZGa0wyZEJXbTB5YWpkTFpIaGtZV2R5V1ZBemNqTnJSWGcyZWpaNFEzcFVibnBWWWl0SmJYUkljMUJFVkRZemRXcDRiWGRyTTAwelpsVktNV1J0ZHprMVJFdFlWV1ZGY2toNmVrSTVUVlI0Vml0a1prbHJSVGxQVkUweVpsaGxPVlpNU21aYVkwOXdUa2syVTNCb1JrSk1NMjFZUVVKRFRtRnVaREk0UTB0Vk9WQkhjek15WldaNk0xSlBiVUpHSzJ4TmVuVkJVekJYWVdOWVJFSllUa2xtVjBrNEwyeDBRMkZTVEd0clZIUXhhalpTV1dFeFpHeEVhVlZRY1hOamRpdFBhRE5PZUhrcmVrRlZSVlp2ZVZVdldHRmpiUzh2U0ZodWFuZHdLMEpQV1ZOcVJWVnhOMmhDYnpKdlZHd3ZlU3RPTjJoclJHcEVlRXR0UzFOb09HWkplbXRtZVVSMEszQkNOMnhJTm1wVVlteHdVbmRhYVhWc2VrMU9Ua2RLUm01QmFuZGxTVEl3VDJSbFFrVjBlR3RsWnpaVFRteHJNRTVIYVRKS2F6TnpRMEYzUlVGQllVOURRV3hSZDJkblNsRk5TVWRFUW1kbmNrSm5SVVpDVVdOQ1FWRlNNMDFJVlhkU1VWbEpTM2RaUWtKUlZVaE5RVXRIVDFkb01HUklRVFpNZVRrelpETmpkVmxUTVRCamJsWjZaRU0xYUdSRE9XcGFXRW93WTNrNWFFeFlUbkJhTWpSMFkwaEtiR0pYYkRGaVV6RjBZakpLY0dKSFZYUk5SRTVvVEcxT2VXUkVRWE5DWjJkeVFtZEZSa0pSWTNkQldWbG5ZVWhTTUdORWIzWk1NamxxWXpOQmRHUkhWbnBrUXpWb1RGaFNlV1JZVGpCTWJVWXdUREk1YW1NelFYZEZkMWxFVmxJd2FrSkJkM2REYjBGSlVtZGhabXByUjA5R1lqQjNZMmRaU1V0M1dVSkNVVlZJUVZGTlJWcHFRbXROUVc5SFEwTnpSMEZSVlVaQ2QzTkRUVUZuUjBKblVVRnFhMWxDUVZSQlNVSm5XVVZCU1RWSFFWRlJkMFYzV1VkQ1FVTlBVbWRGUjAxQmEwZENkMUZCYW10WlFrSm5SWGRNVVZsSFFrRkRUMUpuUlVaTlEwMTNTVkpaWW1GSVVqQmpTRTAyVEhrNU0yUXpZM1ZaVXpFd1kyNVdlbVJETldoa1F6bDNXa2hOZGtWM1NrWlVha0ZTUW1kT1ZraFJORVZEWjFGSlVqWjRPRVZqYzNGUGVITjNSR2RaUkZaU01GQkJVVWd2UWtGUlJFRm5Za0ZOUVd0SFFURlZaRVYzVVVOTlFVRjNXVUZaUkZaU01HZENSbXQzVm5wQlNVSm5XVVZCU1hOM1FWRkZkMU4zV1VkTGFXZEJSVkZGVlUxRlJYZFFkMWxKUzNkWlFrSlJWVWhCWjBWWFRUSm9NR1JJUVRaTWVUa3paRE5qZFZsVE1UQmpibFo2WkVNMWFHUkRPV3RpTWs1NlRESk9kMHd5UlhSak1teHVZbWt4ZDJOdFZuUmhXRlowVEZjeGRsbHRiSE5hVkVOQ2NtZFpSRlpTTUdaQ1NVZHRUVWxIYWsxSlIyZHZTVWRrYjBsSFlXaHZSMWhpUjFKb1kwUnZka3d5ZUd0WldFRjBaRWRXZW1SRE5XaE1XRko1WkZoT01FeHRSakJNTWpreFVGZEZkR015Ykc1aWFURlJZMjFXZEdGWVZuUk1WbEpzWXpOUmRGVXliRzVNVkVGNVNVTm9WRk5GUlhSTmFsVXlTMU40ZGxCVlJYUldTRW94WXpOUmMxbDZNVUpXUkRscVdsaEtNR0ZYV25CWk1rWXdXbGhLYkdSdE9XcFpXRkp3WWpJMWMyRllUakJRTWtwb1l6SlZMMkl5U25GYVYwNHdXVEo0YUdNelRUbGFWMnhyVVRKV2VXUkhiRzFoVjA1b1pFZHNkbUpyUmpGa1IyaDJZMjFzTUdWVVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGTk1GQkVMekl6U20xUE16Wk5Uazk1SzNwYVFpOVVUSE5oUmpjNE1HMXRUMHRxY0dzeFdITllRWHBWVGt0YU5sTnlkQ3R0TUhVcksybFhiemxNT0VoR0wyeHllRk5FT0VkWVNtTkVURmxYUm1aNE56QnlORW81ZDFVNFN6ZHdSRWt4YmpsRmNXSkJjekJTSzNaWlZtNU1OVlZXVUM5MVZWRmxkekpYYkhBMU9GQkdjR2RCV0N0VUwxTkZNR05sWlV0NVRUaFlSVzVZVTNwbFRpOUZVM1JzUml0S1EyRkJPSFZ0Y1dwdFJFVnVZV1V6Y1hWeFUxVnNLMHhsYTFCVk9HazRSME56YmpVNWRYaDBibFZ1ZUVsTlMzY3paR2N2TjBRM1dUaE1ObFoxTkU1WE5FeGpiemRtYVRsRGNtRklRelJTVEV4MFpIaFliSFpQZGxGcFJWbHZSU3Q1TVRkbk1Ia3ZRemhPTkVSelkyaGFhWHBaZDNBd2NFOVNUMkpqWmt0V1RuQndWWFZMZFhOTmFIUnRVMnBzTUZaeEx5OWhkamhVVlhGU2NEVkdlalpYWTNwMFVFZEhVM2N3Um1WbGRsVkxSRzlETDBFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2s5aWFtVmpkQ0JKWkQwaVpYUnphUzF6YVdkdVpXUXRNUzB4SWo0OFpYUnphVHBSZFdGc2FXWjVhVzVuVUhKdmNHVnlkR2xsY3lCNGJXeHVjenBsZEhOcFBTSm9kSFJ3T2k4dmRYSnBMbVYwYzJrdWIzSm5MekF4T1RBekwzWXhMak11TWlNaUlGUmhjbWRsZEQwaUkzTnBaMjVoZEhWeVpTMHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGQnliM0JsY25ScFpYTWdTV1E5SW1WMGMya3RjMmxuYm1Wa2NISnZjR1Z5ZEdsbGN5MHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGTnBaMjVoZEhWeVpWQnliM0JsY25ScFpYTStQR1YwYzJrNlUybG5ibWx1WjFScGJXVStNakF4T0Mwd05pMHhNMVF4TlRvME5qb3dPVm84TDJWMGMyazZVMmxuYm1sdVoxUnBiV1UrUEdWMGMyazZVMmxuYm1sdVowTmxjblJwWm1sallYUmxQanhsZEhOcE9rTmxjblErUEdWMGMyazZRMlZ5ZEVScFoyVnpkRDQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrYW1WQmJFcHdTVEZIWkV0WlVXMVNOM1pRY25KVWNrZFdPVWRNT1M5MVdXeExNM0JyU1ROUWVtNHpiejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5bGRITnBPa05sY25SRWFXZGxjM1ErUEdWMGMyazZTWE56ZFdWeVUyVnlhV0ZzUGp4a2MybG5PbGcxTURsSmMzTjFaWEpPWVcxbFBrTk9QV0V0YzJsbmJpMVFjbVZ0YVhWdExWUmxjM1F0VTJsbkxUQXlMRTlWUFdFdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TEU4OVFTMVVjblZ6ZENCSFpYTXVJR1l1SUZOcFkyaGxjbWhsYVhSemMzbHpkR1Z0WlNCcGJTQmxiR1ZyZEhJdUlFUmhkR1Z1ZG1WeWEyVm9jaUJIYldKSUxFTTlRVlE4TDJSemFXYzZXRFV3T1VsemMzVmxjazVoYldVK1BHUnphV2M2V0RVd09WTmxjbWxoYkU1MWJXSmxjajR4TVRJd056WXhORGcxUEM5a2MybG5PbGcxTURsVFpYSnBZV3hPZFcxaVpYSStQQzlsZEhOcE9rbHpjM1ZsY2xObGNtbGhiRDQ4TDJWMGMyazZRMlZ5ZEQ0OEwyVjBjMms2VTJsbmJtbHVaME5sY25ScFptbGpZWFJsUGp4bGRITnBPbE5wWjI1aGRIVnlaVkJ2YkdsamVVbGtaVzUwYVdacFpYSStQR1YwYzJrNlUybG5ibUYwZFhKbFVHOXNhV041U1cxd2JHbGxaQ0F2UGp3dlpYUnphVHBUYVdkdVlYUjFjbVZRYjJ4cFkzbEpaR1Z1ZEdsbWFXVnlQand2WlhSemFUcFRhV2R1WldSVGFXZHVZWFIxY21WUWNtOXdaWEowYVdWelBqeGxkSE5wT2xOcFoyNWxaRVJoZEdGUFltcGxZM1JRY205d1pYSjBhV1Z6UGp4bGRITnBPa1JoZEdGUFltcGxZM1JHYjNKdFlYUWdUMkpxWldOMFVtVm1aWEpsYm1ObFBTSWpjbVZtWlhKbGJtTmxMVEV0TVNJK1BHVjBjMms2VFdsdFpWUjVjR1UrWVhCd2JHbGpZWFJwYjI0dmVHaDBiV3dyZUcxc1BDOWxkSE5wT2sxcGJXVlVlWEJsUGp3dlpYUnphVHBFWVhSaFQySnFaV04wUm05eWJXRjBQand2WlhSemFUcFRhV2R1WldSRVlYUmhUMkpxWldOMFVISnZjR1Z5ZEdsbGN6NDhMMlYwYzJrNlUybG5ibVZrVUhKdmNHVnlkR2xsY3o0OEwyVjBjMms2VVhWaGJHbG1lV2x1WjFCeWIzQmxjblJwWlhNK1BDOWtjMmxuT2s5aWFtVmpkRDQ4TDJSemFXYzZVMmxuYm1GMGRYSmxQanh6WVcxc01qcERiMjVrYVhScGIyNXpJRTV2ZEVKbFptOXlaVDBpTWpBeE9DMHdOaTB4TTFReE56bzBOam93T1Nzd01qb3dNQ0lnVG05MFQyNVBja0ZtZEdWeVBTSXlNREU0TFRBMkxURXpWREU0T2pBeE9qQTVLekF5T2pBd0lqNDhjMkZ0YkRJNlFYVmthV1Z1WTJWU1pYTjBjbWxqZEdsdmJqNDhjMkZ0YkRJNlFYVmthV1Z1WTJVK2FIUjBjSE02THk5bGFXUXVaM1l1WVhRdmJXOWhMV2xrTFdGMWRHZ3ZjMnd5TUM5a1lYUmhWWEpzUDNCbGJtUnBibWRwWkQwME9UYzFOelUxTXpjNE16azBNRFF4TkRnMlBDOXpZVzFzTWpwQmRXUnBaVzVqWlQ0OEwzTmhiV3d5T2tGMVpHbGxibU5sVW1WemRISnBZM1JwYjI0K1BDOXpZVzFzTWpwRGIyNWthWFJwYjI1elBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbEJXVUMxV1JWSlRTVTlPSWlCT1lXMWxQU0oxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eE1DSWdUbUZ0WlVadmNtMWhkRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T21GMGRISnVZVzFsTFdadmNtMWhkRHAxY21raVBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0I0Yld4dWN6cDRjMms5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01ERXZXRTFNVTJOb1pXMWhMV2x1YzNSaGJtTmxJaUI0YzJrNmRIbHdaVDBpZUhNNmMzUnlhVzVuSWo0eUxqRThMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsUGp3dmMyRnRiREk2UVhSMGNtbGlkWFJsUGp4ellXMXNNanBCZEhSeWFXSjFkR1VnUm5KcFpXNWtiSGxPWVcxbFBTSlFVa2xPUTBsUVFVd3RUa0ZOUlNJZ1RtRnRaVDBpZFhKdU9tOXBaRG94TGpJdU5EQXVNQzR4TUM0eUxqRXVNUzR5TmpFdU1qQWlJRTVoYldWR2IzSnRZWFE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaGRIUnlibUZ0WlMxbWIzSnRZWFE2ZFhKcElqNDhjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VnZUcxc2JuTTZlSE5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0lnZUhOcE9uUjVjR1U5SW5oek9uTjBjbWx1WnlJK1RYVnpkR1Z5YldGdWJqd3ZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1UrUEM5ellXMXNNanBCZEhSeWFXSjFkR1UrUEhOaGJXd3lPa0YwZEhKcFluVjBaU0JHY21sbGJtUnNlVTVoYldVOUlrZEpWa1ZPTFU1QlRVVWlJRTVoYldVOUluVnlianB2YVdRNk1pNDFMalF1TkRJaUlFNWhiV1ZHYjNKdFlYUTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoZEhSeWJtRnRaUzFtYjNKdFlYUTZkWEpwSWo0OGMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVWdlRzFzYm5NNmVITnBQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEwxaE5URk5qYUdWdFlTMXBibk4wWVc1alpTSWdlSE5wT25SNWNHVTlJbmh6T25OMGNtbHVaeUkrVFdGNFBDOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaVDQ4TDNOaGJXd3lPa0YwZEhKcFluVjBaVDQ4YzJGdGJESTZRWFIwY21saWRYUmxJRVp5YVdWdVpHeDVUbUZ0WlQwaVFrbFNWRWhFUVZSRklpQk9ZVzFsUFNKMWNtNDZiMmxrT2pFdU1pNDBNQzR3TGpFd0xqSXVNUzR4TGpVMUlpQk9ZVzFsUm05eWJXRjBQU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WVhSMGNtNWhiV1V0Wm05eWJXRjBPblZ5YVNJK1BITmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxJSGh0Ykc1ek9uaHphVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOVlUVXhUWTJobGJXRXRhVzV6ZEdGdVkyVWlJSGh6YVRwMGVYQmxQU0o0Y3pwemRISnBibWNpUGpFNU5EQXRNREV0TURFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Vlc1cGNYVmxTV1FpSUU1aGJXVTlJbWgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FpSUU1aGJXVkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcGhkSFJ5Ym1GdFpTMW1iM0p0WVhRNmRYSnBJajQ4YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVZ2VHMXNibk02ZUhOcFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4TDFoTlRGTmphR1Z0WVMxcGJuTjBZVzVqWlNJZ2VITnBPblI1Y0dVOUluaHpPbk4wY21sdVp5SSthSFIwY0hNNkx5OWlhVzVrYVc1bkxtOWxjM1JsY25KbGFXTm9MbWQyTG1GMEwyRjFkR2d2YzNBdlRXVjBZV1JoZEdFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Um5KcFpXNWtiSGxPWVcxbElpQk9ZVzFsUFNKb2RIUndPaTh2Wldsa0xtZDJMbUYwTDJWSlJDOWhkSFJ5YVdKMWRHVnpMMU5sY25acFkyVlFjbTkyYVdSbGNrWnlhV1Z1Wkd4NVRtRnRaU0lnVG1GdFpVWnZjbTFoZEQwaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRjBkSEp1WVcxbExXWnZjbTFoZERwMWNta2lQanh6WVcxc01qcEJkSFJ5YVdKMWRHVldZV3gxWlNCNGJXeHVjenA0YzJrOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREV2V0UxTVUyTm9aVzFoTFdsdWMzUmhibU5sSWlCNGMyazZkSGx3WlQwaWVITTZjM1J5YVc1bklqNUNhVzVrYVc1bklGTmxjblpwWTJVZ1pzTzhjaUJ2WlM1bmRpNWhkRHd2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzTWpwQmRIUnlhV0oxZEdVK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbE5sY25acFkyVlFjbTkyYVdSbGNpMURiM1Z1ZEhKNVEyOWtaU0lnVG1GdFpUMGlhSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpEYjNWdWRISjVRMjlrWlNJZ1RtRnRaVVp2Y20xaGREMGlkWEp1T205aGMybHpPbTVoYldWek9uUmpPbE5CVFV3Nk1pNHdPbUYwZEhKdVlXMWxMV1p2Y20xaGREcDFjbWtpUGp4ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTQjRiV3h1Y3pwNGMyazlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURFdldFMU1VMk5vWlcxaExXbHVjM1JoYm1ObElpQjRjMms2ZEhsd1pUMGllSE02YzNSeWFXNW5JajVCVkR3dmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUStQQzl6WVcxc01qcEJjM05sY25ScGIyNCsiDQogIH0NCn0.WgPyI2KiVzp2DzbC6AfbDlQbXEYk-hL78-bfzj_b_IXwyHmuENwHA8MslDHOe1bYd3mlSTnoAUE20igmXM6gnFOe4pQes2i5d8YAnYRspbwhj86sn5_vMyGfHtBsApP3MqjcSHL24vo6DHqKYqN85FMGq6GnPub9HGbeIgMAvECuH0ZCqY5MDWj4FI2OA5Jrn2fyBY1CebF5NdTSUeBJMjG_q-cpTnWmkcELKXTNJg9ihkHR8FkBjt8xh2YWh9Opk_0RrUIZI5U9YC4Xc-Hgj7C7YplA4Pr0_SUHdqH_86xF7GcMMuC5Bs8EU22lejxhxwz0BzPPg2Ws0LJ8RGAm0A" + "respID": "EK3d4E7SpVhzuq4mrQHb", + "inResponseTo": "_ef45ddc4a2a44392d81e5626d6290ace", + "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIl92cGVPcTItZDlzNzVKV21RS1B2WFBRR2pldTBoUWhsNFJ6VkR5N0V5UHciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAiZW5jcnlwdGVkUmVzdWx0IjogImV5SmhiR2NpT2lKU1UwRXRUMEZGVUMweU5UWWlMQ0psYm1NaU9pSkJNalUyUjBOTklpd2lZM1I1SWpvaVlYQndiR2xqWVhScGIyNHZjMnd5TGpBN2NtVnpkV3gwSWl3aWVEVjBJMU15TlRZaU9pSktXRTlKVVhnNFRrUjJkWHBLTjBGb2FEUjJPREJuYldOd1dVNVhZblZOZURaVFkyNVpVVlJTTURadkluMC5pS1BjUjk4bDU3ekpzZmw5ZmRjRjE1MF80blFianIydVdzMlZMMmI5RXZrS08yVXphNDE1MEtkRkRSM050d2V2Rk1Jbm8xVXBMX28xTVlQTnU5dzZIM2ZvYW4yaDFMYnlNcldlZnBqaTgyVWNteE12YlpqcFRUUGxQWktpQ0ZTMUxhWnhLQ09OOUN5SDFnMHY1amkxbkpfYXlGVUJ3d1ZQR0h1UU1rSDFVWUdVVjFZRUJUdnVqdDNsVTdISEdzbDI0bFk3U1d4ODhJS1VmVlJDTWZ2OGZiOVBjRjhaTDRoRnpVWTRyVWVFM2htWkxCeDdVYjZGNEV0dDI0d3JTVWhNRGVIWUJQRTVBT3BHSHJKZHoxQzJmZWJqejczLXJIRFN6UGhibEkwSzVLaE9JcEd1UjdtUHpRUFBFWFhxRGNaSU5LZHZtRkYyM0xFUnVmOGVIckg2VVEuajdQRTZPLV9pWVZDbFRHQzUxa1BWTi1NbzAxcVh2WEFQQVhwaTVCTmxLTS5nekJuUktzczJ1c0FyeXNzZHF5alhxZDh0R3hxODFZM0FGNVFkZWNETWZtTU42NVMyOVlvSkRsTGl1TE5Yc3gyd1FNOFp0T3lMTDNpN3pvRzVLcmRneUlfQU1ITkVOWHd4aHU0NWNieGJnZC1Ld21rTjZaRVh2YklvMlF4d1pHcDgzSkF5ckEwX3RKVlktOU5TUWQ0RmxITUFXR2pqckxNR2ZtSVZUd0xnbWZKZ0ZtWnM1cEtzVGFiTkhTNW1NWTFUN2didmMxSlF6ZmtxRHVTa0FSYTJQYnkySl9lQmtRaXVIcHl2S1lvaWZmWEpiamszaDloblJoNGtLYXZQSG1GMDZxZlMwTUI4bTd1Q3hRTUQ2V1hoQW9GZWNDRmQya0RsYnpBLS0xUG1aRWYxd1E0R2Q0bWJncXRlSGg5SWVzaXFNQ05naUZOaTQ4MUZjbWpmMDRuLUk4al9TZzhwR1dOcDR4Ni10ckQ4dVNfN1lQMlZsb0pZRUotYUZ4MmhkMlB1d3draTE5dG1KRE8zLW13eDJ3OHNqQ294Z3JCNkgzNHJmRlQyd1JHTUZOUTVQUUhONHg1X3pmRVVSczVBRDlXMGcyUF9pRkduTlYxRVJmUW04ZEFDOXlGRWhXaks3UC1jSTRheEVQUk5GV1hoYmpwN0ZmUUdQM3hfc2JrSDItNzFMZ2lJdFFZcVNCWGhxQ2ZfWlowb2l5UVZkbk10eTk2OFBzaEFNYjlHZjVzNUJRVmFRWko5TFJzNjhqNFlXWWJKamEzTlZQUGFpdFE5RHA5M1NvWkIxeEZMNEY2alA2NnZhQVk0amJUU2hXRnpPRmx3bGZCOGQzd1pLbnRid0xkMGtQWFJMblBNQ3E0TFhwNExwd1k2dmxCbHhOYzVtVGtWZmZDaC0teGtxOHNQMFZpZGZRWG1kQXVXQXZpaEpZTktsNGVlZTZaMEotLWxQVzZBZnpCZ25FQnZrWU5wYVVobkRqTTY0ZlNhanN3eEh5QmtrVXVuZFFCZ29HQmRLcWc2bERXYWs5aG1vNGVzTGZEZ1N3TnB4aWdVNThNckFEUFlwNzFmUU5POWM5VFFwNmktME9BYzR0bTZFTHV4S1VNbnN0c0ZtcWV3VXdHM2xFOU9QOGdsem5GTU1TVENfZlAtempGV2RnbUVFYklFUHlvVFVCSldLOEo3aWIzMUxRSHZXak83NjJvOVRaYTNyUmN6WnR0OFZmckItQ1R1NDh0YmxfN1d3Mmlhc3ZjWFloTE5vaVFIZl9iSnp3MTZZUFJOY0VYaWNiRFp6SzRmcDlRQnBPaks4cWNlMU1CTVRMN2VEdHpTUnI1RmJGaFNydW85N194Q1JGd19abHd0dFVlQlJ3ME5IcFpRaFR2Rk83a0taOG5LbE5paE1rWGE5ZFpRRVIyZUxGWEJUOEJWMXdjTnZNa0ZxQUtPTFhsTV9tcXZ2eEsxbXNHdHVYWTZLZkJ5dWU0R1hwNXVCQkRmd1M4bzhfV1QtcHNxcnhzQjBrMVQxZ3E0OHYxZ21wZUdrT1N2QTl1LTJqUVFPR0pTZnJmeVBWVnFSRmVOd3JYZV9ZX0NLWE1Kd1FfZjNqN0lCWlQ4WWpKaW5Sd1l6di04ZGU0S1RRdmJYMU5pRFpLdVdCcjU0Q3pBbnhnYUJRQ3R0NHUzMnF0RjEydzRMSUtDV3hSY3RPX0RRTkdFMHQwaDJzRlIxSGp5N3hsZWFob1h0UWdtWEZKMms2T2YyVUNLd0NXLVZmZTBMNkhNLVVOX3ItdEg0QWVlQVRIWE04N21nYmQwbFBVMEpXLUVXZ3dtaXhkQUxBcDNSSUhiQjVfYmJnTV9KRXFaUlVqd3FzUFlObE53SkRzM0dDMXpianZETzgxU3Bmb05iTjlvX1VLTnp4dEpScGY3MG9sSXFVQmRnenlEOTJNa3cyaW9WZm9qTF9FSjVuV1VjQVhvbnNZSnJiWEpaYjY0eTZ3NXI5SFdrbVFqWF9BZ21yNjBPbXBNNlhVWENXZG50U3ZHTnhla3MwX3RpUHlXR0hWODYtVXhMSmNvYWRWSWJOZVhCTUM1ekJjMzJOQnkzVGx4bmtieU1RYUVsRFNESnllUlJBOXVnVHhfX2JRUnRzUHVqYTVrS1BvSG1PVWRtS0trV19idHpRS2Z6WWtCcjhVaUtXT3QxTU5HZ0F5cmttb2YyQVFOR0RtT0VSaXFRT2pfSTNLcThsc25ydXlBOHprNG03ZjFxLTVaUkY5SW1wYVk4Vm9seGxRQWNXU1kyODJma24yTHB6ZDJ5MjZrMFB4MGR5ZDZHMkNrRDQ5VjdfaGMzM1ZuY3huWTR0eFZZVDVDV2VPbTVBN3VYMzhza0ZBdFFGRmh5bGNtbHBWdGk5NF9yWFdnZFBpcWxJbEdsVnZieXFqcTREYnNUbElhdl9kNThYWElud01EbVZjalFhQWpPVVotR2wwcXNIQWtJdllMcXl2VjAwNVRpdVBhUUJqLUtzbm9JaEJVYV9nVVRoR2M1aG8weXp2SEI1bVVWMVBuc0RiR0xLYUxFbTB0LUVxaFpjX1VleGg1MGhCTjhHbkhqUVRlaTQwWXhVTlFwUTc0QWdWM19uYzdRRTBjemZfMzd1S1BYWUFZaGNJcmVsWERnYktxWTZhbGEwb3Y2NW5VeElSUGJJMXQzYjNDR0hpMWJJWl9WODNBcEZpaHpJVmdZV3dfc2g0ckh3Nk9GcEdvOVNELU55OTBGZThuS0pWQnJoM21KMFZ5Ty1MTWw0aENMUUpkallDaWhZa3VHcTBUcTJKU2IxN2dOMmM3WFB6LXdjTGV0UEpnYnI5bFdHZnVhM3YzSGNHbFcwdHhNamNkQ0Q0S3hpaWhlOWx1OWI3VkgwUndSRWJsUXFwWEpGbkRZN2pvelZENUJCamRuWWdKRkdpb0sxdkJVOTNudUJ5LXhCNmNCUXJNOXYtWFJLd1Y5al9VOXR3WThuTjRIOGZsWUNTUmNXQ1FFT1hfSXNrdzdjOGV6OGNESFFMdzBUVWIzQ1MzSC1fX2E3Mkdobmt5d1hOTjhtT1ZwcGRzcEY5cW5qMnU2UHlFRkJQNUF4UmZrR08yMGVYSnRkMkxRTE9kMWJTVU9PZzQ0UUlaS084MEt0d1VmTVUtNDNSbnllaUlfMVAybjZRWmxXakk1MzladHd4eGV4S2dJZXF6VU1fVXFrTUFFTnJlbkZKN1lZNnFTSTZkWTBESkNEak8zLTRoUjZzT0xvdWJ3MG9MTHI3dzJLVGNnYjVfeWJhZHRXdzdsYmhZQUNHbnoyRjFPSGRqZ0VOOE9XNjR4MUczNEdQakxtVjV2UUNraTdZNzd2WFJBNzFnZ1VWdHBPZEkzN0xTVGZ6cE5BTnB4eTdZSzlXVXNHQzhXSlE1TjRJQ1oxNlIxXzRJa1RrNWlaNGVnbHJ2X1Z1MWRvcVBvOWxrdmZaakUxWENOMDVRQXRDbzB0V0U5QmI4RlRhWWpMc3dLX2p3UGRjYnRBZXkxeW1hUG9ndUMtNjlxZXdsMXVEdEFvdWR5VjhyQXVSNG1XR2hhTGVpQW9CLXQwbmFQSGdsVktaTmdUT2Frd2hnTzRDalpBUGpVOGlzTnpyT0dmdVoydHRDU1c5clhuRUw2elRIQ3U5LUo5N1lHNTZXbnNWOGlnUFhobXZfUExYZzUxanlnUFFrV0dRbHVIUmR1S3JCa3BtRHd0Q25DUWxqNFVBZ191ekgtV1g3aWtqVVY2N093WVVqSGpILUV3cHhxV0RMcXhaOXMyU1d4eGMwVjl1MnhwcnItWDhTN0RleFE1T284NVRBeWk0eVBnYUZNZmZzVUoyR2tBM25BWmcyVzc2UFp6MFNsTzNhRGRCdjRXYjRLZUY3R0gyNUtBbWZ5MGV0enIzaDJ3M3dQZ2FwV09PeGpadFhHcWhpMWdBdVNwVFhKQVQ2SVlsc2dtNVlfMExVZFl3UlRlN3dsZ19CQ0xwTWhUaHRWUVNwN2VzLXhDY0JPQnFBRHNyS09PcnA0TUZJOHNZa1RfNms3T2NHODhxQXdjSGg2MFNmSTRmYTJTVWVGaXM4UGw4NmtCOFp6Q3RVbDUxT2Z2aTRXUXZtdlJFOWNxQXd3Tm5mVlQ0anlpb0ZFVW1hM21FbEYzUXJ0LWt1UzdJdkpKd3JmRXR6bWczejg5YUY3eUdwenJoemVJdVRHajlvVWZrdlpfcGpuaDdvZlJQdHp3S1RIS21EZ1VqWHFGQXYxSjNXVHF6VDN3SFNDWm5vb29pMFhsamdGY0o1a1RCUFQ4V0dYTi1CSFBCTGlhQVhiak5HN3VuN3pnSXBYQ0tiS2RFdE1MQ1lUcmpVY01ienV4aVE4UDFxNDRnT3J4UlA3RUdnU081SnNOS0ZiMDlNdGdkOUpEUEg3UHFpcDQyZGI5VGdRcmVJMDdPVjdPS0FZb29qajRBbTAxcUxCaFhnS3RMeGJkcXd2LXpMX3FsbTE5QlVJcDU0OEhaYkZnTC1fYVFrRU5ESGpRZml5cXFaMmxSeTgzUjhGQ2pfVlowdjRmejVOTE1KNE5fMjhBVHI3Y3kxaGw3NHRicEJBNDk4dzNoOVd1SERTZTRHR3czYVZWal9VUl83eW1PT19BM0dMMWlRbnQwbWR4SVlubFEwTE53U1ZUZnFPVmVQVkN4ZExlS2dPTHIzUHJveGh5ZExzUDNkeU9ZaXQwa19lb2t2bTVMSVFtcDM1OWwtRXdWWmtMSUItRnk2WU5GZ1hVSUg4LVV4dS1fR0EwZkRjNkpNSDg1ay1lb2VJamxSRHp3S2xnYzQteFVjUUUyaEJsVDJlU0syWWVJMEEyNHQ2MmVLRkEzaHhlSEJUTGlnb0Zxa05lMFBjN0F5ZTZud0swUU1raENXU0FDWURkUEhUWENDcWJyWTE0ZFBWTUw0S21KVHFtcjNEMjJNTElvaV9fcXdaNEUyNFEtUXBUbzQtUjJaRVhoQjktbUhPS3E3aUh0Sk1EMDI2bmdWbXJUanZDbzlfcERsV0VMNWF3NXNhSVN1U1hRLW91bVFFSXJrb2M5bThjbDFiM3JqTlZXWXB5M2daMlJsMEdLVG9kVF9NMjBWalpmWmRKeU0zSnRMc2xGZ1RYa1NmRGtzcXBMSmdma2QxRHpjYjdKYk5pNnFZWUhBRGhLZTU2Ql9ycElyVTB1YTVMRkpsZFByaGp1M3R3R0tUWlJ2b2xEQnBMejZqRVh3WEtZNk1keDdNcG5RelpFYk9sejFpVDJqdGUwZ1hMN0JVaXI2WFFtc1pZaTY0TXdUcFBrVWFtaEdvWE9JOFBaSFUyMU1wNGpaTEFQUEU0WGFnU2d3dEFUb0xWZ3F2d1BEVWw3V1dIVXdEOGo3cW9FSVp4NTlKV2UxUVZhOEpyY0N5Mnp2RUsyMEZCYnk5OURjZGZFMklsaVg3blU2YUdGdzdLdnQyamZiT1ZoanNfUnVnLTA0YnQwdTRKbmVjR2dtd3pnODRaQjduMG5nWnBYOV82WmZoSFF6M1FXc1Zydjd3dmxJc3dzX0lyVkFIZlZzWUUtNEVGUF9kQ25uWXZxSEZUTFpHWTVBSTJ6SWVMdmQxRXpnNUZIcGJ5M0ptNUxDRkZYSHoyaVFkbGlURXppU0g1eUpPUEV6b3dkX0pBY3JyUGREakE2TzljRDhBS01FdHF0ajY3Xzhod2xpS3hKWWpUNGxaOFNybXpyVEc3MFlBWlVzLTdlcndIUTlKUEJMVEtUQTZhR0ZtWFFKcXBCcmhSX0dHd0ljbVB1YlVuUnZIREJXMFFSdW5WQ2k0c2pyU3JfRlZhb3hvS1l6dHNDaGI0ekFpbElpWklmcWZYUGlZWXZWel9PNTFrUlFNSmo3R0YxR1VRLWFiNWozQnlHa0RoTzIySEVIY2lXSEItOVV0UmJ5RlhINXlLU2kxcEpHQU42RzNzd29kU2FmeV9Xd05JN3U4UVBzSHU3ZzlMZXpBc0sydUZ3ODBQazBFTVo1cnEzMl82MzROTnl5VkVMZkFrN3ByS1FfREM1TlluSlk2VE5nOHdBMFhwSFBPRjlRanIwT050Ykhlc3Q1RzZ3OEtGQVA4bzJPY1pzMjhhSGp2MU9TS2prY0RESHlDMlNQdFkyUTMzMll2RWI5RlhjWmNmbVVOZ0pvMlhBWVhTbG9sNGpCZVlKTFdqNEFsWlRtTGM0MkxYUXNLUmJndlFWMGRUcjZIbVpqUG9SeGpySUt4WXFRcGx4OW1vNldyNTc3cUdvcmZaSUlyb3NZQ2prQ19faWM1M2N2WjMzaVpQRU1ueWRJMTRCZm9sUXVFVG5SeGJwUTBuM1VrT1l6Vm9TMGRJUEtSRVQ5RDNwdGJMOVN6YmthYV8waUZad01ybTZRRmFJamJ0aXZ6NXlTekZlMVVHS0l3OUxFWWNjUkVZSGpQYmc2WE5zZ2k4Z3Q4VGsxZzRCRkdCRUEzeUFLTGI3VkJLaHFQY2hjWFhPTlB2MTJzX01PeFNCZXE2YV9BMTJLWC1tSmQ0bHVSR2w3M0xMOTdiZldoUWJnMDh4WDRWTHJ3QTA1YktsM3VZbXlZc1VBN3ZMeGhyQjFtVnJPaUtodHBVSjhJVGZIakdZOWRhTXBNYnhLZ1pzRFRPT3FwaEJqV2FtQXFzcllla1ZGbnVxWGV2eWNxMVg5ZWp6eU9RcWZ1NGhCU2FsRDR4WUVkQTdMeUx3UERCYXh5ZjNyQWVwd21seWlLQjc2NlcwN3Noa1lKbXJGM0c1SUl2TmpzczVLdDhFaVQtcmxvUW9nTDB5NHpxaUdBUXYxQ3RHaDlrejJzbUF1MzZ4YmgzbEZadHM0bHZKalJLcmJrQm9wd3RsTUlaUjgyNERqNGVNcnhobE9PdGpvS2RwMFhrMF9ORjQyMFQzZWxqTnVDcWstdmlhbjJGWWk3WmJtVkwzanc2NVhRMVhwcmNpVEJaT2FMZG1jbnh5Uk5tQzdHT1U0Q1NSU1F1UzRsUlM5STM1VXJpbUxOMnBMR2ZaaGFLOUhleV9xMVBwQUY4d0tSUTBVaEI5WkJNTU1NSnl4b1E3bHVZcGxIWHVONmhlN3ZDZ3ZsOXpLTU9CeGJUc0t4ZHpXV01sMVlVVElUVDNWNnF5Uk80aDNaSjJLaWNQM1VCNC16Z280ZzIwUmx6RUltZURPMHY0aURCRWk3OXljYnpzYVJ2SEVSNXhCLUpsamk2c3hNVHNNSGQtYl9mMFVBMlVOTXNJTVgxS01rLUdEMDV3cmUzQWJjTXk4QVI4bFdyZGczYy0zc1dsV1c3b09JTEZiWjJNS1RTNU9YU2JyR3k0clpUaWdmbkRUclFpVWZwLS1uT0VoVHc2TGoxNzF0WEpPVUhWWEk2bHJrLWtVMFYydnZXYjZZbkFBdjhWUUhRTFVQYll1YkNIMnRlX0h6dG9KUExrWUdOU1FjNUhKTk9DNjlyVm92bHpiTlRmUzFxNTJpNTZ5cEk3ZE5qOFpWRHBsaEZ2aXZGd01QOTJlNmRpeEUyTFF1SWNNQUJkRlZ0SXlyUTFEUDFOTTNQRGJiS25LZkxXWkJOd0o0YkdNdmZLWUNUX1dZZ1RpRzJHSEUzOXY2MHFDQmFWTl9mcFowVDR5SDl6bDdGZDNGR3B6SFB3Tmw2di1UZHhFNm42OUZEU29JWEU4ZlpUazFpYk4zSU5jaHAzMnJlUnVHYVFvcDVjeHlzeHpSMHQ3NktmN3k1WHVPSW9pLTVGMEwzY3RQdEhRYllnYUJ3b1N3bUplZVZKR0FYTFUyYVJZV250Q3hVeXNMcXhveDl6UjQwR2dRMVhfR240ZE5jY2xSNThVb192TjEwd240cHZOTk9iZWZJR2xUdUJuVXNKZThTX3p0QkhuYlp5cVBjSFlhWF9Db09jaVF2Uk5RbmxMU25FZ2hOY0ZfeGxQc3VyTkoyZzJwSHJZSEZyUHFiYVV4cmoxeG8yVVJ1RTNQdXlfRVo5LTBCWTJLSDhDdHhMbkpudjg5ekx4MldYWF9rTGh0WDhHZGNoT0x5YUc5SmhpcXQ5YmlGSUtMWVI0ZXFMemprMkV5OUVObkFoTm43emg2OHZTR2NVd1U2eGZzVXNSMFVvNzU2czNMMG5XWl92eXEtTXVtT0o0OVlsWEJzQlpBdHI5U0NGTkRfaVhaUzhPRVg2bzFlQksyb1hLZGZKaUVxVEZuQWxmb19RTmUyNDNjUzhkdzV1REFtRWdSalRGUElBUWo0djBVOG9rOGxEakhPdWhUeEFnLWxUQzlkc0NEV1NIcExzZkdhOXg3N1NsX1Q0dWh2ZWFRYmZQRDFuci01MG90ekFVSGhocWI4UkxwOUVBZTI5Y2dnZkZLWDQ4c24xMC1JOHdacXBmLWtsUVcyOXkzVFU3WlcwXzB3VG1aVWh3WW9XaURpdFV1NkJOaDN6SGFQc3JhMm1rOHlsLWRXVy1kR3lxc1hrR3l1aDNKS0NhR1dGNG9nRlp0bWxWYndremVRMmxlN2hMSUpqeWZmcDJFWDhxRGd5X09aVGdIY3kwRm5RaXZJMHNtZEpvWVNPWVVlZ1F4bkVxczZFajZfeDZtbUxjZnN4bktOTm1tMDVWd2YxNlFQcE5SYXZ2bGxfSUxiS09lalBaeUlDUUtKa3VWSlVUTlQ0TlUwbUotaFFlM09GM1JuLVc0bHg0UGtKUklpRUNHWEVZVVU1SWREX1dUa2l1czJTcDg1dVViYktZTXNSNUt2NXYxMTNoVnhlRGZSdERwNGZjSHl6ZXI5cEt6SVpHS2EwMnpoTkJQMjhSdENHeDdFMFlyVnFxRDRJRmx5WFBJNkhYc3JRa3BGZEVfTk9ubVRHT2p6VzR3cmVMMzYyRHJGYkhycWZMWDE2aDRxOHAxdnRGNHF5U2V6YW5fU1M1LWZoSEc1ZlBnTVU0NU9oQlBuRXhzZzAxbS1WcEhCdDFJUHdZYWhzVi05Y09uQkZOd0pHbWJ0U1cxTzNKRGZBR0IxVFlwdnZNbktIQzNaaEJuYklsQWF2b3E5dEplMGhjTkFCaDdpMm9hdVdLZTZsbUFUVDNQbHhHbTVrLUxNVk16cTRlRkw1c2gyeVVVX0tRc1o0SWdNMmZQMEF0U1c4SkhIXzZISWhONWFlWm8wY0dwNnJ2UnpxMGxveWNfSDlWZGJpaHJ2OGlHODQ5bjc3cU9LT3gzemJVQ1NReE96ekVUdzlkN2pMZnh6T0RCRGdnVTMyWno4bWFNTTlXaWY5Q1ZJLTdhSmZqemoyZEp0UGJlODViS2RqZERiY3d1RGdVdFhEOXRSY0xTOW5saW1TYzBTc245TjI0NTJFSzhFVVp4QkRjZUtibVFxdm9hWXllRkhWS09RdkFPTElGWTNlQkdQUnVWd0ZzT2s2OXZGTGNIVldKNUt6SzBFTFdkRW5YcTVESVNoRFMzdEdEejNTTFlNWkRaT1FwREhNRUNnampsWmYyekpaMFExMkZ1emVweDY0LWVlNk9RZHdEcXpOb1ZzWlN3X3BJdWdseDA3eC1tN3FnU3FTWG9GTUtNZDBzT1VaOExHcHFBVGxjTnFqb1hZZlpvYWRKamRYVlJaZGJyblhPU1JnZkttX21tNjVsZ0lnMnZwTm9RTkpJRDNyUVVlREVmOG1HRWx4ZFRvd3ZqRW5uSm5LRGR0YkhtZFJZSmk4TmNFLTE1SHZEa1RPa0JtNEt5cjJYai1Wd2hTNzhvUkppelBhd3otYkV1LUh1T2FtTlVWNzZtUEpPSVFGeWhYeWZpTm1YaEFaSkE5bXhYNG9ROE9JMlFTM3NOQjBNRlN6X19hV01ZblBOTzBBSU1PV200dEhqOGJneVI3QnFBNTFlQ1RXdFJCSTFHTTdpRkwyX0Z6dl9jcG9OdjFOakZZbTdITFJBUmUtcTQwWTd5YS14RmFwc1JfTGlzUkNWNGhLR1Y0SXltUVJWNzhQWVAxNHN2Sl9PNG95M21HalRaQkZIWTN4NFhLUjdncTNuS0hqdUZvMHZrY0h4TnpHU0dHZkdIcWNxdU83UDNYaUI1Y1dHWWMzTkN2YzVNX0EyVng3SWV6T2dLcmFRdUI1LUYzeDMxWkFlYk12N1FVTnc5Qk1hRnBxejR3MXpIbTZmUWVTczA2N2VhRUR3NjVyRjNmcEY0VC02MmpHUVNHUS1ZdDBVSDBGMzY1TllXSnVOM0loaW13WkVoT2VGZk95VnJJNG5qWjk1eUZoWGxER3NrZGJWcnRqSHJVcU1ZU2tNcExZOTdkRV9FdDlwelBMMGFTNmR6Q1ZZLWlFODZsa0ZZUFNvTGViaUJzeWdnUWlUMmVpMm9lSC1NUnVSUVJsNi0zTGIyR0ZXaUgwM1RBMWdJXzRISHRXTUpKa1NaUzlQVmhHMWx5c1FUNHBYVUg3ZWJuVlJvaEh1cmlDMzRRYlBULVlpeUNENGRvQ0VOS2VjVS0xcDJEM3FhcW5jTE5mMm03NERfTHRkWnpPWGV4WTFIZlBSVUo5RTJ1NDVkLWk2SWxzNU1PZjBmZjhNTC1KTU5GSWlRVmFvcDFuSGFxRlhVSXdqSmVpMDA3c1gtR2pSSUNNZ2d5aVZfRnk3SzVlZlktcmc5aFZFd0xsM3QtYjdhOTE0N1ZmNFFIMmd0cWw0ZG9uS2pwMnRCQV9ETnN4ZzE5cU13TWlDTnBfamdoZ3pzMm40Q2xFcHVXSU5Ec0IyOUxOZ0tHemJRbjEySGN4bm0xblNLc0VPcnNuZldjMWlCVWNNMDdLMmM5b3l6THNqNjFTUDhTM3M1SkpIS0djX1ktNjdoTlBlcFl4d1lQaElNcTdRVDBBMkJ5b3pmc2E1eHRkMDVfN0VZYUszeXFwMl9TUkRHRVd2WVdLUld4LU5MSFVfZDNDT3FQWC1EdXVFM3pzMDViOEZvOG1YeVpMbV9kLUhhd01zeU90VVU5U3NQWGJCcklFMkJNQ1VvWVlNakFYeUJmbGQ1VWM1WjU1aS1wVVFaSHQtZEluN1dGbk9jM1VKM1NQdDFMZkRtOEx0THFTbFpfb0JWN2FsVnM4UjVZRkZyRGphWmxYRHB0Tk5iOWI1RTNPTmp1b1VPbDg5RFhfV0ZNNU9pektRWFVXRWZ1XzFiU2RCY2ptaVl6UUkwT2IxbWRfLVdpVEVlMEZVWVRreWlmRzIxMl9ockJkMEVRV08xaTJ1RUhHbHlBcG4ybFZOYTU3YmRiUWtxeE5lal9CdjhiTUVfVWd4U3pmSW1JdnZydHMtemdkb2hGaFI5UVNpV1JFSFVYODY0d01adERmX1htbGdLeWF2MmVGUzZTcGhrZm5IaV93cEhsMXpqa2NtbHBwcVotRllMVkhfSUNuT0U3NzlETzlvSi1oeW5YRXpvc2pTaFgxVHBLMmJkdFJMZ2VSWTFDZzZjVGVZUzBhWUNVT3B6LTNyLVdwdWJlUFRPOWM2bjNIanZLNXg1YjI2ZktwMnpSRnpZcXc4NGdGSkltUnNhRjdtMXZCVlZGQXl5QVdLamlGSEk2T042THlLQXRJODNuQW5URjFIaXQ0Z2xsYS00bF93VlZFZXJ4T21DVndTTmF5U2ZmaTNZR1hvVzF0UURpRFFlWkR2TFB2ckJmY2htcVFZRTRWZ3ZXWkVLQVV1d2VWdmR3em84QWFlNnFxakZNc2o4bF82MlpnZm1FTWVUaUtBd0Q2MkZPWVVwaklFUWRaN3g2RVlDN244WEpLZHZhS29VMWQzRXRPVE1acUdETVZFU2ViZUlLRlVWU0tfVnpJSklXel9PaW5YSC1GbW9GUDRDVkdLWWM3ckRYTWdRZGE3LTNlYTFqRk13dHEtRWdnS1ZCa0RxU0pOS1JrWmFYZ1FBTmt3ckxyVGdkMEdRdkktTTZwSEhDZ0pqYjdpOWxqX1BFVjNkcW9sV1VUWWdwRWF5OGZnbnpwc0tfN0F1TzRDTVVoSXIxOWhiNG5rNmc5eG16aEI5Z01CWjJjZG1mYU5NSzF2NjAyR3owWTIxWHpQd01ONGZ5em5wcmZYNXZ6b3NmQzV2bC1jQ1ZxX1VnU3JSLTJoUjJ5cnFNeEhYZXIxc2J5NzdPbXk5aGdtYjdBekstSFFLVnVERThLZ1EwUmlYd1M3UmliNjVsRTNBVjh2TGhiOFJ6Zmo2NXBkOXRUTmViQnhiUHZpdVIzMzVXZzZSREpRMTBKYTF1ZzAwWERTNGV1TmFqOE5rdUgzcVpCaHp0dlNZWTZaWUgtZUFjODJwRXN6bEk3b0IyLU1NU2NVYmJ1d0FTRGxKNmNycURhZVctaFF6SFZzazNvOUtaQ0FWdjZ1OENJaTc5MDFUQWozRGNzUzN3STFyM1NuNUpKRklRUklkLThSSjl4WWlXZUNidVB2OEhqeVozVmpHVDZMY3FPdG9HOVJMTXNNX3JqRkdRQkVka2J2YlMzbVRYbUZVRGpESkhVR2FudkFwWk9Lci10Q0E2UVJPSEppY1A2ekVrZ2lFMjJvMmlXQnI2TmpqeXhwQU96SWx6UXJPVm1pSzhWUF8wOV81RUhPd244bFhFakx2UldiZFhqR1JGZllmRmVRT0JvbDlRVC14NE94WTB1U0dkWTJVNFZYalhuMnpZMDAwQ1FheEJnUUdrTnNVVDVGdGo4QkVOWWZmcnAzMnZ4NDRidEk4WTFVN1NPdXdrN0R0czBLbjgzTDh4cFFaUXRTODBsSE5JRXpPNDVNUGlyVk1WcHpYZ1ZCMFJRMFRaZFFDcU1RemFPZEdSLTZyQlRQc2NnNGd5anE2ejJjVTBuVzU3bWhBb1NWQW5DQjRBZVhnNzdoejlMR3M3d0RvMFpQWXdWLWlJS2h0VGVZNnU4QU9Cdmt0dm1BVzJyZ190NkVpVndKNWh0OEp4QTVqSWZmV1d0SG9lUW9YNFFka09KX05fa2Zqek54UThJREhhZDVmb1h1Y2FEOFBsZ05obS1vT0x2UDZDTzh4UmpHSTJGd0xtNUZ3Z0ZNbjJLX1pzclBHUHlxaHBmSFpyWG1SMGdCY0R1V2c3OFpBbzNhOFU3RXEyNWVVdDBndGw0bWZVeTR3WWRtdUYxV2U4R1JnYWxfWTQ0d2RVc2tIYjJuaFJvMzhmQU5sUGt5UW1HNzZiU253dG5uQmNiUjAwNk1PYk5ZRzhhakwwMk5PdjdaUXdESnpHZGZnU0pGZUkxd1pQeUlZcUNaUkFqZTZEblphSHhCbWN6UUJVZ25yZ25MNnVTdmRVQ18yNWRQYzh5LXVNdkxCYjhobFhCR0V3Zk11UUUxMlBQSGYwaHRCVEJ2UjdmeDV2c01BeHJmM2xiYmRJTDctZG5xM2VYc3V4YUxuZXloOXRSRjNxN24xUTd6VFdOUTJkVHdlclhSOEhTenRCTGYxOXE4V3llSTdEZjFhN2w1Y3dfamc4Q25OQW5SSERzeWtVSW5oMTdGMGlKamhWQ1UxbDEzZVRoNjZRNE5WdFdzaUNxUEx5eDRENDFZWnRnSFNxZXFDOWZKU3JCdE85Q29Zd2w3czVMU0RfeTJ6VENvQVJPTUR6R2NYa19WMEtXalZNX0FDZmZ6Y1JoVU5uWTRhbEZ1c0VPZE1FOTlKdlJxQ3h5TXlJX2hGNTRRV0JjeGM1NzAzNzBQeGpkS2JUSnN0RTlaLUdoOTVxZVJ3aWJDcUVLR3k3VjBjLWNYdzI0SVRyczk1YTdLc05FYkxqaVAzOS1hbmZVNzhsNlJYUEFvM212MVF1aDY4bExQVUVGNFE3SWluVEZEb01hQXFYWlAtSUdWYmo5ZlVyOU9Tck9MRGNtSzhkNFhWaV9zeGF5aTNTMmxZaFE5Zm1Md095dGRoVmd2TVFKMWRXd3B0YWFmaU0xMEJQd0dNdWlCSm1wLUtUN29WaUphYjNLU0QxQkNGSTliMzlpLV9zZkVMS0Q3TUJIZmhiOTJOcVY1U3hwenMwQVdtQ0hmelpFc3RNMVc0aGZMYmJXVHdXd2lWSVhacEh4ZmRBYXVWNWk1bHd5alRIRHdrbFVtNmxleW5yekYzSW9JLTl1Q3pqZFN0aE1zY3ZCdWF1ekhydHNZaThoaG5ublNnbzNUX2RrWG1vUmJ3Rk5XQnUwSHo4YnF5Qi1nR1FXcnN1UFRIOUJkMjQzZ0g1MFphSzJHa2FWRWU3UGQ0bjhsWl8wNjJXR3c4bnZKSG1tbmdadTF0SldLd1U5REFTNFlnZUlpUG5KU1VQSUU3aDk2WXpGeGxUb2RRNnVEQXJhVTUwOGZqZzN5V0JacE5QdkEwUndhN3N1TWE0WHFlSldRZy15eTVLRG51ZmZuQ0FrZDVZb3JWOUxWVkhTRXZCbWJkT2F3R0lfd3N3Y0xJNkdNNGZDY0YzWVhzLUxyenZiSUpSbTJDcEJnNXBXU2dhUTNTNU1jLWpURG5wM25kQkxlWTRETVE2OVJQdmRkdzZVdktjODFTS0FwZUtBQVFnbzNYcVF5aEpYR29rN0NCWlYwNkZPRmwxeHpMNU9vZXNNSTczOGxDMzQ0ZTkxcXVUMXBOOUlrUFd3bzFFajVieFVUdmlPTDRPWDhQTUtleTJKWmpEVGZrZ3F4Q2llZ2E3VFQtQ1ltdk1JYXh2UEZzTmNxV0xOYW9jSHZpNDVJb1RLV29vV3FLRG9fd09TVkJLOXIzVE9pWWxvVlBMcVRGQkxET2I2MlJQczBrdzVTbzF5S1l5NUF5UzdOc09hTldHV19GVDNhd042YjlMRjdOOUJUd1RfSk9NWTNvNUFqSDFOOXFLZzJoc2EzTXNpMkNxTlBQUHBPeXNuRk54OF9QSUNYa1hYcm92SlAzMm5YSnlwdEszZkI0MkNTQXJWMTVlcklETU5hSVdYdmNxUTFfdURRQzh0N1BwVGFwX3U3enRfWkNjdlpFSUx4Z29TNWg2U29CMzNuU3Z1Ni1TcXF3cGpBZHR5QXQxc3RFSXdfeWh6T3JUbmhSeHduUEdfc1ZMOTBmbFd5TUNJbW5ILXZTZUpUVGNWbWp3MVFqeWQxRm1oNDRaUUpxRldzekNYQnZqUUFIYW1hOURBcW16cmRsRU5FblplakpkRFQzUEw0ZzlHcHBjaTg1T2JsMGN6aUJlT3Z3NC1MMVNCd3RwMG1yZlJuTWtMSlVSWFZOYWozc0s5RGFOOXEtbU8tVEZxS3BlZloteDBqenUwSURvTXRVdW52c1MwSnZBbmNLZkRlSG1TbFVFUzlOaldLWUIxM1ZtV3lZR180cm9QSFo3a1FJSm0wYm96dlpRQmZCYkhGWUo5Y0tLdE9LTWhBdmhrZlNwTDFxSS0tV2IzNVZwbTU4Rzd5Y1BiV1lFcVI1cEpMTkFEYkl3Y3dSd2w0Y3dqVDNmS3hESnRORFNja0Y3ZnNEZ25ONW5BUzN1NEpyOEZ5MWp5dWxUbjdOUUdVekVfb3AzTlNkUmhBV3ZLNmJjQk5raUY3SFE4X0xCejVNcXRGWXdwYzlaUlo5RUQwN091aHU2elNtTmhNcXppSUxrQkMwOU1CY0pGUUdkdnV1bGgzM1BBSlRSdGxrVGJYTlFTRmJ6aV9xYnlDT1FCSkVWdlZxaHlhRlF3dUZiLVUtN0w3N2pVVEFUZlVoTEFHM2V3Rk5HM3BoQUdOUjFPS3VnenNhSXRxSGZGb212UHpfSEdwTjJfQ0lVWTJlcHBFaVMtNTNLbnloWFJ3VmU0OUF5Y2VxRFAwa0dWSWVhcXFYVEJkOF9qN2c4Z2RrS0I4SXRQREREcjdEanVtOUtpVHlGaGlndlp5VDFDYXQyN0JfYVpGTHNYQk92V2RoTUFLVVp2NTRZZ3h1cnUxVTh3SUxGV21vc0U0RVRwUTZvMDd3T2FtTkdMbFFEMVJ3VDNWRVJWM3ZMX2tRMlJJU3dPZHgwbGpjZk15ZkdqUVgwQmlWOW5LUGFsZXpDYThaLTVQT3VHVkhJUmtJaVBBck5ocjNQNXNtdWQ5NkFhWGkzQTdQaXNXdmttWGhLMHh4WWdWcHRUMGlRcEstUDF1bklOXzUzMnM5N3p6UnRtdWpBXzZPNkx6RmJaZzc1WGctNDV6TG5hWTlrMHYtQTNZalN5NDgxNk9BcnZwMk95eUFFLVowOHU3UUxST1ZadkZwWVhhMDk1aDB0MWt2UC1RWXFEMjBXMFhPT19kNUxpa2ZtUnVMekFnSzZlbExqZlc5c2xZZkZlUGFxcXgzRlNwSzh1cHpBYUFqRFFHLUhlT1k3SzhTNHFDNk9Qb3VmWFRRbU5yem5RbkJDWm40RjhvX0JlV25YWHJCcjRVenpfY0RZZ091NFNWaU1meUxRR1IyTGJlZ1RUdzYzZFJUQWtTWTA0bndnQ2VSbGxYSkZ1WTE4VmZZTHBJdjBXQ2RTNGdCNFFpa190VmpBdTdyUTRDVEhCS3dsVzN4RE1abDhTM1ByWWFOMmhDa0MzYmQ4WUdXUVZVbFZ0WGo5X2hBZ2V2Z1ZfUHpnNkMwVmRVTXdWVzcwWGl3VkpxNnlPX3VQREwyMjRfaldncHZud1FUZXpuS05hdkI0SkdjTWl5RF9tZkQwb3lSRW1KYzN5TEF5bXVSdUZwOGVJVmFxcmo4NU45dW5MNklzMHUzZmxTZGZaanlYbTBYQ2hZU251YUthZ1k2UzBPZnVQNTUzcUozcnpMN1hXQm1WNEJ3WDU4N3AxV29FYk9rMDhvZllNNmQwMjcwbWZLWTVfTGV0aEl4OWpJTEpRWkZla0lfd1FJU251aExKOGlKZXVFbkZseVZmSjhZSjZJUEpSWmtBaS1jWVZPMGxyVGhQTnp4SU1EUEJnTVNKbDFLdFExTUQxVnh1bENtQmVvMlZ0c2o4aHRsWjhiZk13UlZ5a2dWcnRRQ3U4MXJPaHFfYWNtb3NnR2JkRkxSZjFQV0ZvWTBKX1pPRnVOZE5IRnlxenpLZGNZU1Z2NGF6UUY2cVlYM2lSOG5VTG91WkEwVkdiZXpzSzRGVkRZVkNjVllLTmFJYW9DNU5RYTZDNkpvcTV2UjNQQWFIUzdVS2dYbmdKeURRTU9Xd1ZiMWNoTDVJc2s0RXVhQ3E2ckNDWEtkZThOT1BCMklUTVdJd3Y4VFVqRE42WGJNYXlJSzEzaGFfSjV0TEFXRWVLeUZpdDhJWUZ0WV9JMWtnb2tGcnNPaHdqLXNmcVZMSjduQlN6NWJ6bVE5c1BVc2diZUFpNmhXRFVwU1FUdFk2MzFyOG9mT05lWm1EMFYyRDJheDVBc2ROSWFHb3Uzd25leTdUaGxMaXJXV3dwbU1GU2dKX3ZpdU5VLXd3VlhOSFhibGVjYjRwX1M4dUFraHV5WEhqdzVzek1NSkphdmR0M0lkdm9rcE42dkRCSDRhRm1NTjhGV3FYQVo1cHZIeHVmSkxtVTFsbVFtSHEyeWl0amVCb1NzRlNoYjNLRFVMRHdGZG5ZTFI0MmEwZmkzNVdtRTRjVFVGb2IzWmNXZEhpdndvRHdmc0hfb3NJeWF6aDRQRVI5VXdmTTV4Qk8xZmhHV1ppZXpZemhTTzdtZllkY3BNUktPRDVPbFJVSm9WS2FnX0M4UnB0bzdYQW5Qb0hWTVB5Yko2RTExOUVkb3BpWXgtb2k4NEdZU2VKN1ZXRjh5Q1RCc3F2ak9UOUc5UnBUWlBQa2xGVDFobVhKY1FTWUdRRGlFb3NhTWtiRjJUTUlkYk4zMTQ0STVDRi1QTnlsMkdSbllvelhEdUFOaVlSbFFlLXRtQU1meE9vNWJROEVQbWZWOUN2OTE1UW5kVTV0WWpnS2FLSXNqZXJJYXBOUFJTLWdBNnlFcVJMcnJJQm5vQjFWQ0czOU5zOWY1bExsS0hkbkQzQU9lMk1OTFdSTzhnRTNLVFBadjlORlBsWnFIb1lWaGxrM0dSYmdLQlRndnlBakI2V0VfbnlBOWZoWTBIeXF0Y0JMNXN3YkhJQ1BqSUl4a05paW1yNUZ3ZUplNVhKd1NHOWRmZlBjT3FQTXVWbFVzU2ZqVTJrTl9CQ1N1Nl9xLUlaMndSaVJHdklXcG5vMWQyc0F6dFZRbV9PVUJqYzdQem9GZ2xuQjNSVzhwSDFraHFDUmgySlhKNzJWemY1bWRFbVRWXzZ2V01CX2NqQkwxOGp3aFdMaklJR1JLOV93Nkk3am9nVDBwUkoxZFZpSzlpdmZrQmpxbnBZa3gtb3hJVzIteWFtUjNSX0VtcV9RaVVzVVRhOUw3WVpJQmgwQUpmZnQ5c3RkcVR5RloyYXBvRFcxaGppUG5WV1B6ZzZMMGZFSzhyN3dXUEZiaXA2ZFZSZWVmeTJaMVpVQU04amlyampYSFM3dEs4R2FHdDFSTEJ2ZFNURHczRHhOVXpuRVlIYm5PdDJpNlhPT3FWdFRjZXp1M2hRZ29CQWlTNGFKRnRQTmZJcVVpbVNXMGhqdmh0TzJDMDVmdThOSk1nYlBNT25IV250VkRYbG5UMEVPQjZEWVg4SktWczVPUEt3M2JWeUoyY2pxak5Qa0pBd0xpSTgxaW1DcVRSNGF2UEZFM2QwTjBXSFc3bFFVcTdEdElkRHZMSTVDa1FJbXhvRDQxcFEyb2wzRU81WWQzR2VYTUJJdGVpYVJjZ21raG1ORHVlUXZpelI4UTBHcDR6aXozY0JkX1NITUxSS3Z6MlE4U0UxajZVLTlYblJKdGxVUk5iTTN5UFRyWXg3dXVId3ZOSE1xMlNDZC1CLVk0Qm9HOFZKSTJfV0I2ekljODlIVDR3RnVCOGs2SGFEdWFVMGFJa0xWUTJIaGdfNXQ0V0RSYVR4VERvUmlKYVBEeU42LWs4S1F4anc2TjNGX0NpbUFUNEtUbmVqdG9jaVpCcmk4VDNCOXRpUVFJdEZLbnpNa2Q4ODZUbElNWmJNaG1teUEwRVJ2OVAyNk1PUDBRT0xzZmNiR09tdFZwWndmX2lHcm1wVjg0Q2ExRDRDWlFuMlZGUlNtRGVXbDFFMEtzQXZlYVlXMEhIVVl6TXNXWUIyQ3RwenQzWUx4ZWV3eEE3b1ZMYW40c3d6dHVEV1h1M0Jja3BPMWREV1ppYk04ZVozbmRMQzVXcXRoa2ZsaEZnTmRlTVB4NGVoWXppN0FTVHQ3VEUycjFuQ2xsMDN2ZHZzMnQtZzJoZDgwMTlfU0p0T1NHM2lCZGxOSlV2dGFlRGlCU3pRbXRtYXdnc1BYXy16UFFUZVdQdTlaaGNxY19ldjFNX1FmTThXWTdNV01DSDNoMjJ3bWE4eEhGRF9VNURoQS03bHRwZDY4WEhSVlZJSmVDallPdlpiZlNwVWFuVEptMHBpQUJTVFBLZmtvSXFNdURlMEc3QlB4ZndFWmVLLXp6SjVvcFBkUmFvVTNJSHltdFA5WWJfb3lXb002RFJYaE9JOGFfMDJGTkplUjRkWTlRaVFoOS1pdzFVVk5JZkliRnN3Y3d3alRZdXlFV2lYVzdXbk1ZYUJJOHdnQmtEOEhId2lkQlRPTVRndUdtcW9ObGFMaG5neDQ1aXpPY09pcUhCcXN3b3hza09hdTJoVFRpWi1iWU02elhSeGtHT1hqeUJjSDRXSEFFVUdrSm9xbW1PczZzWEN2N2pucXFVQ2l0ZVRjb1YxM3hETUNHUmZyVVhBUmVHeXZTS3RLQmFieWl5aVBtVmtZMW9RQzdSN1c3REp5VmQ5bVZYS0VDZVI4SldjWVl0aC1CQVZNZTdCWnlFOHpsUkdVZ2RsWEdEX210ZGYwMmlMUzd6TlhjaTV1LVlXTW9tUmpFc3BNOVRETGdETE5pblYwMFJhS2tvVGRlQVRCVEZiNmFxanZsbGVRb3phWWJMa3djSmc3NkVlUkh6SnI5UkwwRWVGTGowX1NzZEpDc3R1Zmd4eU5WMmhJakxucWhrYUVkdjRRNWFER0d1MzJBNFhpR05IOFU4Wkd2b1Q1elR1d2lGckNEdUJtQ3MySGlZUTI4WVk4XzExc2xORzlMenZaN05Sb1FPUkpPZllCTENmMXpkclVrbXZIWnF0VkJ4cERZRlN5S2lKd2pqVDkxcFlFeUV0TnU3QkQ2N2k2UFJLZ1htRDBGMXMzQk5kUk1VY1JDcG1ma0xsLW1CbEtGbHZWcTJJNWpvVzF1U2pIbzVPUGtjQldoWVF2aGttRUc0MW85SG9rb3pNSVRscXBjUk5LcjBUQW5kNlR1Y051RjdkLWQtRkNuS3JUTjdtUy1VSkIyTU9wM1c3NVdhUEZ5Yk9nZTNWMnNmWW9fTmZsZEstb3RVVkZ5RXQ1eVhkX0hnM2s4TGdmSXhvRDFoTnlrellpU1BmOFFUMmZGbFRRYmlici0tdGVybVlHRUxpbzVCaXBPWHdrYlhManQ3akM1RUh2bDF0a2k5a2ZrMDE1bDJQUUdfUnpwV2RibF9lVDJULWN4R2ZhTlYyc2F1VTZsSGZEbUdYVTVTLWlvM1dpUHFKMWVmVUVQMWlxWm5YT2FWZFpTcEN4WFVHVDdVdU9kYm5tV01MVU5jb0pGT042NENKeERCZ0wtZnZIYnlSODlqRlNMSXRuX19ucjZGelNHQl9STEsxMEZEck5jLUVSZkV5eGVKR1AxV1ZhX0dXeTFQLUdGX1VSVi16YXZZOS1vdzA0ZnktZmVkWVZXYjZJb1BwMkl4QlBqTEpUUzdUaU0tQ0ZMR2NNcFN0MXVZblJuNU9PTkk0N3ZoZ2xHMnhBOEZkOWgtdXl5WEN3WEtVcU84bHljZVU3ZDM3RUlzM1V2dXFYenFGVzhNMXVoRWtNUkpFMXVkZTRQLXJOUHZGRlpXV1duM2g5UzBuTW11OUJfRXd2TTlNU0MzaDRjWXZENl9HVWhxak5BcmZmM3JnWFdfVzFFbWRSdzlXWW1uWEVyQU8xdnpiYnRiTlJlZnd5QVNfSVFVY1Z6REd1MEJvZ3QtaTB3Y2QzbVI1UnlkYlpoVHVheGVBdjg5Z3MxQURqNTJZbEt5VXVYakhqNjhLZW9sSHdRdnlqZDgyRENaeTBvNDl1Ym5udkZ1YjBZTGRQTU9hZXpFMHVfSE9iSU82bHRsN3Fhc0d4SFFGSVAtemJQR0tPUjlxQ0VobVdwYmVZM2JlbkJQSW1KZFhMcThCWFlyYnk5NkRzVzlmazFFTGVRbm42bW9YS3JoUGg1am4xTmZkWnREcEt0VzRMWkdYWWIteS1heVJrQTlpU3gxVGlLMVFMd1U0WjRkZXh4LXNHbTdfSWI1MEtNU1NOLU80Q0s3R092SWh6SjVmNmxMTzYwb2dwQmJPWVI5cUF0TzMzTWhwOXFuYWYwcFpHNVY3aFFEeUNlU3B2Q3BDUWVRQlYyM1czSEJoRDNhUFBmaFBLV1NneXJYaTFCNWgwbUVBOWxfU0U1YW5meHoweGRwXzlQWEo0SlZIdWkxVjQzNVVDLTdINkloYTViRkhsaGJDUkN3dzdSblF0YVI2bWpzWmxzYW9sLW1HeC1yM2kxQXZOOHd3UkpZWjd1UDlnazZZZkdET2JqLVBTVDFjZHF5UEtEc2RaV0NKa1JxLU54YXdacGFPam5FQWJIc0N0d1VJN3FPQndWMXZkVWJjV2Z6Z1N5dVpOU1dKMUt1ZExmQmZWeXV6ai1VMThZcDNOWVMzN0l1ZGZoMEIxTS1QSEE2Y0ZXVXhsc3JtNG9kMlY3WkRiY1F1MThMQ0dCX0NlYU0yOGpyTlRGeXA0SEhILUJTNDZzZFJ3TVJQWC1nNzJRY28xLVpScVdLRGQ2bVNwbHZYMEhtd1g3ZmhieFBiNlB5MmZ4dHJqY0NhR0dEdldjU0FBZmFEVVMxVS1LcjMtX18zQ3VsdVBHYVRZTmF3RmgwbG9KRnBBdzM2ZnhRV0toMGxaMzlCQlE5MG9Wa0lScGNoRG5saGotVXdvYjlvNVFEbmRlWHRLVzE5dWU3OTQtbHczYnBQVWhUbWIwVkpuSG1YbURoTjFyQ09mbXV4bDNMQ0ppaDcyYzVzRExkSXNMTUJ3WTFMNHBKWVRoYVdFTVZzWlhLWHJlbkpUWFpRUWVsenVuQjFwVUZlUUtNSURFYUpyR3ZmT1hpRTRZMzJqdTZfMmVPTFp3M3pubFpkYUR0ZDBucDdKdk5wd2tXeWNNQnVxZmw0OS1wb2lpRExzX0M3S3JhdzdEOUlKUzlXaW5aLVJCYzQzbktITHRzZjBnODNZX3lBaktCMkE3MmxVY3N2WVhpeXVTRXR6cVRvdTZwOWtESzdnNXFhLXBiNW5yNkcwQWVFVE1PbUF4N0lxT1gtT3Z3d2p6S29sN1JXczZNbTVBOEtHNlVYU3dUeXpOQlo1bUFyOTlMWnR0RWxfdDhOVHNHZ3NmWndXb0xBWnRjVWJoX3htVFNzOG9SRFNpSy0wek1HV3g5SVlIMzVIdThIT1hPUTV5LWFXTkZyRHQ2bkh3ZFNUN051dWN0YS1USnpPUENWbmNzV2J2RlBnVDd3a3k0Z254eU1ORFJZWlRFX05PdkZQYVRxSVE5b2U4Ri1HdkZua0RWRml0cGJXamtVbDZ6S3VBUW9rRk1pcGJMcEx3NElrRXNRYW9yNDcwV0xLQ2pJbnNhVGo4N1B5c1dFZG90OU1ZQlgwUWRfSzRfVzJtUW5VZ2s1cmlXQ3RxN1pGTU14alZTSWgzLWp3eFhGSDBpaVZRV3J4NlJDNnlFZUgwVFFlZHQ0c1ZyeG9BQ2I4aklWRzlMTTZ5eUR5Y3dOZGtKOGN1ZlRUVFdsanV0SWNDWGFaYUpCbVNudVA5dno0MHpzWTdzWkd3SktQMHcyTlJRN2dqUVRMNVZxR3VSRE5mbnNrdWNPdE1SYlk4aXlDYzRSaUNHUUxwMFRTbXYzSFVaOGRIWjhlZFR0NXNZZkVPd3NvRG5vNUFabjRRMUlfeWxHd21YYkhyTkVidFlTS1VtWU4wV0pZMWJtS0VBbk5HajN0WTlaR19ta2dCSWMybWZXZGlVZndQOTRUeDVYcGI5SmpOLUFRUGRCSG1BN0Nxclc1Ni1vX1JiNmNPNHlRcmdrU01BRlBEeWVQeVRTTzFfb3lZcUZ4a1NqODR4WGdPYUlPSXdhZjJtRkU0cldnLVZoUkFPZEFfUmNxOTR1UWthTi1IYXZJbGVpMHZ0NDRORjNmSnFxMDFFMGIzVFNFbklUb1JuZDJZOUN4OUpfLTJVNnBYWjVRNTNLV1VZaTJzTTZLSnRvZi0yMk9vV3BFR0R5MWY3ejZPMnRqOFJiTE9wRWNUQUFPRTFiQzVaN1BWYU5objR6QmdrdktmR1d1MU9KVURKcFpTQ1NsRzZwUkd1bXo5V0xoUmRHSnUxcm1vckU3bkhuM2dESU5Wc3ZCWTZENWtMZU1fZzRuVlVEOW9TYWZ3NHg3RnV0NkhoTm9tQW5scWJ5R3VKSm51UjNJMTV3TXVRLXRMLUJyaVVrSGJycFFpRnVXaTVuaWNCa29CWjA4clRtTG1Md25lV0dMVlhfanV3OVVjcXVEN3V5ZkhURUo5TUVOUXdGdHNhcFdlS3RBNVU2SjRZNGxWaTFsTERXenNYNXhSSlc1YV9pQ3VVLUx3WEI3V0czSDFUWG9xQ3djb0NQeGRfX1IyMXVXTHc5TW1uRWJ1Z3VEbkhoZDFqZ2ozX0kwSUFuMjV2cUlSTkpqWHNZUEdjVVIwejRvRGNmWEJQbWlZWU9GVjEwYmFvSkJ3ZDVsZFVfNWlRMFdDMGJLRTlHSmFZOGVoaHlXQjBwRE9yV0RuaDliOXhSMHp5Tlp2eEt4VC1EcGRHTDlxVi03S0NtNDY1SW9QZkFQZzNxWjNiUmhOVl9ROU1zMlRFV3VXNVRMTlJ3bkFnOVhHekEtSklYM0dDNS1PVEIzdWhRZHhIaVRVcEdXX010YUNXY29fUEhSS0w1VFVuUk1ZRkRvYXZCUnEwX1lSN3FSU21YYkptekk5LXFCWDRnRWM2NE12QzVyMlBjdzZXa2dEdGFGVWVKenVjUmpnYVRwQWhhZG1GQmNZaXY2RmY0YXJyLU9IczNjRzYxdkU0NUxDVEdHYVpSeGx2SXhCNm1MdXFFbmU1LURpWHA4S1luSXdYRy1rTnY4MkxkeW81VHlYMWJQYzlXcHpuclBkUXpySU1TZ1FRQWhiOHJ0aTJmZGFHVFNhLWtKazE2R0tZcWhTTGZyLTZVSXRvdmN5TXVIYU9raHNXVlgtUzdXREZxenMzQ05aQTdJUTRTWHNsbGNaRG1MbHFUazdKNm4xVWpkQlVMLWRzNTZZNUR0My1nZFNUbFBTMGtwVUZzaWtkazhqNE5KTUpDcU0xd3VkNHZiRDBVTnVNRFdDT1RMRkpmR3ZjUFNhZlZjT3VPMzZtdi1IRFIzd090Y2xlRTVVSVBWN3VxbjdmazV3ZXFXWjZwTUpHcHRUY0NxVWxMOTZzWUFOVFhOZlQ4eEJOQVdqeDk5T3VWTzFyd3oyRUhHQjRjZ2k5ak1RcVo0bXduR3JWTTdwZTZrcTVXX3F4ci1wVzN3eHdfU0VZVkE5NHZwRGozYkR5bHlpRjdsWVk3aXloQ2J3MmNuakM3YWxVaDVDTVk5R3NYM2lvVzVISU5xdmJxNVJoWkg1RTVOUnJmQm5JVV9YU2lZcnU5QV9pUDRHcVJMQVpDakd3ak44Y2RBd1o3VzRPZENkOS10M3FwY1RuNldZbTM2UVlBX2RMc014T19TVzVMVFBBUUk1YnJiOHQ5TjdHVGR1ZTR4dWk2SGhNSkw5UktySUFUZ0RmWDJqQjFSRUREQ3Q0SVBpNld4RHJkRldsSGo2SjlGOUFtcDdpYVk5aEZfeXFiWVZnRW0zUzZSazQ3Z095T2lXRHIzekhqbVh4OVhPWXo0SUllQVo3d0JvSlVxSDBHTGJCdzJ0LXRxN215LUc4MU1DUnBaWVlNZDhVQ0xqMExqdW9QdlZuV1RBTHU5LXNEd195X2g5OTVCbU5vcUk4WFpQTlNaczFUYjQzWG1RRGFQYXlQNHBsRjFVQ09MMlZPd01EQmdtemlKR3FXRDBSd29TU3loZmxYWVdqNzZiREJId0FnejBFRkZmX0FsMEFxdXV2dm05N1BYLVREaVRHVGttbWFub0h2SUJuanJYVjJKaW9XZ0F3eE81YnBGenZpVWNiRzBaSHBUVF9iMFJfVDJTMWVDbkt5Rk82WVBkbklKTmVhLU52Z3hKcFphVG9uWVVMcndPb0tiZGdYZ3ZyeXJ6SmVSZUtKYk53aXhWX3ZwdnZEenFyNW10MFcxS0lTOHFiR3J4V2RGcnFZbU83SWJibkQwQnQxNUJvdGZiTDZxM2dzOHNQRmJyXzdDWUR4N0hxTmxLakltamlkNER2T1Zabm9KWTlGTXZoSTEwTFdKTGNSb1RWNlJBUmpSR0V4RXIzTm5na3JlRzNQTS1jQVI1cnFXX3lNM2tGd0hrT0xGUjh0ZkNmQ19qU1RKd3NqZkZJZmR1NnU1Y3J3cUpHOVFMWTBIbzlXX3lOLURnZmd6ZDBVaVJ3RjJXZ1BVenR4azZ1Wjk3cDZsaXVyWWJzUWVQN01iSFJscG1ySjgtQUFrWDBYeHowd192LTlTUUxQMDlxMEV6ZTFLUWJYRl9rMWRiNzF2VlE2Nkhaa3NxSDA2ZHhleFViSjl2eXJjTUVCeDE3VTNIMXdXY3ZINEY3NUdPY1RNUTNwY1dBWFNKMnJaU3NRTy14MkhxRjYzVGlFeFR6eUo3T2xVaGVoTEd3YnpXWHU5a045VWNLVXNiUzk2TjUyM0RZTmxxSnFxZWtDQlB0Qi10UmdlRU5QWXo0WWMzdlc5cUJocm5tQlZhMUlpQXhyUFZsdUxnMEoteW9zMDBaNWpHZm1US3Q0ZDAwQkpYa1ZQLUFnb01tMzNxRy1CekI5Y25McVhrMUVCUXFJLVdVTFpwMjl2VEdvc0s2ay01X0RtZlk2ZUFHcXZ0ZGttRUkzenR4TWptelFkdFcwWlM3TlZsdVZYdkJCWUowcWd4dWltejdiTldiN1hrTEtHSHhGLWlkcHZXT0pYUGZQSVlMNzJUTkVMOG1MRXB1R3lELUVWLTY1U3cwUlBWX1MtaDU2UXVmbVZGTlRlNzRyRkhQS094X2o4TDFKeGFzTE1uTWRJVnQxejVNbUxUeWJsSjJOU0FlVEd5NHg2ekNXNXhwd0IyYzVTM09VcElkR0hFZlBiczluUnlhUjJEMm0yaUluTHZvd2JVSkttT3hKQUpadHpFbEZhb2xhTnB0ajlLS1JCNHVyVmc3WkVENTJ4Rk12Q0F2c3RlZ0ZoQUl4UnhIeUYyckhoNXFmbzBzeTlDbWpBbEN2UllPSVBRWmc5UGpDMWJWWWQ4NjFtc0JXNFJaXzExQXJNWTVxU0ZweVZiVUVMSTZCZVJISWVqTmViWDFGRzhEUGl1R1BjamZZVy0yWkhfZlNJbFNGemhiZzRaRFB5cWFMd09PSEtzSDZiZUswMkxBQXlxUVpkYU5kdDZFalNqVGtIcndfU1pDUGhUdjVZQkZfRDRXM2ZHUnZFZi1DWUpfX2VUR3h6SjBFZHR2dFJmUWJTS2NjaHkwa3ZsV01FMXlaUWVjU0NFTXdQSmljam5ucHZtN2ozR1gxRGRCcG5iUXhHaVd4UG1qbXptWFk4S2IycFh4RnVSY3p5bjlXNUpYX2M5d2UzVHJJbmN2QnFsc0pKdnZ6LVdJc19nSE9YVEwwcVFlMjdYb3F1S1hXdGlyUXVSdHAtcEdoSU1nUU9WZFJpLVh3WmNsVHE3LWIwbE81VXdKQmFDUUpLWXVmQ3U2eUY2NkZiZU1vM1liTzd5NDBvUDB1Ui1TOWQ4a0d0ZU9ObVFFQlBoa1djVlY2SWJHeEFBVEhYWlFYTFNhZ2VDOG1XZjBDZ3N6YTVaYTJrU1hySFk1bkNQT2dwaWJQOEpwa1N3R0lPZGdQNnZVTzN6akpvaDNBTmhVdXJNTW1jLVRBTTk1aWt4UDVqNXZ5RVBnbFFhZUpDbFdIUVplNWMyU25XazdRRENUdFgzQ1ItazhPbk5SUDg2bWlaU0p4OC1lUDljejd1U01KOHltWTVyXzF0eWRMNXNPVGtiYlM5eVRkSk9SS2lINGFwX25RenhGV09GTTFfWUxXME8wVlQ2bl80bG5LTlhMY0V2bWREb3FaamFQV01LczIzVjRIaURhZHRiU2JVM1pzamptSHhYMDNyZTVBSXVvZmM1VWtMOWgwUHZRaU9qcGo5Um13bnhzTWlrUHMxU1N6X3Z3OU1OclVUTk5tYUtwNktBZWl1SnFrM2g1czlhRmRnckJfdl9JN0FqUW1BdldWelVfUWdNdi13M0Jub3ozT2V1V3g3QzIwTDJZNFoyTVRyU0w3Y29tNV9sd09GS2ttc0EtZTBVZlVxeUJvWEcwY3k1dFJ4Z19JT1c0dzE2SWkxa2N5em1wV093dDNjWHB3S2M2b1pDY3Q1QTJFVjh2dVo4Y2JXbmlzb2ZUTzlPQVNNbUgxNmdvRTdybFBRVEVnWUtIcjlzcjRkbTBTdzBJeEp0MVNUdkNHTjhLOHdfc3pTUFJfOXVWNmxSNDdEY0NsQnYxYkRtc1dxM3RhY3dNdmRZSzdDSmNJVmhmQzJmMXRIRVJjWEJBbGZXeHBvWERxbkhSbEZ0NmY0cmpMeURLdW5EMnREdThLNzF1bHBDcEVRb3NiZjF5ODU2UERmbmFVREpmQTFwVmJVVGxEZWJUVFdxaENIZ1pQMnFrODdvSUhDT1ZjV0FlZ2pJaTB3UjdWLUJZZDQxN2RDUk9oRGpPWW5vTUtSaGVlWmhMMDFPbFZtTGFaUk5EWlFGYklSQ2lhd1FnbkJFNHlfclM4TTNNQ1M0aHh4MnZZX3dyanJvaWtRc3BNbkN1bVMweW5CbWhram9SQ2tzSklCNFhlaWZGM0Rjb2RueWxqMmgyakUtWUNZYnQyY0Z2TjladERZcVZOcnd2WlRObFF4czJLb3NER0wybU9Kb3UydzBBV1NpYWxRLTJrYXFLQlhHczY1TXotUzNMYS1FYV9RZG5oRDJCeGd5VFFGRDJqV25pcHgzVGQzRGlEcE5tcHB3WkJyNEZXaGo0VjN0OW5OeUNRVlFIRkhGRWczSTdfd2kxRzhVMzlOdGxVQmNwdWUwOXFjOC1scXdoZVBURFlRYjYxeHlDYmJna0YtMm9ncHA1cTF2b0c3RXhTWmVpUmNGdEZLb0VlRExfUXNpVzhhTzJMZG45MDdQbDR2T2N4ZFJLaG1FOWZMeHhUNzhDUXNtRTNkdkZOeVVQbFplNENUVTRVSEN6ald5aGNHMnFUZlVEWWlrbEotMUtvWjBJY2RGYllwaFVWSW5adG1uQ0YxQWpmTHdveGFmbVNLNkhZRTRDU2tZakZaM0tVaXJvRWFpVmo1YWNtS0VhV2JNSkpYNmR6V21GdDZmZEJuWnBNSnZMOGRCbk5Kb1QwQlY3WVZtUTZnVlBYbGhXTkZXYzRQLVZpc0dZLVFKaDdVRnBBNTlDN05OZG1CM2xYM3pRRjcxUDhqX2lOb2l4eTBoT0NUMUxmdjJRemhYcXVHS01MV1VsaTh0RVl2QVdNVzlqaXd2LWM5MUpMeDZYWHBhUllnemllbjhBdW9wbnFVbU1aWmZQTUhKel9FOWxIWGl4RVFIUzl2S29MczJKdkl0Q194U2htYVdMSXdiT3ZNdmRoN21ZN2Y5WUxHdk8tTnZKdE5xd05WTXFjdjllcHpobGRMNWoyZXlIWDJRVjZJa29rcUhlY0ZFX1ozNHRaMHZiZUZacksya0F1THpyYXhDemZUZWNXcUU0MkZocm9vakJCRWN2SkZKY01IX2JLUEFZa3ZTZUFkV1RNZmxDdkJiemgzOFpZenNNUmFBV3dHbzhwcC1haC04VUE1MkFjbkZJTEw4cjltcS00aGpqT08wMWlUVWk3eXRfcjhncFB5V0dCVnc5WTZkNDZPVVJDQUlxSWdLTTR1SGFtSFVBY1R5eVJOS0JQWGNxZnBhQTMyX0dpN3J4LVNUbEU1TjNNQUZqWXVUS3Q0bXB3RHpNbjl4ZXhFUVBzY0FyazVtTUdBaTdZeTg3VkdKb2NILV82Yjg2SG12S2NLRElCZXdURjZWUHFLU0dBa0E0aHk3bU9jdDFTU2FVYzVRbkg2bXVianF0OVpIdk15Z3dJaUp3bi10dmJKYUQzdXZFQnVHWkN3UHZJZVBwaFBCd2h2eUZnbkFOcWRxejdKcm9BaXZTVWlUV2RiNUNPZG9oLWRiR3N0bXBWVzl6VW5qY19lT041cC03cW9CZFJFYUlrU0hPTEN3dTNVc0NtRmFWTzlJT1ZXRDZVTHRYcEF5eVJ4d0ZhQ18zdTRNMDhyaVlJR2JoRy1RbFFuUmRaQ3RhemlEd3FmamJFTEhvSVBUWjkzVVh6LXY3X1BsUWhBM2pGOTVuclJIMDFveWZSdk81N3JkZHhkZkdySHpMQ3BQenMyV0wyN1V4M1ZiWThaZzB3NjZfdUtVLVJmVlQxaWRvbU9GcGM1S05wdkhZVmRoWTFYZ0pNc2EtNlE4NF9oTmFiTmUxYnZqT2pBV19hVUxyU2c2RzFVMmRLVU04aDhyU1JCVjViTEhuVWpPTFgzVUZ5d0d4WmtnSzBtN25rY2lpYVNXT3hhOE5fWjFvZUx0SzhsMHFTSHdrWGpMZWdrNWhhTlZ6Z0k1M2k3d0kxbnJkbDdUTmZISUFELWFVRmpJZFg0TGp3N2ZJRTJwYjVEeWJpaVIxZVNHNVUzX3h3cUZDeHYxY0Y4R0dlbGxaaG8yX0Z4OUlkYm0taHJJZl9CU1RCRG9teGY1bWd6XzBuTWJyMEdlSXlHczF1dWc2MUg1TW1YYkMyeFlUc0xOQjdnSXN0SnZOaUFIcXd4ZFdKS1JIX3JHUy1CczA2U1JMaWIzcGR5dDJzamFscGt1bzBoZHl4X1VjNnhoVjQyNmpLaUFpS29GaC1sdGdudDZWUUhwVmN2djlhNFNnMXZLYjVnaEo3NXNKLUEzNm9jWTljWDBYT2Z1ckVuRnNPNUxfeWRCc194clEzVmd0blRPblFCS1UwcDljNVI3VVQ4ZkdVSUR5RXBmNmJZYlFENFhhdl9VSDVlT29HYUVGSnJUQkg1Zk9JMWZrN0k2eXlDdHB5OEF1eDdDN1hjdDZIM2RCUjBySUlsYVRncW4wWGJ0ZFJaVEtGSHA0aDRzbkJCME5TeG84RnZac01QUWVvTFkyd1VmVDZ6LVd2QXNHeVNPZ3RzTzhyUnVQZllURmlOZF95ampadm9UR293MHZJYkU2aGFhZkZSWnVuMlJIQ2taU0NadTNQUXlocFdNRnJ6Qkk1bHRlR0hoSVNueElWeDlsZUgwUHZkOVJuNXZpU1R0Vzh4OGk5djZXQktDek9LMGNreWV6UU5WQ2lYN0xuSkZGWk5FQ3lSOTVaVWYyWVp4aTNRQWJaMUd0T2h2RENVaTdBNU1PTDRkWjVmc1o5U0tSalAzTXlpZDVyNmh2RzFVXy1hRF9paUdVVDVDQ19ua0plcVZVUDM1SFlaU0VfY09RYWJIemQ1MlpGbmswSUlrZmtBaE9YN3RIOUZELXN4dlZLUU5PMlpxNGtoUmJsQjRGVUU1OEsxVzh6V212eTFyRjNrLU1XNGF0OTJHUXpqVzE0d2VuTU5zTmpKaEVyc1VsaVliUHhkbXdMTjJjaFlra2RTeEZqMmFTMUVaMGc2THdNamdmQ1A1RDV2dy1JNjA5X2JuNkEyOW9HOW1FNEFDdTVzVXp1UmdSUzE2UmVsaHh4NFBTdEVrLTRWc0VQZG9OZXpwZ3JKNERZRE8xRjF6UDhYQ1lkQXJMUnhXVXZKbVBFZHc2Z24xdzU1cVVhQ01GYU9OdENEOFlUdDFwSm9aLTA3Ny1xbElNb1ZqVUJUeFZVRElxVXVvU25sOEpyVU5CM3c1SkYzZUlNcS1VVU5fVElEUmVyVE5TWGVyRzdEVHZiSElvcXMwTE1BR3NxTndSQTBjNVFEeGRFQTVRUnFUVkEzUVk1QTN0TVozQU9mVldXYXROTkYxRjBsUkVZbmNYTFpyQjRYb2pEM3Nna3hzOFJHaXljU3JHcGNIeFlQZmY1Ylo5bkdJd2hmTzJBVDkySXRDcXZ0YWdrWUZ4aUIwR2tqMU5CNHBIYnl2eDk0ZFp0VjRrRXhMTVc0WEZZLTdKWmhCbmI1YThodkhoSlZ6ZXFVVnNJTno2QTFub3h1ZG5XeFd0S2k1eFBOYXNsRFI4bXlMVE5pRXJ2cVF3ZUlGZXlSb1dUeHlVTGZLSDFxYmU0RmRhMUFNbDE1SUFiYTlTaWdtWk5PalE5UFdhQk52QWlieXRxTkw4LVhCQ0NjNlZZZTlFcUJaaWpEQUtxanBLeE9GZ2w4V2FFRXFsdU1GeEwyUnlRYk9JTFUwQjROVEo1bV9FMjNMamJvQTM5dmdDQUFDQXBhOWJseURRbzhNT1U5OERab0dWek5YQTJuQ1JiNjNtN2NJZ2hfcS03V2xIVGlUelBfV0xmREJIaF9Sa3l2RUxqTjNxNlFEa2d1WEIzTDkxa3I0d1NzVndmQkF5N01DMV9zVU1EajRuLTZpZGctelVHQXBIaDhIYjZhX2l5aVZrZnYzZVY1VENxMGMzTndvbTNyUnNqcXN5NEd6cmdPN1BHcFhCVFVrdkI2ZExDdWFMMnIwY2k4MzR5TEh2SkVDMjVqRU05TTVzeWxQWTdNVURYWkprTm5ub0RqLU9LWlRKRVU4NDlFUG1zb3ZhMmRtcmNDVGpabHhfd1VMSmRqR1dVTVdzdEY4NHVKUTdfSGY5Mmw5WHhsNnVzTUEwWEpDZG40bnU5QXpmN0llTGJROGQ4NE1DWldTTlp4SzZQUEdncU5EOEdhSm9qN1pkeGxmRmtkSFdveW9ackRRSmxwYjVwUkJyWHRYWTk1cHptMVpzUG93SWFmVF9iYTJta1ZCYlJlT3dkR3NjZHg4ajd5WnYzVzNQOEhCMzJvZkp6V3pfc3FpcnVNN3FOMWgtWFFHZDlpZVpHRUp3TlQ2d1gtZXhrdjZzSy00WF9MOGRnQ3Jpa3lsQkxJYlEyZEQ1dEhua25wVVRyZEZINnAxekJfSlB1OXh1SVNHNHlvak1KWndMOU9aZldPYzJtLVFTSFUtSnZNRHVuT09RYjBTTXBnMnF3d2tjdVR2SDJ0NFpEZnN0NnNoUEw0TlRZSzc1MHZuZFNvRm9FRTVmQS16MlJyMFB5YVI4TVl2WTRpekN1SWp0U010MlcxQzhKZC0wQk5PcUlhdndETFU2akNEa0pyQ21XTGVPZzRoTVZxMm14R1NOSmlzUTg1Ty1GcGJZTHltbUpvLTN3T2o1QldkYmFoaU91NkhZeTc5bHhubmZqaTZVT2ZucmxlWE1kN0ZlX2JRbnhXbmpYcXhlbWpHdDFLbmxzVzQ3R2RsTk9RZlVWWFVINXlrc05yTFZUSEp0d1dqb1pPWjI3V2tEWHlzSFdjTkJfbENsYWd4Tm1FVVRsWHhpN1dSTDkwNGpYNHZob0RRaDhzalhYSHdKSVdZLWh2MExvclM4X1p4QUNGNjI5c3RiVTJyRzJ1VEppREJ0ZEtWeVl1OXRKYkVxTVg4ZGNEcUNOdmF4SGlabHRsT2dYMHBwcVRsRnVyYTdIS09LelU1MjJDdUI2RVdFbUZSZnB5SlNkTXpCZEhqdHhLRjZfSm01RzNyT1ZSQnBvYlRGNS1xUmdPd3hWaGUtM0plVFJXVzg0d3c0MmV0OFVTX295R0pQZjFtUElqWFhRRmltczhXcjFuUm1rZ0F3U21EUDRXVzBlQ3JBRHlxMzlMSi1XWmlnV2RtdUg3OHFpR21BUU1ZR1RoOGU1MGZzY1BtTC1OVTNQRlhfUWlQWndOSVIzTXgwa1c0SnRUVHNoLWxud1BLX19UcGtMWHZ6WHd0aUF3NktMQXZlbEpEZXpKQWhLT3Ztd3UtNVl4Vzl6cUJMR3ZCaUwwMGVhX25zZDMwb0o4c0dLalVBdDVpbGFCQjF5alpOSjFGNWJJdEZwYVc4Nzc4M2ZKTE9Cam90dTA1cm9weV9lQklpTmg0OXVUaXVLaVBCQ1k5RFhrYnVhUW5zMEpFWU9FNWdXeFJuenN6dUtwTW1KMUg2aHdfbVoxOVhTRWhad2JKaHI3aGhYX2treHJUeWRNME03a0duQTVCZVZyQ1UwZDBQVDZXejNwLUpSWXZiSURwZF9iYVpZaEhTZjdyOG10VXd3NnNtbGpQQ3VhMDJTSldRQTMtT3V2VV9PeDd0UGg2Z1l1dTdoMGh2Um5nYko2T1ZtSzdjRnJGdkRmendpeFpKNHNJYnlqZEdKVGMzemVSZjFuOXdubFZzSW5UWmNBZURWZllxYTVxakNPSVdWYmNhNXR4TzNTWUI1VzdXTFNHSHliU01FVVVuTU5DeC16ZnpTdWF5aVBpZ1duc1Rtd3EwaFRabEhqZGd0by10bUlOSFFkZ2pIZUdpOE53WnBSRnk3emJDQmJMUUZUZmxDSGdNVGc4YTZCcGg4TFQtc2dPbVlwd0hYTjhfNTBYYVFLRS1ocFhqWWRwTVVFc3IzZ1F0NUlfN2EwLUJuUjFwUlVKTGdQS1luTFZySVlpNDhEMGptcS1GVHhYd2txZ196S0ZMYUJ3VXZ3a2NSZVFrLXo0R3Y2UHFRal9BMkQ2Rno3ZW1JZk5lY2xpMmE4eHR4NEZaUTgwa0c5SXFOYTZkM2FDeDJDQzZ5MUZ6X0RIVVFwREQxUVBRRDdYZWY1bHRGcUpiUUdtamUzX3hCNG1JMWlBeTQ1bDdjWGduX3Y1UDNhN3FqV0dvUDZRREFfNFpLZjY1eE1GZmppUTdCbDBDVVF3Qk02a1htSlhzTHNvRjhKUDZqRmtMY0NYc09IdW1ZZDhVeXk0ZUFlWlRKLW9sdmtPUlV1c1ZRSk82djZnU3NNYmk2bTJZc3RmRk4teXBGbzRMLU9Ndkd1QXZ2Y1Bzd1J0ZWtFalBiZ29CZlYyOXU1ZlhQZmw4d3VnNHo5WFlnTmRwQ2tXM2dGRlZjV2wxUVIxRGozVGlZTkw5RUNqQWxjcmVQRDVlWlFqVU9rZkVzTlRwc2Z1bW9iWHllWndtTjNKaFViSnlxXzlra3p0SmhqR3BQTy1RT3hqd1FMaC1aMDBYaHJjWlNpektBMHZ3YlVjRzN2am56cE5vZkV1WVc0ajFzWTdBMjNDY09WaHk4SEVaWkRwc1JMVUVDeEZkcG83Y0ljU2Y2MXRoZUNzNS1iUG5DbEpIMVcxMUJpRkxXdGQ0ak4tQ19LOGVLYktUVC1UOER3NGVYbExmRE43MkZvTHBxQ2EwM2U4TE1leklvOXROS1o3eEtORW5QRnllSHF2RTc0bHhLYzRHTXhXREhyY0JvRnpwcUk5MGJOdDUzdEFrY25rQ1Z3NGNPbzFDZlk0UVZKR042OWJab2luR0FuNjJuYXIxLTRsUEdLN3VoLVdsUklCSjNOU01LN2UwVjNKdUtON0FpbXIwV2E2dGU0MjJ6aTZmOVpYNUhYdGFESF9ERkxiY2tRdmtjRDAtSVdDZTVZZ3U0dHROUjNqUkUwWldFOHFZM0RqZ2FjODZjQkpyTDhLdmZXTF9wSXNuQm96QUJPVzFhWm84WmQ2c0dBV0F3LXU5dzBFSE1sMXJGMHBRVkh3WGtUY0kyYW1tRTE1aFJPY2JtZjVaM0RLSXBnRXViaVA5VmFJUVQ3VnNucFVPX0hpX2tUY2tqbHg4aW5DTDJaT09xZGRrcVFOd0EtaUw5OERTREpkYmVIckJ5ZzMteUZxQW9wc2c2dnZxUy1zVEpQY05sUmtrTVR0SUhpcTM5TEdrUkZXVjRpMExfNFpwQTlqY0lwdTJ4WmNMa3Y3ZHlPUnYxNjNWZ2dnNy1xaEdpVEdYeEVHS21CYlE2cW9ld3V6T3IyeEIzaEM2QmZ3M0I1Wm9YUUFSR1dJbkVmV3d6X1NnMFB1S2JSOFNMb2YyUXF5b2Z4MWVvemZNLWJPTE1CU2hqQzF2bHU5NTBtVlgxc05ZeXZqR1M0UEV4MFVsNXRqMDlXNjdYNGhETDZSYlZTb2d1VjQza1JlcUt4dWdjWFBITHhqN0J2Z3RQbC1jUjh1Uzh6cl9NRDdMVDZKLV9Oc1BjN1dhRFJRUk9uYnpwUnFfSFJzaGVMaUtsU2xPcnpLNldFUXJ5MTBrYno0OEVmQVVwMTc0R0FyTVFHUTF6dTVLclVBcHF1QWxSNEN0d1cxOUpTYnF6aDhDenhzV3R6eHdhbGRuaXlLSkJKV3ZTUXh0dHVoUTltM1hNejRpMm91Ny0waEVJcnkzR0pDOVVkdWxBTlZxeVJCbjBVV3g0NTF0cnp3eWlFZG01UEwtY3FISGZoclJfcHZQZkZSR0d0Sy05WkZ6d0Y5cmhKNF9GUEZTVjloTnhLTjhsYktjTTdmc3ozaGpQb1kxYW54S1pyU0hkSlA5WF9LNEZKWkphNko3eDE1ZDJxVVVtRFNXeVZNcldqckRQNWxNTW9NeXlyV0ZraUpLeHNOQkp4ZDZnVGJBa3NLalhUaE1hNUJIMHlSczVWeHI5clI4b1FIdTNRNTFadzgyLWJwTHdldXE2TFFuSS1rekZmXzFjRnZMZVkxQTE5eXFNSTd2em1iSC14Qnp5RG5vcUlRMV8xX1JOZTZfOUhrc2REdnItRFdMZFUwcndTcDV1WmlMQ0pTN2VaTEJqOUJNcF93WDFfcWluaThxODlsY09RVFduTW5TOFpCVkFWYlJPYVk5M0ZReHBGaloxVjM1UTRjS09acnBPX291MDhlVlVZOWExdUtsQ1p4NXFFQ1hFbFVJRUlsT2NBaV8tWjdkVlhCVDZybkV4eXBqM0lFQWZXWlJHbVRyb0JhbXduVjJYSTBzcGVaeEtaOEZmWm5XTUV3UF92NUZZSTBYcThjR3VraWNQcFA3c0pUall2bUdwdS1BeGVpamZReEFEQXFXX2NWZXBmblV3N1V0STZVSGpxaEZzd3ZYRGdoeVpBaVJuXy1sQm9IbnczWVBQNU1wcDlHcUZDOGIxckl5YUlvblJ0T05jYW9wMVU0NWM2M2FISGk4V1NxT3NsYmFhNGY0UlhCVlVVVF9tZ1ZsZFYyZDE5aFlfUlZzcklRM3kzaDhMNlIwWGtSeTZHaGIxRWhLVS1YUHFmT3B5S0plNDhHVFBXUXUxNmJyaEZzMDhKREhtcUFabExEZWNkQXdZRnFldFRoMXhyUEtEWW5MRmhsYTQ4VGMxZkt4RHZDZm9feUU1bGxobnZaMVUtZzJVMk8wTGUtdjdBOGdoWl9jN1dtMXBPU2ZTbnVDNGhjM3ltZ1lXbHBPYjJaS0dTU3hVMEszZVpjMXkzS29OM0szMWtTbS1jMENDbzNQYlZISER0NTVUQ3IzZEpUZG1aaWZpR2V0MXVxZWZZV2FOLXU0MHdrdWlOU0RDUzFZZlRYRThUcW52MndkaV9Mb1pzRXZBOUl1QmxMQXRRaVR2akk4SkR6ZkJfYkZ5dkt5UExsNHdBMWtqSUJiUzJ2dDNTaXYxZFNHSkI0VktRMUYzUnkyeEZaSUdJVmV0Wko4Yzl1RkZDZlRQNHlHV1lXNDVlV01ZNzVveWttMGx5Q3N0NDlVUGFVVXQwMXRpNDRoQ082RS1Wdld5WDlueXgxMnZrYmpHUXp4SDRYS0xFZ1ZsUjA0RVNOZTd3OGlnSjRWQXZIMWZ0UWZlX1h6WU1hWnM2OFVqdzhyU2dPY1NNLWdPZ1RQZURlYjk2UGtoYUxNeFpTX2JWODJNa040VnBUNzBnWDFRbFgtY2d5Slo3NmZYT2EzcjhGX0ZJLXQtVkZRanR3MjBOQ0UySEMtbktkRXQ4Y09BTEtreEtGcjI5LXBjSkZwR1M0VFpfOGZUTF9sR2pERmhEZ2VTcFlKM2U1eFNHUW1xMlYxNERPbmpMbDZvVzZrODA1R2wwc2lRMkhyMTBmVXdyTlFWdncwVEQ4M0kyVGRFbDFtQUI2QWVoMlFsQjUzRE5zNXJPeDZxZ19sWFhWOWw0S3VoY0QtR25QS2dIOGVWX2Y5MXBEaEFoMVdvRWN3OFVDVURNOGZRWm1DRkluOGFTc2M5SU9oNFRuT1hkeDZuUTBuc1ZJb0ZXekduZjJ2dlNnejhHazdrNHlNSGNodWFPTlJiZVNPQmlBRVBFT19zQW1RZjVDUFhVR1A2TjVFQURjbWJmTHNERjRfX3VhbkVRY2JOanBoVm56WjJWLTAxVE5Xd2RWT2lTSDVOc0tiRS03NGVfcXFZZFM0R1Z6WFlEVkJoTzNFNExzYmtIc3l1QlZMeTdoU25rSjlqMVpBNDFBcTk1SGFJS0VlbTI3TlkxS29xZzc4b1g1cFpwaDMwWjNfZVk5a0h2bmNIcEl3UzR6UjRraUtjUC1xOTZRRmVyS2dkcVoydGoweXg5RVp1SlpLM3FJOGxFQUhuOW90T09INXVCVzRSWTdpNFBmelZ3azJTMjhNYmhwY0pUNmxDVFh5ZFRHbElmN3VMQldJUW5WLUd1WThldXlETnFSeXNvV3F6d2RGdS1Dbm1iU2hVeHAwT29SUU1YMFpycnRFVnhsM0hCLUpMYXp0cDRIbC11MG54VllSY3JMM0JlSXFnaUYxeUhxanB3UXNkeTJwX3VMeWtCNlUxbkpVZWMyNnNxcUVOdUlUWEtxb01Wa3NJRkZEN2trc2F5M0l5M3B1SHFNdlcwZGZKSHlqaVRxa2pIbzRrR0VRellPZ0VOZ3FuWDhZX2tyYnVCV2RhQ29FRzFRT2xRa3prb3NVUFZxeFBKWE1wSzZ6RGN5cHozbjh2UmxjczR1S25MVlpGNE1pSk5GMlRkeGY2UFppQV8tWW5wbnpoQzNULTIxU3pLM3pxcW95VWU2clRvT19RME1jcG1GbTBaRnBoVEw1THVieFhHTHVwUFc1SGFTaFJqZjF5Znhkc2lXWlp6eklQdTJsd2JIdkxxaER5dTVpdU1BN3RiRWFWRVVycnVLUVM0MG1GWDZRcWRnNkZKaHVFbWtNYkdldDFLUXpLVkxCaXozZGtidzI1b3M5RkZQYnlqZlVGYjdQeXByb0x6YkNieWRiNjZqUWRiR1lkWTJ3Y0E5dFBPQ3laZnZHMVpBbnNHSjJ4Ymc2dE1NYjQyX2FjXzMzMk1VRnFWSXc0bE0tTUEwX1JnUXBYSEVKLTBNUUpzR2NEQ2NRekdRY2V2bFIyNVlBLWZkVmVTU01sa05Kcl92cjg4c29neWJEY3EyOWN2YnJqZDlsR1BBeklkcjlOaGRjTDZuVUhjTms0V1pCZHF0RkktREpmSnRHMHhzV3hGVHlBTHN6ZFU5ZEhaamJlcjh6a0hTRTdwbmdNRldVd2lyel9BUk1TV0pEajQ3bDU2SDZMYVlzU01ycEdWRlpha3V5RUVKdmhxbEVNMnBfU1lBNEZvNFBkMURHMzZhUzR3T3BsUFl5MXM0aFVVOW9GQ2tuVk16ZjNVRHAxYUJyOWRXRUFJTFdjR1FrQXh0TDZIendiUE0xcE9NeDRIYkl5Q2FWM0w1MjdxTFppZVMzUDJmWmNMc3VKb3JYblVnY2ZuUTdEQVd6aTZDTjJLU2x6WWdTRGx6U0RiMlEwOEJDenRZaFVIZnFvcEZPVkJQUUZiZ0xGZ051d1FfV3pCLUp3Q1Bjb3NEU3NMUHVFY3dEUVRsZFBhWkVXX2lVYWNWQmFMN0s0LXRsSDNLU0dRbnlZbGZQOFU3N250TlJ5N2dBSGR4R1ctNTViSjNWeFYzNFVEZTJqWmxCR1JGeVhfN1BHUTRyTXZ6eXFhSVBmUGVqTDZkTUpMcXNQd21ZR1QtdkpqZk5NUEZoMHJxd1NtTFdRcnUxNjRvek1RclhzOVhIem51TzVFcEdXYnZzdHpLLXlvUllDQlJhYVl4cGktTTNiOW9ZRW43WTFpeURJRFNpTjVTVWZEajJGT3RHNEt1ZWlNcTdWQ3hlc2FNZ2Z6OUFxWnkzaHJ3ZlVWeUg3YXE0NnlhZmRRcTVQRDBNSnd3MkVPbXRKbGNCSmhsUW1pUFhZVmtYVFZRaFJHdndib09LZkdvTk5QTy1NQ01jNlA0aktpUXNYYkFMUU9vc25JUzFXamtmdHRUTUEyVGxLbTFHVDZvS1FLMGJEQXhLNVlxclpaUTkzWkMxN2hNZEw4UlE5TjdGTUJILXg3UmJVZFpfZUFXVDNla0dfY0toUEs1TFJwRjZYWURJbUJlZXdVdDBRYVhyUjlkRGF4T2ZnMnVTRHVzS0sta2UyRUxrak0telJmR0Q2dEUtc0JERTgzNjBDQ2ZScU44YV9yREFGRThVU05BTjg1SGFHTHBIZzV5a2w1VlBYSmFTRklmY0dtRW1fWXo5ZVduS0cyMWVFbmNVMVNXVV9Cdm04d1V4bnRiZnQ3UE0zdTh1aXlnTEVlWHhBSzRsektzVkpRUmNhU2RlZzFIanNPeFRYWHU1SGpBU0RiTm0xVFh0alZoV1pOS1gzRVRVR0tKbDZlaThIWkk4djlFY0F6TW1laWpHVVVxcFN0SmNJTWV3YTJDZHNHaEtrSFZ6UVN4Y2xGc0h2UkRWNUJ0ZmJSc1czaTlCM21jN1ZLcVMzbmlzWTFHZmY5bEFwV1YwTndzaF9OckE3RnhCaHdvcV9OLXQxNDc1T2tOR2gzazYwN2JNZUR2Vm9OVEwweDRGU1dOeUd0R1BHSnVjbVh4a2YzN0ZqMXZldjlCWWF5MTlQT21LUnlUbTNwV2lCNFktNTVxbjVQNGhkLU9kT3VFcmtleEpQcDFtX1VsTHl0V1Z6Xy1FNHhkWlJpNTBWZzd5aDYzQmlzQTJ6Vll6YkkxX0lkQUpFb24yOW9ETVZNTGhvMU4tTU9mSHV5NkF4elBhNVBlREVEX05SQ3gwc0VjcUNRNzFscDJvUDhFbUFScTJWT1JCeXBqd1Jra0lJaHR4ZnpCd1RFOEctYUtYa3Rkdzd0bnNhZjRqM1lnVWE3NGNHeUZBeFRON1JHdjNLaTlXVGNOdGhkYlFhanZmR0NhcGZNaU5DcUVtN2hsNUpDOHVUOU05b2NlRFdsdlp1ME1ZWmVSUjRRdTNESDZGbkg0bXpqeFA5eDZYTWNsS3NNR0k4YnZ0YkxMZTFaVS05UkV6QjFwckhUcHZxdk5xSWhnNWJ4UlJMdm5hUldxQWNLQl9zc2ZDalNTNXFzZVE0N0s1cVk0ZGJSNEI0RkxUQjRLYTdETkFYdWdHLWZ1LXZ6SjVtTTN3TGZNZEl2TTZhOTNwLXQ5ZDRESEJLd3FrcTRNSkhpZEhmbVRnWWRtNWtjQnF2ZmIxZVBaLXhwS3JGaW1oNWw0OVMweTBXdjNVMnRqQWpScGFnVWZwQTFwbWdub21FMkVlSVFoOTR2SVFlLUNHNDNjaWZ6UGZaa25KNWYxMFJiSzJuOEJUb0pKUERvc2VacWlOUmpLQjIwbjhpbXk4M1JRY1BSS0RPVUJRSW9qbWNINmlqUERXd1MzLXZBQVVUeHFXOE5NdHp2UHNueEd6Z3RXUExybGVyN2VLc1Y1dmZhZUZfYjY1WDJYZU54ZUdCY1F2d1ZhcEFHal8tWmJpVzJJVHdDd1NaVkthOTB6VFRCaUFZOEtURGJGM2xzQ0NoZHZHVFV3Z29aV2tXeWhOQkhEcHBEdTg0TmZhV1gzbTJLSlFzY1d5QjdvRjJrakRBQ1BNX1RVai1lT2pjX3E0c0ZXbWdvVU1SYWxuZ2Jxd0R4SjR1bFRtQVlKYzdESC1CTUV3bHhGbEx2cmFPZnRkZjRSeWdYaXNZc1Zhb01fT0Y2VURtRm9HT2JWTzhUOGpnMUE0OC1oNEV6enZIQW1UaVdOQ01DTDJ6SGNwMXV5anpubFJ4cFJWdEthTUZGTE15YmNad3Rwd1NadjhlaHlGZklIaFl5WXlRdzlKX0w0eDY2Ykw5V29zRl83c0lpeUtVSjhKbXMtaWpVdEw0Q2NCYzItMTZNQWY0VmplVnpHdE1mTTdWb1B4d1V2X3ZRcl81aV8xbTZqVHkyamU5SGd2UjZoVXhrSnkwNlRIdUlzZS12VjBjMUVfMnAxMkE0UUxVM1FLSGpJRDJlSE54TzNPeUt5YWJCMkVDaVlqUWRxbC1qaC1GbTFaYnhNR0FDRzNIUnEzVFZ0U0JsSTZrLVNmakI5NENERk5jT2trX3VBZzNpUDZsX2VpRnlITDFtcUR0NlFDbEZSNGRaaE83aG0tWFF6TERncE9xbmxzUjZzeVFKN2k1NGtHTE5FSmFTYTBiUlJhVDRYZVRteHVsTUZLMjdhTE55TS11WjZRdzFlVTRSOFJQV2pXYmtqSTVRckpwc1hBdUlKRlpZb3d2UTMzamhYOXNyMGxJMmJuWWZySzdRdjE2bVp6SGVLZ2xJUUhyVGJ4bEtoLW1FVE1VSmhpNk5Ia3BsRmF2UFRIeVltR2dhQlVvYkdGWXJ5a2REWk42VzJ3WHRTTHBKQVNVcERIZHJhejZqX19DWng1NjNsbWlvQzZzYWJkLTIwN294X2lwNDBXM0ptVTBEVEdHOGc4RHdTOVA4YzRKZUEweEIxTUNIbUZnTVFLZU0xRXptVjRXdjFzR25jWmVKZmx3MUw0XzIxY1BWNU1OYnd5Z2U2bmxjYU90bGZjelpxeW5CNTVPbktwaE9MWjNhc01ORXpWeC1WRGFXX1BJSDloZXh1LVZCM21jSmRYMWlNd09mNThhOUJMLWZtVWtRTWlRengzRVBhWHZ4bXZlMnNWY1BXQVlFU3FYWkpqZy1KblNWaWtVV0RXWDZFdThrX3RDb1ZpaHFnVTFQcFA2eEFNaWJCbGE5c1JBOWN3RzZCT1dEbHo4cVlwTVRKNkJ0V3prbkFuOEJjLTl0MEhXdDVXamR5WkxMV0NCdW1xUk45VDhtTGVLYUhlUGh5VEc1M3lJNHIxaVZQNDRud2hlWEQ2aktuV3NFZjJEWmRxc21aR3dHUTdHQ1hCdUFuMjlOQklRYU5sOV95RDlSZkJZTE1WdzhiXzJmeUxLdXpwYlFKVlYzdl9XcWcyenJvRllrak52NVdUc0VjTks1d2g3SU5rczIydmJmOEthUXNaV0Y5YzBVRUUyWWtCa1BLX2JCNUgzbFZENnlsWndBcHltLUZCdkFPV05qMTRlME9xUGxEN01kUmNhTDd1WHA3dnZFdzRXX05EeU5NYkVGWWtfSC1QdUpYYzBZNUNNcmdpVXlIdUt3SHVJVjRYb2xhMl9MOUJRYVk2S29yZTZUYVVxYmVLM0F2ZGlYc1VFQi16UWFtbjd4eEl3VVMzc0ZiTHhncEVLa1o0RzZiVTVrb0NVWHczajFvd2EzTGE2STdvTUJwSnJXTndNWDlWb3BaRm9YN21GZUR1cGZUZm1DTW9JbkpxVGM2YVppbENWYU11d3QySkJPOU1Ibm5kZktvZXc1UTJ1NUFoV3hseFRIZTNwTThvbi1QalA5OWJQQzVDNUJNWG52cmVFTnJpUUxnVmRTNFFrejZZNUdnRktYbDM3Zmk4UGN5enhHVVJ1ZW1mLVV3MXNDY0pOcHhELWhWZkxGU25Fbi1GaWFKX3E5UU42dFdPVzRKUEkyMFpjZ0xscW1TYVdFVXdPRERDbXJWeTlmam1LZ1pURXE1VFpSTFFFdl9aYkVodDBoT21EUlRYekJSaUhjY2ZReWw1WmR1emRuTkh4QmlRM19CUExmdUFFRkNXMmx5NERJV0ZvQldJUmEtek43Q0p3ME5OMFNxaGxreHJpZUpUeWFKYnZqWTNENjBublFuTjBXTV9YanVKcDJwT3dVc2pudnFpcFZ0QVl1NjUyT3c0WkwxNHJrSnBnS05FaEVyd2VXaWtLcnZqTGlxMnRKN1RYaElueXNlODYwSFJSQzgyNUVKOWVTOHRJMXFFZ0h6aTZWUDFnY19WQzZNNnJmaHh0YTJCMU9tQms5R1lWeXJJajJRb3pNUXlSdHdZNjJJSVJKR2tEWURuWG9iamVieVVnbG1DMkhPeGR1Sk8wZXRRcWM4bUJHVEUwd1M1OF9JbFRXcTY3eGpKeHR1SE85enVFR0VieWx2MFpyUWNKY3VDWk5Ud0RCUGlxV01NdHJ3UW1NNFUzUy1zUzVFVWFLTzRIRDI1WWxldEd3QnVIRUVSN0hpUnhvd0NMQ2RkNUJzdHJaM3RqX3VwZWEwcm15T0l1aU1rRW5fWDNRRFV3TVlnS2xiVDRDN3pWZWdYVUc1QjUtZ01RR2JZc3drc3VrSktZU3J3b1BMNFF3SkgxaVJRVFNwSzlwN1JUak5JbVN6Y0ptclMxcEFoblFXZDZ2aTJyRU9Ibms5MFEzWVRuVEhkMEtwQWpvRjBXRmh6NjJNYW4wcEFhaWVFRFN1TTd1VTRtOU9lV2h4NkIycFdVeHpUcUJBeDhZUjFCOFNPcDc0NTRZZU9iTmx1NFdXak9rQnFnT3U5UU9oN1BVWW9RX283NFphc1ZVWXIyd1dwdDhhX1prSXU4TENwd2tSR01naFA1XzRyQXhqaFRLWWRHQmZrUWRFX3o4UGtJR2VESlQtYzhNdzZjbGN4bjE2LWlzMzI0aUZ0V3R4S2did2FMYWhWOWVzaXZHSkg0ZE9Nd1kxQ0gyWUR3RGhDN0J4MzFkdTFYalZIN19ZWDdMbm5xSFptdExGSmxENWw3WkUyQnpzaWkzemVha2VURWRTZmRFbmNWeVU3UTF2UjJtVUNmZ0Fyc0FOdWFrelhGSmJmREFaZGFNYnRMSkZrMkI3cXdndWM4MGY3UzVGSlE3aU0tT0RhUEs2ZmxQckFxODJhQWp0SnhjRVFlWXVrLTNfSEFlVTNYckNJUWIzM253eXczTlY3RmJpZzZPeXRmWUNTUnRCRlRTa3haTTFCQnpjRmdGNUVIdFBkR2xRRDNTamEzWDc0Ymh5dXZCb3JKNFNMSmtMT2tZbGRFelNJbGtfNDFBU3RnTVZRYWotdllYY01wSlhXbkJNeWF5NnpDS1RPV2o4TGJkTjcyeHNOV1dGNkQwdDE3cEpiRVNjTGxSTXF1WGVjaFRESmRBaEtwM3pyTnE3M1FTUXNfLVozYUN5ODZNT3pMVUZBb1U1c29tOEtjRVBJdW9DRnNEbXJNNXlpdF8xc2FwaktEUThwSEQtVktUdl9XSi1EUVNCbWZZX0ZmeUJrNG9oZGhQWU56TUZKemFNWi1RSDBzb2ZEc1ZGYXA5Y21wUGM5YmNfUXRUZlZ6NXoySUwxRGpVQ2ZoZVpvSzJtWE5sNVgtdXhFMVJoeDhGcmZmWjVYWEVGSC1ETzRiNTYzeFFVMHJXTVhhdUhCMkFmSzRic2ZGd0xUWHdVa2lzSVhyWkRtVVlCd2VBWThpZTV5bDZ1TlNfLjJRNWxHQWNIZ0dQSW51Y3BlcmpVdnciDQp9.rv-xMWrYBAIWl2UnDnXkQkhMbUn4BJvTby8vLao33B5HCuSAOAfFtsFqNj1CNQ5iQayVP7yT4wd5Ws2lGQTnbpSDdT2fK4QGzZFFH7PEDkXWpkT18_VO0GGK-5RlPAcRp60nlmSoXbUcBLvQ0u-dtm-gBP7VGZaIBW-eXSZNWqqiXDgEJ5UupaxPIzzpbgjoSMrxxiKY-Ih_umXKFlPJKqRc0hfQI6OKDlVwNyl4-FNR9M9_GEcK6CplJMdb--z76Tv0lCLJ8GnhjivHuNOAp1Hj9q5fN6FH083bMkYru8aD-AbF4jgkm-_qpMJkSl4lh-Ny__daDvBlrJTowqkViw" } \ No newline at end of file diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json new file mode 100644 index 000000000..8fef32927 --- /dev/null +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust2.json @@ -0,0 +1,6 @@ +{ + "v": 10, + "respID": "2LVPaGlWAwzxURkrcTQX", + "inResponseTo": "_63ff9ef67370024c4d2d8b9bfd380578", + "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAicmVzdWx0Ijogew0KICAgICJFSUQtSURFTlRJVFktTElOSyI6ICJQSE5oYld3NlFYTnpaWEowYVc5dUlFRnpjMlZ5ZEdsdmJrbEVQU0p6ZW5JdVltMXBMbWQyTG1GMExVRnpjMlZ5ZEdsdmJrbEVNVFV5T0RnNE1ESTJORE0wTURJNU5EVWlJRWx6YzNWbFNXNXpkR0Z1ZEQwaU1qQXhPQzB3TmkweE0xUXhNRG8xTnpvME5Dc3dNVG93TUNJZ1NYTnpkV1Z5UFNKb2RIUndPaTh2Y0c5eWRHRnNMbUp0YVM1bmRpNWhkQzl5WldZdmMzcHlMMmx6YzNWbGNpSWdUV0ZxYjNKV1pYSnphVzl1UFNJeElpQk5hVzV2Y2xabGNuTnBiMjQ5SWpBaUlIaHRiRzV6T25OaGJXdzlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qRXVNRHBoYzNObGNuUnBiMjRpSUhodGJHNXpPbkJ5UFNKb2RIUndPaTh2Y21WbVpYSmxibU5sTG1VdFoyOTJaWEp1YldWdWRDNW5kaTVoZEM5dVlXMWxjM0JoWTJVdmNHVnljMjl1WkdGMFlTOHlNREF5TURJeU9DTWlJSGh0Ykc1ek9tUnphV2M5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU1pSUhodGJHNXpPbVZqWkhOaFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU01pSUhodGJHNXpPbk5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0krQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblErQ2drSlBITmhiV3c2VTNWaWFtVmpkRDRLQ1FrSlBITmhiV3c2VTNWaWFtVmpkRU52Ym1acGNtMWhkR2x2Ymo0S0NRa0pDVHh6WVcxc09rTnZibVpwY20xaGRHbHZiazFsZEdodlpENTFjbTQ2YjJGemFYTTZibUZ0WlhNNmRHTTZVMEZOVERveExqQTZZMjA2YzJWdVpHVnlMWFp2ZFdOb1pYTThMM05oYld3NlEyOXVabWx5YldGMGFXOXVUV1YwYUc5a1Bnb0pDUWtKUEhOaGJXdzZVM1ZpYW1WamRFTnZibVpwY20xaGRHbHZia1JoZEdFK0Nna0pDUWtKUEhCeU9sQmxjbk52YmlCemFUcDBlWEJsUFNKd2NqcFFhSGx6YVdOaGJGQmxjbk52YmxSNWNHVWlQanh3Y2pwSlpHVnVkR2xtYVdOaGRHbHZiajQ4Y0hJNlZtRnNkV1UrZEhGRFVVVkROeXRCY1VkRlpXVk1Nemt3VmpWS1p6MDlQQzl3Y2pwV1lXeDFaVDQ4Y0hJNlZIbHdaVDUxY200NmNIVmliR2xqYVdRNlozWXVZWFE2WW1GelpXbGtQQzl3Y2pwVWVYQmxQand2Y0hJNlNXUmxiblJwWm1sallYUnBiMjQrUEhCeU9rNWhiV1UrUEhCeU9rZHBkbVZ1VG1GdFpUNU5ZWGc4TDNCeU9rZHBkbVZ1VG1GdFpUNDhjSEk2Um1GdGFXeDVUbUZ0WlNCd2NtbHRZWEo1UFNKMWJtUmxabWx1WldRaVBrMTFjM1JsY20xaGJtNDhMM0J5T2taaGJXbHNlVTVoYldVK1BDOXdjanBPWVcxbFBqeHdjanBFWVhSbFQyWkNhWEowYUQ0eE9UUXdMVEF4TFRBeFBDOXdjanBFWVhSbFQyWkNhWEowYUQ0OEwzQnlPbEJsY25OdmJqNEtDUWtKQ1R3dmMyRnRiRHBUZFdKcVpXTjBRMjl1Wm1seWJXRjBhVzl1UkdGMFlUNEtDUWtKUEM5ellXMXNPbE4xWW1wbFkzUkRiMjVtYVhKdFlYUnBiMjQrQ2drSlBDOXpZVzFzT2xOMVltcGxZM1ErQ2drOGMyRnRiRHBCZEhSeWFXSjFkR1VnUVhSMGNtbGlkWFJsVG1GdFpUMGlRMmwwYVhwbGJsQjFZbXhwWTB0bGVTSWdRWFIwY21saWRYUmxUbUZ0WlhOd1lXTmxQU0oxY200NmNIVmliR2xqYVdRNlozWXVZWFE2Ym1GdFpYTndZV05sY3pwcFpHVnVkR2wwZVd4cGJtczZNUzR5SWo0OGMyRnRiRHBCZEhSeWFXSjFkR1ZXWVd4MVpUNDhaSE5wWnpwU1UwRkxaWGxXWVd4MVpUNDhaSE5wWnpwTmIyUjFiSFZ6UG5sMlIwMVFSRFZaYWtobVpXOHhkbHBoU0VGNFEwWkNNeXRCUW0xaVlWQnpjRE5HTVhGRGRHY3ZaWFpsVVZSSWNsQnlSVXhPVDJaT1VuWTBhV0V3WlhjNFRsQnlaVFpRUjJKRFZHTU5DbnBrT1ZGdVZqSmlSRE5yVFhCa1VqUlRjMlpRVFVnd2VGQkdXRFV4T0dsUlZEQTFUWHBhT1dRM01WVnpiRGxzZHpack1HcHdTMjFGVlVWMlpWcGpRVVZKTVhGa00ySjNTWEJVTURnTkNtRjZabG8xTDFCa1JUWlpSVmcyVlhwUE5FSk1VbHB3ZUdOTlJtTXdhRGxaYW5vclZ6QktjRVYxVTFKUE0xZFFjRVpvY2xZeVZVOUtVU3R4ZUhrdk5EWklZek5JVERkTlFsRlNWMm9OQ2twVU9XUndlV0l2T0dSbFpWQkRialJGTldoTFRWSlRjblZGUjJwaGFFOVlMMHcwTTNWSFVVOU5VRVZ4V1hCTFNIZzRhazlTTDBsUE16WnJTSFZWWm5GT1RuVlhiRWhDYlVzMldFME5DbmN3TUZsclYyTkRVRUkwYW1KUk5URTBSVk16UjFJMlJIQkpNbGRVVVRCaFRGbHRWR1YzUFQwOEwyUnphV2M2VFc5a2RXeDFjejQ4WkhOcFp6cEZlSEJ2Ym1WdWRENUJVVUZDUEM5a2MybG5Pa1Y0Y0c5dVpXNTBQand2WkhOcFp6cFNVMEZMWlhsV1lXeDFaVDQ4TDNOaGJXdzZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzT2tGMGRISnBZblYwWlQ0OEwzTmhiV3c2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwUGdvSlBHUnphV2M2VTJsbmJtRjBkWEpsUGdvSkNUeGtjMmxuT2xOcFoyNWxaRWx1Wm04K0Nna0pDVHhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekV3TDNodGJDMWxlR010WXpFMGJpTWlJQzgrQ2drSkNUeGtjMmxuT2xOcFoyNWhkSFZ5WlUxbGRHaHZaQ0JCYkdkdmNtbDBhRzA5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU55YzJFdGMyaGhNU0lnTHo0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGVlNTVDBpSWo0S0NRa0pDVHhrYzJsbk9sUnlZVzV6Wm05eWJYTStDZ2tKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrOFpITnBaenBZVUdGMGFENXViM1FvWVc1alpYTjBiM0l0YjNJdGMyVnNaam82Y0hJNlNXUmxiblJwWm1sallYUnBiMjRwUEM5a2MybG5PbGhRWVhSb1Bnb0pDUWtKQ1R3dlpITnBaenBVY21GdWMyWnZjbTArQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdElFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkyVnVkbVZzYjNCbFpDMXphV2R1WVhSMWNtVWlJQzgrQ2drSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1R4a2MybG5Pa1JwWjJWemRFMWxkR2h2WkNCQmJHZHZjbWwwYUcwOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREF2TURrdmVHMXNaSE5wWnlOemFHRXhJaUF2UGdvSkNRa0pQR1J6YVdjNlJHbG5aWE4wVm1Gc2RXVSthVXN6TW10cmJVNWtVelZIV2xSemJHOHhTbVJDWVdsRFRsVnJQVHd2WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDRLQ1FrSlBDOWtjMmxuT2xKbFptVnlaVzVqWlQ0S0NRa0pQR1J6YVdjNlVtVm1aWEpsYm1ObElGUjVjR1U5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01EQXZNRGt2ZUcxc1pITnBaeU5OWVc1cFptVnpkQ0lnVlZKSlBTSWpiV0Z1YVdabGMzUWlQZ29KQ1FrSlBHUnphV2M2UkdsblpYTjBUV1YwYUc5a0lFRnNaMjl5YVhSb2JUMGlhSFIwY0RvdkwzZDNkeTUzTXk1dmNtY3ZNakF3TUM4d09TOTRiV3hrYzJsbkkzTm9ZVEVpSUM4K0Nna0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDQ0TWtadVlVeGxja2x6YVVOM1RFRlhVVEZYUVVjcmJVUlVWVTA5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRazhMMlJ6YVdjNlVtVm1aWEpsYm1ObFBnb0pDVHd2WkhOcFp6cFRhV2R1WldSSmJtWnZQZ29KQ1R4a2MybG5PbE5wWjI1aGRIVnlaVlpoYkhWbFBnb2dJQ0FnY1UxMU1uTXJkV2xwVlhVMk0zRmpOWEZhYmxWWFpVeEZSREpuVm5GRFkwTmtRMGN4ZHpFMVoxSkdTV3Q0UzNOWVZGRlRRVE5LVjBoRFJYaHhjams1ZDBjMFYwMXRjRTF0U21oaFR3MEtkRGc0TjJOUlRtOUdURFJaYTBzMVRXcEhOR28wUjI1Q1ZHZFRhRVpXY0c0MWRXaFBkblpITUZsd1lVSlhNMlYyYVdSYVRYWkllV0psV1VSSVZHeHBia2sxVWtaU1pVaEdXRU5zVGcwS1dGQmhUMWxWTHpVek5GRnhaMWhLU1hrMFpXdHVkRFJ2UXk5TE0xRnVaVWhoU1VKbmVrSjFkMlpIUjIxbGEwVnlPVGROUkV0NllXWjBhMDVwTVVSS1dFNDRkMkZJVmtWTVdubHRPUTBLUjJGM1JraExjRUpGY2s5aGVqQXZVRVpxZUZGUVpsQkRaVW93UzJoNGRqbFFWVmh5YUZkUlMySkhZWEp1VlU1MUx5dFRNVEZqUzA5eGMzQmpiR2htUzFac2QxUlNhQzlXVkdsaFZBMEtSbUU0THpoYVMwSTVNM2cyV21SSVQwMHlZblY1VERaMVRqQTFjblpMWW05d1ozcG5ObEU5UFFvZ0lEd3ZaSE5wWnpwVGFXZHVZWFIxY21WV1lXeDFaVDQ4WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2xnMU1EbEVZWFJoUGp4a2MybG5PbGcxTURsRFpYSjBhV1pwWTJGMFpUNU5TVWxHZFhwRFEwSkxUMmRCZDBsQ1FXZEpSRWRUYTJWTlFUQkhRMU54UjFOSllqTkVVVVZDUWxGVlFVMUpSMlpOVVhOM1ExRlpSRlpSVVVkRmQwcENEUXBXUkVaSlRVVlpSMEV4VlVWRFozY3ZVVk14VldOdVZucGtRMEpJV2xoTmRVbEhXWFZKUms1d1dUSm9iR050YUd4aFdGSjZZek5zZW1SSFZuUmFVMEp3RFFwaVUwSnNZa2RXY21SSVNYVkpSVkpvWkVkV2RXUnRWbmxoTWxadlkybENTR0pYU2tsTlUwbDNTVUZaUkZaUlVVeEVRbXhvVEZoT2NGb3lOSFJaTWpsNURRcGpSemw1V1ZoU2JFeFhlSEJhTW1nd1RGUkJlVTFUU1hkSlFWbEVWbEZSUkVSQ2JHaE1XRTV3V2pJMGRGa3lPWGxqUnpsNVdWaFNiRXhYZUhCYU1tZ3dEUXBNVkVGNVRVSTBXRVJVUlRGTlJHTjVUMFJGTVU1RWEzZE9WbTlZUkZSSmQwMUVZM2xQUkVWNlRrUnJkMDVXYjNkbllsbDRRM3BCU2tKblRsWkNRVmxVRFFwQmEwWlZUVkkwZDBoQldVUldVVkZMUkVKV1JWbFlVbXhpYms1cVlVaFdNR1Z0ZEhaaVZ6RndZek5PY0dJeU5IaEpha0ZuUW1kT1ZrSkJjMDFIVms0d0RRcFpWekYwWlcxR2IySklTbXhhTW14NlpFZFdlVmx0Vm05aU1sWjVXa2RWZUV4cVFYTkNaMDVXUWtGTlRVcFdUbkJhTWpWb1pFaFdlV015Vm5sa2JXeHFEUXBhVTBKRldWaFNiR0p1VG1waFNGWXdaVzEwZG1KWE1YQmpNMDV3WWpJMGVFWlVRVlJDWjA1V1FrRlZWRVJFVFhsT1ZHdDVUMFJOZVUxNmF6VlBSRVZqRFFwTlFtOUhRMU54UjFOSllqTkVVVVZLUVZGM1RscElUbkpSUjFKNllYazFibVJwTldoa1JFTkRRVk5KZDBSUldVcExiMXBKYUhaalRrRlJSVUpDVVVGRURRcG5aMFZRUVVSRFEwRlJiME5uWjBWQ1FVNHJaRUpUUlVKSGFqSnFWVmhKU3pGTmNETnNWbmhqTDFwaEszQktUV2w1UzNKWU0wY3hXbmhuV0M5cGEzZzNEUXBFT1hOamMxQlpUWFEwTnpOTWJFRlhiRGxqYlVOaVNHSktTeXRRVmpKWVRrNWtWVkpNVFZWRFNWZ3JOSFpWVG5NeVRVaGxSRlJSZEZnNFFsaHFTa1p3RFFwM1NsbFRiMkZTU2xFek9VWldVeTh4Y2pWelYyTnlZVGxJYUdSdE4zYzFSM1I0THpKMWEzbEVXREJyWkd0NFlYZHJhRkEwUlZGRmVta3ZVMGtyUm5WbkRRcHVLMWR4WjFFeGJrRmtiR0o0WWk5a1kwSjNOWGN4YURsaU0yeHRkWGRWWmpSNk0yOXZVVmRWUkRKRVowRXZhMHRrTVV0bGFrNVNORE50VEZWemJYWlREUXA2WlhaUWVGUTVlbk0zT0hCUFVqRlBZV05DTjBsemVsUldTbEJZWlU5RllXRk9Xa2h1YmtJdlZXVlBNMmM0VEVWV0x6TlBhMWhqVldkalRXdGlTVWxwRFFwaFFraHNiR3czTVZCeE1FTlBhamxyY1dwWWIyVTNUM0pTYWt4Wk5Xa3pTM2RQY0dFMlZFMURRWGRGUVVGaFQwTkJaVlYzWjJkSWFFMUNSVWRCTVZWa0RRcEVaMUZMUWtGb1RVTkJObVZIZGxNeGRXcEJUMEpuVGxaSVVUaENRV1k0UlVKQlRVTkNURUYzUkdkWlNFdHBaMEZEWjBWSVFWRlJSRUZSU0M5TlFrMUhEUXBCTVZWa1NYZFJUVTFCY1VGRFJXdGpWMFJ3VURaQk1FUk5RV3RIUVRGVlpFVjNVVU5OUVVGM1JrRlpTRXRwWjBGRFowVkNRVkZSU2tSQlpFTlZNRWwwRFFwU1JrNU1UVWc0UjBORGMwZEJVVlZHUW5kRlFrSklUWGRqVkVKSFFtZG5ja0puUlVaQ1VXTjNRVzlaTm1GSVVqQmpSRzkyVEROa00yUjVOV2hNV0ZKNURRcGtXRTR3VEcxR01Fd3lUbXhqYmxKNlRESkZkR015Ykc1aWFURnFZak5LZDJJelNtaGtSMVYwWWtkc2JtRklVWFJOUkVwb1RHMU9lV1JFUVc1Q1oyZHlEUXBDWjBWR1FsRmpkMEZaV1dKaFNGSXdZMFJ2ZGt3eU9XcGpNMEYxV1ZNeE1HTnVWbnBrUXpWb1pFTTVkbGt6VG5kTlJsRkhRVEZWWkVsQlVrNU5SWE4zRFFwVFVWbEhTMmxuUVVWUlJWTk5SRGgzVUZGWlNVdDNXVUpDVVZWSVFXZEZWMDFYYURCa1NFRTJUSGs1TTJRelkzVlpVekV3WTI1V2VtUkROV2hrUXpsckRRcGlNazU2VERKT2Qwd3lSWFJqTW14dVlta3hRbUpZVW5wak1teHVZbTFHTUdSWVNYZG5XalJIUVRGVlpFaDNVMEpzYWtOQ2EzcERRbXRMUTBKcVlVTkNEUXBwYjJGQ2FESjRhMWxZUVRaTWVUbHpXa2RHZDB4dFJYUmtTRW94WXpOUmRWbFlVWFppTTFVNVdWTXhlbUZYWkhWTVYwNTJZMjVDZG1OdFJqQmFVekZ6RFFwaFYyUnZaRU13ZDAxcGVIWlFWVVYwVmtoS01XTXpVWE5aZWpGQ1ZrUTVhbHBZU2pCaFYxcHdXVEpHTUZwWVNteGtiVGxxV1ZoU2NHSXlOWE5oV0U0d0RRcFFNa3BvWXpKVkwySXlTbkZhVjA0d1dUSjRhR016VFRsYVYyeHJVVEpXZVdSSGJHMWhWMDVvWkVkc2RtSnJSakZrUjJoMlkyMXNNR1ZVUVU1Q1oydHhEUXBvYTJsSE9YY3dRa0ZSVlVaQlFVOURRVkZGUVVoUk0xcERUWFJCWW1GNlpVMUliVmRCTW5wb1dXeEljVWhuUzFadlkxWllSVVJuYlU1dFYweEhjVVpsRFFvNFJVRkVSa2x6T0hWSGNtdDBRbTFYUTFWSldHSlljemRVU0dObWVITXlTalEzZGtoMVkyOXdjMlJyWVdKT2JGaEZhbnB1WkZKbWJtTXJNVlpKYm1KdkRRcDZUWEpaWkRkcVpVUk9WRXN2ZEVscWFVOUZXV1J5ZVVsd1pXdFdPVU5tWVhjM2VYVTJiV1ZtVFhwbGRURmhRWGRtTjBKdVN5OW9kV2wzU2xkdVpXNXdEUXBDTjJsRUwxQjJXaXR0ZW5WRE4xSk9aa3BtUmlzclUzUnBRbFI0YVROV1dYaE9SMDFxVFRGalZUaEhkemxXVjJNd1VqTkZkV3BQWVZoWFowTkRPR2sxRFFwR1IyaFdkazlaYUU1WVpuTjRTbGhpVG5obGQwVkRhbkJCVEhaRWJFWk1UQ3RwUXpRNVJ5dEJSRk52VW5Zd1UyczVNVTlRZFN0alNXMURhak55Y3pOUkRRcDBZWE5KTDNBNVRGbGhZMGMyWXk5blNUTjBSVEJwYUhGbk9WSmljMHRJV0ZGc00xQlBka1ZTU2tFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBnb0pDVHhrYzJsbk9rOWlhbVZqZEQ0S0NRa0pQR1J6YVdjNlRXRnVhV1psYzNRZ1NXUTlJbTFoYm1sbVpYTjBJajRLQ1FrSkNUeGtjMmxuT2xKbFptVnlaVzVqWlNCVlVrazlJaUkrQ2drSkNRa0pQR1J6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrSlBHUnphV2M2VkhKaGJuTm1iM0p0SUVGc1oyOXlhWFJvYlQwaWFIUjBjRG92TDNkM2R5NTNNeTV2Y21jdlZGSXZNVGs1T1M5U1JVTXRlSEJoZEdndE1UazVPVEV4TVRZaVBnb0pDUWtKQ1FrSlBHUnphV2M2V0ZCaGRHZytibTkwS0dGdVkyVnpkRzl5TFc5eUxYTmxiR1k2T21SemFXYzZVMmxuYm1GMGRYSmxLVHd2WkhOcFp6cFlVR0YwYUQ0S0NRa0pDUWtKUEM5a2MybG5PbFJ5WVc1elptOXliVDRLQ1FrSkNRazhMMlJ6YVdjNlZISmhibk5tYjNKdGN6NEtDUWtKQ1FrOFpITnBaenBFYVdkbGMzUk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF3THpBNUwzaHRiR1J6YVdjamMyaGhNU0lnTHo0S0NRa0pDUWs4WkhOcFp6cEVhV2RsYzNSV1lXeDFaVDV0TWpWR056UXZOMWRMVlV4QmIwVXlWemRDYzBneVdVWlFUelE5UEM5a2MybG5Pa1JwWjJWemRGWmhiSFZsUGdvSkNRa0pQQzlrYzJsbk9sSmxabVZ5Wlc1alpUNEtDUWtKUEM5a2MybG5PazFoYm1sbVpYTjBQZ29KQ1R3dlpITnBaenBQWW1wbFkzUStDZ2s4TDJSemFXYzZVMmxuYm1GMGRYSmxQZ284TDNOaGJXdzZRWE56WlhKMGFXOXVQZz09IiwNCiAgICAiRUlELUNJVElaRU4tUUFBLUxFVkVMIjogImh0dHA6Ly9laWRhcy5ldXJvcGEuZXUvTG9BL3N1YnN0YW50aWFsIiwNCiAgICAiRUlELUNDUy1VUkwiOiAiaHR0cHM6Ly93d3cuYS10cnVzdC5hdC90b2RvIiwNCiAgICAiRUlELUFVVEgtQkxPQ0siOiAiUEQ5NGJXd2dkbVZ5YzJsdmJqMGlNUzR3SWlCbGJtTnZaR2x1WnowaVZWUkdMVGdpSUhOMFlXNWtZV3h2Ym1VOUltNXZJajgrUEhOaGJXd3lPa0Z6YzJWeWRHbHZiaUI0Yld4dWN6cHpZVzFzTWowaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRnpjMlZ5ZEdsdmJpSWdTVVE5SWw4Mk0yWm1PV1ZtTmpjek56QXdNalJqTkdReVpEaGlPV0ptWkRNNE1EVTNPQ0lnU1hOemRXVkpibk4wWVc1MFBTSXlNREU0TFRBMkxURXpWREUzT2pRMk9qQTVLekF5T2pBd0lpQldaWEp6YVc5dVBTSXlMakFpSUhodGJHNXpPbmh6UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZU0krUEhOaGJXd3lPa2x6YzNWbGNpQkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcHVZVzFsYVdRdFptOXliV0YwT21WdWRHbDBlU0krYUhSMGNITTZMeTkzZDNjdVlTMTBjblZ6ZEM1aGRDOTBiMlJ2UEM5ellXMXNNanBKYzNOMVpYSStQR1J6YVdjNlUybG5ibUYwZFhKbElIaHRiRzV6T21SemFXYzlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURBdk1Ea3ZlRzFzWkhOcFp5TWlJRWxrUFNKemFXZHVZWFIxY21VdE1TMHhJajQ4WkhOcFp6cFRhV2R1WldSSmJtWnZQanhrYzJsbk9rTmhibTl1YVdOaGJHbDZZWFJwYjI1TlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk5VVVpOHlNREF4TDFKRlF5MTRiV3d0WXpFMGJpMHlNREF4TURNeE5TSWdMejQ4WkhOcFp6cFRhV2R1WVhSMWNtVk5aWFJvYjJRZ1FXeG5iM0pwZEdodFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4THpBMEwzaHRiR1J6YVdjdGJXOXlaU055YzJFdGMyaGhNalUySWlBdlBqeGtjMmxuT2xKbFptVnlaVzVqWlNCSlpEMGljbVZtWlhKbGJtTmxMVEV0TVNJZ1ZWSkpQU0lpUGp4a2MybG5PbFJ5WVc1elptOXliWE0rUEdSemFXYzZWSEpoYm5ObWIzSnRJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2VkZJdk1UazVPUzlTUlVNdGVITnNkQzB4T1RrNU1URXhOaUkrUEhoemJEcHpkSGxzWlhOb1pXVjBJSGh0Ykc1ek9uaHpiRDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TVRrNU9TOVlVMHd2VkhKaGJuTm1iM0p0SWlCbGVHTnNkV1JsTFhKbGMzVnNkQzF3Y21WbWFYaGxjejBpYzJGdGJESWlJSFpsY25OcGIyNDlJakV1TUNJZ2VHMXNibk02YzJGdGJESTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoYzNObGNuUnBiMjRpUGp4NGMydzZiM1YwY0hWMElHMWxkR2h2WkQwaWVHMXNJaUI0Yld3NmMzQmhZMlU5SW1SbFptRjFiSFFpSUM4K1BIaHpiRHAwWlcxd2JHRjBaU0J0WVhSamFEMGlMeUlnZUcxc2JuTTlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5MekU1T1RrdmVHaDBiV3dpUGp4b2RHMXNJSGh0Ykc1elBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHhPVGs1TDNob2RHMXNJajQ4YUdWaFpENDhkR2wwYkdVK1UybG5ibUYwZFhJZ1pHVnlJRUZ1YldWc1pHVmtZWFJsYmp3dmRHbDBiR1UrUEhOMGVXeGxJRzFsWkdsaFBTSnpZM0psWlc0aUlIUjVjR1U5SW5SbGVIUXZZM056SWo0S0lDQWdJQ0FnSUNBZ0lDQWdJQ0FKQ1FrSkNTNXViM0p0WVd4emRIbHNaU0I3SUdadmJuUXRjMmw2WlRvZ2JXVmthWFZ0T3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRa0pMbWwwWVd4cFkzTjBlV3hsSUhzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lHWnZiblF0YzNSNWJHVTZJR2wwWVd4cFl6c2dmUW9KQ1FrSkNRa0pDUzUwYVhSc1pYTjBlV3hsSUhzZ2RHVjRkQzFrWldOdmNtRjBhVzl1T25WdVpHVnliR2x1WlRzZ1ptOXVkQzEzWldsbmFIUTZZbTlzWkRzZ1ptOXVkQzF6YVhwbE9pQnRaV1JwZFcwN0lIMGdDZ2tKQ1FrSkNRa0pMbWcwYzNSNWJHVWdleUJtYjI1MExYTnBlbVU2SUd4aGNtZGxPeUI5SUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQWdJQ0FnSUNBZ0lDQUtDUWtKQ1FrSkNRa3VhR2xrWkdWdUlIdGthWE53YkdGNU9pQnViMjVsT3lCOUlBb2dJQ0FnSUNBZ0lDQWdJQ0FnSUFrSkNRazhMM04wZVd4bFBqd3ZhR1ZoWkQ0OFltOWtlVDQ4YURRZ1kyeGhjM005SW1nMGMzUjViR1VpUGtGdWJXVnNaR1ZrWVhSbGJqbzhMMmcwUGp4d0lHTnNZWE56UFNKMGFYUnNaWE4wZVd4bElqNUVZWFJsYmlCNmRYSWdVR1Z5YzI5dVBDOXdQangwWVdKc1pTQmpiR0Z6Y3owaWNHRnlZVzFsZEdWeWN5SStQSGh6YkRwcFppQjBaWE4wUFNKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUXZjMkZ0YkRJNlFYUjBjbWxpZFhSbFcwQk9ZVzFsUFNkMWNtNDZiMmxrT2pJdU5TNDBMalF5SjEwdmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVXBJajQ4ZEhJK1BIUmtJR05zWVhOelBTSnBkR0ZzYVdOemRIbHNaU0krVm05eWJtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakl1TlM0MExqUXlKMTB2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVaUlDOCtQQzkwWkQ0OEwzUnlQand2ZUhOc09tbG1Qang0YzJ3NmFXWWdkR1Z6ZEQwaWMzUnlhVzVuS0M5ellXMXNNanBCYzNObGNuUnBiMjR2YzJGdGJESTZRWFIwY21saWRYUmxVM1JoZEdWdFpXNTBMM05oYld3eU9rRjBkSEpwWW5WMFpWdEFUbUZ0WlQwbmRYSnVPbTlwWkRveExqSXVOREF1TUM0eE1DNHlMakV1TVM0eU5qRXVNakFuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTa2lQangwY2o0OGRHUWdZMnhoYzNNOUltbDBZV3hwWTNOMGVXeGxJajVPWVdOb2JtRnRaVG9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhlSE5zT21sbUlIUmxjM1E5SW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMM05oYld3eU9rRjBkSEpwWW5WMFpWTjBZWFJsYldWdWRDOXpZVzFzTWpwQmRIUnlhV0oxZEdWYlFFNWhiV1U5SjNWeWJqcHZhV1E2TVM0eUxqUXdMakF1TVRBdU1pNHhMakV1TlRVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU2tpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SFpXSjFjblJ6WkdGMGRXMDZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNDFOU2RkTDNOaGJXd3lPa0YwZEhKcFluVjBaVlpoYkhWbElpQXZQand2ZEdRK1BDOTBjajQ4TDNoemJEcHBaajQ4ZUhOc09tbG1JSFJsYzNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5kWEp1T205cFpEb3hMakl1TkRBdU1DNHhNQzR5TGpFdU1TNHlOakV1T1RBblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGxadmJHeHRZV05vZERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25SbGVIUStTV05vSUcxbGJHUmxJRzFwWTJnZ2FXNGdWbVZ5ZEhKbGRIVnVaeUJoYmk0Z1NXMGdic09rWTJoemRHVnVJRk5qYUhKcGRIUWdkMmx5WkNCdGFYSWdaV2x1WlNCTWFYTjBaU0JrWlhJZ1pzTzhjaUJ0YVdOb0lIWmxjbWJEdkdkaVlYSmxiaUJXWlhKMGNtVjBkVzVuYzNabGNtakRwR3gwYm1semMyVWdZVzVuWlhwbGFXZDBMQ0JoZFhNZ1pHVnVaVzRnYVdOb0lHVnBibVZ6SUdGMWMzZkRwR2hzWlc0Z2QyVnlaR1V1UEM5NGMydzZkR1Y0ZEQ0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BDOTBZV0pzWlQ0OGNDQmpiR0Z6Y3owaWRHbDBiR1Z6ZEhsc1pTSStSR0YwWlc0Z2VuVnlJRUZ1ZDJWdVpIVnVaend2Y0Q0OGRHRmliR1VnWTJ4aGMzTTlJbkJoY21GdFpYUmxjbk1pUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1SlpHVnVkR2xtYVd0aGRHOXlPaUE4TDNSa1BqeDBaQ0JqYkdGemN6MGlibTl5YldGc2MzUjViR1VpUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKMmgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FuWFM5ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBCZEhSeWFXSjFkR1ZUZEdGMFpXMWxiblF2YzJGdGJESTZRWFIwY21saWRYUmxXMEJPWVcxbFBTZG9kSFJ3T2k4dlpXbGtMbWQyTG1GMEwyVkpSQzloZEhSeWFXSjFkR1Z6TDFObGNuWnBZMlZRY205MmFXUmxja1p5YVdWdVpHeDVUbUZ0WlNkZEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxLU0krUEhSeVBqeDBaQ0JqYkdGemN6MGlhWFJoYkdsamMzUjViR1VpUGs1aGJXVTZJRHd2ZEdRK1BIUmtJR05zWVhOelBTSnViM0p0WVd4emRIbHNaU0krUEhoemJEcDJZV3gxWlMxdlppQnpaV3hsWTNROUlpOXpZVzFzTWpwQmMzTmxjblJwYjI0dmMyRnRiREk2UVhSMGNtbGlkWFJsVTNSaGRHVnRaVzUwTDNOaGJXd3lPa0YwZEhKcFluVjBaVnRBVG1GdFpUMG5hSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpHY21sbGJtUnNlVTVoYldVblhTOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0lnTHo0OEwzUmtQand2ZEhJK1BDOTRjMnc2YVdZK1BIaHpiRHBwWmlCMFpYTjBQU0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2RvZEhSd09pOHZaV2xrTG1kMkxtRjBMMlZKUkM5aGRIUnlhV0oxZEdWekwxTmxjblpwWTJWUWNtOTJhV1JsY2tOdmRXNTBjbmxEYjJSbEoxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VwSWo0OGRISStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1UzUmhZWFE2SUR3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJaTl6WVcxc01qcEJjM05sY25ScGIyNHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFUzUmhkR1Z0Wlc1MEwzTmhiV3d5T2tGMGRISnBZblYwWlZ0QVRtRnRaVDBuYUhSMGNEb3ZMMlZwWkM1bmRpNWhkQzlsU1VRdllYUjBjbWxpZFhSbGN5OVRaWEoyYVdObFVISnZkbWxrWlhKRGIzVnVkSEo1UTI5a1pTZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhMM1JoWW14bFBqeHdJR05zWVhOelBTSjBhWFJzWlhOMGVXeGxJajVVWldOb2JtbHpZMmhsSUZCaGNtRnRaWFJsY2p3dmNENDhkR0ZpYkdVZ1kyeGhjM005SW5CaGNtRnRaWFJsY25NaVBqeDBjajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUVZWFIxYlRvOEwzUmtQangwWkNCamJHRnpjejBpYm05eWJXRnNjM1I1YkdVaVBqeDRjMnc2ZG1Gc2RXVXRiMllnYzJWc1pXTjBQU0p6ZFdKemRISnBibWNvTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTlBU1hOemRXVkpibk4wWVc1MExEa3NNaWtpSUM4K1BIaHpiRHAwWlhoMFBpNDhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMRFlzTWlraUlDOCtQSGh6YkRwMFpYaDBQaTQ4TDNoemJEcDBaWGgwUGp4NGMydzZkbUZzZFdVdGIyWWdjMlZzWldOMFBTSnpkV0p6ZEhKcGJtY29MM05oYld3eU9rRnpjMlZ5ZEdsdmJpOUFTWE56ZFdWSmJuTjBZVzUwTERFc05Da2lJQzgrUEM5MFpENDhMM1J5UGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo1VmFISjZaV2wwT2p3dmRHUStQSFJrSUdOc1lYTnpQU0p1YjNKdFlXeHpkSGxzWlNJK1BIaHpiRHAyWVd4MVpTMXZaaUJ6Wld4bFkzUTlJbk4xWW5OMGNtbHVaeWd2YzJGdGJESTZRWE56WlhKMGFXOXVMMEJKYzNOMVpVbHVjM1JoYm5Rc01USXNNaWtpSUM4K1BIaHpiRHAwWlhoMFBqbzhMM2h6YkRwMFpYaDBQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNKemRXSnpkSEpwYm1jb0wzTmhiV3d5T2tGemMyVnlkR2x2Ymk5QVNYTnpkV1ZKYm5OMFlXNTBMREUxTERJcElpQXZQang0YzJ3NmRHVjRkRDQ2UEM5NGMydzZkR1Y0ZEQ0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGljM1ZpYzNSeWFXNW5LQzl6WVcxc01qcEJjM05sY25ScGIyNHZRRWx6YzNWbFNXNXpkR0Z1ZEN3eE9Dd3lLU0lnTHo0OEwzUmtQand2ZEhJK1BIUnlQangwWkNCamJHRnpjejBpYVhSaGJHbGpjM1I1YkdVaVBsUnlZVzV6WVd0MGFXOXVjMVJ2YTJWdU9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDBCSlJDSWdMejQ4TDNSa1Bqd3ZkSEkrUEhoemJEcHBaaUIwWlhOMFBTSXZjMkZ0YkRJNlFYTnpaWEowYVc5dUwzTmhiV3d5T2tGMGRISnBZblYwWlZOMFlYUmxiV1Z1ZEM5ellXMXNNanBCZEhSeWFXSjFkR1ZiUUU1aGJXVTlKM1Z5YmpwdmFXUTZNUzR5TGpRd0xqQXVNVEF1TWk0eExqRXVNall4TGprd0oxMHZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VpUGp4MGNqNDhkR1FnWTJ4aGMzTTlJbWwwWVd4cFkzTjBlV3hsSWo0S0NRa0pDUWtKQ1FrSkNRbFdiMnhzYldGamFIUmxiaTFTWldabGNtVnVlam9nUEM5MFpENDhkR1FnWTJ4aGMzTTlJbTV2Y20xaGJITjBlV3hsSWo0OGVITnNPblpoYkhWbExXOW1JSE5sYkdWamREMGlMM05oYld3eU9rRnpjMlZ5ZEdsdmJpOXpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RdmMyRnRiREk2UVhSMGNtbGlkWFJsVzBCT1lXMWxQU2QxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0NU1DZGRMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsSWlBdlBqd3ZkR1ErUEM5MGNqNDhMM2h6YkRwcFpqNDhkSElnWTJ4aGMzTTlJbWhwWkdSbGJpSStQSFJrSUdOc1lYTnpQU0pwZEdGc2FXTnpkSGxzWlNJK1JHRjBZVlZTVERvZ1BDOTBaRDQ4ZEdRZ1kyeGhjM005SW01dmNtMWhiSE4wZVd4bElqNDhlSE5zT25aaGJIVmxMVzltSUhObGJHVmpkRDBpTDNOaGJXd3lPa0Z6YzJWeWRHbHZiaTl6WVcxc01qcERiMjVrYVhScGIyNXpMM05oYld3eU9rRjFaR2xsYm1ObFVtVnpkSEpwWTNScGIyNHZjMkZ0YkRJNlFYVmthV1Z1WTJVaUlDOCtQQzkwWkQ0OEwzUnlQang0YzJ3NmFXWWdkR1Z6ZEQwaUwzTmhiV3d5T2tGemMyVnlkR2x2Ymk5ellXMXNNanBEYjI1a2FYUnBiMjV6TDBCT2IzUlBiazl5UVdaMFpYSWlQangwY2lCamJHRnpjejBpYUdsa1pHVnVJajQ4ZEdRZ1kyeGhjM005SW1sMFlXeHBZM04wZVd4bElqNUJkWFJvUW14dlkydFdZV3hwWkZSdk9pQThMM1JrUGp4MFpDQmpiR0Z6Y3owaWJtOXliV0ZzYzNSNWJHVWlQang0YzJ3NmRtRnNkV1V0YjJZZ2MyVnNaV04wUFNJdmMyRnRiREk2UVhOelpYSjBhVzl1TDNOaGJXd3lPa052Ym1ScGRHbHZibk12UUU1dmRFOXVUM0pCWm5SbGNpSWdMejQ4TDNSa1Bqd3ZkSEkrUEM5NGMydzZhV1krUEM5MFlXSnNaVDQ4TDJKdlpIaytQQzlvZEcxc1Bqd3ZlSE5zT25SbGJYQnNZWFJsUGp3dmVITnNPbk4wZVd4bGMyaGxaWFErUEM5a2MybG5PbFJ5WVc1elptOXliVDQ4WkhOcFp6cFVjbUZ1YzJadmNtMGdRV3huYjNKcGRHaHRQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEx6RXdMM2h0YkMxbGVHTXRZekUwYmlNaUlDOCtQQzlrYzJsbk9sUnlZVzV6Wm05eWJYTStQR1J6YVdjNlJHbG5aWE4wVFdWMGFHOWtJRUZzWjI5eWFYUm9iVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOHdOQzk0Yld4bGJtTWpjMmhoTWpVMklpQXZQanhrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQbXBoTUhSSlVEQkJVVEU0ZGk4NFpsVmpOR1kxYVhsSGNIWXhXVGhFYWpGUGJDODVNa2RTU0V0Q2EyYzlQQzlrYzJsbk9rUnBaMlZ6ZEZaaGJIVmxQand2WkhOcFp6cFNaV1psY21WdVkyVStQR1J6YVdjNlVtVm1aWEpsYm1ObElFbGtQU0psZEhOcExXUmhkR0V0Y21WbVpYSmxibU5sTFRFdE1TSWdWSGx3WlQwaWFIUjBjRG92TDNWeWFTNWxkSE5wTG05eVp5OHdNVGt3TXlOVGFXZHVaV1JRY205d1pYSjBhV1Z6SWlCVlVrazlJaU5sZEhOcExYTnBaMjVsWkhCeWIzQmxjblJwWlhNdE1TMHhJajQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrTVZGVWFXNTBPR1Y1UXpsNFVFbExXR0ZxYzJ0cmVUWmlMM2MzY20xV1JEUldZMjQwUjFkMVJrMVZjejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5a2MybG5PbEpsWm1WeVpXNWpaVDQ4TDJSemFXYzZVMmxuYm1Wa1NXNW1iejQ4WkhOcFp6cFRhV2R1WVhSMWNtVldZV3gxWlNCSlpEMGljMmxuYm1GMGRYSmxkbUZzZFdVdE1TMHhJajVLT0ROMFdUUnhUMWhGWVhWNWMxVXhMM1pUZWtzMk1EbDBNRWRKUm5sQlJUZFVkR05LYmpsRmNXZGFXa3RHTmxNMWVVRllURTlzZEhsc1JVdFBZV015TW1zMUsxaHlaRlZ0ZFV0NGFtNHdMekZQWTNwSFJqRTNlR1pYYXpORWFtbHdUMDlqZFVOM2VYQlZTV3BWTW5KVEt6RldkMnhxVUU4NGNIY3hTSGR3VEZaa1JtbFJjVzkzZVU5NFRGTkJlV05VUlV4Ukx6bHhRVTFaTm05UFpscFBiMEZhVTNaVFpXOVJVazVhVFN0YUwyTjZOalZDZUhwdFZrUklkMjgwYmxkemJTOXdVWEpSYmtkblVGQTFORmRNVWpSc1YyOXZWV2xqU1ZkdVEyMW5ZbVV6WVdkUVoybFBNVTlITVV4SWNuTkVNbXBrY0VKeGJITkJjWGR2Y0U1Qk5ta3dXbkE1Y3pFNVNEWk1VbWxsTjBKNE9EUnpSbmxLWlhNMU5qWTFaRkp4WlhoWFpub3ZOVGhaU0ZndmMzWkdOWEpDZUhjMVVHcEtZbGhYYmxKNlptcHpORXM0YzBSeVdsQmFhSEZSU0hwQ1Zub3pTV2M5UFR3dlpITnBaenBUYVdkdVlYUjFjbVZXWVd4MVpUNDhaSE5wWnpwTFpYbEpibVp2UGp4a2MybG5PbGcxTURsRVlYUmhQanhrYzJsbk9sZzFNRGxEWlhKMGFXWnBZMkYwWlQ1TlNVbEdNV3BEUTBKTU5tZEJkMGxDUVdkSlJWRnpNVEpxVkVGT1FtZHJjV2hyYVVjNWR6QkNRVkZ6UmtGRVEwSnZWRVZNVFVGclIwRXhWVVZDWjNkRFVWWlJlRk5FUWtkQ1owNVdRa0Z2VFZBd1JYUldTRW94WXpOUloxSXlWbnBNYVVKdFRHbENWR0ZYVG05YVdFcHZXbGRzTUdNelRqVmpNMUpzWWxkVloyRlhNR2RhVjNoc1lUTlNlVXhwUWtWWldGSnNZbTVhYkdOdGRHeGhTRWxuVWpJeGFWTkVSV3BOUTBWSFFURlZSVU4zZDJGWlV6RjZZVmRrZFV4V1FubGFWekZ3WkZjd2RGWkhWbnBrUXpGVVlWZGpkRTFFU1hoSmVrRm9RbWRPVmtKQlRVMUhiVVYwWXpKc2JtSnBNVkZqYlZaMFlWaFdkRXhXVW14ak0xRjBWVEpzYmt4VVFYbE5RalJZUkZSRk5FMUVXWGhOZWtFMFRsUmpNVTlHYjFoRVZFbDZUVVJaZUUxNlFUUk9WR014VDBadmQxbEVSVXhOUVd0SFFURlZSVUpuZDBOUlZsRjRSbnBCVmtKblRsWkNRVTFOUkdzeGFHVkRRazVrV0U0d1dsaEtkRmxYTlhWTlVrMTNSVkZaUkZaUlVVVkVRWEJPWkZoT01GcFlTblJaVnpWMVRWRjNkME5uV1VSV1VWRnhSRUZPVGxsWVozaEdWRUZVUW1kT1ZrSkJWVTFFUkZWNFRVUmpNVTFFV1RCUFJFMTRUVlJEUTBGVFNYZEVVVmxLUzI5YVNXaDJZMDVCVVVWQ1FsRkJSR2RuUlZCQlJFTkRRVkZ2UTJkblJVSkJUWEo0YWtSM0sxZEplRE16Y1U1aU1sZG9kMDFSYUZGa0wyZEJXbTB5YWpkTFpIaGtZV2R5V1ZBemNqTnJSWGcyZWpaNFEzcFVibnBWWWl0SmJYUkljMUJFVkRZemRXcDRiWGRyTTAwelpsVktNV1J0ZHprMVJFdFlWV1ZGY2toNmVrSTVUVlI0Vml0a1prbHJSVGxQVkUweVpsaGxPVlpNU21aYVkwOXdUa2syVTNCb1JrSk1NMjFZUVVKRFRtRnVaREk0UTB0Vk9WQkhjek15WldaNk0xSlBiVUpHSzJ4TmVuVkJVekJYWVdOWVJFSllUa2xtVjBrNEwyeDBRMkZTVEd0clZIUXhhalpTV1dFeFpHeEVhVlZRY1hOamRpdFBhRE5PZUhrcmVrRlZSVlp2ZVZVdldHRmpiUzh2U0ZodWFuZHdLMEpQV1ZOcVJWVnhOMmhDYnpKdlZHd3ZlU3RPTjJoclJHcEVlRXR0UzFOb09HWkplbXRtZVVSMEszQkNOMnhJTm1wVVlteHdVbmRhYVhWc2VrMU9Ua2RLUm01QmFuZGxTVEl3VDJSbFFrVjBlR3RsWnpaVFRteHJNRTVIYVRKS2F6TnpRMEYzUlVGQllVOURRV3hSZDJkblNsRk5TVWRFUW1kbmNrSm5SVVpDVVdOQ1FWRlNNMDFJVlhkU1VWbEpTM2RaUWtKUlZVaE5RVXRIVDFkb01HUklRVFpNZVRrelpETmpkVmxUTVRCamJsWjZaRU0xYUdSRE9XcGFXRW93WTNrNWFFeFlUbkJhTWpSMFkwaEtiR0pYYkRGaVV6RjBZakpLY0dKSFZYUk5SRTVvVEcxT2VXUkVRWE5DWjJkeVFtZEZSa0pSWTNkQldWbG5ZVWhTTUdORWIzWk1NamxxWXpOQmRHUkhWbnBrUXpWb1RGaFNlV1JZVGpCTWJVWXdUREk1YW1NelFYZEZkMWxFVmxJd2FrSkJkM2REYjBGSlVtZGhabXByUjA5R1lqQjNZMmRaU1V0M1dVSkNVVlZJUVZGTlJWcHFRbXROUVc5SFEwTnpSMEZSVlVaQ2QzTkRUVUZuUjBKblVVRnFhMWxDUVZSQlNVSm5XVVZCU1RWSFFWRlJkMFYzV1VkQ1FVTlBVbWRGUjAxQmEwZENkMUZCYW10WlFrSm5SWGRNVVZsSFFrRkRUMUpuUlVaTlEwMTNTVkpaWW1GSVVqQmpTRTAyVEhrNU0yUXpZM1ZaVXpFd1kyNVdlbVJETldoa1F6bDNXa2hOZGtWM1NrWlVha0ZTUW1kT1ZraFJORVZEWjFGSlVqWjRPRVZqYzNGUGVITjNSR2RaUkZaU01GQkJVVWd2UWtGUlJFRm5Za0ZOUVd0SFFURlZaRVYzVVVOTlFVRjNXVUZaUkZaU01HZENSbXQzVm5wQlNVSm5XVVZCU1hOM1FWRkZkMU4zV1VkTGFXZEJSVkZGVlUxRlJYZFFkMWxKUzNkWlFrSlJWVWhCWjBWWFRUSm9NR1JJUVRaTWVUa3paRE5qZFZsVE1UQmpibFo2WkVNMWFHUkRPV3RpTWs1NlRESk9kMHd5UlhSak1teHVZbWt4ZDJOdFZuUmhXRlowVEZjeGRsbHRiSE5hVkVOQ2NtZFpSRlpTTUdaQ1NVZHRUVWxIYWsxSlIyZHZTVWRrYjBsSFlXaHZSMWhpUjFKb1kwUnZka3d5ZUd0WldFRjBaRWRXZW1SRE5XaE1XRko1WkZoT01FeHRSakJNTWpreFVGZEZkR015Ykc1aWFURlJZMjFXZEdGWVZuUk1WbEpzWXpOUmRGVXliRzVNVkVGNVNVTm9WRk5GUlhSTmFsVXlTMU40ZGxCVlJYUldTRW94WXpOUmMxbDZNVUpXUkRscVdsaEtNR0ZYV25CWk1rWXdXbGhLYkdSdE9XcFpXRkp3WWpJMWMyRllUakJRTWtwb1l6SlZMMkl5U25GYVYwNHdXVEo0YUdNelRUbGFWMnhyVVRKV2VXUkhiRzFoVjA1b1pFZHNkbUpyUmpGa1IyaDJZMjFzTUdWVVFVNUNaMnR4YUd0cFJ6bDNNRUpCVVhOR1FVRlBRMEZSUlVGTk1GQkVMekl6U20xUE16Wk5Uazk1SzNwYVFpOVVUSE5oUmpjNE1HMXRUMHRxY0dzeFdITllRWHBWVGt0YU5sTnlkQ3R0TUhVcksybFhiemxNT0VoR0wyeHllRk5FT0VkWVNtTkVURmxYUm1aNE56QnlORW81ZDFVNFN6ZHdSRWt4YmpsRmNXSkJjekJTSzNaWlZtNU1OVlZXVUM5MVZWRmxkekpYYkhBMU9GQkdjR2RCV0N0VUwxTkZNR05sWlV0NVRUaFlSVzVZVTNwbFRpOUZVM1JzUml0S1EyRkJPSFZ0Y1dwdFJFVnVZV1V6Y1hWeFUxVnNLMHhsYTFCVk9HazRSME56YmpVNWRYaDBibFZ1ZUVsTlMzY3paR2N2TjBRM1dUaE1ObFoxTkU1WE5FeGpiemRtYVRsRGNtRklRelJTVEV4MFpIaFliSFpQZGxGcFJWbHZSU3Q1TVRkbk1Ia3ZRemhPTkVSelkyaGFhWHBaZDNBd2NFOVNUMkpqWmt0V1RuQndWWFZMZFhOTmFIUnRVMnBzTUZaeEx5OWhkamhVVlhGU2NEVkdlalpYWTNwMFVFZEhVM2N3Um1WbGRsVkxSRzlETDBFOVBUd3ZaSE5wWnpwWU5UQTVRMlZ5ZEdsbWFXTmhkR1UrUEM5a2MybG5PbGcxTURsRVlYUmhQand2WkhOcFp6cExaWGxKYm1adlBqeGtjMmxuT2s5aWFtVmpkQ0JKWkQwaVpYUnphUzF6YVdkdVpXUXRNUzB4SWo0OFpYUnphVHBSZFdGc2FXWjVhVzVuVUhKdmNHVnlkR2xsY3lCNGJXeHVjenBsZEhOcFBTSm9kSFJ3T2k4dmRYSnBMbVYwYzJrdWIzSm5MekF4T1RBekwzWXhMak11TWlNaUlGUmhjbWRsZEQwaUkzTnBaMjVoZEhWeVpTMHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGQnliM0JsY25ScFpYTWdTV1E5SW1WMGMya3RjMmxuYm1Wa2NISnZjR1Z5ZEdsbGN5MHhMVEVpUGp4bGRITnBPbE5wWjI1bFpGTnBaMjVoZEhWeVpWQnliM0JsY25ScFpYTStQR1YwYzJrNlUybG5ibWx1WjFScGJXVStNakF4T0Mwd05pMHhNMVF4TlRvME5qb3dPVm84TDJWMGMyazZVMmxuYm1sdVoxUnBiV1UrUEdWMGMyazZVMmxuYm1sdVowTmxjblJwWm1sallYUmxQanhsZEhOcE9rTmxjblErUEdWMGMyazZRMlZ5ZEVScFoyVnpkRDQ4WkhOcFp6cEVhV2RsYzNSTlpYUm9iMlFnUVd4bmIzSnBkR2h0UFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMekEwTDNodGJHVnVZeU56YUdFeU5UWWlJQzgrUEdSemFXYzZSR2xuWlhOMFZtRnNkV1UrYW1WQmJFcHdTVEZIWkV0WlVXMVNOM1pRY25KVWNrZFdPVWRNT1M5MVdXeExNM0JyU1ROUWVtNHpiejA4TDJSemFXYzZSR2xuWlhOMFZtRnNkV1UrUEM5bGRITnBPa05sY25SRWFXZGxjM1ErUEdWMGMyazZTWE56ZFdWeVUyVnlhV0ZzUGp4a2MybG5PbGcxTURsSmMzTjFaWEpPWVcxbFBrTk9QV0V0YzJsbmJpMVFjbVZ0YVhWdExWUmxjM1F0VTJsbkxUQXlMRTlWUFdFdGMybG5iaTFRY21WdGFYVnRMVlJsYzNRdFUybG5MVEF5TEU4OVFTMVVjblZ6ZENCSFpYTXVJR1l1SUZOcFkyaGxjbWhsYVhSemMzbHpkR1Z0WlNCcGJTQmxiR1ZyZEhJdUlFUmhkR1Z1ZG1WeWEyVm9jaUJIYldKSUxFTTlRVlE4TDJSemFXYzZXRFV3T1VsemMzVmxjazVoYldVK1BHUnphV2M2V0RVd09WTmxjbWxoYkU1MWJXSmxjajR4TVRJd056WXhORGcxUEM5a2MybG5PbGcxTURsVFpYSnBZV3hPZFcxaVpYSStQQzlsZEhOcE9rbHpjM1ZsY2xObGNtbGhiRDQ4TDJWMGMyazZRMlZ5ZEQ0OEwyVjBjMms2VTJsbmJtbHVaME5sY25ScFptbGpZWFJsUGp4bGRITnBPbE5wWjI1aGRIVnlaVkJ2YkdsamVVbGtaVzUwYVdacFpYSStQR1YwYzJrNlUybG5ibUYwZFhKbFVHOXNhV041U1cxd2JHbGxaQ0F2UGp3dlpYUnphVHBUYVdkdVlYUjFjbVZRYjJ4cFkzbEpaR1Z1ZEdsbWFXVnlQand2WlhSemFUcFRhV2R1WldSVGFXZHVZWFIxY21WUWNtOXdaWEowYVdWelBqeGxkSE5wT2xOcFoyNWxaRVJoZEdGUFltcGxZM1JRY205d1pYSjBhV1Z6UGp4bGRITnBPa1JoZEdGUFltcGxZM1JHYjNKdFlYUWdUMkpxWldOMFVtVm1aWEpsYm1ObFBTSWpjbVZtWlhKbGJtTmxMVEV0TVNJK1BHVjBjMms2VFdsdFpWUjVjR1UrWVhCd2JHbGpZWFJwYjI0dmVHaDBiV3dyZUcxc1BDOWxkSE5wT2sxcGJXVlVlWEJsUGp3dlpYUnphVHBFWVhSaFQySnFaV04wUm05eWJXRjBQand2WlhSemFUcFRhV2R1WldSRVlYUmhUMkpxWldOMFVISnZjR1Z5ZEdsbGN6NDhMMlYwYzJrNlUybG5ibVZrVUhKdmNHVnlkR2xsY3o0OEwyVjBjMms2VVhWaGJHbG1lV2x1WjFCeWIzQmxjblJwWlhNK1BDOWtjMmxuT2s5aWFtVmpkRDQ4TDJSemFXYzZVMmxuYm1GMGRYSmxQanh6WVcxc01qcERiMjVrYVhScGIyNXpJRTV2ZEVKbFptOXlaVDBpTWpBeE9DMHdOaTB4TTFReE56bzBOam93T1Nzd01qb3dNQ0lnVG05MFQyNVBja0ZtZEdWeVBTSXlNREU0TFRBMkxURXpWREU0T2pBeE9qQTVLekF5T2pBd0lqNDhjMkZ0YkRJNlFYVmthV1Z1WTJWU1pYTjBjbWxqZEdsdmJqNDhjMkZ0YkRJNlFYVmthV1Z1WTJVK2FIUjBjSE02THk5bGFXUXVaM1l1WVhRdmJXOWhMV2xrTFdGMWRHZ3ZjMnd5TUM5a1lYUmhWWEpzUDNCbGJtUnBibWRwWkQwME9UYzFOelUxTXpjNE16azBNRFF4TkRnMlBDOXpZVzFzTWpwQmRXUnBaVzVqWlQ0OEwzTmhiV3d5T2tGMVpHbGxibU5sVW1WemRISnBZM1JwYjI0K1BDOXpZVzFzTWpwRGIyNWthWFJwYjI1elBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWVGRHRjBaVzFsYm5RK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbEJXVUMxV1JWSlRTVTlPSWlCT1lXMWxQU0oxY200NmIybGtPakV1TWk0ME1DNHdMakV3TGpJdU1TNHhMakkyTVM0eE1DSWdUbUZ0WlVadmNtMWhkRDBpZFhKdU9tOWhjMmx6T201aGJXVnpPblJqT2xOQlRVdzZNaTR3T21GMGRISnVZVzFsTFdadmNtMWhkRHAxY21raVBqeHpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaU0I0Yld4dWN6cDRjMms5SW1oMGRIQTZMeTkzZDNjdWR6TXViM0puTHpJd01ERXZXRTFNVTJOb1pXMWhMV2x1YzNSaGJtTmxJaUI0YzJrNmRIbHdaVDBpZUhNNmMzUnlhVzVuSWo0eUxqRThMM05oYld3eU9rRjBkSEpwWW5WMFpWWmhiSFZsUGp3dmMyRnRiREk2UVhSMGNtbGlkWFJsUGp4ellXMXNNanBCZEhSeWFXSjFkR1VnUm5KcFpXNWtiSGxPWVcxbFBTSlFVa2xPUTBsUVFVd3RUa0ZOUlNJZ1RtRnRaVDBpZFhKdU9tOXBaRG94TGpJdU5EQXVNQzR4TUM0eUxqRXVNUzR5TmpFdU1qQWlJRTVoYldWR2IzSnRZWFE5SW5WeWJqcHZZWE5wY3pwdVlXMWxjenAwWXpwVFFVMU1Pakl1TURwaGRIUnlibUZ0WlMxbWIzSnRZWFE2ZFhKcElqNDhjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1VnZUcxc2JuTTZlSE5wUFNKb2RIUndPaTh2ZDNkM0xuY3pMbTl5Wnk4eU1EQXhMMWhOVEZOamFHVnRZUzFwYm5OMFlXNWpaU0lnZUhOcE9uUjVjR1U5SW5oek9uTjBjbWx1WnlJK1RYVnpkR1Z5YldGdWJqd3ZjMkZ0YkRJNlFYUjBjbWxpZFhSbFZtRnNkV1UrUEM5ellXMXNNanBCZEhSeWFXSjFkR1UrUEhOaGJXd3lPa0YwZEhKcFluVjBaU0JHY21sbGJtUnNlVTVoYldVOUlrZEpWa1ZPTFU1QlRVVWlJRTVoYldVOUluVnlianB2YVdRNk1pNDFMalF1TkRJaUlFNWhiV1ZHYjNKdFlYUTlJblZ5YmpwdllYTnBjenB1WVcxbGN6cDBZenBUUVUxTU9qSXVNRHBoZEhSeWJtRnRaUzFtYjNKdFlYUTZkWEpwSWo0OGMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVWdlRzFzYm5NNmVITnBQU0pvZEhSd09pOHZkM2QzTG5jekxtOXlaeTh5TURBeEwxaE5URk5qYUdWdFlTMXBibk4wWVc1alpTSWdlSE5wT25SNWNHVTlJbmh6T25OMGNtbHVaeUkrVFdGNFBDOXpZVzFzTWpwQmRIUnlhV0oxZEdWV1lXeDFaVDQ4TDNOaGJXd3lPa0YwZEhKcFluVjBaVDQ4YzJGdGJESTZRWFIwY21saWRYUmxJRVp5YVdWdVpHeDVUbUZ0WlQwaVFrbFNWRWhFUVZSRklpQk9ZVzFsUFNKMWNtNDZiMmxrT2pFdU1pNDBNQzR3TGpFd0xqSXVNUzR4TGpVMUlpQk9ZVzFsUm05eWJXRjBQU0oxY200NmIyRnphWE02Ym1GdFpYTTZkR002VTBGTlREb3lMakE2WVhSMGNtNWhiV1V0Wm05eWJXRjBPblZ5YVNJK1BITmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxJSGh0Ykc1ek9uaHphVDBpYUhSMGNEb3ZMM2QzZHk1M015NXZjbWN2TWpBd01TOVlUVXhUWTJobGJXRXRhVzV6ZEdGdVkyVWlJSGh6YVRwMGVYQmxQU0o0Y3pwemRISnBibWNpUGpFNU5EQXRNREV0TURFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Vlc1cGNYVmxTV1FpSUU1aGJXVTlJbWgwZEhBNkx5OWxhV1F1WjNZdVlYUXZaVWxFTDJGMGRISnBZblYwWlhNdlUyVnlkbWxqWlZCeWIzWnBaR1Z5Vlc1cGNYVmxTV1FpSUU1aGJXVkdiM0p0WVhROUluVnlianB2WVhOcGN6cHVZVzFsY3pwMFl6cFRRVTFNT2pJdU1EcGhkSFJ5Ym1GdFpTMW1iM0p0WVhRNmRYSnBJajQ4YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVZ2VHMXNibk02ZUhOcFBTSm9kSFJ3T2k4dmQzZDNMbmN6TG05eVp5OHlNREF4TDFoTlRGTmphR1Z0WVMxcGJuTjBZVzVqWlNJZ2VITnBPblI1Y0dVOUluaHpPbk4wY21sdVp5SSthSFIwY0hNNkx5OWlhVzVrYVc1bkxtOWxjM1JsY25KbGFXTm9MbWQyTG1GMEwyRjFkR2d2YzNBdlRXVjBZV1JoZEdFOEwzTmhiV3d5T2tGMGRISnBZblYwWlZaaGJIVmxQand2YzJGdGJESTZRWFIwY21saWRYUmxQanh6WVcxc01qcEJkSFJ5YVdKMWRHVWdSbkpwWlc1a2JIbE9ZVzFsUFNKVFpYSjJhV05sVUhKdmRtbGtaWEl0Um5KcFpXNWtiSGxPWVcxbElpQk9ZVzFsUFNKb2RIUndPaTh2Wldsa0xtZDJMbUYwTDJWSlJDOWhkSFJ5YVdKMWRHVnpMMU5sY25acFkyVlFjbTkyYVdSbGNrWnlhV1Z1Wkd4NVRtRnRaU0lnVG1GdFpVWnZjbTFoZEQwaWRYSnVPbTloYzJsek9tNWhiV1Z6T25Sak9sTkJUVXc2TWk0d09tRjBkSEp1WVcxbExXWnZjbTFoZERwMWNta2lQanh6WVcxc01qcEJkSFJ5YVdKMWRHVldZV3gxWlNCNGJXeHVjenA0YzJrOUltaDBkSEE2THk5M2QzY3Vkek11YjNKbkx6SXdNREV2V0UxTVUyTm9aVzFoTFdsdWMzUmhibU5sSWlCNGMyazZkSGx3WlQwaWVITTZjM1J5YVc1bklqNUNhVzVrYVc1bklGTmxjblpwWTJVZ1pzTzhjaUJ2WlM1bmRpNWhkRHd2YzJGdGJESTZRWFIwY21saWRYUmxWbUZzZFdVK1BDOXpZVzFzTWpwQmRIUnlhV0oxZEdVK1BITmhiV3d5T2tGMGRISnBZblYwWlNCR2NtbGxibVJzZVU1aGJXVTlJbE5sY25acFkyVlFjbTkyYVdSbGNpMURiM1Z1ZEhKNVEyOWtaU0lnVG1GdFpUMGlhSFIwY0RvdkwyVnBaQzVuZGk1aGRDOWxTVVF2WVhSMGNtbGlkWFJsY3k5VFpYSjJhV05sVUhKdmRtbGtaWEpEYjNWdWRISjVRMjlrWlNJZ1RtRnRaVVp2Y20xaGREMGlkWEp1T205aGMybHpPbTVoYldWek9uUmpPbE5CVFV3Nk1pNHdPbUYwZEhKdVlXMWxMV1p2Y20xaGREcDFjbWtpUGp4ellXMXNNanBCZEhSeWFXSjFkR1ZXWVd4MVpTQjRiV3h1Y3pwNGMyazlJbWgwZEhBNkx5OTNkM2N1ZHpNdWIzSm5Mekl3TURFdldFMU1VMk5vWlcxaExXbHVjM1JoYm1ObElpQjRjMms2ZEhsd1pUMGllSE02YzNSeWFXNW5JajVCVkR3dmMyRnRiREk2UVhSMGNtbGlkWFJsVm1Gc2RXVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVStQQzl6WVcxc01qcEJkSFJ5YVdKMWRHVlRkR0YwWlcxbGJuUStQQzl6WVcxc01qcEJjM05sY25ScGIyNCsiDQogIH0NCn0.WgPyI2KiVzp2DzbC6AfbDlQbXEYk-hL78-bfzj_b_IXwyHmuENwHA8MslDHOe1bYd3mlSTnoAUE20igmXM6gnFOe4pQes2i5d8YAnYRspbwhj86sn5_vMyGfHtBsApP3MqjcSHL24vo6DHqKYqN85FMGq6GnPub9HGbeIgMAvECuH0ZCqY5MDWj4FI2OA5Jrn2fyBY1CebF5NdTSUeBJMjG_q-cpTnWmkcELKXTNJg9ihkHR8FkBjt8xh2YWh9Opk_0RrUIZI5U9YC4Xc-Hgj7C7YplA4Pr0_SUHdqH_86xF7GcMMuC5Bs8EU22lejxhxwz0BzPPg2Ws0LJ8RGAm0A" +} \ No newline at end of file -- cgit v1.2.3 From bc6ebce79bdd07a0a1bbe9a956e7d49512ff9e57 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 26 Jun 2018 10:30:18 +0200 Subject: read noAuth header value from configuration --- .../moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java index 853d1b6a4..0b7b674a4 100644 --- a/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java +++ b/id/server/modules/moa-id-module-bkaMobilaAuthSAML2Test/src/main/java/at/gv/egovernment/moa/id/auth/modules/bkamobileauthtests/BKAMobileAuthModule.java @@ -51,6 +51,7 @@ public class BKAMobileAuthModule implements AuthModule { @Autowired(required=true) private AuthenticationManager authManager; private List uniqueIDsDummyAuthEnabled = new ArrayList(); + private String noAuthHeaderValue = null; /* (non-Javadoc) * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() @@ -71,6 +72,9 @@ public class BKAMobileAuthModule implements AuthModule { @PostConstruct public void initialDummyAuthWhiteList() { String sensitiveSpIdentifier = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.entityID"); + noAuthHeaderValue = authConfig.getBasicMOAIDConfiguration("modules.bkamobileAuth.noAuthHeaderValue", "0"); + Logger.info("Dummy authentication is sensitive on 'X-MOA-VDA' value: " + noAuthHeaderValue); + if (MiscUtil.isNotEmpty(sensitiveSpIdentifier)) { uniqueIDsDummyAuthEnabled.addAll(KeyValueUtils.getListOfCSVValues(sensitiveSpIdentifier)); @@ -105,7 +109,7 @@ public class BKAMobileAuthModule implements AuthModule { return "BKAMobileAuthentication"; } else if (MiscUtil.isNotEmpty(sl20ClientTypeHeader) - && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals("0")) { + && MiscUtil.isNotEmpty(sl20VDATypeHeader) && sl20VDATypeHeader.equals(noAuthHeaderValue)) { Logger.info("Find dummy-auth request for oe.gv.at demos ... "); return "BKAMobileAuthentication"; -- cgit v1.2.3 From ad0c0ab639d4717a22d8d92769eb32746c4e4e6f Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 26 Jun 2018 10:37:00 +0200 Subject: update SL2.0 jUnit test for A-Trust result --- .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 6 +++--- .../modules/sl20_auth/dummydata/DummyAuthConfig.java | 2 +- .../src/test/resources/sl20.jks | Bin 9986 -> 12069 bytes 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index 0e6c96f8d..7022fe6b7 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -29,14 +29,14 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Before public void init() throws IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException, SL20Exception { - String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust2.json"))); JsonParser jsonParser = new JsonParser(); JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); //JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true); - //JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); - JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true); + JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); + //JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true); eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); if (eIDData == null || eIDData.isEmpty()) diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java index 88924500b..9ed8f06e9 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/dummydata/DummyAuthConfig.java @@ -94,7 +94,7 @@ public class DummyAuthConfig implements AuthConfiguration { return "SL20Authblock_v1.0,SL20Authblock_v1.0_SIC,SL20Authblock_v1.0_OWN"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PATH.equals(key)) - return "/src/test/resources/prod_sl20.jks"; + return "/src/test/resources/sl20.jks"; else if (at.gv.egovernment.moa.id.auth.modules.sl20_auth.Constants.CONFIG_PROP_SECURITY_KEYSTORE_PASSWORD.equals(key)) return "password"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks index 4413b8c8a..47752e0f1 100644 Binary files a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks differ -- cgit v1.2.3 From 3360bf9edc4418418c1628324461086ff4934fe5 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Tue, 3 Jul 2018 06:24:51 +0200 Subject: fix possible NullPointer exception if no configuration exists --- .../moa/id/configuration/data/oa/OAAuthenticationData.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'id') diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java index 2f51e68b4..4a4619198 100644 --- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java +++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAAuthenticationData.java @@ -105,9 +105,9 @@ public class OAAuthenticationData implements IOnlineApplicationData { try { MOAIDConfiguration dbconfig = ConfigurationProvider.getInstance().getDbRead().getMOAIDConfiguration(); - elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs()); - + try { + elgaServicesList = KeyValueUtils.getListOfCSVValues(dbconfig.getElgaMandateServiceURLs()); misServicesList = KeyValueUtils.getListOfCSVValues( dbconfig.getAuthComponentGeneral().getOnlineMandates().getConnectionParameter().getURL()); } catch (NullPointerException e) {} -- cgit v1.2.3 From 9ea5b40077c2336f3fb347bc6b20ef0b15c980c0 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 9 Jul 2018 12:29:15 +0200 Subject: update jUnit test and add new method to SL20 extractor --- .../auth/modules/sl20_auth/sl20/SL20Constants.java | 41 ++++++++++++++++++++-- .../sl20_auth/sl20/SL20JSONExtractorUtils.java | 33 +++++++++++++++++ .../modules/sl20_auth/EIDDataVerifier_ATrust.java | 8 ++--- .../src/test/resources/tests/eIDdata_atrust.json | 6 ++-- 4 files changed, 78 insertions(+), 10 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java index 658384578..645b043ce 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20Constants.java @@ -91,7 +91,11 @@ public class SL20Constants { public static final String SL20_COMMAND_IDENTIFIER_CALL = "call"; public static final String SL20_COMMAND_IDENTIFIER_ERROR = "error"; public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDEID = "qualifiedeID"; - public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig"; + //public static final String SL20_COMMAND_IDENTIFIER_QUALIFIEDSIG = "qualifiedSig"; + + public static final String SL20_COMMAND_IDENTIFIER_GETCERTIFICATE = "getCertificate"; + public static final String SL20_COMMAND_IDENTIFIER_CREATE_SIG_CADES = "createCAdES"; + public static final String SL20_COMMAND_IDENTIFIER_BINDING_CREATE_KEY = "createBindingKey"; public static final String SL20_COMMAND_IDENTIFIER_BINDING_STORE_CERT = "storeBindingCert"; @@ -106,6 +110,7 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_GENERAL_REQPARAMETER_KEY = "key"; public static final String SL20_COMMAND_PARAM_GENERAL_DATAURL = "dataUrl"; public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE = "x5cEnc"; + public static final String SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK = "jwkEnc"; //Redirect command public static final String SL20_COMMAND_PARAM_GENERAL_REDIRECT_URL = "url"; @@ -134,14 +139,44 @@ public class SL20Constants { public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPFRIENDLYNAME = "SP-FRIENDLYNAME"; public static final String SL20_COMMAND_PARAM_EID_ATTRIBUTES_SPCOUNTRYCODE = "SP-COUNTRYCODE"; public static final String SL20_COMMAND_PARAM_EID_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_EID_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; public static final String SL20_COMMAND_PARAM_EID_RESULT_IDL = "EID-IDENTITY-LINK"; public static final String SL20_COMMAND_PARAM_EID_RESULT_AUTHBLOCK = "EID-AUTH-BLOCK"; public static final String SL20_COMMAND_PARAM_EID_RESULT_CCSURL = "EID-CCS-URL"; public static final String SL20_COMMAND_PARAM_EID_RESULT_LOA = "EID-CITIZEN-QAA-LEVEL"; //qualified Signature comamnd - public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; - public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; +// public static final String SL20_COMMAND_PARAM_QUALSIG_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; +// public static final String SL20_COMMAND_PARAM_QUALSIG_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + + + //getCertificate + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_KEYID = "keyId"; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; + public static final String SL20_COMMAND_PARAM_GETCERTIFICATE_RESULT_CERTIFICATE = "x5c"; + + //createCAdES Signture + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_KEYID = "keyId"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CONTENT = "content"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_MIMETYPE = "mimeType"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_PADES_COMBATIBILTY = "padesComatibility"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_EXCLUDEBYTERANGE = "excludedByteRange"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL = "cadesLevel"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_DATAURL = SL20_COMMAND_PARAM_GENERAL_DATAURL; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_X5CENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONCERTIFICATE; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_JWKCENC = SL20_COMMAND_PARAM_GENERAL_RESPONSEENCRYPTIONJWK; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_RESULT_SIGNATURE = "signature"; + + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_BASIC = "cAdES"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_T = "cAdES-T"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_C = "cAdES-C"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_X = "cAdES-X"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_XL = "cAdES-X-L"; + public static final String SL20_COMMAND_PARAM_CREATE_SIG_CADES_CADESLEVEL_A = "cAdES-A"; + + //create binding key command public static final String SL20_COMMAND_PARAM_BINDING_CREATE_KONTOID = "kontoID"; diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java index 6d0a349f4..759d9c838 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/main/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/sl20/SL20JSONExtractorUtils.java @@ -1,9 +1,11 @@ package at.gv.egovernment.moa.id.auth.modules.sl20_auth.sl20; import java.io.InputStreamReader; +import java.util.ArrayList; import java.util.Base64; import java.util.HashMap; import java.util.Iterator; +import java.util.List; import java.util.Map; import java.util.Map.Entry; @@ -106,6 +108,37 @@ public class SL20JSONExtractorUtils { } } + /** + * Extract a List of String elements from a JSON element + * + * @param input + * @return + * @throws SLCommandoParserException + */ + public static List getListOfStringElements(JsonElement input) throws SLCommandoParserException { + List result = new ArrayList(); + if (input != null) { + if (input.isJsonArray()) { + Iterator arrayIterator = input.getAsJsonArray().iterator(); + while(arrayIterator.hasNext()) { + JsonElement next = arrayIterator.next(); + if (next.isJsonPrimitive()) + result.add(next.getAsString()); + } + + } else if (input.isJsonPrimitive()) { + result.add(input.getAsString()); + + } else { + log.warn("JSON Element IS NOT a JSON array or a JSON Primitive"); + throw new SLCommandoParserException("JSON Element IS NOT a JSON array or a JSON Primitive"); + + } + } + + return result; + } + /** * Extract Map of Key/Value pairs from a JSON Element * diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java index 7022fe6b7..35f1d0052 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/EIDDataVerifier_ATrust.java @@ -29,14 +29,14 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Before public void init() throws IOException, ConfigurationException, at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException, SL20Exception { - String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust2.json"))); + String eIDDataString = IOUtils.toString(new InputStreamReader(this.getClass().getResourceAsStream("/tests/eIDdata_atrust.json"))); JsonParser jsonParser = new JsonParser(); JsonObject qualeIDResult = jsonParser.parse(eIDDataString).getAsJsonObject(); //JsonObject payLoad = SL20JSONExtractorUtils.getJSONObjectValue(qualeIDResult, "payload", true); VerificationResult payLoad = SL20JSONExtractorUtils.extractSL20PayLoad(qualeIDResult, joseTools, true); - JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); - //JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true); +// JsonObject result = SL20JSONExtractorUtils.getJSONObjectValue(payLoad.getPayload(), "result", true); + JsonObject result = (JsonObject) SL20JSONExtractorUtils.extractSL20Result(payLoad.getPayload(), joseTools, true); eIDData = SL20JSONExtractorUtils.getMapOfStringElements(result); if (eIDData == null || eIDData.isEmpty()) @@ -46,6 +46,6 @@ public class EIDDataVerifier_ATrust extends eIDDataVerifierTest { @Override protected String getSl20ReqId() { - return "_63ff9ef67370024c4d2d8b9bfd380578"; + return "_2ac94139a4451f7ef0893a5b823aff16"; } } diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json index 5f0be5407..221ab5351 100644 --- a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json +++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/tests/eIDdata_atrust.json @@ -1,6 +1,6 @@ { "v": 10, - "respID": "EK3d4E7SpVhzuq4mrQHb", - "inResponseTo": "_ef45ddc4a2a44392d81e5626d6290ace", - "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIl92cGVPcTItZDlzNzVKV21RS1B2WFBRR2pldTBoUWhsNFJ6VkR5N0V5UHciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAiZW5jcnlwdGVkUmVzdWx0IjogImV5SmhiR2NpT2lKU1UwRXRUMEZGVUMweU5UWWlMQ0psYm1NaU9pSkJNalUyUjBOTklpd2lZM1I1SWpvaVlYQndiR2xqWVhScGIyNHZjMnd5TGpBN2NtVnpkV3gwSWl3aWVEVjBJMU15TlRZaU9pSktXRTlKVVhnNFRrUjJkWHBLTjBGb2FEUjJPREJuYldOd1dVNVhZblZOZURaVFkyNVpVVlJTTURadkluMC5pS1BjUjk4bDU3ekpzZmw5ZmRjRjE1MF80blFianIydVdzMlZMMmI5RXZrS08yVXphNDE1MEtkRkRSM050d2V2Rk1Jbm8xVXBMX28xTVlQTnU5dzZIM2ZvYW4yaDFMYnlNcldlZnBqaTgyVWNteE12YlpqcFRUUGxQWktpQ0ZTMUxhWnhLQ09OOUN5SDFnMHY1amkxbkpfYXlGVUJ3d1ZQR0h1UU1rSDFVWUdVVjFZRUJUdnVqdDNsVTdISEdzbDI0bFk3U1d4ODhJS1VmVlJDTWZ2OGZiOVBjRjhaTDRoRnpVWTRyVWVFM2htWkxCeDdVYjZGNEV0dDI0d3JTVWhNRGVIWUJQRTVBT3BHSHJKZHoxQzJmZWJqejczLXJIRFN6UGhibEkwSzVLaE9JcEd1UjdtUHpRUFBFWFhxRGNaSU5LZHZtRkYyM0xFUnVmOGVIckg2VVEuajdQRTZPLV9pWVZDbFRHQzUxa1BWTi1NbzAxcVh2WEFQQVhwaTVCTmxLTS5nekJuUktzczJ1c0FyeXNzZHF5alhxZDh0R3hxODFZM0FGNVFkZWNETWZtTU42NVMyOVlvSkRsTGl1TE5Yc3gyd1FNOFp0T3lMTDNpN3pvRzVLcmRneUlfQU1ITkVOWHd4aHU0NWNieGJnZC1Ld21rTjZaRVh2YklvMlF4d1pHcDgzSkF5ckEwX3RKVlktOU5TUWQ0RmxITUFXR2pqckxNR2ZtSVZUd0xnbWZKZ0ZtWnM1cEtzVGFiTkhTNW1NWTFUN2didmMxSlF6ZmtxRHVTa0FSYTJQYnkySl9lQmtRaXVIcHl2S1lvaWZmWEpiamszaDloblJoNGtLYXZQSG1GMDZxZlMwTUI4bTd1Q3hRTUQ2V1hoQW9GZWNDRmQya0RsYnpBLS0xUG1aRWYxd1E0R2Q0bWJncXRlSGg5SWVzaXFNQ05naUZOaTQ4MUZjbWpmMDRuLUk4al9TZzhwR1dOcDR4Ni10ckQ4dVNfN1lQMlZsb0pZRUotYUZ4MmhkMlB1d3draTE5dG1KRE8zLW13eDJ3OHNqQ294Z3JCNkgzNHJmRlQyd1JHTUZOUTVQUUhONHg1X3pmRVVSczVBRDlXMGcyUF9pRkduTlYxRVJmUW04ZEFDOXlGRWhXaks3UC1jSTRheEVQUk5GV1hoYmpwN0ZmUUdQM3hfc2JrSDItNzFMZ2lJdFFZcVNCWGhxQ2ZfWlowb2l5UVZkbk10eTk2OFBzaEFNYjlHZjVzNUJRVmFRWko5TFJzNjhqNFlXWWJKamEzTlZQUGFpdFE5RHA5M1NvWkIxeEZMNEY2alA2NnZhQVk0amJUU2hXRnpPRmx3bGZCOGQzd1pLbnRid0xkMGtQWFJMblBNQ3E0TFhwNExwd1k2dmxCbHhOYzVtVGtWZmZDaC0teGtxOHNQMFZpZGZRWG1kQXVXQXZpaEpZTktsNGVlZTZaMEotLWxQVzZBZnpCZ25FQnZrWU5wYVVobkRqTTY0ZlNhanN3eEh5QmtrVXVuZFFCZ29HQmRLcWc2bERXYWs5aG1vNGVzTGZEZ1N3TnB4aWdVNThNckFEUFlwNzFmUU5POWM5VFFwNmktME9BYzR0bTZFTHV4S1VNbnN0c0ZtcWV3VXdHM2xFOU9QOGdsem5GTU1TVENfZlAtempGV2RnbUVFYklFUHlvVFVCSldLOEo3aWIzMUxRSHZXak83NjJvOVRaYTNyUmN6WnR0OFZmckItQ1R1NDh0YmxfN1d3Mmlhc3ZjWFloTE5vaVFIZl9iSnp3MTZZUFJOY0VYaWNiRFp6SzRmcDlRQnBPaks4cWNlMU1CTVRMN2VEdHpTUnI1RmJGaFNydW85N194Q1JGd19abHd0dFVlQlJ3ME5IcFpRaFR2Rk83a0taOG5LbE5paE1rWGE5ZFpRRVIyZUxGWEJUOEJWMXdjTnZNa0ZxQUtPTFhsTV9tcXZ2eEsxbXNHdHVYWTZLZkJ5dWU0R1hwNXVCQkRmd1M4bzhfV1QtcHNxcnhzQjBrMVQxZ3E0OHYxZ21wZUdrT1N2QTl1LTJqUVFPR0pTZnJmeVBWVnFSRmVOd3JYZV9ZX0NLWE1Kd1FfZjNqN0lCWlQ4WWpKaW5Sd1l6di04ZGU0S1RRdmJYMU5pRFpLdVdCcjU0Q3pBbnhnYUJRQ3R0NHUzMnF0RjEydzRMSUtDV3hSY3RPX0RRTkdFMHQwaDJzRlIxSGp5N3hsZWFob1h0UWdtWEZKMms2T2YyVUNLd0NXLVZmZTBMNkhNLVVOX3ItdEg0QWVlQVRIWE04N21nYmQwbFBVMEpXLUVXZ3dtaXhkQUxBcDNSSUhiQjVfYmJnTV9KRXFaUlVqd3FzUFlObE53SkRzM0dDMXpianZETzgxU3Bmb05iTjlvX1VLTnp4dEpScGY3MG9sSXFVQmRnenlEOTJNa3cyaW9WZm9qTF9FSjVuV1VjQVhvbnNZSnJiWEpaYjY0eTZ3NXI5SFdrbVFqWF9BZ21yNjBPbXBNNlhVWENXZG50U3ZHTnhla3MwX3RpUHlXR0hWODYtVXhMSmNvYWRWSWJOZVhCTUM1ekJjMzJOQnkzVGx4bmtieU1RYUVsRFNESnllUlJBOXVnVHhfX2JRUnRzUHVqYTVrS1BvSG1PVWRtS0trV19idHpRS2Z6WWtCcjhVaUtXT3QxTU5HZ0F5cmttb2YyQVFOR0RtT0VSaXFRT2pfSTNLcThsc25ydXlBOHprNG03ZjFxLTVaUkY5SW1wYVk4Vm9seGxRQWNXU1kyODJma24yTHB6ZDJ5MjZrMFB4MGR5ZDZHMkNrRDQ5VjdfaGMzM1ZuY3huWTR0eFZZVDVDV2VPbTVBN3VYMzhza0ZBdFFGRmh5bGNtbHBWdGk5NF9yWFdnZFBpcWxJbEdsVnZieXFqcTREYnNUbElhdl9kNThYWElud01EbVZjalFhQWpPVVotR2wwcXNIQWtJdllMcXl2VjAwNVRpdVBhUUJqLUtzbm9JaEJVYV9nVVRoR2M1aG8weXp2SEI1bVVWMVBuc0RiR0xLYUxFbTB0LUVxaFpjX1VleGg1MGhCTjhHbkhqUVRlaTQwWXhVTlFwUTc0QWdWM19uYzdRRTBjemZfMzd1S1BYWUFZaGNJcmVsWERnYktxWTZhbGEwb3Y2NW5VeElSUGJJMXQzYjNDR0hpMWJJWl9WODNBcEZpaHpJVmdZV3dfc2g0ckh3Nk9GcEdvOVNELU55OTBGZThuS0pWQnJoM21KMFZ5Ty1MTWw0aENMUUpkallDaWhZa3VHcTBUcTJKU2IxN2dOMmM3WFB6LXdjTGV0UEpnYnI5bFdHZnVhM3YzSGNHbFcwdHhNamNkQ0Q0S3hpaWhlOWx1OWI3VkgwUndSRWJsUXFwWEpGbkRZN2pvelZENUJCamRuWWdKRkdpb0sxdkJVOTNudUJ5LXhCNmNCUXJNOXYtWFJLd1Y5al9VOXR3WThuTjRIOGZsWUNTUmNXQ1FFT1hfSXNrdzdjOGV6OGNESFFMdzBUVWIzQ1MzSC1fX2E3Mkdobmt5d1hOTjhtT1ZwcGRzcEY5cW5qMnU2UHlFRkJQNUF4UmZrR08yMGVYSnRkMkxRTE9kMWJTVU9PZzQ0UUlaS084MEt0d1VmTVUtNDNSbnllaUlfMVAybjZRWmxXakk1MzladHd4eGV4S2dJZXF6VU1fVXFrTUFFTnJlbkZKN1lZNnFTSTZkWTBESkNEak8zLTRoUjZzT0xvdWJ3MG9MTHI3dzJLVGNnYjVfeWJhZHRXdzdsYmhZQUNHbnoyRjFPSGRqZ0VOOE9XNjR4MUczNEdQakxtVjV2UUNraTdZNzd2WFJBNzFnZ1VWdHBPZEkzN0xTVGZ6cE5BTnB4eTdZSzlXVXNHQzhXSlE1TjRJQ1oxNlIxXzRJa1RrNWlaNGVnbHJ2X1Z1MWRvcVBvOWxrdmZaakUxWENOMDVRQXRDbzB0V0U5QmI4RlRhWWpMc3dLX2p3UGRjYnRBZXkxeW1hUG9ndUMtNjlxZXdsMXVEdEFvdWR5VjhyQXVSNG1XR2hhTGVpQW9CLXQwbmFQSGdsVktaTmdUT2Frd2hnTzRDalpBUGpVOGlzTnpyT0dmdVoydHRDU1c5clhuRUw2elRIQ3U5LUo5N1lHNTZXbnNWOGlnUFhobXZfUExYZzUxanlnUFFrV0dRbHVIUmR1S3JCa3BtRHd0Q25DUWxqNFVBZ191ekgtV1g3aWtqVVY2N093WVVqSGpILUV3cHhxV0RMcXhaOXMyU1d4eGMwVjl1MnhwcnItWDhTN0RleFE1T284NVRBeWk0eVBnYUZNZmZzVUoyR2tBM25BWmcyVzc2UFp6MFNsTzNhRGRCdjRXYjRLZUY3R0gyNUtBbWZ5MGV0enIzaDJ3M3dQZ2FwV09PeGpadFhHcWhpMWdBdVNwVFhKQVQ2SVlsc2dtNVlfMExVZFl3UlRlN3dsZ19CQ0xwTWhUaHRWUVNwN2VzLXhDY0JPQnFBRHNyS09PcnA0TUZJOHNZa1RfNms3T2NHODhxQXdjSGg2MFNmSTRmYTJTVWVGaXM4UGw4NmtCOFp6Q3RVbDUxT2Z2aTRXUXZtdlJFOWNxQXd3Tm5mVlQ0anlpb0ZFVW1hM21FbEYzUXJ0LWt1UzdJdkpKd3JmRXR6bWczejg5YUY3eUdwenJoemVJdVRHajlvVWZrdlpfcGpuaDdvZlJQdHp3S1RIS21EZ1VqWHFGQXYxSjNXVHF6VDN3SFNDWm5vb29pMFhsamdGY0o1a1RCUFQ4V0dYTi1CSFBCTGlhQVhiak5HN3VuN3pnSXBYQ0tiS2RFdE1MQ1lUcmpVY01ienV4aVE4UDFxNDRnT3J4UlA3RUdnU081SnNOS0ZiMDlNdGdkOUpEUEg3UHFpcDQyZGI5VGdRcmVJMDdPVjdPS0FZb29qajRBbTAxcUxCaFhnS3RMeGJkcXd2LXpMX3FsbTE5QlVJcDU0OEhaYkZnTC1fYVFrRU5ESGpRZml5cXFaMmxSeTgzUjhGQ2pfVlowdjRmejVOTE1KNE5fMjhBVHI3Y3kxaGw3NHRicEJBNDk4dzNoOVd1SERTZTRHR3czYVZWal9VUl83eW1PT19BM0dMMWlRbnQwbWR4SVlubFEwTE53U1ZUZnFPVmVQVkN4ZExlS2dPTHIzUHJveGh5ZExzUDNkeU9ZaXQwa19lb2t2bTVMSVFtcDM1OWwtRXdWWmtMSUItRnk2WU5GZ1hVSUg4LVV4dS1fR0EwZkRjNkpNSDg1ay1lb2VJamxSRHp3S2xnYzQteFVjUUUyaEJsVDJlU0syWWVJMEEyNHQ2MmVLRkEzaHhlSEJUTGlnb0Zxa05lMFBjN0F5ZTZud0swUU1raENXU0FDWURkUEhUWENDcWJyWTE0ZFBWTUw0S21KVHFtcjNEMjJNTElvaV9fcXdaNEUyNFEtUXBUbzQtUjJaRVhoQjktbUhPS3E3aUh0Sk1EMDI2bmdWbXJUanZDbzlfcERsV0VMNWF3NXNhSVN1U1hRLW91bVFFSXJrb2M5bThjbDFiM3JqTlZXWXB5M2daMlJsMEdLVG9kVF9NMjBWalpmWmRKeU0zSnRMc2xGZ1RYa1NmRGtzcXBMSmdma2QxRHpjYjdKYk5pNnFZWUhBRGhLZTU2Ql9ycElyVTB1YTVMRkpsZFByaGp1M3R3R0tUWlJ2b2xEQnBMejZqRVh3WEtZNk1keDdNcG5RelpFYk9sejFpVDJqdGUwZ1hMN0JVaXI2WFFtc1pZaTY0TXdUcFBrVWFtaEdvWE9JOFBaSFUyMU1wNGpaTEFQUEU0WGFnU2d3dEFUb0xWZ3F2d1BEVWw3V1dIVXdEOGo3cW9FSVp4NTlKV2UxUVZhOEpyY0N5Mnp2RUsyMEZCYnk5OURjZGZFMklsaVg3blU2YUdGdzdLdnQyamZiT1ZoanNfUnVnLTA0YnQwdTRKbmVjR2dtd3pnODRaQjduMG5nWnBYOV82WmZoSFF6M1FXc1Zydjd3dmxJc3dzX0lyVkFIZlZzWUUtNEVGUF9kQ25uWXZxSEZUTFpHWTVBSTJ6SWVMdmQxRXpnNUZIcGJ5M0ptNUxDRkZYSHoyaVFkbGlURXppU0g1eUpPUEV6b3dkX0pBY3JyUGREakE2TzljRDhBS01FdHF0ajY3Xzhod2xpS3hKWWpUNGxaOFNybXpyVEc3MFlBWlVzLTdlcndIUTlKUEJMVEtUQTZhR0ZtWFFKcXBCcmhSX0dHd0ljbVB1YlVuUnZIREJXMFFSdW5WQ2k0c2pyU3JfRlZhb3hvS1l6dHNDaGI0ekFpbElpWklmcWZYUGlZWXZWel9PNTFrUlFNSmo3R0YxR1VRLWFiNWozQnlHa0RoTzIySEVIY2lXSEItOVV0UmJ5RlhINXlLU2kxcEpHQU42RzNzd29kU2FmeV9Xd05JN3U4UVBzSHU3ZzlMZXpBc0sydUZ3ODBQazBFTVo1cnEzMl82MzROTnl5VkVMZkFrN3ByS1FfREM1TlluSlk2VE5nOHdBMFhwSFBPRjlRanIwT050Ykhlc3Q1RzZ3OEtGQVA4bzJPY1pzMjhhSGp2MU9TS2prY0RESHlDMlNQdFkyUTMzMll2RWI5RlhjWmNmbVVOZ0pvMlhBWVhTbG9sNGpCZVlKTFdqNEFsWlRtTGM0MkxYUXNLUmJndlFWMGRUcjZIbVpqUG9SeGpySUt4WXFRcGx4OW1vNldyNTc3cUdvcmZaSUlyb3NZQ2prQ19faWM1M2N2WjMzaVpQRU1ueWRJMTRCZm9sUXVFVG5SeGJwUTBuM1VrT1l6Vm9TMGRJUEtSRVQ5RDNwdGJMOVN6YmthYV8waUZad01ybTZRRmFJamJ0aXZ6NXlTekZlMVVHS0l3OUxFWWNjUkVZSGpQYmc2WE5zZ2k4Z3Q4VGsxZzRCRkdCRUEzeUFLTGI3VkJLaHFQY2hjWFhPTlB2MTJzX01PeFNCZXE2YV9BMTJLWC1tSmQ0bHVSR2w3M0xMOTdiZldoUWJnMDh4WDRWTHJ3QTA1YktsM3VZbXlZc1VBN3ZMeGhyQjFtVnJPaUtodHBVSjhJVGZIakdZOWRhTXBNYnhLZ1pzRFRPT3FwaEJqV2FtQXFzcllla1ZGbnVxWGV2eWNxMVg5ZWp6eU9RcWZ1NGhCU2FsRDR4WUVkQTdMeUx3UERCYXh5ZjNyQWVwd21seWlLQjc2NlcwN3Noa1lKbXJGM0c1SUl2TmpzczVLdDhFaVQtcmxvUW9nTDB5NHpxaUdBUXYxQ3RHaDlrejJzbUF1MzZ4YmgzbEZadHM0bHZKalJLcmJrQm9wd3RsTUlaUjgyNERqNGVNcnhobE9PdGpvS2RwMFhrMF9ORjQyMFQzZWxqTnVDcWstdmlhbjJGWWk3WmJtVkwzanc2NVhRMVhwcmNpVEJaT2FMZG1jbnh5Uk5tQzdHT1U0Q1NSU1F1UzRsUlM5STM1VXJpbUxOMnBMR2ZaaGFLOUhleV9xMVBwQUY4d0tSUTBVaEI5WkJNTU1NSnl4b1E3bHVZcGxIWHVONmhlN3ZDZ3ZsOXpLTU9CeGJUc0t4ZHpXV01sMVlVVElUVDNWNnF5Uk80aDNaSjJLaWNQM1VCNC16Z280ZzIwUmx6RUltZURPMHY0aURCRWk3OXljYnpzYVJ2SEVSNXhCLUpsamk2c3hNVHNNSGQtYl9mMFVBMlVOTXNJTVgxS01rLUdEMDV3cmUzQWJjTXk4QVI4bFdyZGczYy0zc1dsV1c3b09JTEZiWjJNS1RTNU9YU2JyR3k0clpUaWdmbkRUclFpVWZwLS1uT0VoVHc2TGoxNzF0WEpPVUhWWEk2bHJrLWtVMFYydnZXYjZZbkFBdjhWUUhRTFVQYll1YkNIMnRlX0h6dG9KUExrWUdOU1FjNUhKTk9DNjlyVm92bHpiTlRmUzFxNTJpNTZ5cEk3ZE5qOFpWRHBsaEZ2aXZGd01QOTJlNmRpeEUyTFF1SWNNQUJkRlZ0SXlyUTFEUDFOTTNQRGJiS25LZkxXWkJOd0o0YkdNdmZLWUNUX1dZZ1RpRzJHSEUzOXY2MHFDQmFWTl9mcFowVDR5SDl6bDdGZDNGR3B6SFB3Tmw2di1UZHhFNm42OUZEU29JWEU4ZlpUazFpYk4zSU5jaHAzMnJlUnVHYVFvcDVjeHlzeHpSMHQ3NktmN3k1WHVPSW9pLTVGMEwzY3RQdEhRYllnYUJ3b1N3bUplZVZKR0FYTFUyYVJZV250Q3hVeXNMcXhveDl6UjQwR2dRMVhfR240ZE5jY2xSNThVb192TjEwd240cHZOTk9iZWZJR2xUdUJuVXNKZThTX3p0QkhuYlp5cVBjSFlhWF9Db09jaVF2Uk5RbmxMU25FZ2hOY0ZfeGxQc3VyTkoyZzJwSHJZSEZyUHFiYVV4cmoxeG8yVVJ1RTNQdXlfRVo5LTBCWTJLSDhDdHhMbkpudjg5ekx4MldYWF9rTGh0WDhHZGNoT0x5YUc5SmhpcXQ5YmlGSUtMWVI0ZXFMemprMkV5OUVObkFoTm43emg2OHZTR2NVd1U2eGZzVXNSMFVvNzU2czNMMG5XWl92eXEtTXVtT0o0OVlsWEJzQlpBdHI5U0NGTkRfaVhaUzhPRVg2bzFlQksyb1hLZGZKaUVxVEZuQWxmb19RTmUyNDNjUzhkdzV1REFtRWdSalRGUElBUWo0djBVOG9rOGxEakhPdWhUeEFnLWxUQzlkc0NEV1NIcExzZkdhOXg3N1NsX1Q0dWh2ZWFRYmZQRDFuci01MG90ekFVSGhocWI4UkxwOUVBZTI5Y2dnZkZLWDQ4c24xMC1JOHdacXBmLWtsUVcyOXkzVFU3WlcwXzB3VG1aVWh3WW9XaURpdFV1NkJOaDN6SGFQc3JhMm1rOHlsLWRXVy1kR3lxc1hrR3l1aDNKS0NhR1dGNG9nRlp0bWxWYndremVRMmxlN2hMSUpqeWZmcDJFWDhxRGd5X09aVGdIY3kwRm5RaXZJMHNtZEpvWVNPWVVlZ1F4bkVxczZFajZfeDZtbUxjZnN4bktOTm1tMDVWd2YxNlFQcE5SYXZ2bGxfSUxiS09lalBaeUlDUUtKa3VWSlVUTlQ0TlUwbUotaFFlM09GM1JuLVc0bHg0UGtKUklpRUNHWEVZVVU1SWREX1dUa2l1czJTcDg1dVViYktZTXNSNUt2NXYxMTNoVnhlRGZSdERwNGZjSHl6ZXI5cEt6SVpHS2EwMnpoTkJQMjhSdENHeDdFMFlyVnFxRDRJRmx5WFBJNkhYc3JRa3BGZEVfTk9ubVRHT2p6VzR3cmVMMzYyRHJGYkhycWZMWDE2aDRxOHAxdnRGNHF5U2V6YW5fU1M1LWZoSEc1ZlBnTVU0NU9oQlBuRXhzZzAxbS1WcEhCdDFJUHdZYWhzVi05Y09uQkZOd0pHbWJ0U1cxTzNKRGZBR0IxVFlwdnZNbktIQzNaaEJuYklsQWF2b3E5dEplMGhjTkFCaDdpMm9hdVdLZTZsbUFUVDNQbHhHbTVrLUxNVk16cTRlRkw1c2gyeVVVX0tRc1o0SWdNMmZQMEF0U1c4SkhIXzZISWhONWFlWm8wY0dwNnJ2UnpxMGxveWNfSDlWZGJpaHJ2OGlHODQ5bjc3cU9LT3gzemJVQ1NReE96ekVUdzlkN2pMZnh6T0RCRGdnVTMyWno4bWFNTTlXaWY5Q1ZJLTdhSmZqemoyZEp0UGJlODViS2RqZERiY3d1RGdVdFhEOXRSY0xTOW5saW1TYzBTc245TjI0NTJFSzhFVVp4QkRjZUtibVFxdm9hWXllRkhWS09RdkFPTElGWTNlQkdQUnVWd0ZzT2s2OXZGTGNIVldKNUt6SzBFTFdkRW5YcTVESVNoRFMzdEdEejNTTFlNWkRaT1FwREhNRUNnampsWmYyekpaMFExMkZ1emVweDY0LWVlNk9RZHdEcXpOb1ZzWlN3X3BJdWdseDA3eC1tN3FnU3FTWG9GTUtNZDBzT1VaOExHcHFBVGxjTnFqb1hZZlpvYWRKamRYVlJaZGJyblhPU1JnZkttX21tNjVsZ0lnMnZwTm9RTkpJRDNyUVVlREVmOG1HRWx4ZFRvd3ZqRW5uSm5LRGR0YkhtZFJZSmk4TmNFLTE1SHZEa1RPa0JtNEt5cjJYai1Wd2hTNzhvUkppelBhd3otYkV1LUh1T2FtTlVWNzZtUEpPSVFGeWhYeWZpTm1YaEFaSkE5bXhYNG9ROE9JMlFTM3NOQjBNRlN6X19hV01ZblBOTzBBSU1PV200dEhqOGJneVI3QnFBNTFlQ1RXdFJCSTFHTTdpRkwyX0Z6dl9jcG9OdjFOakZZbTdITFJBUmUtcTQwWTd5YS14RmFwc1JfTGlzUkNWNGhLR1Y0SXltUVJWNzhQWVAxNHN2Sl9PNG95M21HalRaQkZIWTN4NFhLUjdncTNuS0hqdUZvMHZrY0h4TnpHU0dHZkdIcWNxdU83UDNYaUI1Y1dHWWMzTkN2YzVNX0EyVng3SWV6T2dLcmFRdUI1LUYzeDMxWkFlYk12N1FVTnc5Qk1hRnBxejR3MXpIbTZmUWVTczA2N2VhRUR3NjVyRjNmcEY0VC02MmpHUVNHUS1ZdDBVSDBGMzY1TllXSnVOM0loaW13WkVoT2VGZk95VnJJNG5qWjk1eUZoWGxER3NrZGJWcnRqSHJVcU1ZU2tNcExZOTdkRV9FdDlwelBMMGFTNmR6Q1ZZLWlFODZsa0ZZUFNvTGViaUJzeWdnUWlUMmVpMm9lSC1NUnVSUVJsNi0zTGIyR0ZXaUgwM1RBMWdJXzRISHRXTUpKa1NaUzlQVmhHMWx5c1FUNHBYVUg3ZWJuVlJvaEh1cmlDMzRRYlBULVlpeUNENGRvQ0VOS2VjVS0xcDJEM3FhcW5jTE5mMm03NERfTHRkWnpPWGV4WTFIZlBSVUo5RTJ1NDVkLWk2SWxzNU1PZjBmZjhNTC1KTU5GSWlRVmFvcDFuSGFxRlhVSXdqSmVpMDA3c1gtR2pSSUNNZ2d5aVZfRnk3SzVlZlktcmc5aFZFd0xsM3QtYjdhOTE0N1ZmNFFIMmd0cWw0ZG9uS2pwMnRCQV9ETnN4ZzE5cU13TWlDTnBfamdoZ3pzMm40Q2xFcHVXSU5Ec0IyOUxOZ0tHemJRbjEySGN4bm0xblNLc0VPcnNuZldjMWlCVWNNMDdLMmM5b3l6THNqNjFTUDhTM3M1SkpIS0djX1ktNjdoTlBlcFl4d1lQaElNcTdRVDBBMkJ5b3pmc2E1eHRkMDVfN0VZYUszeXFwMl9TUkRHRVd2WVdLUld4LU5MSFVfZDNDT3FQWC1EdXVFM3pzMDViOEZvOG1YeVpMbV9kLUhhd01zeU90VVU5U3NQWGJCcklFMkJNQ1VvWVlNakFYeUJmbGQ1VWM1WjU1aS1wVVFaSHQtZEluN1dGbk9jM1VKM1NQdDFMZkRtOEx0THFTbFpfb0JWN2FsVnM4UjVZRkZyRGphWmxYRHB0Tk5iOWI1RTNPTmp1b1VPbDg5RFhfV0ZNNU9pektRWFVXRWZ1XzFiU2RCY2ptaVl6UUkwT2IxbWRfLVdpVEVlMEZVWVRreWlmRzIxMl9ockJkMEVRV08xaTJ1RUhHbHlBcG4ybFZOYTU3YmRiUWtxeE5lal9CdjhiTUVfVWd4U3pmSW1JdnZydHMtemdkb2hGaFI5UVNpV1JFSFVYODY0d01adERmX1htbGdLeWF2MmVGUzZTcGhrZm5IaV93cEhsMXpqa2NtbHBwcVotRllMVkhfSUNuT0U3NzlETzlvSi1oeW5YRXpvc2pTaFgxVHBLMmJkdFJMZ2VSWTFDZzZjVGVZUzBhWUNVT3B6LTNyLVdwdWJlUFRPOWM2bjNIanZLNXg1YjI2ZktwMnpSRnpZcXc4NGdGSkltUnNhRjdtMXZCVlZGQXl5QVdLamlGSEk2T042THlLQXRJODNuQW5URjFIaXQ0Z2xsYS00bF93VlZFZXJ4T21DVndTTmF5U2ZmaTNZR1hvVzF0UURpRFFlWkR2TFB2ckJmY2htcVFZRTRWZ3ZXWkVLQVV1d2VWdmR3em84QWFlNnFxakZNc2o4bF82MlpnZm1FTWVUaUtBd0Q2MkZPWVVwaklFUWRaN3g2RVlDN244WEpLZHZhS29VMWQzRXRPVE1acUdETVZFU2ViZUlLRlVWU0tfVnpJSklXel9PaW5YSC1GbW9GUDRDVkdLWWM3ckRYTWdRZGE3LTNlYTFqRk13dHEtRWdnS1ZCa0RxU0pOS1JrWmFYZ1FBTmt3ckxyVGdkMEdRdkktTTZwSEhDZ0pqYjdpOWxqX1BFVjNkcW9sV1VUWWdwRWF5OGZnbnpwc0tfN0F1TzRDTVVoSXIxOWhiNG5rNmc5eG16aEI5Z01CWjJjZG1mYU5NSzF2NjAyR3owWTIxWHpQd01ONGZ5em5wcmZYNXZ6b3NmQzV2bC1jQ1ZxX1VnU3JSLTJoUjJ5cnFNeEhYZXIxc2J5NzdPbXk5aGdtYjdBekstSFFLVnVERThLZ1EwUmlYd1M3UmliNjVsRTNBVjh2TGhiOFJ6Zmo2NXBkOXRUTmViQnhiUHZpdVIzMzVXZzZSREpRMTBKYTF1ZzAwWERTNGV1TmFqOE5rdUgzcVpCaHp0dlNZWTZaWUgtZUFjODJwRXN6bEk3b0IyLU1NU2NVYmJ1d0FTRGxKNmNycURhZVctaFF6SFZzazNvOUtaQ0FWdjZ1OENJaTc5MDFUQWozRGNzUzN3STFyM1NuNUpKRklRUklkLThSSjl4WWlXZUNidVB2OEhqeVozVmpHVDZMY3FPdG9HOVJMTXNNX3JqRkdRQkVka2J2YlMzbVRYbUZVRGpESkhVR2FudkFwWk9Lci10Q0E2UVJPSEppY1A2ekVrZ2lFMjJvMmlXQnI2TmpqeXhwQU96SWx6UXJPVm1pSzhWUF8wOV81RUhPd244bFhFakx2UldiZFhqR1JGZllmRmVRT0JvbDlRVC14NE94WTB1U0dkWTJVNFZYalhuMnpZMDAwQ1FheEJnUUdrTnNVVDVGdGo4QkVOWWZmcnAzMnZ4NDRidEk4WTFVN1NPdXdrN0R0czBLbjgzTDh4cFFaUXRTODBsSE5JRXpPNDVNUGlyVk1WcHpYZ1ZCMFJRMFRaZFFDcU1RemFPZEdSLTZyQlRQc2NnNGd5anE2ejJjVTBuVzU3bWhBb1NWQW5DQjRBZVhnNzdoejlMR3M3d0RvMFpQWXdWLWlJS2h0VGVZNnU4QU9Cdmt0dm1BVzJyZ190NkVpVndKNWh0OEp4QTVqSWZmV1d0SG9lUW9YNFFka09KX05fa2Zqek54UThJREhhZDVmb1h1Y2FEOFBsZ05obS1vT0x2UDZDTzh4UmpHSTJGd0xtNUZ3Z0ZNbjJLX1pzclBHUHlxaHBmSFpyWG1SMGdCY0R1V2c3OFpBbzNhOFU3RXEyNWVVdDBndGw0bWZVeTR3WWRtdUYxV2U4R1JnYWxfWTQ0d2RVc2tIYjJuaFJvMzhmQU5sUGt5UW1HNzZiU253dG5uQmNiUjAwNk1PYk5ZRzhhakwwMk5PdjdaUXdESnpHZGZnU0pGZUkxd1pQeUlZcUNaUkFqZTZEblphSHhCbWN6UUJVZ25yZ25MNnVTdmRVQ18yNWRQYzh5LXVNdkxCYjhobFhCR0V3Zk11UUUxMlBQSGYwaHRCVEJ2UjdmeDV2c01BeHJmM2xiYmRJTDctZG5xM2VYc3V4YUxuZXloOXRSRjNxN24xUTd6VFdOUTJkVHdlclhSOEhTenRCTGYxOXE4V3llSTdEZjFhN2w1Y3dfamc4Q25OQW5SSERzeWtVSW5oMTdGMGlKamhWQ1UxbDEzZVRoNjZRNE5WdFdzaUNxUEx5eDRENDFZWnRnSFNxZXFDOWZKU3JCdE85Q29Zd2w3czVMU0RfeTJ6VENvQVJPTUR6R2NYa19WMEtXalZNX0FDZmZ6Y1JoVU5uWTRhbEZ1c0VPZE1FOTlKdlJxQ3h5TXlJX2hGNTRRV0JjeGM1NzAzNzBQeGpkS2JUSnN0RTlaLUdoOTVxZVJ3aWJDcUVLR3k3VjBjLWNYdzI0SVRyczk1YTdLc05FYkxqaVAzOS1hbmZVNzhsNlJYUEFvM212MVF1aDY4bExQVUVGNFE3SWluVEZEb01hQXFYWlAtSUdWYmo5ZlVyOU9Tck9MRGNtSzhkNFhWaV9zeGF5aTNTMmxZaFE5Zm1Md095dGRoVmd2TVFKMWRXd3B0YWFmaU0xMEJQd0dNdWlCSm1wLUtUN29WaUphYjNLU0QxQkNGSTliMzlpLV9zZkVMS0Q3TUJIZmhiOTJOcVY1U3hwenMwQVdtQ0hmelpFc3RNMVc0aGZMYmJXVHdXd2lWSVhacEh4ZmRBYXVWNWk1bHd5alRIRHdrbFVtNmxleW5yekYzSW9JLTl1Q3pqZFN0aE1zY3ZCdWF1ekhydHNZaThoaG5ublNnbzNUX2RrWG1vUmJ3Rk5XQnUwSHo4YnF5Qi1nR1FXcnN1UFRIOUJkMjQzZ0g1MFphSzJHa2FWRWU3UGQ0bjhsWl8wNjJXR3c4bnZKSG1tbmdadTF0SldLd1U5REFTNFlnZUlpUG5KU1VQSUU3aDk2WXpGeGxUb2RRNnVEQXJhVTUwOGZqZzN5V0JacE5QdkEwUndhN3N1TWE0WHFlSldRZy15eTVLRG51ZmZuQ0FrZDVZb3JWOUxWVkhTRXZCbWJkT2F3R0lfd3N3Y0xJNkdNNGZDY0YzWVhzLUxyenZiSUpSbTJDcEJnNXBXU2dhUTNTNU1jLWpURG5wM25kQkxlWTRETVE2OVJQdmRkdzZVdktjODFTS0FwZUtBQVFnbzNYcVF5aEpYR29rN0NCWlYwNkZPRmwxeHpMNU9vZXNNSTczOGxDMzQ0ZTkxcXVUMXBOOUlrUFd3bzFFajVieFVUdmlPTDRPWDhQTUtleTJKWmpEVGZrZ3F4Q2llZ2E3VFQtQ1ltdk1JYXh2UEZzTmNxV0xOYW9jSHZpNDVJb1RLV29vV3FLRG9fd09TVkJLOXIzVE9pWWxvVlBMcVRGQkxET2I2MlJQczBrdzVTbzF5S1l5NUF5UzdOc09hTldHV19GVDNhd042YjlMRjdOOUJUd1RfSk9NWTNvNUFqSDFOOXFLZzJoc2EzTXNpMkNxTlBQUHBPeXNuRk54OF9QSUNYa1hYcm92SlAzMm5YSnlwdEszZkI0MkNTQXJWMTVlcklETU5hSVdYdmNxUTFfdURRQzh0N1BwVGFwX3U3enRfWkNjdlpFSUx4Z29TNWg2U29CMzNuU3Z1Ni1TcXF3cGpBZHR5QXQxc3RFSXdfeWh6T3JUbmhSeHduUEdfc1ZMOTBmbFd5TUNJbW5ILXZTZUpUVGNWbWp3MVFqeWQxRm1oNDRaUUpxRldzekNYQnZqUUFIYW1hOURBcW16cmRsRU5FblplakpkRFQzUEw0ZzlHcHBjaTg1T2JsMGN6aUJlT3Z3NC1MMVNCd3RwMG1yZlJuTWtMSlVSWFZOYWozc0s5RGFOOXEtbU8tVEZxS3BlZloteDBqenUwSURvTXRVdW52c1MwSnZBbmNLZkRlSG1TbFVFUzlOaldLWUIxM1ZtV3lZR180cm9QSFo3a1FJSm0wYm96dlpRQmZCYkhGWUo5Y0tLdE9LTWhBdmhrZlNwTDFxSS0tV2IzNVZwbTU4Rzd5Y1BiV1lFcVI1cEpMTkFEYkl3Y3dSd2w0Y3dqVDNmS3hESnRORFNja0Y3ZnNEZ25ONW5BUzN1NEpyOEZ5MWp5dWxUbjdOUUdVekVfb3AzTlNkUmhBV3ZLNmJjQk5raUY3SFE4X0xCejVNcXRGWXdwYzlaUlo5RUQwN091aHU2elNtTmhNcXppSUxrQkMwOU1CY0pGUUdkdnV1bGgzM1BBSlRSdGxrVGJYTlFTRmJ6aV9xYnlDT1FCSkVWdlZxaHlhRlF3dUZiLVUtN0w3N2pVVEFUZlVoTEFHM2V3Rk5HM3BoQUdOUjFPS3VnenNhSXRxSGZGb212UHpfSEdwTjJfQ0lVWTJlcHBFaVMtNTNLbnloWFJ3VmU0OUF5Y2VxRFAwa0dWSWVhcXFYVEJkOF9qN2c4Z2RrS0I4SXRQREREcjdEanVtOUtpVHlGaGlndlp5VDFDYXQyN0JfYVpGTHNYQk92V2RoTUFLVVp2NTRZZ3h1cnUxVTh3SUxGV21vc0U0RVRwUTZvMDd3T2FtTkdMbFFEMVJ3VDNWRVJWM3ZMX2tRMlJJU3dPZHgwbGpjZk15ZkdqUVgwQmlWOW5LUGFsZXpDYThaLTVQT3VHVkhJUmtJaVBBck5ocjNQNXNtdWQ5NkFhWGkzQTdQaXNXdmttWGhLMHh4WWdWcHRUMGlRcEstUDF1bklOXzUzMnM5N3p6UnRtdWpBXzZPNkx6RmJaZzc1WGctNDV6TG5hWTlrMHYtQTNZalN5NDgxNk9BcnZwMk95eUFFLVowOHU3UUxST1ZadkZwWVhhMDk1aDB0MWt2UC1RWXFEMjBXMFhPT19kNUxpa2ZtUnVMekFnSzZlbExqZlc5c2xZZkZlUGFxcXgzRlNwSzh1cHpBYUFqRFFHLUhlT1k3SzhTNHFDNk9Qb3VmWFRRbU5yem5RbkJDWm40RjhvX0JlV25YWHJCcjRVenpfY0RZZ091NFNWaU1meUxRR1IyTGJlZ1RUdzYzZFJUQWtTWTA0bndnQ2VSbGxYSkZ1WTE4VmZZTHBJdjBXQ2RTNGdCNFFpa190VmpBdTdyUTRDVEhCS3dsVzN4RE1abDhTM1ByWWFOMmhDa0MzYmQ4WUdXUVZVbFZ0WGo5X2hBZ2V2Z1ZfUHpnNkMwVmRVTXdWVzcwWGl3VkpxNnlPX3VQREwyMjRfaldncHZud1FUZXpuS05hdkI0SkdjTWl5RF9tZkQwb3lSRW1KYzN5TEF5bXVSdUZwOGVJVmFxcmo4NU45dW5MNklzMHUzZmxTZGZaanlYbTBYQ2hZU251YUthZ1k2UzBPZnVQNTUzcUozcnpMN1hXQm1WNEJ3WDU4N3AxV29FYk9rMDhvZllNNmQwMjcwbWZLWTVfTGV0aEl4OWpJTEpRWkZla0lfd1FJU251aExKOGlKZXVFbkZseVZmSjhZSjZJUEpSWmtBaS1jWVZPMGxyVGhQTnp4SU1EUEJnTVNKbDFLdFExTUQxVnh1bENtQmVvMlZ0c2o4aHRsWjhiZk13UlZ5a2dWcnRRQ3U4MXJPaHFfYWNtb3NnR2JkRkxSZjFQV0ZvWTBKX1pPRnVOZE5IRnlxenpLZGNZU1Z2NGF6UUY2cVlYM2lSOG5VTG91WkEwVkdiZXpzSzRGVkRZVkNjVllLTmFJYW9DNU5RYTZDNkpvcTV2UjNQQWFIUzdVS2dYbmdKeURRTU9Xd1ZiMWNoTDVJc2s0RXVhQ3E2ckNDWEtkZThOT1BCMklUTVdJd3Y4VFVqRE42WGJNYXlJSzEzaGFfSjV0TEFXRWVLeUZpdDhJWUZ0WV9JMWtnb2tGcnNPaHdqLXNmcVZMSjduQlN6NWJ6bVE5c1BVc2diZUFpNmhXRFVwU1FUdFk2MzFyOG9mT05lWm1EMFYyRDJheDVBc2ROSWFHb3Uzd25leTdUaGxMaXJXV3dwbU1GU2dKX3ZpdU5VLXd3VlhOSFhibGVjYjRwX1M4dUFraHV5WEhqdzVzek1NSkphdmR0M0lkdm9rcE42dkRCSDRhRm1NTjhGV3FYQVo1cHZIeHVmSkxtVTFsbVFtSHEyeWl0amVCb1NzRlNoYjNLRFVMRHdGZG5ZTFI0MmEwZmkzNVdtRTRjVFVGb2IzWmNXZEhpdndvRHdmc0hfb3NJeWF6aDRQRVI5VXdmTTV4Qk8xZmhHV1ppZXpZemhTTzdtZllkY3BNUktPRDVPbFJVSm9WS2FnX0M4UnB0bzdYQW5Qb0hWTVB5Yko2RTExOUVkb3BpWXgtb2k4NEdZU2VKN1ZXRjh5Q1RCc3F2ak9UOUc5UnBUWlBQa2xGVDFobVhKY1FTWUdRRGlFb3NhTWtiRjJUTUlkYk4zMTQ0STVDRi1QTnlsMkdSbllvelhEdUFOaVlSbFFlLXRtQU1meE9vNWJROEVQbWZWOUN2OTE1UW5kVTV0WWpnS2FLSXNqZXJJYXBOUFJTLWdBNnlFcVJMcnJJQm5vQjFWQ0czOU5zOWY1bExsS0hkbkQzQU9lMk1OTFdSTzhnRTNLVFBadjlORlBsWnFIb1lWaGxrM0dSYmdLQlRndnlBakI2V0VfbnlBOWZoWTBIeXF0Y0JMNXN3YkhJQ1BqSUl4a05paW1yNUZ3ZUplNVhKd1NHOWRmZlBjT3FQTXVWbFVzU2ZqVTJrTl9CQ1N1Nl9xLUlaMndSaVJHdklXcG5vMWQyc0F6dFZRbV9PVUJqYzdQem9GZ2xuQjNSVzhwSDFraHFDUmgySlhKNzJWemY1bWRFbVRWXzZ2V01CX2NqQkwxOGp3aFdMaklJR1JLOV93Nkk3am9nVDBwUkoxZFZpSzlpdmZrQmpxbnBZa3gtb3hJVzIteWFtUjNSX0VtcV9RaVVzVVRhOUw3WVpJQmgwQUpmZnQ5c3RkcVR5RloyYXBvRFcxaGppUG5WV1B6ZzZMMGZFSzhyN3dXUEZiaXA2ZFZSZWVmeTJaMVpVQU04amlyampYSFM3dEs4R2FHdDFSTEJ2ZFNURHczRHhOVXpuRVlIYm5PdDJpNlhPT3FWdFRjZXp1M2hRZ29CQWlTNGFKRnRQTmZJcVVpbVNXMGhqdmh0TzJDMDVmdThOSk1nYlBNT25IV250VkRYbG5UMEVPQjZEWVg4SktWczVPUEt3M2JWeUoyY2pxak5Qa0pBd0xpSTgxaW1DcVRSNGF2UEZFM2QwTjBXSFc3bFFVcTdEdElkRHZMSTVDa1FJbXhvRDQxcFEyb2wzRU81WWQzR2VYTUJJdGVpYVJjZ21raG1ORHVlUXZpelI4UTBHcDR6aXozY0JkX1NITUxSS3Z6MlE4U0UxajZVLTlYblJKdGxVUk5iTTN5UFRyWXg3dXVId3ZOSE1xMlNDZC1CLVk0Qm9HOFZKSTJfV0I2ekljODlIVDR3RnVCOGs2SGFEdWFVMGFJa0xWUTJIaGdfNXQ0V0RSYVR4VERvUmlKYVBEeU42LWs4S1F4anc2TjNGX0NpbUFUNEtUbmVqdG9jaVpCcmk4VDNCOXRpUVFJdEZLbnpNa2Q4ODZUbElNWmJNaG1teUEwRVJ2OVAyNk1PUDBRT0xzZmNiR09tdFZwWndmX2lHcm1wVjg0Q2ExRDRDWlFuMlZGUlNtRGVXbDFFMEtzQXZlYVlXMEhIVVl6TXNXWUIyQ3RwenQzWUx4ZWV3eEE3b1ZMYW40c3d6dHVEV1h1M0Jja3BPMWREV1ppYk04ZVozbmRMQzVXcXRoa2ZsaEZnTmRlTVB4NGVoWXppN0FTVHQ3VEUycjFuQ2xsMDN2ZHZzMnQtZzJoZDgwMTlfU0p0T1NHM2lCZGxOSlV2dGFlRGlCU3pRbXRtYXdnc1BYXy16UFFUZVdQdTlaaGNxY19ldjFNX1FmTThXWTdNV01DSDNoMjJ3bWE4eEhGRF9VNURoQS03bHRwZDY4WEhSVlZJSmVDallPdlpiZlNwVWFuVEptMHBpQUJTVFBLZmtvSXFNdURlMEc3QlB4ZndFWmVLLXp6SjVvcFBkUmFvVTNJSHltdFA5WWJfb3lXb002RFJYaE9JOGFfMDJGTkplUjRkWTlRaVFoOS1pdzFVVk5JZkliRnN3Y3d3alRZdXlFV2lYVzdXbk1ZYUJJOHdnQmtEOEhId2lkQlRPTVRndUdtcW9ObGFMaG5neDQ1aXpPY09pcUhCcXN3b3hza09hdTJoVFRpWi1iWU02elhSeGtHT1hqeUJjSDRXSEFFVUdrSm9xbW1PczZzWEN2N2pucXFVQ2l0ZVRjb1YxM3hETUNHUmZyVVhBUmVHeXZTS3RLQmFieWl5aVBtVmtZMW9RQzdSN1c3REp5VmQ5bVZYS0VDZVI4SldjWVl0aC1CQVZNZTdCWnlFOHpsUkdVZ2RsWEdEX210ZGYwMmlMUzd6TlhjaTV1LVlXTW9tUmpFc3BNOVRETGdETE5pblYwMFJhS2tvVGRlQVRCVEZiNmFxanZsbGVRb3phWWJMa3djSmc3NkVlUkh6SnI5UkwwRWVGTGowX1NzZEpDc3R1Zmd4eU5WMmhJakxucWhrYUVkdjRRNWFER0d1MzJBNFhpR05IOFU4Wkd2b1Q1elR1d2lGckNEdUJtQ3MySGlZUTI4WVk4XzExc2xORzlMenZaN05Sb1FPUkpPZllCTENmMXpkclVrbXZIWnF0VkJ4cERZRlN5S2lKd2pqVDkxcFlFeUV0TnU3QkQ2N2k2UFJLZ1htRDBGMXMzQk5kUk1VY1JDcG1ma0xsLW1CbEtGbHZWcTJJNWpvVzF1U2pIbzVPUGtjQldoWVF2aGttRUc0MW85SG9rb3pNSVRscXBjUk5LcjBUQW5kNlR1Y051RjdkLWQtRkNuS3JUTjdtUy1VSkIyTU9wM1c3NVdhUEZ5Yk9nZTNWMnNmWW9fTmZsZEstb3RVVkZ5RXQ1eVhkX0hnM2s4TGdmSXhvRDFoTnlrellpU1BmOFFUMmZGbFRRYmlici0tdGVybVlHRUxpbzVCaXBPWHdrYlhManQ3akM1RUh2bDF0a2k5a2ZrMDE1bDJQUUdfUnpwV2RibF9lVDJULWN4R2ZhTlYyc2F1VTZsSGZEbUdYVTVTLWlvM1dpUHFKMWVmVUVQMWlxWm5YT2FWZFpTcEN4WFVHVDdVdU9kYm5tV01MVU5jb0pGT042NENKeERCZ0wtZnZIYnlSODlqRlNMSXRuX19ucjZGelNHQl9STEsxMEZEck5jLUVSZkV5eGVKR1AxV1ZhX0dXeTFQLUdGX1VSVi16YXZZOS1vdzA0ZnktZmVkWVZXYjZJb1BwMkl4QlBqTEpUUzdUaU0tQ0ZMR2NNcFN0MXVZblJuNU9PTkk0N3ZoZ2xHMnhBOEZkOWgtdXl5WEN3WEtVcU84bHljZVU3ZDM3RUlzM1V2dXFYenFGVzhNMXVoRWtNUkpFMXVkZTRQLXJOUHZGRlpXV1duM2g5UzBuTW11OUJfRXd2TTlNU0MzaDRjWXZENl9HVWhxak5BcmZmM3JnWFdfVzFFbWRSdzlXWW1uWEVyQU8xdnpiYnRiTlJlZnd5QVNfSVFVY1Z6REd1MEJvZ3QtaTB3Y2QzbVI1UnlkYlpoVHVheGVBdjg5Z3MxQURqNTJZbEt5VXVYakhqNjhLZW9sSHdRdnlqZDgyRENaeTBvNDl1Ym5udkZ1YjBZTGRQTU9hZXpFMHVfSE9iSU82bHRsN3Fhc0d4SFFGSVAtemJQR0tPUjlxQ0VobVdwYmVZM2JlbkJQSW1KZFhMcThCWFlyYnk5NkRzVzlmazFFTGVRbm42bW9YS3JoUGg1am4xTmZkWnREcEt0VzRMWkdYWWIteS1heVJrQTlpU3gxVGlLMVFMd1U0WjRkZXh4LXNHbTdfSWI1MEtNU1NOLU80Q0s3R092SWh6SjVmNmxMTzYwb2dwQmJPWVI5cUF0TzMzTWhwOXFuYWYwcFpHNVY3aFFEeUNlU3B2Q3BDUWVRQlYyM1czSEJoRDNhUFBmaFBLV1NneXJYaTFCNWgwbUVBOWxfU0U1YW5meHoweGRwXzlQWEo0SlZIdWkxVjQzNVVDLTdINkloYTViRkhsaGJDUkN3dzdSblF0YVI2bWpzWmxzYW9sLW1HeC1yM2kxQXZOOHd3UkpZWjd1UDlnazZZZkdET2JqLVBTVDFjZHF5UEtEc2RaV0NKa1JxLU54YXdacGFPam5FQWJIc0N0d1VJN3FPQndWMXZkVWJjV2Z6Z1N5dVpOU1dKMUt1ZExmQmZWeXV6ai1VMThZcDNOWVMzN0l1ZGZoMEIxTS1QSEE2Y0ZXVXhsc3JtNG9kMlY3WkRiY1F1MThMQ0dCX0NlYU0yOGpyTlRGeXA0SEhILUJTNDZzZFJ3TVJQWC1nNzJRY28xLVpScVdLRGQ2bVNwbHZYMEhtd1g3ZmhieFBiNlB5MmZ4dHJqY0NhR0dEdldjU0FBZmFEVVMxVS1LcjMtX18zQ3VsdVBHYVRZTmF3RmgwbG9KRnBBdzM2ZnhRV0toMGxaMzlCQlE5MG9Wa0lScGNoRG5saGotVXdvYjlvNVFEbmRlWHRLVzE5dWU3OTQtbHczYnBQVWhUbWIwVkpuSG1YbURoTjFyQ09mbXV4bDNMQ0ppaDcyYzVzRExkSXNMTUJ3WTFMNHBKWVRoYVdFTVZzWlhLWHJlbkpUWFpRUWVsenVuQjFwVUZlUUtNSURFYUpyR3ZmT1hpRTRZMzJqdTZfMmVPTFp3M3pubFpkYUR0ZDBucDdKdk5wd2tXeWNNQnVxZmw0OS1wb2lpRExzX0M3S3JhdzdEOUlKUzlXaW5aLVJCYzQzbktITHRzZjBnODNZX3lBaktCMkE3MmxVY3N2WVhpeXVTRXR6cVRvdTZwOWtESzdnNXFhLXBiNW5yNkcwQWVFVE1PbUF4N0lxT1gtT3Z3d2p6S29sN1JXczZNbTVBOEtHNlVYU3dUeXpOQlo1bUFyOTlMWnR0RWxfdDhOVHNHZ3NmWndXb0xBWnRjVWJoX3htVFNzOG9SRFNpSy0wek1HV3g5SVlIMzVIdThIT1hPUTV5LWFXTkZyRHQ2bkh3ZFNUN051dWN0YS1USnpPUENWbmNzV2J2RlBnVDd3a3k0Z254eU1ORFJZWlRFX05PdkZQYVRxSVE5b2U4Ri1HdkZua0RWRml0cGJXamtVbDZ6S3VBUW9rRk1pcGJMcEx3NElrRXNRYW9yNDcwV0xLQ2pJbnNhVGo4N1B5c1dFZG90OU1ZQlgwUWRfSzRfVzJtUW5VZ2s1cmlXQ3RxN1pGTU14alZTSWgzLWp3eFhGSDBpaVZRV3J4NlJDNnlFZUgwVFFlZHQ0c1ZyeG9BQ2I4aklWRzlMTTZ5eUR5Y3dOZGtKOGN1ZlRUVFdsanV0SWNDWGFaYUpCbVNudVA5dno0MHpzWTdzWkd3SktQMHcyTlJRN2dqUVRMNVZxR3VSRE5mbnNrdWNPdE1SYlk4aXlDYzRSaUNHUUxwMFRTbXYzSFVaOGRIWjhlZFR0NXNZZkVPd3NvRG5vNUFabjRRMUlfeWxHd21YYkhyTkVidFlTS1VtWU4wV0pZMWJtS0VBbk5HajN0WTlaR19ta2dCSWMybWZXZGlVZndQOTRUeDVYcGI5SmpOLUFRUGRCSG1BN0Nxclc1Ni1vX1JiNmNPNHlRcmdrU01BRlBEeWVQeVRTTzFfb3lZcUZ4a1NqODR4WGdPYUlPSXdhZjJtRkU0cldnLVZoUkFPZEFfUmNxOTR1UWthTi1IYXZJbGVpMHZ0NDRORjNmSnFxMDFFMGIzVFNFbklUb1JuZDJZOUN4OUpfLTJVNnBYWjVRNTNLV1VZaTJzTTZLSnRvZi0yMk9vV3BFR0R5MWY3ejZPMnRqOFJiTE9wRWNUQUFPRTFiQzVaN1BWYU5objR6QmdrdktmR1d1MU9KVURKcFpTQ1NsRzZwUkd1bXo5V0xoUmRHSnUxcm1vckU3bkhuM2dESU5Wc3ZCWTZENWtMZU1fZzRuVlVEOW9TYWZ3NHg3RnV0NkhoTm9tQW5scWJ5R3VKSm51UjNJMTV3TXVRLXRMLUJyaVVrSGJycFFpRnVXaTVuaWNCa29CWjA4clRtTG1Md25lV0dMVlhfanV3OVVjcXVEN3V5ZkhURUo5TUVOUXdGdHNhcFdlS3RBNVU2SjRZNGxWaTFsTERXenNYNXhSSlc1YV9pQ3VVLUx3WEI3V0czSDFUWG9xQ3djb0NQeGRfX1IyMXVXTHc5TW1uRWJ1Z3VEbkhoZDFqZ2ozX0kwSUFuMjV2cUlSTkpqWHNZUEdjVVIwejRvRGNmWEJQbWlZWU9GVjEwYmFvSkJ3ZDVsZFVfNWlRMFdDMGJLRTlHSmFZOGVoaHlXQjBwRE9yV0RuaDliOXhSMHp5Tlp2eEt4VC1EcGRHTDlxVi03S0NtNDY1SW9QZkFQZzNxWjNiUmhOVl9ROU1zMlRFV3VXNVRMTlJ3bkFnOVhHekEtSklYM0dDNS1PVEIzdWhRZHhIaVRVcEdXX010YUNXY29fUEhSS0w1VFVuUk1ZRkRvYXZCUnEwX1lSN3FSU21YYkptekk5LXFCWDRnRWM2NE12QzVyMlBjdzZXa2dEdGFGVWVKenVjUmpnYVRwQWhhZG1GQmNZaXY2RmY0YXJyLU9IczNjRzYxdkU0NUxDVEdHYVpSeGx2SXhCNm1MdXFFbmU1LURpWHA4S1luSXdYRy1rTnY4MkxkeW81VHlYMWJQYzlXcHpuclBkUXpySU1TZ1FRQWhiOHJ0aTJmZGFHVFNhLWtKazE2R0tZcWhTTGZyLTZVSXRvdmN5TXVIYU9raHNXVlgtUzdXREZxenMzQ05aQTdJUTRTWHNsbGNaRG1MbHFUazdKNm4xVWpkQlVMLWRzNTZZNUR0My1nZFNUbFBTMGtwVUZzaWtkazhqNE5KTUpDcU0xd3VkNHZiRDBVTnVNRFdDT1RMRkpmR3ZjUFNhZlZjT3VPMzZtdi1IRFIzd090Y2xlRTVVSVBWN3VxbjdmazV3ZXFXWjZwTUpHcHRUY0NxVWxMOTZzWUFOVFhOZlQ4eEJOQVdqeDk5T3VWTzFyd3oyRUhHQjRjZ2k5ak1RcVo0bXduR3JWTTdwZTZrcTVXX3F4ci1wVzN3eHdfU0VZVkE5NHZwRGozYkR5bHlpRjdsWVk3aXloQ2J3MmNuakM3YWxVaDVDTVk5R3NYM2lvVzVISU5xdmJxNVJoWkg1RTVOUnJmQm5JVV9YU2lZcnU5QV9pUDRHcVJMQVpDakd3ak44Y2RBd1o3VzRPZENkOS10M3FwY1RuNldZbTM2UVlBX2RMc014T19TVzVMVFBBUUk1YnJiOHQ5TjdHVGR1ZTR4dWk2SGhNSkw5UktySUFUZ0RmWDJqQjFSRUREQ3Q0SVBpNld4RHJkRldsSGo2SjlGOUFtcDdpYVk5aEZfeXFiWVZnRW0zUzZSazQ3Z095T2lXRHIzekhqbVh4OVhPWXo0SUllQVo3d0JvSlVxSDBHTGJCdzJ0LXRxN215LUc4MU1DUnBaWVlNZDhVQ0xqMExqdW9QdlZuV1RBTHU5LXNEd195X2g5OTVCbU5vcUk4WFpQTlNaczFUYjQzWG1RRGFQYXlQNHBsRjFVQ09MMlZPd01EQmdtemlKR3FXRDBSd29TU3loZmxYWVdqNzZiREJId0FnejBFRkZmX0FsMEFxdXV2dm05N1BYLVREaVRHVGttbWFub0h2SUJuanJYVjJKaW9XZ0F3eE81YnBGenZpVWNiRzBaSHBUVF9iMFJfVDJTMWVDbkt5Rk82WVBkbklKTmVhLU52Z3hKcFphVG9uWVVMcndPb0tiZGdYZ3ZyeXJ6SmVSZUtKYk53aXhWX3ZwdnZEenFyNW10MFcxS0lTOHFiR3J4V2RGcnFZbU83SWJibkQwQnQxNUJvdGZiTDZxM2dzOHNQRmJyXzdDWUR4N0hxTmxLakltamlkNER2T1Zabm9KWTlGTXZoSTEwTFdKTGNSb1RWNlJBUmpSR0V4RXIzTm5na3JlRzNQTS1jQVI1cnFXX3lNM2tGd0hrT0xGUjh0ZkNmQ19qU1RKd3NqZkZJZmR1NnU1Y3J3cUpHOVFMWTBIbzlXX3lOLURnZmd6ZDBVaVJ3RjJXZ1BVenR4azZ1Wjk3cDZsaXVyWWJzUWVQN01iSFJscG1ySjgtQUFrWDBYeHowd192LTlTUUxQMDlxMEV6ZTFLUWJYRl9rMWRiNzF2VlE2Nkhaa3NxSDA2ZHhleFViSjl2eXJjTUVCeDE3VTNIMXdXY3ZINEY3NUdPY1RNUTNwY1dBWFNKMnJaU3NRTy14MkhxRjYzVGlFeFR6eUo3T2xVaGVoTEd3YnpXWHU5a045VWNLVXNiUzk2TjUyM0RZTmxxSnFxZWtDQlB0Qi10UmdlRU5QWXo0WWMzdlc5cUJocm5tQlZhMUlpQXhyUFZsdUxnMEoteW9zMDBaNWpHZm1US3Q0ZDAwQkpYa1ZQLUFnb01tMzNxRy1CekI5Y25McVhrMUVCUXFJLVdVTFpwMjl2VEdvc0s2ay01X0RtZlk2ZUFHcXZ0ZGttRUkzenR4TWptelFkdFcwWlM3TlZsdVZYdkJCWUowcWd4dWltejdiTldiN1hrTEtHSHhGLWlkcHZXT0pYUGZQSVlMNzJUTkVMOG1MRXB1R3lELUVWLTY1U3cwUlBWX1MtaDU2UXVmbVZGTlRlNzRyRkhQS094X2o4TDFKeGFzTE1uTWRJVnQxejVNbUxUeWJsSjJOU0FlVEd5NHg2ekNXNXhwd0IyYzVTM09VcElkR0hFZlBiczluUnlhUjJEMm0yaUluTHZvd2JVSkttT3hKQUpadHpFbEZhb2xhTnB0ajlLS1JCNHVyVmc3WkVENTJ4Rk12Q0F2c3RlZ0ZoQUl4UnhIeUYyckhoNXFmbzBzeTlDbWpBbEN2UllPSVBRWmc5UGpDMWJWWWQ4NjFtc0JXNFJaXzExQXJNWTVxU0ZweVZiVUVMSTZCZVJISWVqTmViWDFGRzhEUGl1R1BjamZZVy0yWkhfZlNJbFNGemhiZzRaRFB5cWFMd09PSEtzSDZiZUswMkxBQXlxUVpkYU5kdDZFalNqVGtIcndfU1pDUGhUdjVZQkZfRDRXM2ZHUnZFZi1DWUpfX2VUR3h6SjBFZHR2dFJmUWJTS2NjaHkwa3ZsV01FMXlaUWVjU0NFTXdQSmljam5ucHZtN2ozR1gxRGRCcG5iUXhHaVd4UG1qbXptWFk4S2IycFh4RnVSY3p5bjlXNUpYX2M5d2UzVHJJbmN2QnFsc0pKdnZ6LVdJc19nSE9YVEwwcVFlMjdYb3F1S1hXdGlyUXVSdHAtcEdoSU1nUU9WZFJpLVh3WmNsVHE3LWIwbE81VXdKQmFDUUpLWXVmQ3U2eUY2NkZiZU1vM1liTzd5NDBvUDB1Ui1TOWQ4a0d0ZU9ObVFFQlBoa1djVlY2SWJHeEFBVEhYWlFYTFNhZ2VDOG1XZjBDZ3N6YTVaYTJrU1hySFk1bkNQT2dwaWJQOEpwa1N3R0lPZGdQNnZVTzN6akpvaDNBTmhVdXJNTW1jLVRBTTk1aWt4UDVqNXZ5RVBnbFFhZUpDbFdIUVplNWMyU25XazdRRENUdFgzQ1ItazhPbk5SUDg2bWlaU0p4OC1lUDljejd1U01KOHltWTVyXzF0eWRMNXNPVGtiYlM5eVRkSk9SS2lINGFwX25RenhGV09GTTFfWUxXME8wVlQ2bl80bG5LTlhMY0V2bWREb3FaamFQV01LczIzVjRIaURhZHRiU2JVM1pzamptSHhYMDNyZTVBSXVvZmM1VWtMOWgwUHZRaU9qcGo5Um13bnhzTWlrUHMxU1N6X3Z3OU1OclVUTk5tYUtwNktBZWl1SnFrM2g1czlhRmRnckJfdl9JN0FqUW1BdldWelVfUWdNdi13M0Jub3ozT2V1V3g3QzIwTDJZNFoyTVRyU0w3Y29tNV9sd09GS2ttc0EtZTBVZlVxeUJvWEcwY3k1dFJ4Z19JT1c0dzE2SWkxa2N5em1wV093dDNjWHB3S2M2b1pDY3Q1QTJFVjh2dVo4Y2JXbmlzb2ZUTzlPQVNNbUgxNmdvRTdybFBRVEVnWUtIcjlzcjRkbTBTdzBJeEp0MVNUdkNHTjhLOHdfc3pTUFJfOXVWNmxSNDdEY0NsQnYxYkRtc1dxM3RhY3dNdmRZSzdDSmNJVmhmQzJmMXRIRVJjWEJBbGZXeHBvWERxbkhSbEZ0NmY0cmpMeURLdW5EMnREdThLNzF1bHBDcEVRb3NiZjF5ODU2UERmbmFVREpmQTFwVmJVVGxEZWJUVFdxaENIZ1pQMnFrODdvSUhDT1ZjV0FlZ2pJaTB3UjdWLUJZZDQxN2RDUk9oRGpPWW5vTUtSaGVlWmhMMDFPbFZtTGFaUk5EWlFGYklSQ2lhd1FnbkJFNHlfclM4TTNNQ1M0aHh4MnZZX3dyanJvaWtRc3BNbkN1bVMweW5CbWhram9SQ2tzSklCNFhlaWZGM0Rjb2RueWxqMmgyakUtWUNZYnQyY0Z2TjladERZcVZOcnd2WlRObFF4czJLb3NER0wybU9Kb3UydzBBV1NpYWxRLTJrYXFLQlhHczY1TXotUzNMYS1FYV9RZG5oRDJCeGd5VFFGRDJqV25pcHgzVGQzRGlEcE5tcHB3WkJyNEZXaGo0VjN0OW5OeUNRVlFIRkhGRWczSTdfd2kxRzhVMzlOdGxVQmNwdWUwOXFjOC1scXdoZVBURFlRYjYxeHlDYmJna0YtMm9ncHA1cTF2b0c3RXhTWmVpUmNGdEZLb0VlRExfUXNpVzhhTzJMZG45MDdQbDR2T2N4ZFJLaG1FOWZMeHhUNzhDUXNtRTNkdkZOeVVQbFplNENUVTRVSEN6ald5aGNHMnFUZlVEWWlrbEotMUtvWjBJY2RGYllwaFVWSW5adG1uQ0YxQWpmTHdveGFmbVNLNkhZRTRDU2tZakZaM0tVaXJvRWFpVmo1YWNtS0VhV2JNSkpYNmR6V21GdDZmZEJuWnBNSnZMOGRCbk5Kb1QwQlY3WVZtUTZnVlBYbGhXTkZXYzRQLVZpc0dZLVFKaDdVRnBBNTlDN05OZG1CM2xYM3pRRjcxUDhqX2lOb2l4eTBoT0NUMUxmdjJRemhYcXVHS01MV1VsaTh0RVl2QVdNVzlqaXd2LWM5MUpMeDZYWHBhUllnemllbjhBdW9wbnFVbU1aWmZQTUhKel9FOWxIWGl4RVFIUzl2S29MczJKdkl0Q194U2htYVdMSXdiT3ZNdmRoN21ZN2Y5WUxHdk8tTnZKdE5xd05WTXFjdjllcHpobGRMNWoyZXlIWDJRVjZJa29rcUhlY0ZFX1ozNHRaMHZiZUZacksya0F1THpyYXhDemZUZWNXcUU0MkZocm9vakJCRWN2SkZKY01IX2JLUEFZa3ZTZUFkV1RNZmxDdkJiemgzOFpZenNNUmFBV3dHbzhwcC1haC04VUE1MkFjbkZJTEw4cjltcS00aGpqT08wMWlUVWk3eXRfcjhncFB5V0dCVnc5WTZkNDZPVVJDQUlxSWdLTTR1SGFtSFVBY1R5eVJOS0JQWGNxZnBhQTMyX0dpN3J4LVNUbEU1TjNNQUZqWXVUS3Q0bXB3RHpNbjl4ZXhFUVBzY0FyazVtTUdBaTdZeTg3VkdKb2NILV82Yjg2SG12S2NLRElCZXdURjZWUHFLU0dBa0E0aHk3bU9jdDFTU2FVYzVRbkg2bXVianF0OVpIdk15Z3dJaUp3bi10dmJKYUQzdXZFQnVHWkN3UHZJZVBwaFBCd2h2eUZnbkFOcWRxejdKcm9BaXZTVWlUV2RiNUNPZG9oLWRiR3N0bXBWVzl6VW5qY19lT041cC03cW9CZFJFYUlrU0hPTEN3dTNVc0NtRmFWTzlJT1ZXRDZVTHRYcEF5eVJ4d0ZhQ18zdTRNMDhyaVlJR2JoRy1RbFFuUmRaQ3RhemlEd3FmamJFTEhvSVBUWjkzVVh6LXY3X1BsUWhBM2pGOTVuclJIMDFveWZSdk81N3JkZHhkZkdySHpMQ3BQenMyV0wyN1V4M1ZiWThaZzB3NjZfdUtVLVJmVlQxaWRvbU9GcGM1S05wdkhZVmRoWTFYZ0pNc2EtNlE4NF9oTmFiTmUxYnZqT2pBV19hVUxyU2c2RzFVMmRLVU04aDhyU1JCVjViTEhuVWpPTFgzVUZ5d0d4WmtnSzBtN25rY2lpYVNXT3hhOE5fWjFvZUx0SzhsMHFTSHdrWGpMZWdrNWhhTlZ6Z0k1M2k3d0kxbnJkbDdUTmZISUFELWFVRmpJZFg0TGp3N2ZJRTJwYjVEeWJpaVIxZVNHNVUzX3h3cUZDeHYxY0Y4R0dlbGxaaG8yX0Z4OUlkYm0taHJJZl9CU1RCRG9teGY1bWd6XzBuTWJyMEdlSXlHczF1dWc2MUg1TW1YYkMyeFlUc0xOQjdnSXN0SnZOaUFIcXd4ZFdKS1JIX3JHUy1CczA2U1JMaWIzcGR5dDJzamFscGt1bzBoZHl4X1VjNnhoVjQyNmpLaUFpS29GaC1sdGdudDZWUUhwVmN2djlhNFNnMXZLYjVnaEo3NXNKLUEzNm9jWTljWDBYT2Z1ckVuRnNPNUxfeWRCc194clEzVmd0blRPblFCS1UwcDljNVI3VVQ4ZkdVSUR5RXBmNmJZYlFENFhhdl9VSDVlT29HYUVGSnJUQkg1Zk9JMWZrN0k2eXlDdHB5OEF1eDdDN1hjdDZIM2RCUjBySUlsYVRncW4wWGJ0ZFJaVEtGSHA0aDRzbkJCME5TeG84RnZac01QUWVvTFkyd1VmVDZ6LVd2QXNHeVNPZ3RzTzhyUnVQZllURmlOZF95ampadm9UR293MHZJYkU2aGFhZkZSWnVuMlJIQ2taU0NadTNQUXlocFdNRnJ6Qkk1bHRlR0hoSVNueElWeDlsZUgwUHZkOVJuNXZpU1R0Vzh4OGk5djZXQktDek9LMGNreWV6UU5WQ2lYN0xuSkZGWk5FQ3lSOTVaVWYyWVp4aTNRQWJaMUd0T2h2RENVaTdBNU1PTDRkWjVmc1o5U0tSalAzTXlpZDVyNmh2RzFVXy1hRF9paUdVVDVDQ19ua0plcVZVUDM1SFlaU0VfY09RYWJIemQ1MlpGbmswSUlrZmtBaE9YN3RIOUZELXN4dlZLUU5PMlpxNGtoUmJsQjRGVUU1OEsxVzh6V212eTFyRjNrLU1XNGF0OTJHUXpqVzE0d2VuTU5zTmpKaEVyc1VsaVliUHhkbXdMTjJjaFlra2RTeEZqMmFTMUVaMGc2THdNamdmQ1A1RDV2dy1JNjA5X2JuNkEyOW9HOW1FNEFDdTVzVXp1UmdSUzE2UmVsaHh4NFBTdEVrLTRWc0VQZG9OZXpwZ3JKNERZRE8xRjF6UDhYQ1lkQXJMUnhXVXZKbVBFZHc2Z24xdzU1cVVhQ01GYU9OdENEOFlUdDFwSm9aLTA3Ny1xbElNb1ZqVUJUeFZVRElxVXVvU25sOEpyVU5CM3c1SkYzZUlNcS1VVU5fVElEUmVyVE5TWGVyRzdEVHZiSElvcXMwTE1BR3NxTndSQTBjNVFEeGRFQTVRUnFUVkEzUVk1QTN0TVozQU9mVldXYXROTkYxRjBsUkVZbmNYTFpyQjRYb2pEM3Nna3hzOFJHaXljU3JHcGNIeFlQZmY1Ylo5bkdJd2hmTzJBVDkySXRDcXZ0YWdrWUZ4aUIwR2tqMU5CNHBIYnl2eDk0ZFp0VjRrRXhMTVc0WEZZLTdKWmhCbmI1YThodkhoSlZ6ZXFVVnNJTno2QTFub3h1ZG5XeFd0S2k1eFBOYXNsRFI4bXlMVE5pRXJ2cVF3ZUlGZXlSb1dUeHlVTGZLSDFxYmU0RmRhMUFNbDE1SUFiYTlTaWdtWk5PalE5UFdhQk52QWlieXRxTkw4LVhCQ0NjNlZZZTlFcUJaaWpEQUtxanBLeE9GZ2w4V2FFRXFsdU1GeEwyUnlRYk9JTFUwQjROVEo1bV9FMjNMamJvQTM5dmdDQUFDQXBhOWJseURRbzhNT1U5OERab0dWek5YQTJuQ1JiNjNtN2NJZ2hfcS03V2xIVGlUelBfV0xmREJIaF9Sa3l2RUxqTjNxNlFEa2d1WEIzTDkxa3I0d1NzVndmQkF5N01DMV9zVU1EajRuLTZpZGctelVHQXBIaDhIYjZhX2l5aVZrZnYzZVY1VENxMGMzTndvbTNyUnNqcXN5NEd6cmdPN1BHcFhCVFVrdkI2ZExDdWFMMnIwY2k4MzR5TEh2SkVDMjVqRU05TTVzeWxQWTdNVURYWkprTm5ub0RqLU9LWlRKRVU4NDlFUG1zb3ZhMmRtcmNDVGpabHhfd1VMSmRqR1dVTVdzdEY4NHVKUTdfSGY5Mmw5WHhsNnVzTUEwWEpDZG40bnU5QXpmN0llTGJROGQ4NE1DWldTTlp4SzZQUEdncU5EOEdhSm9qN1pkeGxmRmtkSFdveW9ackRRSmxwYjVwUkJyWHRYWTk1cHptMVpzUG93SWFmVF9iYTJta1ZCYlJlT3dkR3NjZHg4ajd5WnYzVzNQOEhCMzJvZkp6V3pfc3FpcnVNN3FOMWgtWFFHZDlpZVpHRUp3TlQ2d1gtZXhrdjZzSy00WF9MOGRnQ3Jpa3lsQkxJYlEyZEQ1dEhua25wVVRyZEZINnAxekJfSlB1OXh1SVNHNHlvak1KWndMOU9aZldPYzJtLVFTSFUtSnZNRHVuT09RYjBTTXBnMnF3d2tjdVR2SDJ0NFpEZnN0NnNoUEw0TlRZSzc1MHZuZFNvRm9FRTVmQS16MlJyMFB5YVI4TVl2WTRpekN1SWp0U010MlcxQzhKZC0wQk5PcUlhdndETFU2akNEa0pyQ21XTGVPZzRoTVZxMm14R1NOSmlzUTg1Ty1GcGJZTHltbUpvLTN3T2o1QldkYmFoaU91NkhZeTc5bHhubmZqaTZVT2ZucmxlWE1kN0ZlX2JRbnhXbmpYcXhlbWpHdDFLbmxzVzQ3R2RsTk9RZlVWWFVINXlrc05yTFZUSEp0d1dqb1pPWjI3V2tEWHlzSFdjTkJfbENsYWd4Tm1FVVRsWHhpN1dSTDkwNGpYNHZob0RRaDhzalhYSHdKSVdZLWh2MExvclM4X1p4QUNGNjI5c3RiVTJyRzJ1VEppREJ0ZEtWeVl1OXRKYkVxTVg4ZGNEcUNOdmF4SGlabHRsT2dYMHBwcVRsRnVyYTdIS09LelU1MjJDdUI2RVdFbUZSZnB5SlNkTXpCZEhqdHhLRjZfSm01RzNyT1ZSQnBvYlRGNS1xUmdPd3hWaGUtM0plVFJXVzg0d3c0MmV0OFVTX295R0pQZjFtUElqWFhRRmltczhXcjFuUm1rZ0F3U21EUDRXVzBlQ3JBRHlxMzlMSi1XWmlnV2RtdUg3OHFpR21BUU1ZR1RoOGU1MGZzY1BtTC1OVTNQRlhfUWlQWndOSVIzTXgwa1c0SnRUVHNoLWxud1BLX19UcGtMWHZ6WHd0aUF3NktMQXZlbEpEZXpKQWhLT3Ztd3UtNVl4Vzl6cUJMR3ZCaUwwMGVhX25zZDMwb0o4c0dLalVBdDVpbGFCQjF5alpOSjFGNWJJdEZwYVc4Nzc4M2ZKTE9Cam90dTA1cm9weV9lQklpTmg0OXVUaXVLaVBCQ1k5RFhrYnVhUW5zMEpFWU9FNWdXeFJuenN6dUtwTW1KMUg2aHdfbVoxOVhTRWhad2JKaHI3aGhYX2treHJUeWRNME03a0duQTVCZVZyQ1UwZDBQVDZXejNwLUpSWXZiSURwZF9iYVpZaEhTZjdyOG10VXd3NnNtbGpQQ3VhMDJTSldRQTMtT3V2VV9PeDd0UGg2Z1l1dTdoMGh2Um5nYko2T1ZtSzdjRnJGdkRmendpeFpKNHNJYnlqZEdKVGMzemVSZjFuOXdubFZzSW5UWmNBZURWZllxYTVxakNPSVdWYmNhNXR4TzNTWUI1VzdXTFNHSHliU01FVVVuTU5DeC16ZnpTdWF5aVBpZ1duc1Rtd3EwaFRabEhqZGd0by10bUlOSFFkZ2pIZUdpOE53WnBSRnk3emJDQmJMUUZUZmxDSGdNVGc4YTZCcGg4TFQtc2dPbVlwd0hYTjhfNTBYYVFLRS1ocFhqWWRwTVVFc3IzZ1F0NUlfN2EwLUJuUjFwUlVKTGdQS1luTFZySVlpNDhEMGptcS1GVHhYd2txZ196S0ZMYUJ3VXZ3a2NSZVFrLXo0R3Y2UHFRal9BMkQ2Rno3ZW1JZk5lY2xpMmE4eHR4NEZaUTgwa0c5SXFOYTZkM2FDeDJDQzZ5MUZ6X0RIVVFwREQxUVBRRDdYZWY1bHRGcUpiUUdtamUzX3hCNG1JMWlBeTQ1bDdjWGduX3Y1UDNhN3FqV0dvUDZRREFfNFpLZjY1eE1GZmppUTdCbDBDVVF3Qk02a1htSlhzTHNvRjhKUDZqRmtMY0NYc09IdW1ZZDhVeXk0ZUFlWlRKLW9sdmtPUlV1c1ZRSk82djZnU3NNYmk2bTJZc3RmRk4teXBGbzRMLU9Ndkd1QXZ2Y1Bzd1J0ZWtFalBiZ29CZlYyOXU1ZlhQZmw4d3VnNHo5WFlnTmRwQ2tXM2dGRlZjV2wxUVIxRGozVGlZTkw5RUNqQWxjcmVQRDVlWlFqVU9rZkVzTlRwc2Z1bW9iWHllWndtTjNKaFViSnlxXzlra3p0SmhqR3BQTy1RT3hqd1FMaC1aMDBYaHJjWlNpektBMHZ3YlVjRzN2am56cE5vZkV1WVc0ajFzWTdBMjNDY09WaHk4SEVaWkRwc1JMVUVDeEZkcG83Y0ljU2Y2MXRoZUNzNS1iUG5DbEpIMVcxMUJpRkxXdGQ0ak4tQ19LOGVLYktUVC1UOER3NGVYbExmRE43MkZvTHBxQ2EwM2U4TE1leklvOXROS1o3eEtORW5QRnllSHF2RTc0bHhLYzRHTXhXREhyY0JvRnpwcUk5MGJOdDUzdEFrY25rQ1Z3NGNPbzFDZlk0UVZKR042OWJab2luR0FuNjJuYXIxLTRsUEdLN3VoLVdsUklCSjNOU01LN2UwVjNKdUtON0FpbXIwV2E2dGU0MjJ6aTZmOVpYNUhYdGFESF9ERkxiY2tRdmtjRDAtSVdDZTVZZ3U0dHROUjNqUkUwWldFOHFZM0RqZ2FjODZjQkpyTDhLdmZXTF9wSXNuQm96QUJPVzFhWm84WmQ2c0dBV0F3LXU5dzBFSE1sMXJGMHBRVkh3WGtUY0kyYW1tRTE1aFJPY2JtZjVaM0RLSXBnRXViaVA5VmFJUVQ3VnNucFVPX0hpX2tUY2tqbHg4aW5DTDJaT09xZGRrcVFOd0EtaUw5OERTREpkYmVIckJ5ZzMteUZxQW9wc2c2dnZxUy1zVEpQY05sUmtrTVR0SUhpcTM5TEdrUkZXVjRpMExfNFpwQTlqY0lwdTJ4WmNMa3Y3ZHlPUnYxNjNWZ2dnNy1xaEdpVEdYeEVHS21CYlE2cW9ld3V6T3IyeEIzaEM2QmZ3M0I1Wm9YUUFSR1dJbkVmV3d6X1NnMFB1S2JSOFNMb2YyUXF5b2Z4MWVvemZNLWJPTE1CU2hqQzF2bHU5NTBtVlgxc05ZeXZqR1M0UEV4MFVsNXRqMDlXNjdYNGhETDZSYlZTb2d1VjQza1JlcUt4dWdjWFBITHhqN0J2Z3RQbC1jUjh1Uzh6cl9NRDdMVDZKLV9Oc1BjN1dhRFJRUk9uYnpwUnFfSFJzaGVMaUtsU2xPcnpLNldFUXJ5MTBrYno0OEVmQVVwMTc0R0FyTVFHUTF6dTVLclVBcHF1QWxSNEN0d1cxOUpTYnF6aDhDenhzV3R6eHdhbGRuaXlLSkJKV3ZTUXh0dHVoUTltM1hNejRpMm91Ny0waEVJcnkzR0pDOVVkdWxBTlZxeVJCbjBVV3g0NTF0cnp3eWlFZG01UEwtY3FISGZoclJfcHZQZkZSR0d0Sy05WkZ6d0Y5cmhKNF9GUEZTVjloTnhLTjhsYktjTTdmc3ozaGpQb1kxYW54S1pyU0hkSlA5WF9LNEZKWkphNko3eDE1ZDJxVVVtRFNXeVZNcldqckRQNWxNTW9NeXlyV0ZraUpLeHNOQkp4ZDZnVGJBa3NLalhUaE1hNUJIMHlSczVWeHI5clI4b1FIdTNRNTFadzgyLWJwTHdldXE2TFFuSS1rekZmXzFjRnZMZVkxQTE5eXFNSTd2em1iSC14Qnp5RG5vcUlRMV8xX1JOZTZfOUhrc2REdnItRFdMZFUwcndTcDV1WmlMQ0pTN2VaTEJqOUJNcF93WDFfcWluaThxODlsY09RVFduTW5TOFpCVkFWYlJPYVk5M0ZReHBGaloxVjM1UTRjS09acnBPX291MDhlVlVZOWExdUtsQ1p4NXFFQ1hFbFVJRUlsT2NBaV8tWjdkVlhCVDZybkV4eXBqM0lFQWZXWlJHbVRyb0JhbXduVjJYSTBzcGVaeEtaOEZmWm5XTUV3UF92NUZZSTBYcThjR3VraWNQcFA3c0pUall2bUdwdS1BeGVpamZReEFEQXFXX2NWZXBmblV3N1V0STZVSGpxaEZzd3ZYRGdoeVpBaVJuXy1sQm9IbnczWVBQNU1wcDlHcUZDOGIxckl5YUlvblJ0T05jYW9wMVU0NWM2M2FISGk4V1NxT3NsYmFhNGY0UlhCVlVVVF9tZ1ZsZFYyZDE5aFlfUlZzcklRM3kzaDhMNlIwWGtSeTZHaGIxRWhLVS1YUHFmT3B5S0plNDhHVFBXUXUxNmJyaEZzMDhKREhtcUFabExEZWNkQXdZRnFldFRoMXhyUEtEWW5MRmhsYTQ4VGMxZkt4RHZDZm9feUU1bGxobnZaMVUtZzJVMk8wTGUtdjdBOGdoWl9jN1dtMXBPU2ZTbnVDNGhjM3ltZ1lXbHBPYjJaS0dTU3hVMEszZVpjMXkzS29OM0szMWtTbS1jMENDbzNQYlZISER0NTVUQ3IzZEpUZG1aaWZpR2V0MXVxZWZZV2FOLXU0MHdrdWlOU0RDUzFZZlRYRThUcW52MndkaV9Mb1pzRXZBOUl1QmxMQXRRaVR2akk4SkR6ZkJfYkZ5dkt5UExsNHdBMWtqSUJiUzJ2dDNTaXYxZFNHSkI0VktRMUYzUnkyeEZaSUdJVmV0Wko4Yzl1RkZDZlRQNHlHV1lXNDVlV01ZNzVveWttMGx5Q3N0NDlVUGFVVXQwMXRpNDRoQ082RS1Wdld5WDlueXgxMnZrYmpHUXp4SDRYS0xFZ1ZsUjA0RVNOZTd3OGlnSjRWQXZIMWZ0UWZlX1h6WU1hWnM2OFVqdzhyU2dPY1NNLWdPZ1RQZURlYjk2UGtoYUxNeFpTX2JWODJNa040VnBUNzBnWDFRbFgtY2d5Slo3NmZYT2EzcjhGX0ZJLXQtVkZRanR3MjBOQ0UySEMtbktkRXQ4Y09BTEtreEtGcjI5LXBjSkZwR1M0VFpfOGZUTF9sR2pERmhEZ2VTcFlKM2U1eFNHUW1xMlYxNERPbmpMbDZvVzZrODA1R2wwc2lRMkhyMTBmVXdyTlFWdncwVEQ4M0kyVGRFbDFtQUI2QWVoMlFsQjUzRE5zNXJPeDZxZ19sWFhWOWw0S3VoY0QtR25QS2dIOGVWX2Y5MXBEaEFoMVdvRWN3OFVDVURNOGZRWm1DRkluOGFTc2M5SU9oNFRuT1hkeDZuUTBuc1ZJb0ZXekduZjJ2dlNnejhHazdrNHlNSGNodWFPTlJiZVNPQmlBRVBFT19zQW1RZjVDUFhVR1A2TjVFQURjbWJmTHNERjRfX3VhbkVRY2JOanBoVm56WjJWLTAxVE5Xd2RWT2lTSDVOc0tiRS03NGVfcXFZZFM0R1Z6WFlEVkJoTzNFNExzYmtIc3l1QlZMeTdoU25rSjlqMVpBNDFBcTk1SGFJS0VlbTI3TlkxS29xZzc4b1g1cFpwaDMwWjNfZVk5a0h2bmNIcEl3UzR6UjRraUtjUC1xOTZRRmVyS2dkcVoydGoweXg5RVp1SlpLM3FJOGxFQUhuOW90T09INXVCVzRSWTdpNFBmelZ3azJTMjhNYmhwY0pUNmxDVFh5ZFRHbElmN3VMQldJUW5WLUd1WThldXlETnFSeXNvV3F6d2RGdS1Dbm1iU2hVeHAwT29SUU1YMFpycnRFVnhsM0hCLUpMYXp0cDRIbC11MG54VllSY3JMM0JlSXFnaUYxeUhxanB3UXNkeTJwX3VMeWtCNlUxbkpVZWMyNnNxcUVOdUlUWEtxb01Wa3NJRkZEN2trc2F5M0l5M3B1SHFNdlcwZGZKSHlqaVRxa2pIbzRrR0VRellPZ0VOZ3FuWDhZX2tyYnVCV2RhQ29FRzFRT2xRa3prb3NVUFZxeFBKWE1wSzZ6RGN5cHozbjh2UmxjczR1S25MVlpGNE1pSk5GMlRkeGY2UFppQV8tWW5wbnpoQzNULTIxU3pLM3pxcW95VWU2clRvT19RME1jcG1GbTBaRnBoVEw1THVieFhHTHVwUFc1SGFTaFJqZjF5Znhkc2lXWlp6eklQdTJsd2JIdkxxaER5dTVpdU1BN3RiRWFWRVVycnVLUVM0MG1GWDZRcWRnNkZKaHVFbWtNYkdldDFLUXpLVkxCaXozZGtidzI1b3M5RkZQYnlqZlVGYjdQeXByb0x6YkNieWRiNjZqUWRiR1lkWTJ3Y0E5dFBPQ3laZnZHMVpBbnNHSjJ4Ymc2dE1NYjQyX2FjXzMzMk1VRnFWSXc0bE0tTUEwX1JnUXBYSEVKLTBNUUpzR2NEQ2NRekdRY2V2bFIyNVlBLWZkVmVTU01sa05Kcl92cjg4c29neWJEY3EyOWN2YnJqZDlsR1BBeklkcjlOaGRjTDZuVUhjTms0V1pCZHF0RkktREpmSnRHMHhzV3hGVHlBTHN6ZFU5ZEhaamJlcjh6a0hTRTdwbmdNRldVd2lyel9BUk1TV0pEajQ3bDU2SDZMYVlzU01ycEdWRlpha3V5RUVKdmhxbEVNMnBfU1lBNEZvNFBkMURHMzZhUzR3T3BsUFl5MXM0aFVVOW9GQ2tuVk16ZjNVRHAxYUJyOWRXRUFJTFdjR1FrQXh0TDZIendiUE0xcE9NeDRIYkl5Q2FWM0w1MjdxTFppZVMzUDJmWmNMc3VKb3JYblVnY2ZuUTdEQVd6aTZDTjJLU2x6WWdTRGx6U0RiMlEwOEJDenRZaFVIZnFvcEZPVkJQUUZiZ0xGZ051d1FfV3pCLUp3Q1Bjb3NEU3NMUHVFY3dEUVRsZFBhWkVXX2lVYWNWQmFMN0s0LXRsSDNLU0dRbnlZbGZQOFU3N250TlJ5N2dBSGR4R1ctNTViSjNWeFYzNFVEZTJqWmxCR1JGeVhfN1BHUTRyTXZ6eXFhSVBmUGVqTDZkTUpMcXNQd21ZR1QtdkpqZk5NUEZoMHJxd1NtTFdRcnUxNjRvek1RclhzOVhIem51TzVFcEdXYnZzdHpLLXlvUllDQlJhYVl4cGktTTNiOW9ZRW43WTFpeURJRFNpTjVTVWZEajJGT3RHNEt1ZWlNcTdWQ3hlc2FNZ2Z6OUFxWnkzaHJ3ZlVWeUg3YXE0NnlhZmRRcTVQRDBNSnd3MkVPbXRKbGNCSmhsUW1pUFhZVmtYVFZRaFJHdndib09LZkdvTk5QTy1NQ01jNlA0aktpUXNYYkFMUU9vc25JUzFXamtmdHRUTUEyVGxLbTFHVDZvS1FLMGJEQXhLNVlxclpaUTkzWkMxN2hNZEw4UlE5TjdGTUJILXg3UmJVZFpfZUFXVDNla0dfY0toUEs1TFJwRjZYWURJbUJlZXdVdDBRYVhyUjlkRGF4T2ZnMnVTRHVzS0sta2UyRUxrak0telJmR0Q2dEUtc0JERTgzNjBDQ2ZScU44YV9yREFGRThVU05BTjg1SGFHTHBIZzV5a2w1VlBYSmFTRklmY0dtRW1fWXo5ZVduS0cyMWVFbmNVMVNXVV9Cdm04d1V4bnRiZnQ3UE0zdTh1aXlnTEVlWHhBSzRsektzVkpRUmNhU2RlZzFIanNPeFRYWHU1SGpBU0RiTm0xVFh0alZoV1pOS1gzRVRVR0tKbDZlaThIWkk4djlFY0F6TW1laWpHVVVxcFN0SmNJTWV3YTJDZHNHaEtrSFZ6UVN4Y2xGc0h2UkRWNUJ0ZmJSc1czaTlCM21jN1ZLcVMzbmlzWTFHZmY5bEFwV1YwTndzaF9OckE3RnhCaHdvcV9OLXQxNDc1T2tOR2gzazYwN2JNZUR2Vm9OVEwweDRGU1dOeUd0R1BHSnVjbVh4a2YzN0ZqMXZldjlCWWF5MTlQT21LUnlUbTNwV2lCNFktNTVxbjVQNGhkLU9kT3VFcmtleEpQcDFtX1VsTHl0V1Z6Xy1FNHhkWlJpNTBWZzd5aDYzQmlzQTJ6Vll6YkkxX0lkQUpFb24yOW9ETVZNTGhvMU4tTU9mSHV5NkF4elBhNVBlREVEX05SQ3gwc0VjcUNRNzFscDJvUDhFbUFScTJWT1JCeXBqd1Jra0lJaHR4ZnpCd1RFOEctYUtYa3Rkdzd0bnNhZjRqM1lnVWE3NGNHeUZBeFRON1JHdjNLaTlXVGNOdGhkYlFhanZmR0NhcGZNaU5DcUVtN2hsNUpDOHVUOU05b2NlRFdsdlp1ME1ZWmVSUjRRdTNESDZGbkg0bXpqeFA5eDZYTWNsS3NNR0k4YnZ0YkxMZTFaVS05UkV6QjFwckhUcHZxdk5xSWhnNWJ4UlJMdm5hUldxQWNLQl9zc2ZDalNTNXFzZVE0N0s1cVk0ZGJSNEI0RkxUQjRLYTdETkFYdWdHLWZ1LXZ6SjVtTTN3TGZNZEl2TTZhOTNwLXQ5ZDRESEJLd3FrcTRNSkhpZEhmbVRnWWRtNWtjQnF2ZmIxZVBaLXhwS3JGaW1oNWw0OVMweTBXdjNVMnRqQWpScGFnVWZwQTFwbWdub21FMkVlSVFoOTR2SVFlLUNHNDNjaWZ6UGZaa25KNWYxMFJiSzJuOEJUb0pKUERvc2VacWlOUmpLQjIwbjhpbXk4M1JRY1BSS0RPVUJRSW9qbWNINmlqUERXd1MzLXZBQVVUeHFXOE5NdHp2UHNueEd6Z3RXUExybGVyN2VLc1Y1dmZhZUZfYjY1WDJYZU54ZUdCY1F2d1ZhcEFHal8tWmJpVzJJVHdDd1NaVkthOTB6VFRCaUFZOEtURGJGM2xzQ0NoZHZHVFV3Z29aV2tXeWhOQkhEcHBEdTg0TmZhV1gzbTJLSlFzY1d5QjdvRjJrakRBQ1BNX1RVai1lT2pjX3E0c0ZXbWdvVU1SYWxuZ2Jxd0R4SjR1bFRtQVlKYzdESC1CTUV3bHhGbEx2cmFPZnRkZjRSeWdYaXNZc1Zhb01fT0Y2VURtRm9HT2JWTzhUOGpnMUE0OC1oNEV6enZIQW1UaVdOQ01DTDJ6SGNwMXV5anpubFJ4cFJWdEthTUZGTE15YmNad3Rwd1NadjhlaHlGZklIaFl5WXlRdzlKX0w0eDY2Ykw5V29zRl83c0lpeUtVSjhKbXMtaWpVdEw0Q2NCYzItMTZNQWY0VmplVnpHdE1mTTdWb1B4d1V2X3ZRcl81aV8xbTZqVHkyamU5SGd2UjZoVXhrSnkwNlRIdUlzZS12VjBjMUVfMnAxMkE0UUxVM1FLSGpJRDJlSE54TzNPeUt5YWJCMkVDaVlqUWRxbC1qaC1GbTFaYnhNR0FDRzNIUnEzVFZ0U0JsSTZrLVNmakI5NENERk5jT2trX3VBZzNpUDZsX2VpRnlITDFtcUR0NlFDbEZSNGRaaE83aG0tWFF6TERncE9xbmxzUjZzeVFKN2k1NGtHTE5FSmFTYTBiUlJhVDRYZVRteHVsTUZLMjdhTE55TS11WjZRdzFlVTRSOFJQV2pXYmtqSTVRckpwc1hBdUlKRlpZb3d2UTMzamhYOXNyMGxJMmJuWWZySzdRdjE2bVp6SGVLZ2xJUUhyVGJ4bEtoLW1FVE1VSmhpNk5Ia3BsRmF2UFRIeVltR2dhQlVvYkdGWXJ5a2REWk42VzJ3WHRTTHBKQVNVcERIZHJhejZqX19DWng1NjNsbWlvQzZzYWJkLTIwN294X2lwNDBXM0ptVTBEVEdHOGc4RHdTOVA4YzRKZUEweEIxTUNIbUZnTVFLZU0xRXptVjRXdjFzR25jWmVKZmx3MUw0XzIxY1BWNU1OYnd5Z2U2bmxjYU90bGZjelpxeW5CNTVPbktwaE9MWjNhc01ORXpWeC1WRGFXX1BJSDloZXh1LVZCM21jSmRYMWlNd09mNThhOUJMLWZtVWtRTWlRengzRVBhWHZ4bXZlMnNWY1BXQVlFU3FYWkpqZy1KblNWaWtVV0RXWDZFdThrX3RDb1ZpaHFnVTFQcFA2eEFNaWJCbGE5c1JBOWN3RzZCT1dEbHo4cVlwTVRKNkJ0V3prbkFuOEJjLTl0MEhXdDVXamR5WkxMV0NCdW1xUk45VDhtTGVLYUhlUGh5VEc1M3lJNHIxaVZQNDRud2hlWEQ2aktuV3NFZjJEWmRxc21aR3dHUTdHQ1hCdUFuMjlOQklRYU5sOV95RDlSZkJZTE1WdzhiXzJmeUxLdXpwYlFKVlYzdl9XcWcyenJvRllrak52NVdUc0VjTks1d2g3SU5rczIydmJmOEthUXNaV0Y5YzBVRUUyWWtCa1BLX2JCNUgzbFZENnlsWndBcHltLUZCdkFPV05qMTRlME9xUGxEN01kUmNhTDd1WHA3dnZFdzRXX05EeU5NYkVGWWtfSC1QdUpYYzBZNUNNcmdpVXlIdUt3SHVJVjRYb2xhMl9MOUJRYVk2S29yZTZUYVVxYmVLM0F2ZGlYc1VFQi16UWFtbjd4eEl3VVMzc0ZiTHhncEVLa1o0RzZiVTVrb0NVWHczajFvd2EzTGE2STdvTUJwSnJXTndNWDlWb3BaRm9YN21GZUR1cGZUZm1DTW9JbkpxVGM2YVppbENWYU11d3QySkJPOU1Ibm5kZktvZXc1UTJ1NUFoV3hseFRIZTNwTThvbi1QalA5OWJQQzVDNUJNWG52cmVFTnJpUUxnVmRTNFFrejZZNUdnRktYbDM3Zmk4UGN5enhHVVJ1ZW1mLVV3MXNDY0pOcHhELWhWZkxGU25Fbi1GaWFKX3E5UU42dFdPVzRKUEkyMFpjZ0xscW1TYVdFVXdPRERDbXJWeTlmam1LZ1pURXE1VFpSTFFFdl9aYkVodDBoT21EUlRYekJSaUhjY2ZReWw1WmR1emRuTkh4QmlRM19CUExmdUFFRkNXMmx5NERJV0ZvQldJUmEtek43Q0p3ME5OMFNxaGxreHJpZUpUeWFKYnZqWTNENjBublFuTjBXTV9YanVKcDJwT3dVc2pudnFpcFZ0QVl1NjUyT3c0WkwxNHJrSnBnS05FaEVyd2VXaWtLcnZqTGlxMnRKN1RYaElueXNlODYwSFJSQzgyNUVKOWVTOHRJMXFFZ0h6aTZWUDFnY19WQzZNNnJmaHh0YTJCMU9tQms5R1lWeXJJajJRb3pNUXlSdHdZNjJJSVJKR2tEWURuWG9iamVieVVnbG1DMkhPeGR1Sk8wZXRRcWM4bUJHVEUwd1M1OF9JbFRXcTY3eGpKeHR1SE85enVFR0VieWx2MFpyUWNKY3VDWk5Ud0RCUGlxV01NdHJ3UW1NNFUzUy1zUzVFVWFLTzRIRDI1WWxldEd3QnVIRUVSN0hpUnhvd0NMQ2RkNUJzdHJaM3RqX3VwZWEwcm15T0l1aU1rRW5fWDNRRFV3TVlnS2xiVDRDN3pWZWdYVUc1QjUtZ01RR2JZc3drc3VrSktZU3J3b1BMNFF3SkgxaVJRVFNwSzlwN1JUak5JbVN6Y0ptclMxcEFoblFXZDZ2aTJyRU9Ibms5MFEzWVRuVEhkMEtwQWpvRjBXRmh6NjJNYW4wcEFhaWVFRFN1TTd1VTRtOU9lV2h4NkIycFdVeHpUcUJBeDhZUjFCOFNPcDc0NTRZZU9iTmx1NFdXak9rQnFnT3U5UU9oN1BVWW9RX283NFphc1ZVWXIyd1dwdDhhX1prSXU4TENwd2tSR01naFA1XzRyQXhqaFRLWWRHQmZrUWRFX3o4UGtJR2VESlQtYzhNdzZjbGN4bjE2LWlzMzI0aUZ0V3R4S2did2FMYWhWOWVzaXZHSkg0ZE9Nd1kxQ0gyWUR3RGhDN0J4MzFkdTFYalZIN19ZWDdMbm5xSFptdExGSmxENWw3WkUyQnpzaWkzemVha2VURWRTZmRFbmNWeVU3UTF2UjJtVUNmZ0Fyc0FOdWFrelhGSmJmREFaZGFNYnRMSkZrMkI3cXdndWM4MGY3UzVGSlE3aU0tT0RhUEs2ZmxQckFxODJhQWp0SnhjRVFlWXVrLTNfSEFlVTNYckNJUWIzM253eXczTlY3RmJpZzZPeXRmWUNTUnRCRlRTa3haTTFCQnpjRmdGNUVIdFBkR2xRRDNTamEzWDc0Ymh5dXZCb3JKNFNMSmtMT2tZbGRFelNJbGtfNDFBU3RnTVZRYWotdllYY01wSlhXbkJNeWF5NnpDS1RPV2o4TGJkTjcyeHNOV1dGNkQwdDE3cEpiRVNjTGxSTXF1WGVjaFRESmRBaEtwM3pyTnE3M1FTUXNfLVozYUN5ODZNT3pMVUZBb1U1c29tOEtjRVBJdW9DRnNEbXJNNXlpdF8xc2FwaktEUThwSEQtVktUdl9XSi1EUVNCbWZZX0ZmeUJrNG9oZGhQWU56TUZKemFNWi1RSDBzb2ZEc1ZGYXA5Y21wUGM5YmNfUXRUZlZ6NXoySUwxRGpVQ2ZoZVpvSzJtWE5sNVgtdXhFMVJoeDhGcmZmWjVYWEVGSC1ETzRiNTYzeFFVMHJXTVhhdUhCMkFmSzRic2ZGd0xUWHdVa2lzSVhyWkRtVVlCd2VBWThpZTV5bDZ1TlNfLjJRNWxHQWNIZ0dQSW51Y3BlcmpVdnciDQp9.rv-xMWrYBAIWl2UnDnXkQkhMbUn4BJvTby8vLao33B5HCuSAOAfFtsFqNj1CNQ5iQayVP7yT4wd5Ws2lGQTnbpSDdT2fK4QGzZFFH7PEDkXWpkT18_VO0GGK-5RlPAcRp60nlmSoXbUcBLvQ0u-dtm-gBP7VGZaIBW-eXSZNWqqiXDgEJ5UupaxPIzzpbgjoSMrxxiKY-Ih_umXKFlPJKqRc0hfQI6OKDlVwNyl4-FNR9M9_GEcK6CplJMdb--z76Tv0lCLJ8GnhjivHuNOAp1Hj9q5fN6FH083bMkYru8aD-AbF4jgkm-_qpMJkSl4lh-Ny__daDvBlrJTowqkViw" + "respID": "NavkR2BWuvroWkIKWhAQ", + "inResponseTo": "_2ac94139a4451f7ef0893a5b823aff16", + "signedPayload": "ew0KICAiYWxnIjogIlJTMjU2IiwNCiAgImN0eSI6ICJhcHBsaWNhdGlvbi9zbDIuMDtjb21tYW5kIiwNCiAgIng1dCNTMjU2IjogIjBGUmRDYkFxVTF2YlQtOUt3S0JUcU5GQXBkcU9HT25Fa0o1dGp6MFp0anciDQp9.ew0KICAibmFtZSI6ICJxdWFsaWZpZWRlSUQiLA0KICAiZW5jcnlwdGVkUmVzdWx0IjogImV5SmhiR2NpT2lKU1UwRXRUMEZGVUMweU5UWWlMQ0psYm1NaU9pSkJNalUyUjBOTklpd2lZM1I1SWpvaVlYQndiR2xqWVhScGIyNHZjMnd5TGpBN2NtVnpkV3gwSWl3aWVEVjBJMU15TlRZaU9pSlJkRjl5UjNKalRWQm1jamxmYWpsaWRFTndhVXAyUTFWMmFVSlFSbFZqYzJwbWRsaGhVWGhJYmpkdkluMC5RQ1BLOHZrZzlvSkprUk5OTmR2cVE4V0hvTk1Id3hrRExlMEVFcmN3UDJHTVROM3gtR0Y4MFVoQno0Z3VrOFVFcXpqaFM0S09XOXVVbEdkdEJ2eVdlczNPaUM0SUQ3eFNmVDF6Z3R4QnlDcHJLOFQyREZTa1VqS1JpVGpqOHoyUWlWXy1NbzJKOVJmVl9LMWNseVQyTTNFdnNjMUQtNWkyS0dzbW9tcWlsVkpqaFhZSlZkZllBRFZVQ0pycnJFTms3YUNwZWxTWU4wZ1hGU2VNRUNyRWp3Y0lkaHM2TW5fU2JiUnRJTnVSUmF6aEZEM1Fhb2lKcjFTdy0zS0JUV19fUThKTlhkQW9KdkFqcmFvUTlMNk9JTEhwOGlVQUMtbVVGbDJ6bmVQYnBoTnktSlNzV2NzVlBpVG5HYzdKNDNyaEtvZlJTWmZQUmVxWlRQYi1ncXZCS3cuazNqZUprWXJucEZMUmdfY3dZZ09zN2QzQWRVWnpmTjM3YTROeW9aY214MC4yWUg0M0lzTWNsVFBuTGZMVGc2TjVlcjVQSmdmMlFmRWE0bGg1dFdxSlJHdUdPRUw3TVVUMDZLMTVxUV9jTWZ6M01XVnRDV0lSNE8xOG5yMVZtN3M1cWZjRUlmQVpTRk52OWo2SXViNkVTeUtDeWk2YktaM0VDWURxbS1ZMjZETk1GWU4zeFMwOG9UV3ZPbWprR0Rqb21xdzBUcjB4RF9saHBRZlhReTJ1WWZZSDBlc21NY1BnS3lyRmF5NzZnV3VQeWxBS1lXbzd2WVB0UmxMR3AteWZ0eDFVMGFQU1BCbE5sOTlxb2Vzdm9BVTFrSXh1aU94Q1BYVTBqYWZJamF6MklDT253QW9qV2xrVlJWeDE2TENEUEF2d256Ty1vbHR3eUNBNmNzbXZYN1VvVlAydFZLdVVGVnJRUVFkNTFsOGc4dmxpb2pwMjlMV3ZSdjJTeDR5UG84TS1qOGw3UlV6SlhwZzNsZV96WGJfOFRfYUpra0d3YWE2UV9hV0ZDQl9ISkRGYkUzbDJzeEtBeHYtYUd0QzhwVVp4RnppNHB5YUVMd25QVUhpalE5UnpRUm0tY3RlTUpZM0NhMHlpMXl3eERudGRic3JSQzJvdG84aTMtRnIwWWo3R0t1THBvZ1hHT0RLX1p2X3FoNFdIZTBjRkxZUUNuLVNUSEJtaVo0SHBxTU8ydXlmeGpSYUxqN29KUXRSdXJ2NjNvMGJpeWxtNTVqMHg3eGhrSDlPR3liTUtaWVE3cE04bnYyblg3ejhJTXZRdkl4UU5heWNQVlJycWFtNERVMDJCQ1VlWVc2T0x2TEg1bmtMaTRmeUhoQXJtdXA5R3JFU1BHeGRlcW1PcTRYeTMyNlE3MUNNMU14TUN2ZXdoU3R6RzBWZnFnTHJjSHl2bndSdW9sRnE2SVlsZU9mZ0JMOVNUR2M1WWxuUU05UTJYS3RabVVkMUk2VVhMS0UwbzYzU0JIbFFHSVlJaVBYMy1VYnMwcEtLLWJfbGhMNkszT29Pdkw1V3Q1OGljV2FCbFJqb25VbEQ1eGR2b0dLTjNZVmRxWDVSZ3BIUnQxMHVHcDN3cER5S3RYTy1OTWJjaVVTUURQMVlNMFZScE9oZVN6Nk15Vmx5eEZhMWxKNEVpVXRhYk5jYWMwMHJUaHdqMkpSWkJRUGlvb01YVk9mTmxGN2xGdm5UN2liQWNVTTNJcHo5bW1XM3VEQzFxNEUyd1p1bWk0aWloenBlRkNjZTRPVkZWYU1pMGxNaW44VnZNejVYRW1QMFlISFNGRS1LaExuZVdMeXlFYlBzendhU0I3ODdXTUNkZ1JmRU9PakdLVHAtWkNQeE5jUXY0ODVFSElEOWpzV29nRVBxZERoU0czSWRhT1ViY2EwOXJ6a2xQaWlqaTlaeE1lVml5dUd6M3dkc001Y3pmalRHT3BXM0hQOHlwM2JuYUVLMTJBdDNuTTZvUkdGekJLNmc5RDl4eTl0c1BiMkF6MFozc1hzV2RpbzVJV2J5UjhNWk5PdGlNOWxmYU5MMFY4X21ueGlrdWxlSExIaXlQc1JIZUotb2NSOFE3YWh1ZGJfX3Rkb0dFN1R4dC16U0tPZHllcWtOUll5cVd2MFByZloxTFp1bkNCMFZqeEFtVUt6N3RrWGpxeVFQZlFsc2dmblJ1blBhMGVvZHJvZEkzV0dYQmlkSUVjWkxHbjM4bEZyUWVJUkdfNG1hMmpteGp4NURFdXN5OGdqcEl4TElvZkxGQTZXWEtvU1pwWV9sMUxVQzJ2RzkxWGt1R2o0ODB6Z1NzcWFyN2NUd3ZUWnh3M1hqamtJTVFuS1RKa0s4QnByNnpqdEdJTTF4VEc3Ti1iUklhYWE1VHFjbGhGc0dMTmJTU3Y0a21EU19TX0x2cF80cWFHcWNjTHJGZlh0eE8zTnRXaFNpdXZzX0tsN1VfQmxIemZYV0lNQ1lZNlI1SDI2dWpRZ0ZEenpkV1pQVTBxM1hVdlltY2FXUHdMV1JWU2IyTVFjZnd2NThYSl82cUVxLVhaQjU5NHRaR294SlI3TmQwRFhqV1l1dVVTNExTYXBubnZ3eHRpTUF6X0diMjBwTmNBS3UwbDJGb1Etb0ZwQno0LUNRdVlZbE9pUVZhRjQwN0xlVUpWSFR6cG1USWdlZV92Z0VTUmtqTjY3RUowbVBtZDJQU01mVnZwXzBmLTZYN2NRSDlCOUdET05COHJXUFJLZnJBYkNBNWxaZkFSZHFkMnUxTTA0TDZjNW52OGh6NmptdnpIMEExSjJIMWNpT2I2QldoM0daNzd2NTlKZUxEZ0hoRDh5ZjRSOUdNSEo2dHlFMmpsVmZTd2lSc1JjMVhQS0Q1WTl4aWRoZDdKYWV1MmptakgxVXk0aXNrN3BjTDItWkxTOS1rZ0tFNlBxUVliQmI0U1lqN044UXdMQmVodkM2RzVYYjAyaFlGWUNpUzhIV3Z4djRpZTBjb0RkZmR0QVEyZDFpQUt0VlBBTW1saVRCZ1g0RGU3bW9oeGRRRVpTbG4wY3RRRDJsTzV3RVIzRnlkejN6M0lLbW56eXBXZnNkSHh5ZF8zUWM2b0RDZnlSV1NJVW5BQmdhQmV4ZmI1RUhXQ3NOeDVXUFI0ZE9mdDdrTWdBay1NNGI0NnAwSE1ieDdYamZ4U1NnUVprZmZRalZraXFUR1FGajVXS2hNS3h4YlVpRHZKa0laeEVCbWJiYVBQeXNjRXVxUHZvc3J2VjFadWtiWU01TWpobV9qMmk3RHBJNzIxMXRZdG1VZWZ2Sy1jUmp5TU5rN0dxb1kzRFdobWE3WXhHN1FlMmY5U1paemhOZlJ2T2lSak9TX3ZrTXFjUnB2bnlhN1lsc3lYZi1fVi1TNDU2SkVKeHFKNm03UDdkS0ZKTVdxQnlEb0NLWkJBdjB2TXRWem5JamhPa0oyS1o2dW9VdjlWcXg4NXBUaU5XWGEtYjhZelB4TkFTVS1IWWh1bUxLZE9jS01veGt1UENzcURaMzY3d2xpS1g0NFJCbW5fTGpTWjFqSmxNelByQVJyMlh1ZUtHbTVBQkNDSjBWclNhX1QtM2lNT2IyV0RVOE9EUFo2MHFmRklzTGRkRHk2QXk1c0RqbDZFa1RKc2hqZmNacXN0Ti1rc0kyN3d1VDYxVEh4dXRnS2tNWHZ0NFhoM3B0VGgtdVJGdWJmYy13cm90M0JXdXRzMjFnaGpkbk44VDd5TWJRaFNxd0N4anlYSXZWZXJoVEtKWkZ3aWQtTUVFLXE1VVhKQTN2R2FoWmlSN19XalEzX0NjM2dWLUgxLVAxZDhidnI3dTJURlRRam5CV0l6YXFIVW1QbWRyMzJoX1lkYWtpelQyNVlJNGkwMzJweE53cmFzdG0zY1BWa0tacnJCX1llSE1La005dm1QaThiSkhicGFSOFBkUTVuQk1XSkJkaUVuUTdoYVpPazRrWEltNXNyelJNVWhhRGxJaHR2T3hFUVRpMVd0RXdzcjd0OGl3YVdyekRaTXpGRVY0Uy11WUsyanhJeTJleW5CRXFzd2lBMTBnWVo4ZXhCSjJDU0VXM3lQeUhUWFIxN2lBZTdXUkJpYUhoNElXUnBJalI4MHExRjlRd0hVeEhQenJoSEFXN0JFLUVBU0xEMG1YN3hCWi05a094S1E3VjNNSXBIOFFhck1qRmJRelJRX0Ftb1E4eDdCMUdZLXBUeGdzMWduOVFxLUpRTU5peFhZSWdhM2dJQnV2ZE9GQjlQZXl0V3FpT18wV2Z1dVpHb1dkcEY4NFBoNjZlMEdCa0NuYjRkVnZyaHlZNlRvRXVzbTNtTFR5SVB4UWNTd3NnR0VQSHN2eUpxclpwdzNHVkppXzVfNUZqakNuMjhwSTVQTllEVE85aFNGYmhNcDNqMEdBam40NXpJUEYwdTlCa1Fick9WTFZrS1VCbEdHaWd2N3lSNWlvd1F2UjRvX05BX1ZVYWxndV93SWxVRXZZVC1Ba2hodzZJSFp0Q3lJYTd1aHJ0eV94TEYyX3lHRG1zRnZkZFBfeG5jY1dZVF92LXdIYm03NDVObmtoN2xVMlhrRUxkMVQ3bkVfb2p3aFlwWmhyUVNjanBfbUdSRmFuU2ZxOFVYNU9rZVh3bm4yTEVRQmJFOWEwak13ZE92M1FnZU5zYjIxd1I1QVE2RC1pNnRhaGxqWHVDMjBSbVFaTWs5Y1JPRE5abFNYUVZBQzhqTTEwb2lpRFJzdklWTXZjQWp1ZnBLbGNzdFFHdnlXZmZlQjNKbkFtYTRueFUyeVlYeHFyMWRkZEpQbVZ6c01xek4xbWNnZHFLWERHX0R3dGdCMUNNczJVd0tGaVoxQ2lpSk5vN3hPOEdaT3M1TzZncFpKMFh6cjFudFU4UUpYNXhoQlZUM3BRVFU1bUZ6SFNwdExkTU5ueTFjS2RITmMzQVlyUi1CdEdUVXV1Qnc2eERKbS0tT1FjS0RqMUJxSkxmMG01ekpqNlBKNHFQTXpWOEFHSDRrRzcwRHQ2bHI0eEJrQTM2MkpoN3B1eGFsWWh2aHJoR2UtOUhHVWZPNzZwVUlTS2o1WlplQXFfUWp0aTVVdzZGWU55bUM3ZWVUeDFPQUtsN012V1lUaVJiLVlLVHlNck5yY3V5RTRXWGtlVjBhQTllX09JQncxeHNpU25SQkYwTVJtbnpuX3J2NC1kNWtSSWNGc0xWenlHbzZaNFUzNk1odTB2a1R2MlRIU0pYc1ZEdzhvSWpEVUg3UFo4UDZrdEFmSmlLZXZ4cnZZdWw0Y2daaGxhNFBnUDVNR1RmYXlZdGZJU2NBbHZ0TG5pNDA3OG1ITmNoVTcyc2dheGtndERsSUhiVUpqdDlpZEZFR2dPcmdvODllMV83N2VxWklYaFlPdUpoOGVfUlhRd1o2bThOQjdvV1lWeDg3bmx4X1VKdFplZ090dGxnYUhwNXRWVEdPTk5jeUdtZENMU3lvRzZ1c1VRd0VqeFBGc1NTSXU5V0FwMTliOERzTWMxdzN1cGxIZnRMUXlnUDBzUXNRUG1FdndxOEpZc00wcjRfRENPcTJkcENvS1pUTlRDQkx3X0V6N3NzXzZpY1ZkWWhHekRpbUdZTWNOanZXcGQ3Q3pNczdkV1RjN2ZVeHVDWmstTmRwMUhvajVXTGJQd3cxWnVNOTBHWTZUVU4wMmdsVXZObEJ3Z2tTa1doclhDMU8wOXlGMFQ3akZMV3g5akMzY0VZSmhzTmxVbWVSeWdXalROajJQeE9WTDRTdHNZTXBUOS1VemxnSEZEbTdxZ3lMdlZhVGcyM0lWLW9LT3lraUkyT1Y0RG9PcndfR0hlMTlsdEQ0b1ZsMXRrQ2h6WDlVR3h1TTJJM0o2b1Q2Z25kN0FNdmRscUgyZkFQb0NfVHUzSUNFM1dRQXAtTFBVTm5lUkdJbnduR1Z2aVZmb1dUVzQwVVRadUlPNkdwOEJDUF9lZVFEYUVnV0VCUC1pV2M5bjZ5dW05LWhCbDNHS09YVlhnOXJsaHJSdDY4RkE4Qmt0WE9NaWZud29pNXR6Ry0tMTFPZVFmakRGbmJNUlh1WEpoT1RSLWNVYXZLQlV3RmFFc3pZdGJjQURmdTVJeC1lWHY5ZlM5d1pkZElOcHpzT3ZZb0t2cEd6MjVnNktxTjRXelF6bjY3WEhvbGs0VVMzVmRjRnYtQ3g1ZmV5MXlpXzFDc05acVlPSVZYaXRHRk1wdHZ1aThPLVp4Z3dhRDV3Ymh3TnpBbS1FTkhKRFNyV2Y3X1pwYTl0RUI1ZGM0SjdGbnpwX2xVcTQ4RkxlZGRuSmVoNnJhMzkyckh3NlpyQTJDUktsc3hlWTBZdGJwM1lyMXd2RWlYY0xZYTF4OWhBMnozM0V1aGFhUXFqWnBJQ2lYdXVxc21ZeklnVGU1WVZ6ekhZOGVkVGFCUE11QWdrMkFZTHQxZHhETGdndlJ4MXN6cUE1c3RUNEpFZEtXbGs3ZnFIeHJIOGoxdTNwTjNCaS1LTXdNekJ4bjNEZERncTV1ZTFPY2g1d3VmLWlhVHhnZVdfNmV0eGkxNWJ3Uko2STRuSUxTVGk0bG9aUDFTa0ZCVkR4el9FODg3Q0I1ckN4ZnhjY0kxRGsxSmlRWEFqNGtEMF9mRWRxRkllbnpnMWZ3VzBETkN3U2R5ampiNWlmSlk0cVZ2Y0dBSHpoX1dBOUFlYmw1eHcteGpqTkloZGplTEwtbzZ1aHdwLVZBSXE2SEtWMVFIZl9QMWEyNjR3NnBTZENHdGdvYjEweHdpZTA1SFY2R3g2MnI2ak81TE9QUHpkVldvbWJxTEUtZVJ5bVM5eE1JOWl4RG94dWhjcXh6bUZ1cU1mLUxlMjU1d0g0ODEyemVBSi1QTDBjU3FTdjNfXzUwRGRQMldVVHRHMmR1aTNlcDR0VkNObkVINlZFUnY0bUd6QUNwX2stZjlVcWVHTnoyejR6QnRWUGhKWi1rVUEtZ29uUnhKSEFUcU1iOWd0dWFpV2hIWk9mcEZaQi1EZnRuMks1MXZRaXZWWWx0Y1UyRzRYSDRMekJhRldjUjBZMEdVWk10SGxsMXVWSmdqZWVXYnBMaFE3Q3B2Q1djVjhlNlhsQ19BeWEzX2NnV2VNb2M2OG9GV3FBa040TFJ2blhLb0E1M0syRWdmNmhYcXFFLWhMM1RDRW5VQWhaNUkwVWVENnN5X25ndDJsSGV5ekRNT0Q1ZEpuLVpZdm1GZWdEMFlmd0FyWDlETnhrVExfelhzT1hzNERMWlhJMmJxUG5RU1dtbXdmQ2xkNFU2VlZhYklTdFVhdDE5eTYtTjZzMzJTelAtNm9QQUMyYWNqOWQ3c2ZoWHowR1JzNlVEM2ltdlF5MmNWbzg3MVhyX085OENFNENTZEM3cUFNSEM4TE9vTVB0ZWtNaGpkN1dXdW9BUWtUb3FzUkdRUzlRNDQycWNjeEhtVWhMYm0tYUFIXzBBR0dKY0psY09ObmlZY3p2dzFTSHRtZERiWU1BUFBqQ0FHWXlFT2NBUDNueTZEeTd1Zzh4c1QtZkZHNnUwTnZ3Y2RXSndTVHI0R2Y2Y3BtbXkzQTRwYk9wS1ZpdWJoYVJiMkxRb0pOanlxa2h2aTZVMDU3UFIzTkZiSEhSS2xPT19SVWhCMEotenFvWnVPb3NTdjk2RjZNZl9HSlpCUVZVcTBrQWI0dkVlNU95ZXg1aEcwSFVSMWtYZXB5Y0p0RG9FbmdqcWZqUmp3YW9HcTdJLXgtaV9qZjV6NXlNV0FqRkpkOGhiblV1WnB3ZG5iVGhLX2pHRXhWeW9zby1TM3BNQUM1dnA5MzR5MS1zbVo1ZXA1UW5xUGg4YUV4V0pfcVF1NGU4cnEyMzVtRFNmVGJOd1B1TTFJVElhWHAyaTA1aUZ1UVZPcEliOGpuUGNMN1Jua0dLMHV0TkhQOERJLW9HSFpiM2dVQWV0VHRINmwxUk9xZ0FFRkktVHQzVXlxQmotSVZmZ3QwRGNDbmNoYWlQUFhiSExjMjJSYm1jR2JjTjk4UWpQSlRSZDNjRDEyN2hLQVZIS010YWtiS0x3cV9abmpCZjlqMDZuVnZvWi1fc1RMNEZZSkhSRWJpLXhOcmw2SHBqOFMtRFZRRUpNMXlLLVRBUWI0UDR2X05uWU51R1dVTlhYYUh3bmNOcVFseWM1N3pJYWVkdzFUdm5UR0gwUDR1end5MWFnZFlXVWFXODE5c01ISVhBNWJmTzNEZDFSZVlUUzJjZ1NTaGwyclUwSUtrY3NsRlJqX1BicUt4RzJYSXlNdE01ZG9Eb2FONENFNHFfQmxNZjhXTENvNG5WLVVSRll3eVM1bVdkVWtSZzJJMWhJcXA1UGJyaHptUGI0RFBSclE2dWlNd1hXY3oxN3lOa1daYTRNTThIUW1EeVRwTC00eUJlREU2MmZwQlMzWkZERWxKVE9UMThRaXQ3Ny1PdTFjODl1V3EtVmhkRmd6UTBhT0Z1T0RyY2RmSlpEclJ2M2NXeHBvSG80SHp5Y3lsYlpFd21PS1FxdmhQN2NDRGJYbEFObGlPV1ZkRzZYeTQ3QWRIS2luYUhELXN0eWJGRnVHUl9KLXVibi1BVmhsYzI3bVlzbDl1X2VDbVpSWGE0bkFTa2YyYWNONFd2em9YWTJlZzFrNi1Qbld2bnZDeEVLVW9iRi1kdS1EY09nQWxSdnZzcGlweFRTS3FaNGZpeHBfdUJxYnlDOWR0YkJZTnBLNUM5dU8xQ3JVaE9iQWlMbC1NNVgwWGt1TjNYVzJ4TEpZWFhaenhGbkh4d2w1VlFpQXZDWEVlZTZaTXd1N0NZNVNqOVpkeXJfQV9uUExyQldHX0hvUEtlV0laWEQ3a21nVWVJYWQ5dUxrOWUwbjl6Mmx1elowWEF1YlJEOTIyRUYxLTlpR1VGUjQxdE1qX0JldDRhQi1aTW9YVDZGNGxKd0gwT2lLaERkUmpDRDFBazF1aEhjLVZjTDQtMUJHN3U0cVE4VWtWcWlnMFlldmlNaVJOTFZxMkwzTU83ekZEUnN0SURXamVZSDZkRFNqcF9hZVFhWDZXR0owZW9nSmxPUGNTTUZldjRCZm5pSGFOMHp6RmFaNHJjQ01wTUZwUHZCcHMyVmhhRHo4NVdnSUpxV2lNM2UyWEt3YVEta3pqU2J0T0EyVmNhQ2VKMjc1UTVmUkVvTDZ3WkoyQUYwVGo2OURpdnRWNnVfVFpTbGNjSHg5OWNHWWdtYTFQWnJMRy0yVTJiYkFfMG03azRzSUdYVmlJb0VyU3dEUThEU2tYcG5ZNDRLQXdFVkQwMTJaT0s2dWlsSVpsSlFHQmRCWENDa3JOeXRfUDk2ZlpzckotQkQyNzJFYUdiVWZVSkJqNkc1NU1DZnFFQnFCV3hWSlR1M3Y3QVA4R1pWeEEzREgzTFB2TEU5OFkxYW1yZlNrdmxieHlCQTVmb3ZDQ3NUMUI5WUJlZlhDZ0JULXZ4SjE4NkluYnA2eFpZbWd4YTVCcE1vLWt0RmZTcnRyNXNGNlgxV2JIaDlmQUY2emNta29kQ05CNXNaZnhvRnJzNlB5YVc5dF9yMjZZcFJmYnpLUGl6SjZlOXlyQ0tucmRaU1BNaVdBcnJJamtzWURDeExQWGZEaGlES05wbms1emwtTGRXWGVvR1VncmxnZ1V4Sm0zYnRnZzVDdFZYUTVfN0lxVUVibk5oMldMc2tlRzNQbW9zWjFjRWp4UmRiZzNBcTRWU0c2ZkU4ajRRSmloM1ZzTWgyUDVlUmFuRlF3STFJeUQ0ZzY2T3dIcEZ6Q1ViSTk1WEZ1VjNRMFc0TjNxaUhMR3BPaTEtWFdEUWhQc2FwTnhadkpKbW5FcjhoOVZyNGYxNzhZelFCUnNXTUVkOEhtdkFJYjN3UkFXOWxMUFRNMVJkR0V6ekNPUDBCQ3VnaEcteVdGcFNEMG9tSzdVN0otRWJzVHVGSHVEX0NlaEd2U1RJUDV2bS1BeTJ5LXBFT0daaVBCSk5HeWlTYktuRVI2WkpQbW1PUXpBNTQ2ck9xaDFDTmo0OXBuZjByaldKM2xXSDRhaGxsemFweGtqSWhDMDdqM20wSlZZcl9ZNWFkS3VkbV9SSDA3bHpRRzJJRXY3YzZnT3JwR2pYeXVOeUUwWkFfMHVrT2xRVG1icENpS1BJNWprUzZ0MXNtNVItQk44TGJDTlR6QjlCSk9SZGt2WmRESWhMa3BUak9aRnU4Wk9raWFPZUx6cTZRNHVBZVhoYlo4MldVQnY3OC1NbDNIVzZiMkswREQ3cE9lZ19LOVBRZGxaVnFiRzAycXc0WDRwOXBiUmV6S2tQMFYxdzhXQnNMdkdkbWp5Y2h2RnBiSDJwZkZHNzJtdGhoeTVBVjg1dmRDVU5ZYldBd3RsSTFiM1Y5SVZoMzRzWEtjUHowYWhKdV80N0dmNm40ZDlsQVc0c0VRTWtoTDQ5NjZwTno4eGczeHdWZVBQUndTNU9SdWU0TGNCWEdzYXZ6cHFCYnVIQ182ZGJ5VFJSZlRBOEVObWNzUWJrMzBGenNXR1VLS0Rmb2N2WWx1bjR3amZ5cVlQWkE0Skhja1liUnNZS2llUnNFTTZVRUFrMGNOQkUzRVlueHZnU3JtRWtqdHJQR2lheE15U05QNWR4S19oVEVDZTJoNWxpSVVKaThJYUpSc1g5YWR1VHFGRVowMmdQamhwTFY5TU9JTjRYZ0d5S2hhMnhxdVFfM3A2RkxXaUljVlJiR1lTS1I3cDFIXzI0OGYwOVVnUGtuRV83ZlBrQWFnamFfQWxqV2xHX2F3UXhCOWpGTGNHNldIU2p2ckpWOTRZOFQyV3VDYU15WHpMZFUtaWhpeXBYajB6N0doRk1UUktUVlBqbGZ2UEtJMEVBdUM4U1J5dVFkYXd5MzVGbTVpSGFsbnNTY25TOU9GdENzeVRxamkwNWt0OURpRU92Y01qcldEOVFrQm1aUzJrNWg3QzZFS1dWR0sxeWVOZjQ4YmpqSGZMWmswTjlRQ0dIRDhFeVY3NHhmV1BWUWNfQmd4SzBRMDV0VUlYTFZOV1g1WlVySFh4MVFtVWc3RlhhejR2cmVCZUp4enhSSnJaZjBWWlEzNDFPNG95Sk5KN3ZWc2dVcU5Rc1Z5dFdKNkVKRC1pTWJBZVZkeXM4OTk2UmY1LU9XcVhsUUs3dVVJbVZmMjBxTDJpMHlVY3NmX3ctUFM3dDJnNVh6Vk1feUlXZmVSSE9obTJ4Mzh5UUY0dGROelBtMjNsSkNXc0VuOTBhSXBJdFBraVk2T2FCTG5tdzByNWNpNi1ZR2xocWk0cmxVSDI2TnFvTUZNeGRqQ29kVzFHb0VkdUw3T19VbzJib1dIaGUtTUF1YzVxR2R0RVhac3BCTGd6WG0wOVdpaWF3OXhWSUYzQU5DbE1pZXRobXRBQ0pRd2pNeC1rckdTZmtyX25ScmwweEh3ZlJwajIwX2VWdHdKX2xLcUh5Q1FzT0ZHemlLWU5tVDhDbXU0enV6dXhRc2sxVVZmbkJ5SVBGOTFNSEFPZUo0RGVaMHNyZjM5UFZLd0I1RjNpcW1QSmYxVE1jUXluZFlYbFpITzh4SnlIZWhRVWJDTlNoX0hMeHpCVF9CX3B5T2d0N3l5V2c5ZmNLTUtodUtJaTFhTXJsb2FNaTEwN2xXY09OTWdQbTdOSWJURjRyOUUySi1oU0lEWlFrb0tCQkoteno3TUpvRnMyTjh0OWxqSW1IRGFrUnhYV016TFFKWC1WMXhkbktaZS1zek1XaEdMRW9XckNMeHNOQXZzNzlSTHBBVV8tdmVfWld3bWJQN05jYm42V05aa2tUWXZuX2tuQzV4LWhkZTU2OUw5aXgwOHdTNllDTFNxb1JvRVdveE1pT0ltU0p6ZkZTMTFnWHdOcnZxOGtYSkhzMjI4OWlsckEzOG56LVhQSWVsaW9EN1Vfc2hSSXQyRmhsT1BlMVcyRWNSbGNvVm53NDh6UGpiTHBLNTNTNlB6V3NuV19GbU5aejVVWV9oY09NZnljZkNSenN1N0s2VHU4WWxKWXVTWTM5ZUdlVWpjaWI4OUE0OFRLQ0w4Ui1kQUJyY0QxaldCUWg3ekxxckJfMnkweGd0QkVWY1k4bjdmRkNNa1Jac2d6bV85cDhKRGdjM0tvZGFtVHRDTHUxRDNNNXBTWDMybXh5WUNReW5EZjBfdXpzZlBHcHpQZEhYSUdEQlRNcjdpOUU0RWgwSGhUaUowSFk3VUNPeW9WUjBrMDQxNUlVV0d3dXpUelY0MlhDS1NQazE0ZnhaeUNVR3M5LUtsOXNtaHpOajZrTTc0NkQxSGI5QkVLdU4xRDkwSUFHTnhucHFlMHl0OGJZQjlHcWc1NzJ4cGVpbVRCQVNkemh2aEVTZ1VoNUNwY2JXR2hsekVEcS1BazgzbUFyXzJDdFpnVlB3LXRqRzF6NkladnhfekVyUWh1REhyV0FvcjB4cWdSM053TzlJQVBYUDlNbVdFMEhsSzlmS1E1TWpISXZiSkZvdGFOUno4N2RVNkRPbkV5Q0syazFSRkRFekM5Q0drbjdSY2dDWDh3alZCdE9LcW1vNlpHTThjZW9BMjJ0TjlmT2dRWko1b2N3OVg3YkEzZDNhMlRsUHJSODZvVExrYzctNFdUYmVxTWdiZVBXUUgwQzZBNGJxN3VScF9qaVl1V1pZN09VWS1TcWpvdjd3UzAwT3drSVN2WWhhYTRqd3NKODVSNXR6UlZuT0JlTGs4YVU5QmhVMEY3RzRhMHZKTDlKSG50SFpiLVotMWR3U29MUHhjT1NfdXVhemlZdXlyQ3hvQ0dld3lKQVJ4dzJsazJjRmVaVFRxRV9DYmVZcHV2OHpOR2piVzM5dUZoOHYyXzd3X0tINUJvTm5ZU1VtcVZHOUF1b2dqbnVMakRfSzdIRF9hdnV2LTNrQnUwSDVuelJnaHZCLVZacUl0dTVNSjlNQ1h4aVcwYmZhOXduYk1KU0gtZ3pXX2NJY0hXWGRzUFlScE1JWHBCVUg5b0xRZ2Ruemx0ekpvVkJkdWlsWmR5NnFfb1RfRkJNV1N0N2N6NmZ5U3E1TXNQZTFkYVRqLXE2b2lvcDNBd3d5d1ZsOUhvUlpKUVF4Q29JN1F6SjhURlYzRGJ5aG1Bb0xScU5Oc1FOc2ZEMDBhZ05lc0d1a0xuN0hDNzFKdm9qWmZWWHBKRGdmdWFiTkkzTUxhR3VJSDB3a01aS1dQSE96SHlBbEJuaE5iRDM2U3NYcHdhdEVOX0k3U2VQbVFWR09fSE5fRjhZajFjYm1KLXY4VkdtT0pQM0xyRlF6d1hQb1piMmNZWmlOd09hMWJtOU8zdGdDYXFhS3p1ek4wQlV3NU9HdDBsNVAxZG5PMEs4V3F5V0Y5cG5Mc2dpQm9KbFQxYUpaVlI2djlDRFlreC1HRnJEejF0b0MtdDZmVWhFQl9ZaUN2cWJSYkJybzFhT2pMRWVsVUxVSGd1OVBzblNKTlQyTGczTW1kQWtDS3NrUldhVEt2QWl5OEdwenA2QXA4WFk2ZDdjQ0lKZ3ZOQXpkNlVPUF92TERjZXJ4UktRYUdDbTBWejVSWWZRcGM4T1lKUmhEM3MzNFBhMVoweFRBLU1uWjVkSDBMU21ZRTlDWkFXWFFzZ0s3dXROWUVBbUZWN3h5cFA1UENHemJieEt1ZFVaLWdJYnBXQ215WGVobGN6bFNmbXhiOHRqT1Q5Qkt6bDFpU01fZ0cxVmFjUFZTQWJhWWVmMjRVZHViOG9tRGkyWFBwN19MeHFXakJDS0JMa09Ec09WNm8tLThFd3k5UHVIcFVWSlRJWjdnaV9aRlJfMXUyMWt2aHB2bGF6OW5GeEV5a0JQYmxyWWVsekxrOWdGQ2FoUDNOQXFjWVp2d0xWb1VTQU56YTliRGdodThOYTN6a0JtaG1USlJmdTBTdnpqRGJZbnNMd3EwRDZjOG9MYjVqaExka3lBN09TSWlaWkdMeVBicDloUTdXU21kSjA5VmVTS2VweUJmLXdtSzB1VmU5MF9mdHNORGpQSU83djFkYVh0YXJpUWc0MXhGY1RsMmJ6WVphYXV3N09IYjEtZDlzdk1vNnBjMFU1TlZzY1B5TDUwLTVhVmtZZHlOcU5uV1hmU3VfOFB0MC15YnRBNU5Rd2ZSNll2MjhLeGpLTWh5THRvQl9lcUV6Y0lneGVCNUhsRkMwTlFwY2VXUU1UelM3V01wTjJ5VTNIcVlocXNESXoyV3UxVEFQMFBCYnM3MHdFUnR1R0dwRHhPdk1ZRmxKa0FkTXRlamJ1bkVsWVBNYzJHMHZFQXFvNUxPWEhJNVVEQzhVVHhHY010QUFJdGw2Z2llXzB5ZFFiRjhpUHdMYWEwUlJBemZzZ3lLdExFZkR2dVVNNmpvVmxoS2x2LVhiVVBvYTR6Ry1aWlRQTTFUdHU0dS1BRjlJUWtEcDlHeEpwU0hfd1l5aGFqWFp5UUF6M0NScFJPTXBRSmRmYnhuNTFMUDUxLXJwR2ZQamM5cG54OVc0OG9OSDFnbGVySmR5dXVOSUVNOXVkN0h6ZG5rWXJNZ1NDZGNVVzdCZnZjTnNWcFJPR1MtdmRhSm0zdjJ6QTJYLTNaRjFEMFVFVm9jbHBvbllYWDNIQnowTm5tZXc4U3l0TDJsa0tyeGhoX0dRcERNSGxOakttZzlZcFd0NktLM0NTQXJFX2ZDd0hpOHd4NElwal9teER3LXI0Q0dZYmlwcy1QRVMwc1V4eHRLMG5HZ2pORGpuUU9FSVdSLVNqdVhjZUhIZnQ1dTlVMzFXbTdRamxtQTFhNWdSTTd0Ul9XMl9iZFMyc01mYUtkR2wtVERIVm84UkxZSE1WVXoxTXNWTVEwV3NuTENhTElmT040YmxpYXN0WDJvakF2VVZkY29YUWNTVDBqVEhFNUk0el8yNXdiaUhwTW9mSkRRb2NiUi1Edks1TDNON1JHX2FYYUhGSDVIeEtrRWZBa0JSVjJmOXREV1ZxelNiTjVuOUl1aDE4YVV1SzhxYmV2aEp5T2p2M01ESUdMX1lkZ0R3TFFlU0tjRWFFSUpzamlTMGdIY2V0WDhua1RZYTEyMlFKYWpzY244OWszZVVZeVBkNDhrZ2FldjUtVXZ5NHJsQnRJeVZRaEk2OUVGOHB4ZDlWZWJYNkF1cFZuSGR4aDRTejFWU2x2NU5WRS1ycU83cWQxRGxwVXJIYzhTMkpybU8tSHAwLXpadjJUM1hRT1F3MXJTYy1KRHp5WWJ4dTVzWjI3VmFlSlFuU0Jzb3NSVUZtNktaY3JPdzVoMk5qVkR0b1laSjVhQm5sWmY0aVQ4RHBDSzhzTzhacXFaLWRueEpuQ3RQZ1FLLVAwdzU5ZjFVMXIzV3Y5bnoyS09XWC1wdEQ5ZnVNODhPYjZyNndpdTJsVW5qS0dlTExKUmFVYTFPU09LemduTVZCbHowVGU0RWhmVTFud0lxMWZybm5BaTBNcmlWSUtNZlhGQjVtNnF5RWpOSDVUWUtCMk9MSGxDajRlTklyeW9UdGZIWUxneHY2YTUxRlFGSXJTazBhWTQ5U1NpRW9LN2hsRlZod2tGYkloWVBFMVBkQ1dGb3phN0Z2eVZIUC1GbXBzNmlPV0EwWjFiQlVXVnlNRUpDNXJWMXhMYjdUNXljaEg4N1E1Wm1waFVpb1lMN2FHVEdoZjJvaGw1Vk5YcWNXSlpDbUtUTUI1aXJmdzBlajVtaDg3VUYySnZFVm5YUTVhY0xWaXdiZ3N0bnRpUkJSZUpSNWxfUzhjek5BZzRXcWR2OHd0ZmhQM0djQmJ5R1p6VkJsVzRmSHRJUjhMN1gtSVhlSDBQaEtvS3F2ZUFXN2xfUDlSaVVINTdha2xPLVU3dWR6SXhrWXQxMzVWdzYtS2sxMm9nUmlYaUpEcWtkSFE4ZHZaR0VqNEtIelFUQlVVamVnOFVYRWUzc3VzMzNNQ1ZNZHJNMG5ORnIzRXk5SHFFa01PcTFIbmlRaFdKb2FIcWlYLXFISzBLYWR5eTNueVp4TG5MSl9udXdkMUMzX2V2UEVxLUR2LW90TXBvYmt1QnR0eTd6NElGbGpHM2lOZVZFekk4M1FKNkJRZjNmWFZhclpta1N0eDh1b05jMXZPWWRCQkdiVmduUExidWFtSnFkd01ITjhKXzVPUHY5SW9vVFFjZ1YzLU1BalV3ZVpyVm9SbTF5V1FZVnBsRTFUUld0NENFQ2NoQ05jczZaVzZCUTVldkJ3TC13enNQSFVBTXVTcTB2N3VRSnJaT0cwd2hDXzFtRFJWMUlWeHk1TEw4SXQ2TDhTSXhhRC1yN19JSkpFYnk5c0dodHhpdFloN2pRNS1qb2V6Y1M0TEttcWtGemhVSVlYa1BWZ2pGQzdyYV9SbzNIdElhamVwWFkyV0p3OEo4QUxaSTk4Wl9TMGw5RF9BekY1UmZXWGdVdVFjY2NQTG05MXg4RDU1Q2F1bFJjb0tRTWZvR1plMDFGMXppR2t0U0RUSWJNa1BzU255a0tteGk5UDh1QXlncUZFVjJyRkRvaGx3TlJvN1JEOExTRXprbFhZOUFGWVlpdzNfLTI0d1oyS2tUeTI5Y2MyZUZVWlUtVHctQ05ONWFLLUdWMUNvU2NscEhoTDdRemJkVkl6NzhFU0VVY3UwS3V0QW12RzBZbUVTaDZnZnJYaVJzd1FZdzBiblVHdThKZHZsZjFFNnFhMk5MY0lwRnRtdXprbmxkMEgzUml2NXdTMjZGRDY3TlhvMFZkZ04xYWNCTDE5QjVWSVJaSENLeU9LMFBwN2w3OFhfcVl4T05OaDZYemZkYnBHWjZySG1fazhCM0xndW9lNlpxMU1IZFFlU29OWlNicmMzVDhtUmh0REhta1RBX00tMTVoMktaa3AteGtiVGE4SnVaUEZnY3djd1VNM2JTLW00V3JORDQtNVJ5NEFOOVZXVTRiN1hhWWc4d1FNODZ0bUk0QnRzSGVkb1QxTGNMSWJlQWtrNzB2U1o1U3JkMWtoNVdtQ2tNaHdsbnNrUGhhVEk1bkNGWEs4T3Q2em1GSkg1MGJLUFNucWlMaHVuODlkU2tJbzJCM19QOUMxcUpXaS0xdmphd3RSelBfdlcwaHBISlowWF94QVZrQ2pJbFU4OVoySHM3aWljUlpZdWstd282VDhXUm8tTHRBaW41bXRIbTFGOWhJNUNJczF0M2g3dWRRZ2xMdE8zd0RwNElCcVpyZ3M2UlhfTDdHX0E5SzNlT0lwREFxU3R0M3QxY3JFaWpjUmhQZzNORkRTeVFSZUtUYW5Jckl1NE4wQ0pSWUg1MnRxUE5IQ1I4NE1INDd4RGxKMkZzUC10aHpmWXdhSnJtVVdrS2hBNkFZSEx2VmdMcmJZdmZ0SEk0NmMxekp0NER5cjZ5XzFJVnd5eW5iUEZVM215cDJJeVpFOHFqQ1NRRmxjNUh1QzRxYmR6cW5xWTIxM3gxd19HZ3pUcEhPRnpRYnJlWk5qWjl0VGFDeF9vRXR3NXctcEFkbTJzOTlvUHdqaHJtYkJRQXllZ2xZUExwOWp0STZkY1JfLXBKSlhISTE0MzBXMnFPU0lkaVBmSHZRUzBiOUxENEhTaVZaN20tM0J1VlVEbm82SGh4bnV5MjV5T0drX2cteDR1OE9odU1KNEY3MGVYVTdNNUp6dGM2aXVfODBORUhwR0xxSWFyUWlWUWJnM18ybGMxVTlQVkhpWWQtSjF6MjlvVkc2RlBaTlRUWVpsQ25XMkEtVnB0YzI1a0RHdVpxSEo5cFRwVDctTTI1X0VLdGVmUjg0enRrTnEyV0ltTVZpV1JONlBkY2l6NW9qWmVrYWN0SXgtT2NCd0FiVXRkN05tRVNrMEVlc0FXQWp5cHNjWXZ6ODhQMF9ULWI4RG5KaGg0OUc0Z2dWTDhpek90bl9QU1d1Qm1LdTRJeWV1V05uZTZGR1RtQ2pyX0t0cmZvQ19NSUd2a3dHbFVvdWwtSWN0aUxZMG9CbkVKWGgxdVFDWVpmSWRwTG5nbHVpQms1ME9FYXlHZzMwdEpobmtkZzRYSUxqdENEeGNFQTlOa1hCMDRTV0QxNGNXaEFWVlRiY3p4ZFpvWWJnbEM0aUVONWRhWDEySFdKZlNSNVh1ZlVuQkpUYzFvbHFUN0VwemhTMXRLeGx4aUlzdm4xaVBOZ3ZFOEUwODJIcFBuOGoxcjBsVFF0OC1Fc2xfeTFnZlRiTEUzSXMtZ2NDNHd1bkMwR09MaEcyMkZST1NsRXNOQk9KV19nTFB2RW9nRHVoYkdmX2dmdHR5cHhnMmcxd25PdUREV1N1MURtY0ExaWdkQ0Q3MGNtOUVEX1REa3lJM20yelNhejZBTHFUQl84czFxSkEtakduOUJxdVpMRkNfdVUtUGt5cW9wLWJ6M0dyTmhhcmxtYTc2NlFoM1lIdkt3YjVvaGQ0OFNaOF9WWEI1T2xiOHRwdVdUZUFSMElybU9kZGs1QTFpYXFoUUpkZlNjLTV4aFBORmxIZ0hxYkMzcXI2dVhCZGhGNE1XMjVMdTN2U2xUczhuZ3N0SVZlNnQ4YkxOQmFpWjJTY25VR2UycXo0cjBzRy01Y1p5a1RKQUdsSjFwTmhfMHFhWDlEeF9qSmd3TnpqQ0FYaGRreWphVXhwZHN1dW02bkJKOFFUaHBnbDlVYVBfcFNtZzY2Sm5qSmJLeVRVUFBqZnF2aTJwQlZjOXV2ZXlocHdwdXpISGs5S3FiZHNPQkxGMEo1X1NBdVFQSllSdGg4ZDJTLXlGRVJsQ3ZoeHRMUTBOS2R2QldqV3V6Vmt1dmQ5N2tySVZuSWdaczk4V1V4TG11d3YxbDBJQ2FLNEpYVkszYTIzVktSeXBPZ3dGX29IMC1rVzlnSGpKZ05Xdk9XUzFUdzNqMUMtMDRhanB0ZFIyU3JnMFBKMnE0T19Dc3pCRGx5c1VnZ2ctV1dxeFJZdkhSWVloNXdqQmVmcVRWbjNESElEaGp3cjBXaG15WG1FQ2oxMW1UbFQ3VWRUMXVoYTY1cTZ2SWJCbnJ4cmZSM3kwaVA3Q1d4NWk1QWY5QVdfaHdnSGJLN042WlliLTEzODhWQ1dIcnZrQTFnM0ZOVE1nTDRVaHdNcGZkRlg0SGp0d2ZqRGlEVkxuVlZmSVZwMWNnRGNTMUVGV0pIZjVNSzlnZER2TlBsZVFudEYyTkU5QTJoVjhPenhJcktHTnpRVWYzQXdVZ05sZUduMl9VM2EzcUtGMzY3bWZwckltUDJ4ZGlfa0E1Mnd3VUF3VjN3alZHUndaX3RfSC1PaTdYMDZfcUoxSnNtUnJUN0stc2ZKNHRLWFdtemVCZVUzUGh4OGVyYzVHekE2R2xyTHlkSmhsWnZNdlJSRGR5MVc0SVRTMXo4R2EteUdNMlZvaURGUG1Sek9qa1B6MXpONEFpYzR2Q1JqQkFPVUJqb3J4VjYzbndzLUNkZm9rUDEwZjNCZEVKUk1tVkIyWU5NUU8wTmRRM2pPTU9GdE9fOEVyYU52WGtVTzJ5VGp5RUxkaEczZENCTWVxSU92Wm9NdVVNMkV2TjFfMjFrazN0VHNzZ1AyZW5oYTJQdi01dVpXZE1SNFdodTlfUlFTeTFtVUJIbXp5c3BfZVNDT3QtV2I5R2Y2c0RYZWZySXVhMURNUlE3bHhfa3otYkZtZ1E4WF9lZlhKeFE4WWVZMFQzNXNXVTQwZnVwTmo2N0tfYTU3UG83QllQT0lQMlBxS3ctRldLaUdLWl9NUGYyck4zQVRDXzJodC1Vd2dEcGJ0ZUY3ZENVU1haT0J5ZGVLcE5zRHd2c2EyRWVQZ1dLUjVtVlJxUUxuSEJxRllSVG1Vbm9QeUdRWDNXekRPNTVtRnY0TXBmOTZKeVdrMlgyUkFoUVNrcFl6MzlDX20yX09yeE90QWRVTFlJa0lqWlhEWTVzS21wS2lNYmk1U1pMUGpTMElBZFF6SXphdlI1TFBJWTdhenpodzZWM3dnVkszU0JiMXlhUzExRnEwT1VnaWpwaXI3TVo5OU5qNWlVLUtnS1JoZUNJZlRpRDRRcG9OV0F5REl6aXBnWlhZMFA2YnNRa3JkaTBaaXFiaDZQSHFwdlRYdWxTV2M2UDVUUlZUdWZ2Q212UUlOOVR4ZERKamVWWERjb29WSXlGVjFGYUJXRGl3SFU0NXZmTUpWTUpiUG5ZSWNUakdDeF9TQkllc2VXNGlNN2Q4Zld2MmlNbGY1bzZvVVNmNEtyM1RVdll4a2tXR1B6T3NGcWJXZ280aHB1NU9RTkdhR08weVZCMmpQcjBnMFYxTXMybHVwRWIwak9pWU9Mb05ueWkta3NQdDg1c3ptVWpwdXN6akxqU1pWX0NtRERiY2psZ0FFNXhaZGpQLXpCa1Q0Qm9XOEpEcFJubDA3V1JNT0JWaHd3WE1GeG5odDNjSzk5OExIU1VSR1RDZWxkUDAzZElzRlctbjA4WFlGakdMdTNSVERmOFVnMTBJajVlelE4a3JCaG5laDF5S0FHdzB6ZWdUblI1UjFGZFNlcldPRy1BTl9JZkFZQ1JHbllLb0pISWFwbjZqYXhicjRNNUgzY0Fydlk5Vi0tU3RXRDBRaHZVVXZpNkxRbHZGazJPeGhHM1Q5UGh3QjVYY1A0WDl3WkNmY0tfU25aMmRIWFd5SWY4NmxHUmp6N3dxalFFcFNvdUhfRXlYMGRNeGdYLVoyQWduZGxFR2h3TkR2U1BNaXZYb3VscWRpTFdSUmU2Zm0yZGMtdFlkM0lnQktoTDdJYURGRWx3Z0pHOW9pMFZ1R09wNG9TSFphZXFWVDYtWWtRRl9TU3JIZno4Wi1RU0t6UmJrZUNBZHowalRHSmw5MzdnS2tOdEc3WTQySTdfTGxpYWV3LUpkTEtYUFk1VHNRZHZWaTFZMjYyZFVCMExBU3RPdzM2SGJZNXI5UjlFanhVZl9XSkxObzd1a1gwZVJfZ2JIaFVqTG95LUhtSW5mekdHRm5QQWdFRmdtZjU0bEdjdEFIcERJVEZNYWUwam42Zm45NUJwejJsOW9iN3JCbEpLV29zTVluLU45M0t6c21ZSEZBMm11T2RtRHRkR2VmX2hwbG9MeWpYUmRVbk82R0pGODZqcGFxc1lTSGNtUXhLbi01NjBlT0UtSDI3SC1hM3VmOElrbTluQkZIc2ZJRG15ZzRwWkV1cTExNHpjSTFMX0M4NHc1bkE3Mlg1VHplZlBkTzlHNjhlYVpySUl2MS1LZ1YwMU0xanVVaEJ1YTV5R1I2Z3BEODVjRnBlZDVOOTd2ZDdKMF9nUlhrdjNBMldTWWc3akl2d0RIekNEVHlmeUowTXJWM0Q3RFpDUDZ6LURXMGhRUVhiUkdrRVVkNGxldmZuODdnRGhoQlFkSlNTS2NFeHMxOVFyM2xST2JmZjMwLURxdEF2Ym0yWlhBZ2UzODRBY0Vva19MNUVrem9LNW04dy1ySHRybFlwNU1HZmZKRGxPa3Q5amU2Q2QtSmY2MnFtSVhIbWpwN2p2NnlkamxObE5HYlRsRF9GMmpPcWVia295RFVJb2RmTzBCZGtlaGtnNGlVazZqdjYyRTE5MnF0YVlZOUgyaDF6UWRsLUxhU3JxOUhSX0Jfd0oxdTJmTmI2QkktUU9JM1lVLWFHMV9qY0hkb2NENWxtM0lEZDZJV25sZGRUd3ZPWmp1ZXBWQ2tKREpRWGV1UlRtM0E4bmJXem1GVVJLUEhkeTlWSXVNTWdHeUE3QW8waXlSR3dVS2gtNEE3ZGpxZHF2QmltdkRhTUNsSG9yTHRPVDRrV0xCTFJsZWZfa2dOOTJsdHF2cWZHYXNZQkVkS0xvLTB3XzVaZjk3a2lnWVU2SHdsYjhUYXU4d3pJSFV6a0lQVVJzbWZVbVBsTGMwRmdBOHdZaDEyeWo1M2NJdloySWxSTmxfZUJod24xT0I1UVVXUlhGaGYxdkJHOGx2N00zRnlYNGdUd21xVDg0Y0oyTmRRRkxFa2x6aXBlQU92NGZ4ZXFKbmJPUlRwaS1ibE5BMzlQMVIxV2JoS1V2eFZsMzJ5akRnVkNDMU10N20tR2pMVnhQZFdGNktCeGNtdXZZVFRGcTNmWHR2NUYyNElvNmloM2JxR2ZNeUpYaHVUOXBhVFNrc2QyZlczLTZESGl6SVdpVFdBZVptZi14ekJONjFoNHE0NFQzalpNc1g3RFR5cHVzU2xjUGhpTlFRdlMxOGRKSWYtNXBnVXlOa1Bjb24wUE1heXVpc3RBS3JGZDA5OWxjZ3hqeEpZUlIxcWc4WVF3VXY5a0NfbWduZ3g4UjlFMndHQml5YnJrWmtuV0Q3aGp6a1ZqMV9TR1hEb21QOE9FUmNENFE1d3dSVndLZmxfWWNySFZwSHh0ODhLdnlOUHhuT1hvN0F0Y0NZUUZPNUpKLVlsSVFHNXBkNHBxLWh4cEVuQ3NGdkJpSHBOLTBnQjBWNE00TFE1TjRCUmlDU2ZzTUlJcGZFcHYxa0s0dWRmam43SUoyOUlxdjA0ZExtSmMzRmFxQ25DWFh1cWVkeTVJeUJ1TExrYVkyQzhfb2xOakN4RkZEVXQwV0luNnNTdEdCR1NLa05KcVRzMFNkeV9vNDc4WFFCaDFnNkJQZTVKNGp0RldtaVhXR0tiMkFrQUw1VWxHYXBqem1McUdxT24yREtoR05ISEhaMkFYQnd6aEwtSHAxcTdERktRSmFLTE9SWEY3OEd4WHdvSUpfVjZ1bjhRZmxHek1EWTZ0OEhpQkpsYmxpWmlvX0JBZkNOOHY5LWVuNHJwQ29GVEZWbk1jVC1aVnFHNHhxaUpjTXdRRmVscS12QmN3LUlISzBRWkJlWU55S0RZN2ljdnZFWXhNcHlJM0MxZFBzTGhnQkVRa2kyc2RvMmVKMUxwZWRJRnV6QXpiR1BrczV0U3F0NmNpVTNNZ1pBUjZRQ3hLTW9rVWMxeUk2WjNUTmhuU09IQVFPbjUyTzF1M2VaS2ZQWEtWUEg1Y3FFTmJKZjVfUG82S0hueVR0el8xQTlUbERJWWd1NE1uMHV2TGNBNzlRM3JjU19VV0dyZy0zVlR4TDlYNVZuUy1oVEQ3dk5rd3pCcFR1eFI0R05YSy1SUWJNdGE3V25wdS1ULXFrMnpqZ0hNdmRRazliNnVhVm9LZFEydkNvaTMzMjlGM0ZRckozbUoxd1RBTXBqd1M2MkNwbi1pS0NqTENhd25IU3NtRGRSNjAwc1FHTGt2RXI3WDBZT1ZjR0ZZLUs4YURQNXRlcjNfd0dFeUdVWklFaG9tMEVUMVNKTy1TWGZtWDZOU0lEc2VYMVFyWjJ3TjVTT2x6WXBTNjVjZzAxSWZyUGZnX2dYY241V19aM3NBQnp0ckQ0MDlGcVYtS2JBN0p1VlNFT0hoUWNfSWwtUWxRNV82OHppbkl1aE9SZUV1cGZ0WmdRT0M3U2tNemRJRzZzcldfajQ1Z19nSkFWekladWUtdmstdXZnUDlmV3ZHVmthdVdOcEFTY3NSS2F3bWJUWnQwWXZpREZOZnJIbEpHX3ZwNEtQdmg5cHRyc2hTaVFKZGxqSEFCejlDTGp0TVFMRWI3UTlPcEV1M1pjcDZyam4ybkJQdnhtdWszQ1A1bmRIM0xoTjVwYThGd2ZSSlZreUp6SlNSYVExRlk2OXZ3b1IxY05sWW9tajZUVHJCM3MxMDdHamZjdFg4MEtXT0loanUzbTBRSWtWdVFEdUI5bE1OUTZaSDg5elUteGRxaFkxZGRvR05QM0dUSkZSSWxHYURqWFZXa1VGcmpRUEpvX1dNVFRpZ2U0bko2Mjd2ZjZxTEp5RkkzVno0SzBBbE9VMjVhelBSSFpxQWo1c1dBZ2RQQW1NY2hKY0RCV0RoSzB6UG9MLWN5dGJfOUVoU2ZDZmc1ZGFWYlhJNUkzREJSdXlKMnZ4RXlOMy15bDdod19FTkpCUmxmQW55MEhXc1U3UVVQVEx0aDlsRDhmWXFZeXQxLU5ZU1F5RFdmdlZxTkdoVTBXOG9mN3NqdHJYYkRBUWFSZDBBYVJMZnlxUG9kYndxbkt5NzM5Y044TmVCRkpvSTUxcEtZQkN6bTNSWFVVR01fX2RlYmUzMjlnOTVXWGhCcmVld0J3bXdPUV8wQVlDSzUzQUoxVHE0U3Y0aGRmSDRmYnJPOTRsZEJURGhmVjdIU29wNUIwN3VYTjEyWkF1VkI3OTQtYnFHbDMtSTkzS1NLU2hIY3huSUN1QWJDZFNGYnFhOTJvRVMyTlZCNk5SeGNHNHVPLUNMZXdUTEg5VHRZVE1zcUVaRWs5NkJibGJ0aTkwcTlhYUxOWFhQWWstTFR1SVdleC1SZE5GRXhZbDlpX1RPaDlOSGREZ2ZDWVZGeVprQWVRUzZsLW9QR1BZWHpleFdPbnZPZS00NTR3WC1LRFdEVlZJMHJzeDZRU19jLWZNdWppVDVBeC1KWlFtbkhMY1VUZlRJRnNqeHhsWm9uM2NLdTFSS3h5RURwa3BWdmVRNXJPbkNPZVZQQlZWdWJGU2hnb1N5aTVLdURoNldHZGJubDNpT3dobnluVnk3bnYtRXpxc01pbDlTNkk1NHc4RTVJLVYzRi1TNmFMM2ZwNEFhMkVHMEdXNHlGWTZCSzVjWU1sMzBWSGdhWjZmTnlzZmhoQ3FoTkk2WEU3ckc4UFJUUV9BZGpLMXE0R0l4anAtVUx1Rkh1Yll4Sk5PZzNMNlFjQmFUdTVCdlM4S2lrM0hpTEdaQUIyTWJrcDFCXy15R2NMeFhsN3FQVk5TQzIzZ0U5WEdzZXBxV1NUdWRJSkVzMlJfVHZuWEVCdTZMREM4bE1DTlpvYnY3Y1A2Q0xtbkMzRHk2akZhU1F0LTVpZjFTTVc4OXc1Uy1HVkVOV3ZkNU1hcm93d090SUtERlZ6TVE4alppdldydEV1ckVkM21LR1h0M2YzZXZKek9nMkZiekZJb19JYksza2hqOTRJeENkVGEwbnByRi1aTzVlT2NUS3BuRUNaSS1WX2Z0MGFpeEo1dkZ3bDh1OGNRelB0NUdhOXN2d3VMTDRnTHg5LVhvRHpqRjNrY3V4T3M2RXZ5VWlvOUExRC04dzc4OW1MbGhIWkdNX3BTMTQ3dlk3eFc5VnVucklrSUY1ZlhYOV8wZjBRMXJuZEktZ2FSM2h2Z2tMN3JPOVBoTnBUOHRkX3RNMWhrWk5yUWVFLWJHMWsza1NCM2Fmakh0SDJRREdFUHdpZ3RRb0VGTndnQ3lkekg1Qmx1UVJ3TjhsSXNHeThkLXg5ZVI5X09RZUNhcHRoNUM3UmxKMUstb01QVHNTbm5sbmVoNDJZcFoyOUh0Rk1CTVZvcVdtVk9DR0VxSHpkOVd3QXJ6YnJaQ1M5TjExellyNkxFcDRQblRkQ001Z2hWeEc0NmZCNjY2bFBDdWRnOEtCUzdGVHBSYkNtZW5uMFNsVzJfTVVsd3M5aUs0ODgzeTdXbmtFYllQSzlKSk1ZWFpEdXU5eHNmcXZvbC0zRGxfbjNkQzFUU3N0LW9GU2t2aUxoaHFscUI0YlhGUWxaaFdVT0FFTmJIR29SRHJrQnp0eW5JMVBJNkstcVdKdi1xMGtURUpZU2R5WU5jT2pYYXlMdU95UmFnaXdmQnpvOTJGUVJyX3piZ1RNQlE0c0pFdWRuVm16YlRodDhVR2JoaUh4Vmo3SFpFX1pGTUNHRWtHZG5CY2cxMUVsNnVQdlctRjRwSUVBZDdsanZXTnIxelhkVFpPTFNZell4VnFWWnVtLVNnNllZN3oyemh4UlN4NUttM1UwTTFrcUNwSHFqRWhobFZzalJwMFE3YkhKTTJBYVBKTGl1RjF2V19BVEdmcWFXZTNhbHgzb1VrZkdLNUJ1Wi1TcjZLLWxqX3czRDk4OEJSaEl5N0wza1RnR2RRaWp3NmcxTWlLT0RmZWtkbHN6YWRYN2FVTzgxam4zZXllbWYxUXRsenlyRUZCU2huYW9zVG5hTXo0RmdsY2lEeVpZLTVQX2ZOODFHc19ZUUxWZGVwYlJ3dGF4VWFkdkdLY2xzM1JGQlJZQmloTDNqcks4TElTd244Vkd2YVRiR0N3dUFTS2EwQ3lMNUJiZ19NQnI0SmdOYXE1cVVpZVExcjF3SjlNWkVZTzB6dXN4VHhyMlVBOHg2eVhmVVJGd0FONjVlVnJ0emFtWGhGbWZ5Y0tZME1RTkgxOHYyazJ3b0JFRkRud0hRaHRSMjEwMkd1bkFnMV9uMnZtUmktRmdtTW5ZTUk0ZmVUNDJMSW1PSXZja1VHN0dxSHV1dWZRc1dXS0lKNTAwNVFaS0NKS1hFdllzYUlIWHlDaVZPTGZ1cnk5RjBpS2EybWZrNjhUS3RHXzhma0REcUV1V1JzRE13eXVZZzY0NXNCSDJVUm9HUmR2bGhVcE1kenAxM3lnT3BSSTlqSG1pMVJXUkpoaVZydk5oM3pjUHlWdGxQbjdWNE1GUWtINXJkMl8zWVZkX1FCcnQ5Q1BKOGZEdmRjeTJQSTd2bFV5Y29MQlowQ2RlMUlJaWdlNVRFdTRvZ3Z6VUZaQVVfRVkzVVlIOGZIVFJQcjB6M1RrX09JeEtUZ2ttSE9MRGZoVnJaNWl3MGdqTGpJZ3V6d2pZeUFfY09YN2pOMlV3NS1uZVpzbWdZTTZOOEQ2UUozVFRRdG53LTlQbjhoazRHdDhLY0dnVFY5N051UkdhaFNxQ0d6OGppb2IwQ21fcDZ1c1gtYnVLSEQtejdhdVptSXlGUzRDRWFpRHJaVk9ZZGQyWUZabThaeVdWV1NvWHlpT2sxamNQQS1KdkJnVGtDUU9MUFp2U1drOVBMandBSHFVOUcyMXo0aXlQSEtyWjBDMVVsbUhRSUExVWFXWEd3OVZZbzltSGo0bllkY0FGa3RjX01IVXBOR1M5c29CUjdISWJpQVZhc2QzeGZOUmhrTW1FSFFnaERWSmxXZXk3TVJtdWliNEI4a2ltZDVpeWI3TDlHYndlSmlweTV2UHdxNGZZalJERlZia05vTDdZNTdFZWdLeVMzdnFubEpRV1RjS3h6RUNSTzc4b3Z3aFRmRU55XzNYNU9YZWRpenduM0RuQ1FTUnlxOFhnRFpyRFpENldMQUg2emNlejZnU2ZoN3FBLTB3NWFNTWpFUmQxdUFaWnlLUGNuVXJUYmhhNkd0dHJXdTVsVFB0QzNIMGhwNVdVWjI1bGNGYnNXNVJGX28yY2l0dnVTNzRYOVpSY3dYUzlDM2pUQWVDVC1uTDJJS2RVUXRGNnFFd3hZcGVmaGVHb1k1czZOUkRlQzBRTlJWWDNoQmpFbmF2dm40OFNHZkF2QlhNTG8zNThfbndXeUE0YjhtSVJadWU0Ym1Qa0R0aU9nWUdPNHVoY215aTROWU5kMVBUaENMVzA0WHFWb3pwQ1Vva1NueURYb0xMNFBnY1NpQWZMOV9nb3pwSHBWNGhQVm5hM3RsT0c1WEdmcFZscTNacFpEM2NENlpSUzdVN3hCSTdfR0laR2t1OThGWkRsUEVsRk5xcUV6cWlWeHFiUnF0X0prN1pBLWJ5V3g3ZXVQWVhicE4tLXMwZ2w3SHFBRnNrQTNCQW56ZXFyaHA4Nm1SbFc3NjZnMjQwZTg2S09hMFEzaGRkcG8wdnp5OFVxTEpCOVZURkNpNzBQdzN6WlZPdWl6OVVWTnc2UDRPVzRBYlJ2NWZYYVRzdy1PY3lzMjQ3YkRsdm9sMDl2NDhHa3ZSQ2ttWHZDQVgxU3R4X1FyNm5GMmwwcTBPVGNEU2FiVTJFWjZmZ2F3MGsxN21hdmIySFA0SkVtZnZwdkRwcmd5T1dUY2NWMDRVT2NBMDA3eGpaeTJNME5uRDZMZzVScFYwaDN0VGJjZFpHaHJXRG1icHItMkxhZmdiWG5wcXJ6N2hJVnhwa0c1Q3FaSVNJdnFYaDd0M0pxWVFGLU9XOU4wT2VqSmhsMVhvMzJlMFVOM0JNVmpzMnQtalU1bWlMSEVBYk0tUDd6Qk11WWdRY3JiRW9VaU40elFNdTBlazZpN1Vfem5ocUhDOG1OUVVnakhWSXZFelZyV0dRdjZhSmxfSFRUYUxYVmxKTWdGbkxfaEhiaFdoQlBxcUlHcXNvd3JXSUxVc2ZXUmtOdG5FOWhRSkM2OGtvUlVyMGs1UTlYd1RkZk1uNDlhNXgwRWdGcl96TTNIMjdXME9wLWs1VTlrLXZfa1JyVmpQSG9kcmRBZ1lsMTJqYkVvLXFqY0lFbFQtOVZGRE5fSE5BZ3dqMGJPaS0tTi1CZTRybWFNclZhYWh3ZXR5bGxBNjNGWlg5NWxoNGJzdjNKT01lNWNCTHRRU3hWRENvNUZVNDlZRnRhelpIOHA0S1hTd1MxZ3FnRko3ajd6Zi1iM1BfMUlLZFJfZURCSmt4RWc0UUFXTmg5UkdXU3BrU0lTRlZXZU91VV9DdGlVd1ZHRFVZSk1YWHd1RVA2V1RDcHplRnM3MlRMVkZUN1FJbkR2c181dTFRY3gzaUpFLUxBczdDZ2R4NldVZ2F2YmZXbkVpckpDanY0NlhtczZPa002Nk9OZ3U1YmNTWWtsQzdiem5JSFZpbWpxeTVXaVNHX3VISTFQdmVsZlNUdzFwM3JQekxQV1dldFlFeXFNbUtHM0lBUWRMdnY2cTVNY0lLUzdQcWhHYXFQWUR3NDhpN1I5aDNfelFjbDFUNU54ZTdCeUF0Q2ppeGZzdkRrenlCZm1CYXZza1l4ZWhNc3VNd2tIbWEzb2hab2U0NktuWU1KWU9JVmRHNEtmSEV4NFRnNzFwa2pMSkEtNUlvYlFIYU15NmNYLUxiUlVvRVlkaG9rOFY1WEtKdHpiRXlxa21tWHdLZnRHaWFEZlVGX0Zlb0xBYW9leUpCVHFfQUZ1N0pHNHNrdjZGaFAzNUN4NzlpWktsdXRCNS1aS3RJampEVnV5NmQ5TlpXMFRQYzNZY0VZdnJwLWQ0cVg3WXFiMFdGSGdnTGkzODk4akx0Q0pKZGlRbWdOTjVQVUdTNm1NNUp5LUpFQXYxRXBlNGFSOTY4MXM0dktac3FSbUljUjMwemotVDhQeUlqVlBhYkhyVjVlT0c4clUybUw1YlhhRkNiUGUyLWU1X0dTbVlaZ3hfSUlxazVMMHRTR2dDd2lBUFFiemdXU3FYSFRscFJwc09ELW1VZ3NwVTdxMVBENlI4NDB6a3ZFYWlOVlZCSGdLLUJkZnVuRnl0d3ZIRER3YjNUWldTTzBTbG14Zlotdkh1Mm16b19Gem1ZQ3N6ZkxqVWNyMmluRDI4aU9Jb2RSd1ktS2tuNXhLamhWQS1xUi01STNSd0tFb2EwZm5sbnluOGRfOTZKT3NRRFBjQllvLWJJN1dfdGJqd3p6TXE4cy1HS3BrekpSbVVJb0FRdXZCWm5TbTh6c1Q1Mkk5UkgwUEx5VzQ5aUtBRGhjb1ZtbkMzNkt2REZZVVlLU0IzMHZfUlk2WmNUQXlPSXRfVjQ3QndtQVkyeXZ3RV83ejQ2MEEyY1BTeGY2c1hRbGFPc21Sd0xGcm9yWVNHM1piYTcwSTVkWG9ha2ZETEc4ZkFxZUhIbnJHaHNnSlVqa2JYbG1rMFJBQ0s5WXlLak14Z2ZIU3o5S2ZtY01ycENxZXdTbVRhcE9kLWM4aW1RYmVveWJZamF0LXlIdE9FR1Ixai04VUIzb184YTZsOEdkQ2dJclQ2Qlp0WVpyYm03em1vV2hDT200Smw3WEFybmpCYmFLYU5aNy1hM2M3MDNJVjRSbGVpOTd5QV95blZVWG9JQ3A2LW9iMWd5Mkl0T2ZlSzRwbi1VOVBjdFEwOXN6T3BnbjVtYTA4YlFiZU8ySVdLT0NtOEQ4Tjh5S2lLeHZNbUd5U3FmYUtJY1JNNThHUnU3OFNCQWdBMkMwNlVTZUdFU2I5VFo0b2w4YVIyRkR1cHU2Sm9zZFh1RzVFSnd1VUFVaVB4OG5SajlSaEdCTUZKc29RejBZUndTWWpQQlFLbHdyak4zYTZDbTIzMTRaOXhTYkk1eW5MQ1c0SjVfQ1NLS2NFcnd0ZFY3QXJ3R2tWcUNGX0lDMjlQN3EzZEk2bmRSajJtQkt5QTB5VkVqcVVzcW9pYXdsM2puVlBjeFV1eC1rZFZHbnM2ZU1DdHVJX2I2UWtlM3gzRHRWa2c3czNJQ1VEaFBjS0lnRzdWY2t3ME9ORENtTVpmV25qUmhXWjlfTXY4ZXRzZnF6SFVSTkNWTlFBMkljZkVIRUJNS0VhbGtMSXJNZGFPNDBCeGZMR2VLQUMxN25aSFh0T1JUblcxM3FNcGE4X2w2X095SmprMWVsY1NmYm95ai0wV0ZVZmY2bEltXzROLVhGMEE4T1B5RTBuaVZvekpVRGJ3U0t0TUlJZDJqRjBiT0RKQkppV1EtcXlHdHVTNW54dDRQT0lWQzR4UmZhTnpZc3Q2YXRrUmstSTRybHpKcXNIemJuTGFpVElJRkFadnlJVFY0VzhoZ2hJaHpXdEZoOFZiVlJ3VVg2cVhWY0x5WGlXaDdOa3Nwdml2ZmVWYnRWVGdwZzlzcTNRdWhXZmoxMG5PMUoyUWlMZ0s4dXdRS001R2lHYlh6dzEyUC1lV2o2OUt6M2w2VVo3bTBTalVMOTJ4eGR0R0J2RGxEd2lJLVc0WjlzSV8tMWNNQVFWS215SHpfOTBCUF9CQmZWbzJkUWVrWE41bU5WOXFLMm9XQUs1TWpJS3NtWWZuX0FpeXQzWWUtdGFIbEdEWVg3R184d3oxVXpUdW5MN3hWRnE3eEpBWHJqSy1LdEdCMjJpZXVfME5IRmtEdGdPSWRaTFZJMlN4SUJwaE5Gd0g5WTdKQlAwS0F3d2o1M2ZyanFDZ0Nvamw1TEZ0UElpMzFKS3JiTEJxUmhSUW41RmxQNnZtbmZBaUVHTFR2U1JLNC1jTVZmdjF4Y3ZONjlOT3hYZHI3cWZwUU1aLXFwZWhaMFl6bUYyRUQ1bE03Q01vMUtvYV9yN2N2VVFnZnc1LUxnNDVMSkxEQk5LLU1aTFZBZlFOOTloREZhUzRTNlRmeGczc3g1Ynh5ZE1SV1VnaXJfNFN5M2ZZeDBBeDRrU244ZjlPTFQzN0hNOGFLSTI3NG9XaGVxSkQycXhzX05ULWYtQ04xYk13YVJ2dFl1aXVrOXYxYWVZdGFRX19xN1V1aHlCeDJZYm15a21qZDB2UVRYd1E5MW51VVdXZjZ0NWdtanR1VG1fZ3Q0cWVLdmdmcWY5NVVFcmM5Umh0dDQwNGhKNTg1Vl9hSUVOdnJpSjdtUF84NU5XWldoYTktSS1Ja1BaUGlSTTlzT2Q4T2l4aHIyYzA4MG1rZzhpZXBiOEVhMlFkNjBPNGlaMnEzTkJkWmNwT2ZjbkdhMXZidlhEUTJrZWtvMmZXSm92eFZUWE8yYlVsMk8tSTdESFBpUVZyYi1QVm13dTVrcGt4dUVOWVNRbE9QNGJJRkhQMkVlY05wQnM1QThjajkyR1BmYjNnUXc0NWNnaTdoekF6QTBmcmplWkFkekJlVGpiUGpIZURvb3NSdzNjdHhTVHRlUGRkTzVsdzJ1eTQtREEzTXBDWk5weTdOZS1YUGc3cHVwaXA5ektXZmJrWGVUcHJpTU4ySE1QNTJPUUU0R1d4eXNNNlVSbHdDZ0d1YW5SNWJNOVcyLXBwRHgxbWlEVTJyQ0dIemoxdWNjYkJmVWVvdFUtdmk5bkI5Rl9TVGVqT3oxbjl6UFpsbXJDMVc2Y1JDUV9OZzhCMlJBeGFEQmlDV0U4Tk83bC1aVmFSZFJ4TkVWbG93RmNQWWJzY0ktVnl5ejRFX3VzR2d5OFNHd0l5Q1FtOUxsZnVCS2t4bVhCTjFGV2lCTzIxanA0VTU2MngwLURJQTVadFBDZFFnRWNVTUFwZ2x1dkpxZEpBczdmTDZneE5tM3M3TjlxRnYteEJ2LXJsbDlfSGZrcGtWUktNTE1OTXBDd1lvUEFiUEE0N3FVMDVBOHhxQzN1c04xRGw0YkxLV0ZsWndkenI2OXBSUHZ3MWlHS1g0ZkNrd2d1VXdkc0VndlVuU1BkcldNLWJSRWdPV3pWa0hnYy1PSnpmUGM4Ylh3c1AyMC1mWU92SzVCbU9ueGNSZFg2aDNTY1VOV0FCOWl3ZUpPS0NzQnRHYkVIVkEyc0FLRElyd2tyZks3U1JwSE1odURCRWRUREYyNlFKWUhDY2ktNDRiMlVjRUZGaE9BMlBfYklqUjZ1LVpyMUNxMFVSa1R0R2kwTktDWjgwUTZQNi1sUFFvOVRFS1dMYXIwNWFDSng0dGV5anhLcTFZZC1XNHFyaEpIZ3duZi1WUjFaZE1aWU1Mems3cXVJRDdMSzFvTTlYQ0FtVDNwM1Eza1JuSWFsc1NRNXhUV1hnSXFUd1pwdWMyX0N5MENHcWtyWkhHSXJqT1dsUUZZaW54WkNxcVBBOVhRVmdwbGtXOFRJRHRNZHFyd3ktU05fcmFFcUhQek5ncjYyamFqNXpCbUxSUkpkODFqRTlpUUlUU2ZTamljZkhHS1NaT2RjTEFRRnZGakR4akhrbElvZjdMb0FqSTVVMlBqd29uWEI2S3hJQS1ZenV3UTkyR1hXUUhDTU5LMDBYd0lDazBiOFdVUXpaaGs0cWZxeUZrbG81TFJ4c1Y2TEJwZWdyTDZyUE9sdXNoNnhzNzQxME5HN2RiWWIwZzFsVW5RNFEwZ1N3SWdBel90Y1ZEWkZrQkJNY2ZWQm54SHY2SW44V2RjRXRxVnY2dmM1Ykp1azZNZkF4cFVObWxVbUR4UHdDSmNVcllHWXd2N29objJnOV80R2ZIWHhXLWNVYXdzRVd3bVBoOGhncUZ6UGtKbENIMDhiaDdNajd6QmhwbkJoMVNvTk1FQmZWMXk3dzc1c3NESjdwb3NibjlrckVhLVZwM3hjOVhKY1dxS21ESldCMlVjM1Y3bjUxVUhnSjJJanZIN2dNRUN1YkNXSmk0dm04RURjdDFreHV4bFBSU2FHN1JUbVBxWUZWQU1fTW9ZWDRYa1BmOFB3dEhkbXBoM1dTaUdtYnpBREI1Vi1KbzR2Rlg2TklYYjZqSWVGRmRmRmJ1TWJ6RTNwT3NKXzEzX19JRHF5RldjSXBudWVSZHhxMUJCZ3NvblFvNExuZmlPeUJScXpSX0x6X2hud0NDalRPbUg1cGlkcUVUc0o0bENDNjhhcEJ0UUozZUdNTUdjbi1ra0FRTXNGYW5sQVRxbFJOTW5sQmZsemRmWVZlbVFuM3A2TXZqS3A1WmRCSTEtWWliT2pfcGhZemtpdExMVWgzbEd6N1kxRjlpVGIxLW43cklST0kwajFnVTBaZ2NnZGxuZWozOTNSUDlWWWNlMkF5SHZ3R25PUmxxdDBZMFlwRFdRMU1rc0c3ZnlCTnZscUJPNU1wR1ROQzFPZXNwTktWaktxY2ZHb1VETlppMy1zTGhSc1ZMQkVyS3F0eUlpbk9yY21DUWhSMExFMGlXVHRIQVBnSU9FM3ZKWE9iMDlnQkxjcW9ZdTN3WThPaTRlWkY4WWdfZDFIeTNxOUlOUFpCcklRa1dMS1lDcnlJMzlVSzR4WFFhQXBzQ0tKcWNoR1V0V0gxYmJJMlVHTUQ5OGtrdWZjUkoxZVYzQVhyQ2NuazFMVzdBLUtRcFB5QWdHUkFVYkdLeUs3QUFPcWJxSUJMejhLVmRTVnlqWm04b3VNRDNScjhvZURCeVd2OUFSZ0RrOFpmSmplUHJQRDByNzNnZFJWSllBTzA1d2lDUjJQVGFRcWt1VnFzM1JmU21zYm9HbG9obF9PUlBBenNVRlFoR3RRTDVteU1MV040RFVpRkNDRTJ4WDBIUXhVZEMxa1N1Q0NaTnNLR1RjZVpvMEpycDYwOHdWT19wTFBNeTRfSHZhR0h2MGJRVWNERVVQV2lmcm16ekhUMzhOVUhKMzZ2NV9hd1M0STB0REx4M2xKQXpZTHVkU3l0d01TZHQ5NnVFU1JHZTBtQVM0WDkxbnVXX1ZiMGNGd2RYSnVKNnF4SThVQjVmeXI2QkRSYXVBT3pjQk9ZdzhMcnMwZzJiQ2pJWWFGWUgzbmR3dlIyUWlLT052VkpBQkw0cEg3dk1US1ZaZEtqTEZnd2VBczNmRnlnYjUzQ1RRRkdjRlBVREZuT2ZjdWJjSXhiQTJ3R2J2alFsWkVPaWNpWEk0VGViRUZlSmUweVVXR0VfMm9kdnFIV3g0V011SjdtYklpQ3JJYjB4b1hHN1o4SGlMTU1zYnBmZk5aN0pmaERBbUo1ZFNXUzFlMXpKbTFxQU8yWTR5cXhTTTBGOS1Od3RDWXJXa2xLaUlKa0R3cWV5d0ZxZHFIQjlSRGZwc2JvU0VNaURURFBVcXNrMHFYcVExcVdBd0FzQS1POW1sNTVzRkVqVFk2WVNxc1RRZDVya0pzS21uNkZtMklZQXlYTDdaU1JObU1fNDFoeU1NR0Q4Ynp5RG5WRmZsOWtPTW9QbnJCNVNHQjY5eUZSME9STzc2WnVxLTFOUlNqWXFYYUcybTVtREJMSDVnSnNpdFJQSElDcGUzLUtueG5LOWFCbTJzRjk5SDYzNEdpeV9TY2pKaXhxQXFQRkNyLTgxZHlyMnVxT3hhZGxUSmFWLVBPUkRtdFVidXdNd3pMOWpoVXNiWnRmX1NzRjU3eFpRdmdXYXVvekpvajRkYmo3SDNqN3F0SG9KQTc0QUF5WGozOG9DVFJzc2wxOHpON2t6X2NnTF9keHMwN1RTdGE4LVVWSVhURFI3LXVsVzd4bXdKdWZFYU9ON2J4RXEwdHZCeHo3R25LdU1wamtIVjVzYVlCUk9NUG05TkpvcWo3dUdxQmxYNEUzdTY2eTFQMTFnUXBkYXprdTY2Qno2Y1FndmQyLW1wcU16Z2pvQkY1dFZualgwclA1aEhYMHZ2d1dlenJxNFIyOEJqSDZTQldnelpNM2dWYW1zWGRNWTIwT2IzLWJMdTRmNDhGMDhTYnNFOHAzWGtYamhCdWd3RzBKTThWT3BDRzdBNlNvTlR2VWhSaWc1c3plOVM1YXlMTEJxQ0FBZmpxSXIwRzdnSW45b0hFQ0pmM1FnOXhmdi1HbVIwSmZpbU5WdElMNWJRUjZiRTJCanRjMXpHSk5NTHZxaUxhZnRnWkFwZTNwVm5FTER6NHZueVZNUExsWkF4cHhSNzRGTWFic0FXNEV4U19iaEVxRUVsTmxVVzJGbGFFcEI2ZkJrdUh6d0NtZ1ViWTNHQlljYU9oeTE2MUJJUnlVR0pWXzU1ZXI5Q0FVSkNfRWR1SUJxODFQdlZqYkpLemU4ZWVTUHpQbnpfTmdTLUZmQldjRWd6LU1udGp5ME1CN3dnUmdZcWVEZmZSdXRINUtaMHJzZXR3b2hDUTJkcy1mc1piN3ZIQ3B6WUY2eFVKQ0t3ZVItT3dTanc5Z3dVcmV5Zzk2RGhkZFJfcXNXdmc3UzdGOTlwVTd2YWo3RDUtY0cxVlp6OG1TQ0UzMWp5LTBjQkxQMFJILWI5ZEs3a2o3RkRDYjR5SHRzTWNYUWZDWFFrQWtzYXdZZlRwOGRpZEFpTzJoUzlzN0d6dWQ1RThXbUFvZUt6NjhzQXZDVHVxV0NqbE1jRmpCMmFnOFhzUURPVUZZejIwWnZFYVhpclVtRzRpRlpDTThHMjNxSWJ3VDd5VFdvblhseW8zUFRGLTRYOEVlWWw1NVIzSFhDbndfOFVxTV9teDFaR2lpcVl5aklKc2ZOVTgtMkhHd3hCaWktdU9ZSHBmdVlDT1oya3JoTkFITTZmZ3BYUlI2YmJjeU92TVk5c2o4Y004R2JWTEtITjFaaDNPM0p5LVNGMllyZ3ZnREJkWVcwWFpiZl9qLW01RU56WlEyWks3RHFhV1pEWVRFMVpsLU1ybUtWeGU5elV6OXBISUM0Z1JlLXZkbzB5SjdQMTdSVkdfX2hVbWNyX2VBSTZnQ1BPaVZHU2VVdEJ3eWFBQjlUWFNxNjdLOTcwSk1JdExjN2UzZ1RMSWVSQkFidUI0NWgxMldPaWRWTmpvbC05T0tFblFCbFRrWFFxMV91Uy0ycHJPcDRrdEFWeThxYkJvbFdNdi1tT09wRE52T01pcWtOZEJkcml4bUVrakRDZWZfLW1WUkl0VDhvNVdrWlctam50blVfZWVrNWpKOHdGVXRYdEMtTkEtZ2NERnFGbm5yd3NDLUttQUUyMkRDSWkycUo4T09nam1UazFsVUNjWHZwS1Q4MURnVWVoNE5NSFM3ZDk1dnVyY0l3bWFjVjBjM2hUc2h1ZzNJS0Q2NGNacTJwZU5tOVNWcEtpc2cwbFVrNjV1WVUyRzM4VGpNbnZmclJ3OUZBblhUU0VOUzZpMG8tVzZlVHphUjl4SktaaWhBSjhsaFNET2MzYnJTRjlzMjNiM2lKU1Fxdzhwa0V1cXJTeWZ1WTB2SVN4U0NneFVnSF9kV21ZWVFxVEhoSXZ4VkpmUk9wbTBiaHVMSjlDbVFyMExORUVfZEY5dkpDRFVsTnBSN3k5QzA5VC05Y3l4ajBHaGtTd05xUENwRnppVDdQNVdwRVd5SVRSTUlZX21PSENkUFMxQ2FnQWVRcEpfQldaTlI2dGlTOWJPWUwyRlRjMUNVS3BKSWM3amx0bGJFWmQ1c01VaGRHa1RudVJWQmRvT2NlZTNnVmVJZkJhLWo5bFlyUUZaUWppT3Vfbkt1NzFVZXJTQVBnMHpsV3hVSkcxdEpGSVh4WVZfcG9WTHk1eXlvWlRnY3ViUGxLR1dtYnlzS09MemVTNTMxM3F6X3VJbDY2VHp1SUxuOTVacFpQaXduaXFoTzJpbktTY3NDX01CVkNYdGhTdVlXeW8xSkI2alZlX1h3VjctS1dUMlhjYk5ITnl5M2RWTkJwOWdidWl1RWlmNmExUDhDTlVyRmNzQjRGQlBOaklld1I5MDZNWkM4TUR6bUtfWm1tb3M0c0M4Ql9IcWctMXhaWFZZQnBLay10YUpmNWNBZ2F3dmZxaVJ1a1hYYkNDWHpKUFJvZjNJQUQyN3dZTUJLWEpYdzVGcll4dU9hMHEwRlJVMTVUWG1JN3RSbVFJWWE0eDFTZGVhZ2hMYVBGcFRwNjRaSVZBa0pJbllHbnN6aml4Uk5mXzdreDdJc0xNallZa3RFekZZa282bXZEX3d6NXFzUmIwcGV6cENLcVQ5TU0zcnB2TkE2NVZsdFgwMGt0cjFxOTdXajVHejNCU2pBN2pfVWNhdmp1R2dqV3Mycm5jNWx4bU41dUhPMnF2T1lFLWtNV0Q2S1NaWFp0bkQ2d29LRS1QZnR2bUFqUEFiQ2RCT1RucmRESm5NVW9jdGw2TlJlZG8xVkVLalJkclBXaEhPWXk1Ylk2SjVFZHdiY2I4TWlFcFd2azFSRWJBRFVkdjI4aUluM0pMdmlJODE3MkdhRW1BdXV1NEpHcnlXVVM5ejdRUmRYb3R6SnF6MDVVcHFxRFFHQW42bUJCTURYUmhLUzNhcWswQkhHNGhGQ0ZMaXhva0pBOFZmMkdoMTVqa2xUZ2pOc1VwajN6cE5iaWZ4LTc2WmRpSmxpcGxPUl91MDlSVHN2TUs5Q3lrNW83QzEtX1Y5NlJqNUJVUkoxT0NLamhoNkNCV1RvZ3UyckNFSUVlY1FlT0lnWmdFYy1yclpHc1BPUXhtTFdKdVp5SjRLcEtqUFJPMWttTjVMRlVneGkydVN4d3YySnAwTXRGODVkXzFjMzNXMUpYOFp1aHNrVGNFeExaUDVLekJWTzdlX2syclVuQzRid054eDVHUlhKRTI2OUlhcGFFd3Nad1RrSmRBOVc0YnJxTXN5SnNmYW4yTXlOUmxoSHpzdUhpeUZib3ZpWEFwQmVsMVQyYTZReHNqTHE2QmFHUWxhUXFSZV90Rk5PVUl6UzNpcDdCdUtGN3hqYjdNVUdtbU45VVg1Q2pHb1NzMkRnRElucVlXejVXUGRkZG1KMlZqc3dUSVM2emdHS0dOLW1uR0NHU3c3MDhfWldEbFlDVkxmdnpDc2ZFYTB3X0Vtc25NRUtsZHQ0OHhXT2FwQ0VUaVI3bjJsMFVNRGtPQjA4blB6QWF4dWtyaUg5bDltMzlwUGhOVE5CUHE4NHhYOE5MTy1hVnh3cDVvTEZaRm1uZFN5UzZWTERMTjdEd2hXNGtLQS0wcnlVQ1gwenAyRk1DalM4SC11cHZHY28yTVJMd3QwYnFzb3gtd0lYUlU0Mi1vYTRlTGM0cElBRFJ0M3dBc3U4dWp0OFFBTFhZN2tDNFJNYW5zYmp5N2RVRkprbVk3LXdkQXJqSmUzQy1KQW9QVTM3RWltam43Qk9SVy1peFZyVTNBd2taQl9TMkVBWHo2azViTVNNYnJFS25vODQtNElMbGIzcFpfcmh3TDlVc2hFcnE3TmJMWFVZOVRwOVhqRGtrVzRlTjB6OFBtQ1h3R25QQnVGZGxMZ2dvVW0wNWVuQkxOLW43eUR3NGFQZThqNHc5RGNVOHhMRU13aE5CbzF5TmN3bE5SR05NY25SRmF3cGNCNWtMS2FYd1BWUVpibzJiWDBGSk0yeXVpcGJKX2JBSzB4aFExNzBmZkZRY015R1RHWFhtdWNYMnVEckNWTmhnTkJvWDhmN1NicmVJSndJaER1em1nYldJUEpKMFgxUGtRWjBBUkFJZXkyTnJBaVFxZWp2c0d4dmhadDJ2Q0kwRFF6b1UyOXhxVlJfUFFybkNvYzE2bl9ESDdjQ1J0WFotZUZYdkV3WEpPbkNBUVFkSi1qY1JKY00wTXRxR0t6MXVYN3V5eUVJMjlJbWR0amFTdEZVcmF0N1piQnlwd1UzempDTlFxVnNUSEtkc3MyT3EtU2NJdHhaaWpmbXBScUs5STRqZFhHd2drTlQ1cVRCQ2puZ2dDYU1FTW8yTVZwMjhEUjNpNFV4dHIyZTIyd1Q4a1NMZVY5T0NtSU50amp0LVVaVTRnaDNaLS02YzNsX0Jxd09IMzFxemhHTmlBb3FkcVAyMnBVUVJmcFNwWUpBaktHcVRIMk1Ta1d1eGx6SjB2Z2Fmam5JbHJOSnVJVy1QeUpwcUpwQzZTeWlCQzAwRnlvYWxzWFliRFBNSWJvbE1xT0N2V2VkVkRSYkVZRVAyN1YtWG1CNGdSNGwzZm5zM2lxY3JrSkRSUDVVend0Ny1lMTR2b3VQckhtdzEzQ2t3UGJqZ2xsR2Q4Nmx5OW9aS0p3Qy1jS3FGWnpnem9vVDg2cUhicUtheHNTR0t2WXlabUxhSnF1emg4ZHNsamotQ2dvZjdBY2tadExOelVrVzlpRFRaWG5qMlB6czNtYmVCWEwyNndPLXktTWJlaEpqUVp4MzVZck95TWFyZ1RqeE9wbTNSak5hTWxzWjMtcU01NHFYbHh3QXJVWEVDbVNXRkN4Q1l5QjNrd29NRkp6TEJxT193ekNTSWF3dG5jWUF5Q2xOSkdaSi1hNklnUVdTY040SlhoMVJRYVZ4X3o4RU1mbWhFWkFCTF9YWndYT0FrNS1GcEVPZEZlbmJ0OW00MTc3Vm5IckFIUzB4REotTG4zcWNWemdwNHh0V3dvNm9aR3gxX1RSS0NXR1ptY0tveEROalQ3NFhVZlQ0QzdmYmNUV211NzZOZmQ5NHZHT1JqdnA5eVhlZkY5M1c4QVM5LXp6X2ZGQmlsTGk3ajNOUkRHcmp4UXZYUE04bkkxdldUZnZYWXl4RXBLTkw4NWxRZno3MVVibzVDUnA1SElsVFNfQUpnbks2RnU3N0dDaHJBLThGWHBFUTd3TWpCUVNyYkozRFU4MmVodGJzSUlSMmgxbk9RVnhId2hWejM4RG9NYzIwR0Rqbk5GRDZZWG9GNkpIWFdXY05OcmpLYXg1RDJCWDZCYktOSDBpU0JTWXBsTjhsU19HSFgwN1BCTTlFOEdQRVJHMG1uTmJ6clhGMkFmM3ZfZ1VZenZIQjBHZnhTYjAwZDFBU01pZ1dnRnhEaUM3cHlGeWE4NlJ2U1ZMVGNuaFJ5TGJiYy1iT1Zscjc5Y0tFNE1rcGdXYm4zcVdaZ2Q0MlFvbFgxMUZlelJnZW1Ja2FLRVd4bHpTSmRPS1RiblBnd1hCeUM3ZmFoa3lFTmk1dXhBTU51aHo3dlRTMWUyWktyVzI3OXlBWTdnd0lqQk44bUFVSnVqWUgwMHJIbFhoSDlaaUltWHp5Z3ZNdHM4cVNxUThwSG9QTVVFREpLRWxDNVZCY0RSaUpUTmhlZU9TdXBBZGNrbFBQV0tDYUUwbVlDM3VUY0x0V2syMS1jX0otOVZ2dTNFNzNKWXJUbE4wR1NMV1ZhcVY3bjZ3QkJoTEtwSEg0bmNkRkk3Y1pjV19UYmQ4OGhyUmJYZ21SbmpqVHJEd21RbDdOTFNUN0Z4R2dxR2lDUTNOQjNoa0NoUUpENVp3dV9QLWRmRnVFaUtDWFc3NlZoaTM4ekk2cjRUVkJWdU53WTdHQUphdDNRM3lEUE5Pb1AycDFraTlXVjRoLVZsWTBLUThEaEFLeXdKVl9rLXJNZWNGaEhwQ1VzN2hXRGdjajdsbmlPdlVOZTZDSjNXUWJkRy1leGpadjlSRXoxTjZpVGtYby00OGc0THhyc1Z6ay01b3JKTTQ3V2RzSzJaMi15cFMwcWRmUG5hc09CX1gzTVVMZU5CcGtHNUoyT0dMNjRvN18zSlV6Mk54OFlwaG11aFNvZmdEOXpOWjlkc3FCdUdrVkdIQkR0NVpZUG9VUVhDV1hLYVV6Q0FFRFc1S2tlWGdPSzVVWnA2ZVcyekZndXc5RlBmekpjVjAtd0h2dHRhWVdqRHN4RmpvNkN5MDc3TjJXRzVEZkNLa3FIM1VFNDBCejJtNjlpTkxhTUVMMm0zUHBkVHNROFVfdFdyNElCUUNXYXhLdUI2R1NsMWw3ak0xMEJ6akpmTFJadXJXR2MwQkxlSUVuc05ka0tMNmNOWWZ4cGpkQzFKNXppTTBQZ3dsUGMyOFJXeDAxeXlkXzVhTWQyR2NjVk4xVzRjeWlfRHRINUotSUFzeVhvUjM4V0xUeGpqR2U3UnJWRlJSMHFxaVRwVW1BQ0IzRU5KNUZWSXVXcmItNGMwZ0ZXWXlId19mSjEyUllSSFFOMkdzZEpibFN2cXAyc2ZQM3FWSVBWdjFXRzhKUmozbHFYRDFaNDA0SFNMeW5jM0tlbV9hVF9WVUo2MVdTR1lCQTVXMm5UcGhSMkJXV25WMkg3RzdLaWJacm94MmliVExReEdtamtLaGtxX2hNZ0NLS2ZaaXlnRWtEN3pZb1YzV1RRWmhaZmZib3cyMlVHTzdMWVVIUWlYZ3hHWEdINElxaXY5aHRqNklSS29PeG1CRl9aRENqS1kwOXQ1a2pFN29FWjNVeTNIckhyNjhMVVhzT2tkZ1lCcU5UQnZ0c3RRbDdZOG55a0dpNUtjbDlKZ2JUTUl5cDJuQk1ZYzdCMlo3cm80YllkZWFVclFfeUQ1MjNOcV9BMEx4OExWdkF4MUkxSUMyaTFoa3hRbjJWa2VIQ2NHR0F3Qy05V2oxeE9GSmZrRUlJS0Y3dGpNdUhHRE9KMW1PdjB4OUxvbG5nVGw4M3Q4T01zR2VFNVY5a3FHTTJPdFpwcWtqeG4tQngwUFpwd1hJV2FHM2s4a0kxa1ptNWg4MHg3dlhxeWVETGJjRGhYdzQ0eEIwWktYRDItWEk1WmdMNExFX0JLekR3OVJaQTNYRjJ0eTJCX3JqOG9Uby04V01ZbGt6dlJaZVpGWXV2Y2tyNVlGZGFQR2I3bjR2Qkh0ZDZySlRzV2R6SmllRFBSS05IaG1vQUVUQmxMdEMyWk1ZNkxpbkVoUFNWbk11X24wcGtaMXVXcmhWZzgtU3JrNEhnWmNnZUdwdVNnVWRSNXVOaUNIWkZKa1B4V0tYTk1pNGRIUnE1ZERPS3laR19Jczh0LUlPRDRlbXFGVjJKMHVwWHhWcmFfSHR1UWN2b19oY2prMWc0ZzFlWVQ1czdLMzBjM3RfR3g0ajlmWmJ0aXhxQkxsZHE1ZHhVcmFTR193Q0NRYV9BTHF4bm5ySVVNWmZlbGJ3WFpITWVta3pabmlQOE5zLVRRa3VFY2VINzRkblR1Znh4U1dGNFZRSzZBWnI5WnA4VjBUeFNSZ0JjRDVGT3lWUzhaOVV2bXkwRnFBWVNOTHdLYi12aTkwbW9MV2pESlVqblJXMDRLallYMm1TSlZxakNnVlJOZ3AwOXRWczRwYUszOUNnZHhnUDVrS1ZfZGlTN2xWVVl0bEkxeEZrOEN5cVJqaHYzbkl2WmZIbzRucHV3eFMxY2QyQTVqLUY1WlpvazVYcE53cHBIOXpnMFRqMG5IcFFqT3FmMkdiVktuUGlWMHJ3cEpvbWV4SGEyMmtpTjdyYzJVazczWlhkRmxQdGNwNmp5S0E0a3JoS19KNzZKZkNCeVBhVGlTV1U1WEM5RjRPN3hUeXBCay1YS0w1SWVBWDl3NEtFUGZLV29zbGs3N3h0MXowV0UzbkVsbVR5WFFNLXVKVlJnNWExQlBKTHl5R2RDVFZMalZaN2dZbl9QMlF6dzIwTUtWNEZaekR4QU40MWFQSnUyZEdMYmU2czI0QUhkUmhDT1RTNWF4SDVTejg4NGp5UWMwRDJqZjBDUVk0Nkp3YkpENzZFQUFpMGc4cGwwR2luc0FEVUU0RS1tc0tkMlVtSGxucGp1TngwLVpvdEVZckdQRlZzT3Z1R1hnN3M3NFFBNGFwTGJ6VHhVOWZpVGFmdmU0Q05tWE9uSlEtOGdIR1VudEZleW5VZUQ1MUd0dlduQllmZkxSak9wM0taNTlWcEFvWnFCaVZIeVVIeU9vTWFmOVNtU2hMNTQyUHNwZjV3a2lVSFBvWWtpbmt6VnlBRXd4LVkyV1ljSmVadG1tdk5jc1hPaS1OSWEzVzVHZmhQY3h0RjJLV1Z0blhKamhpWUJuaVJMU0RGU3kyd0ZWQTduM3dEbl8tUWZ0MlczQ2YtdlB5MW1jY0lvZUJqVWZ4MUIzaGFxME9rYjRwTENmQ0NBNVVTSVRKT3MzS2pHbHJNVEJrVTBoVlk1WE9NTy1QZXZ0YldRRVJ2MHBGNDdiWk4wUlA0bGNUNzNxN3g0X0pfRWhMNnRBNHl1clU1dHNYc19PNXBnWlBlXzNYczBNMndvU3V2VE54UHdtZzNtdjdvS0FiRXpGNlFFMzZCVHlFZ3M4YzBBVWR4NkRKLS1wX0FLemRzYVRVNkZUczNUWjJuZnFUbzBZamItYkJST1NQaUxZajNjcUc5cGFlQmJGS0p5TjhBajZYTmpBbTFqWC1INXIzaGRncTd4TVZ2RThxQVFOamZYRk9hNEcxWnMxaENPN2lPc0Y5T2MzbFZDbVVzTDczNDFzbGlYMXhIUmdfMFQzcmJyU3RVdzNfSnMzMTd0Tm9Sa2NlQnF5ejFPdjk0dzFBdkxWU3o3MlFKT2F6elJGUjRXWmpRcEVFV1lIRi1pT0ZHR1BDZnI3d3RYMVd0YURURWZVMXVSTnhPYUhpNmJCQlVtZXp0QmZyNGlfLUo2WVZFanYwazZSa2hNQWljSDBOVElONHF2SlQ2Z0JCVGhQU3d0SjFwNS1tTXc1TGdlcDdtbEFKaUxpUnliLUwzYjd1TmZ6a3AtcFo4aWlmeUpRNGdJb04xbWlFSTNNaElpT1dTeUxNaXhkY1kxTEVaN01Bb0dZbUZXTlNpeDg5QThhaWpNTmdkY291a3p4LUVUMV9OY24xMUtNdTBfQmFjZk03SDdNTmJPSjBKeXJ3ODhGbTRyVUFtTk5FTm1CTUp2cWh4MUV0NGhkS09DeHJwTFhyNHlfQ0w4X2o4eXBYQXhvQ0RfYWR2SDRpdDFwMGFJV1F0QlhDMDZDeTJpUlk2aEZybzBGREpXbEljajZ6RGtEMGg0am9Ob2xSaXplQkxWQmV3VnZmOUJRWFY1enp3TzBfNWQtYkZJODBjcE1jV1lxRmU3bHhtU3V2eUZ6UGh2b0ZLcmdHeS1La1VlWGRmT0lzbHFHNm1kcERwT0Q2X1BpdFl5ZmxLNjNpMkMtVXdVN1dTR3VUQlpiY2xfdEFTRkU1UE1CTEVVa1JqN2JqUWEydEgtZ0FaQ1ZPRmc1V0FSNTRHLXhFeEprOFFEVmtTSmpYY3p0WXdXVXFiMU5aV1JIcGNfWW0wdnA2RW1XdFlTVVJtTXV5NlY5enFoYnJlYkxWYVh0UDJJRGh0YnlxV1oxMVBOd1RDYllENzFRanN6MUwxU1pHakxaM2RXX0FnQTQwcGJNeGVyVnFHWG5oS2szTVNXa2RzS0s3cWFxM0VGMDcwUmlVYUQ0dHU4a25QWVdvb3NJWnp2aEhmVDRxcUs5NFduS19ONkRodlp1TmUzR192LWEtczJ5ZDlUcTNUalJsZDNCTF8tbnYyT2o0bWRvdWRhQW5yc1BSaTd4TEtOQl8ydkFqZ0RHRF9FODBCZFliX3VrS2FKTkFHRFZzMHJZX2ZTekZ5cUtKMFNWZjk5Q3JvWkdZaHMwaEMzOUs4OWVyZS1ZTFJFcG93UUNEQmMxZkJmUnJxUlBxMXBEWnJ1OHJjMUNyU0I5ZjJJak5Jb0o4cE80ZmJMTE1lbnd5ekhqal9sQ1kyTEtfbTFYaEd2RFIyVVZrNDFteTQ3ckVuU1J0b0dKWDJIOUNGd29ZVzN2RU5XR2tlSGcwUnQ5cFlOZTZQSGtUODdtMEp6TFlEWnBRcUZMM2hIdjgyOW5VRkVGNjBzZ1R5MTR4bHQxbE1OV1J4dHBwUUozdWl5N1h4Zm5pUXV0RlBpMng1aTVScFVfSFFNamtsUmxoX3lKdFhvTUtLNFJ5SUFpTi1XTnBhZ1lVTjhPUlZKUUpvUTRmT0Mtb0pBdnZmSzVHb0E3VGRiUXdSdnhNM1VnTThydTVMYmdReUFZTDc3MVVFby0zSUxLMFJnM3hJcW1hUTJETlQ5dmVrendkaXRBMGJBX2kwdjZBbkw0ZHpicWE1Qkt3Q0p2SHBkNmZRdDhlVlhzWGtWWTVMSkdsYjJxNzNqNUJiZGszZlZqZjBZSUI2eTlkbE5NTHFZWF9RN2ZTb0xZTmxEMjdERmFJYk1PcmlZVWhEVXRZbUl2dXlVMWpYaUVzLU5fVElKT3cxODRqUmY4UFZnSGZuX1UyWkstN2d3ZndJWkF3emd3amt1MWRJSlVGQnZhdWg3ZWwtSFpvWmV2ZDhRYk1ORjVzRjlubjE4bWlGNkJCMmZiOWw0dThRVDhQQUUwYWpUZFNNcUZSbVNadnByRUJncTVjNkpYMnJqNFVxOHpYcDF2OTRQVHM2U0Mwdl9SY1I1MVlFMGgxdzJrVXVUZXVEN3lKNHloVzlCUDZ1a1pPNXVwWWdKSUQ2em5FLWFsRUk2dzZJdC12LTBxMnhhV0YtbFpHamZLOVdpRTZNdzdjRFdHZzk4blJDTmJyc1ItTjE0ZmcuaTY2ejBVOTg3QmVFNHZNU0RsdHJLQSINCn0.F97n9ow8AlifFZTfh4QoC6P0rfMSBwVblnkl2pBlzZ-jvYS0mYOwJYwyB7TKG_JlWuPxJYdyDY5xPKEXhOxrQPY-448PVrSLAiuR3f5R2PFqVl4WXio87gfbC8z7PAd0y0vNJcTD8PRFbf-SsZZESA6S5rnrrpAN1EsuDMkEVimFaSQo9TTc2PYXPH1qe5m18LMF2bteqIiwVEW7-4waAZF0VMVAVlaYYOGx8AzdFuGgTPFe67leOo2Zam3YvBsGX6gH3EzaY69hQS5lS4km09WcNnH8RDMVeC2VsWiPaVTyZ9z9limS-P-0YkikQP5VbjiOPRCIhHOu6S6k4xQHoA" } \ No newline at end of file -- cgit v1.2.3 From 3b1130e2366138871a92a1f83124a27fa83885dd Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Mon, 9 Jul 2018 12:32:13 +0200 Subject: update keyStore for jUnit test --- .../src/test/resources/sl20.jks | Bin 12069 -> 9894 bytes 1 file changed, 0 insertions(+), 0 deletions(-) (limited to 'id') diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks index 47752e0f1..a976d286b 100644 Binary files a/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks and b/id/server/modules/moa-id-module-sl20_authentication/src/test/resources/sl20.jks differ -- cgit v1.2.3