diff --git a/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/Saml2Decrypter.java b/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/Saml2Decrypter.java
index 071ff46288f2e078216419278a0cad271a3bd3bd..590008dd168e5f1c69ceb6dbe043bdcbf5c3fc03 100644
--- a/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/Saml2Decrypter.java
+++ b/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/Saml2Decrypter.java
@@ -56,11 +56,15 @@ import org.springframework.security.saml2.core.Saml2X509Credential;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;
+import lombok.Getter;
+import lombok.Setter;
import lombok.extern.log4j.Log4j2;
@Log4j2
@Service
public class Saml2Decrypter {
+ @Getter
+ @Setter
private Decrypter decrypter;
@Value("${spring.security.saml2.relyingparty.registration.muk.decryption.credentials[0].private-key-location}")
@@ -87,7 +91,7 @@ public class Saml2Decrypter {
decrypter = setupDecrypter;
}
- public Attribute getDecryptedAttribute(String samlResponse, String attributeName) {
+ Attribute getDecryptedAttribute(String samlResponse, String attributeName) {
var parsedResponse = Saml2Parser.parse(samlResponse);
decryptResponseElements(parsedResponse);
diff --git a/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/Saml2Parser.java b/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/Saml2Parser.java
index c959be6f310ac1a8e3bee749f5c2c06d2a16ffa7..1b8cd1ca1638627883be5c025d545a5c7510cea0 100644
--- a/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/Saml2Parser.java
+++ b/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/Saml2Parser.java
@@ -58,7 +58,7 @@ public class Saml2Parser {
}
}
- private static ParserPool getParserPool() throws ComponentInitializationException {
+ static ParserPool getParserPool() throws ComponentInitializationException {
var parserPool = new BasicParserPool();
parserPool.setBuilderFeatures(getXmlFeatureMap());
parserPool.setBuilderAttributes(new HashMap<>());
@@ -78,7 +78,7 @@ public class Saml2Parser {
return features;
}
- private static ResponseUnmarshaller getResponseUnmarshaller() {
+ static ResponseUnmarshaller getResponseUnmarshaller() {
return (ResponseUnmarshaller) XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(Response.DEFAULT_ELEMENT_NAME);
}
}
diff --git a/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/UserAttributeProvider.java b/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/UserAttributeProvider.java
index 42c6f8df7f926e2f33a43c9f81c3fa8d717fc95a..7770f9f985774ee979082e3fe5aa0f4c38695bac 100644
--- a/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/UserAttributeProvider.java
+++ b/fachstelle-server/src/main/java/de/ozgcloud/fachstelle/security/UserAttributeProvider.java
@@ -38,11 +38,11 @@ import lombok.extern.log4j.Log4j2;
@Component
@RequiredArgsConstructor
class UserAttributeProvider {
- private static final String SAML_XML_STRASSE_NODE_NAME = "Strasse";
- private static final String SAML_XML_HAUSNUMMER_NODE_NAME = "Hausnummer";
- private static final String SAML_XML_PLZ_NODE_NAME = "PLZ";
- private static final String SAML_XML_ORT_NODE_NAME = "Ort";
- private static final String SAML_XML_LAND_NODE_NAME = "Land";
+ static final String SAML_XML_STRASSE_NODE_NAME = "Strasse";
+ static final String SAML_XML_HAUSNUMMER_NODE_NAME = "Hausnummer";
+ static final String SAML_XML_PLZ_NODE_NAME = "PLZ";
+ static final String SAML_XML_ORT_NODE_NAME = "Ort";
+ static final String SAML_XML_LAND_NODE_NAME = "Land";
static final String MUK_FIRMENNAME_KEY = "Firmenname";
static final String MUK_RECHTSFORM_KEY = "Rechtsform";
@@ -90,27 +90,21 @@ class UserAttributeProvider {
var addressNode = saml2Decrypter.getDecryptedAttribute(samlResponse, MUK_ADRESSE_KEY);
var addressPartNodes = addressNode.getAttributeValues().getFirst().getOrderedChildren();
- if (addressPartNodes != null) {
+ if (addressPartNodes != null && !addressPartNodes.isEmpty()) {
var addressBuilder = new StringBuilder();
for (XMLObject node : addressPartNodes) {
- var attributeName = node.getElementQName().getLocalPart();
+ var nodeName = node.getElementQName().getLocalPart();
var textContent = Objects.requireNonNull(node.getDOM()).getTextContent().trim();
- LOG.info("NodeName: {}", attributeName);
- LOG.info("TextContent: {}", textContent);
-
- switch (attributeName) {
+ switch (nodeName) {
case SAML_XML_STRASSE_NODE_NAME, SAML_XML_PLZ_NODE_NAME -> addressBuilder.append(textContent).append(" ");
case SAML_XML_HAUSNUMMER_NODE_NAME, SAML_XML_ORT_NODE_NAME -> addressBuilder.append(textContent).append(", ");
case SAML_XML_LAND_NODE_NAME -> addressBuilder.append(textContent);
}
}
- var address = addressBuilder.toString().trim();
- LOG.info("Address: {}", address);
-
- return address;
+ return addressBuilder.toString().trim();
}
} catch (IllegalArgumentException | Saml2Exception | NoSuchElementException e) {
LOG.error("Failed parsing company address from SamlResponse: {}", samlResponse);
diff --git a/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/Saml2DecrypterTest.java b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/Saml2DecrypterTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..c54c1aa36e7633d5a64bc8722bf17fda7db366d5
--- /dev/null
+++ b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/Saml2DecrypterTest.java
@@ -0,0 +1,148 @@
+/*
+ * Copyright (c) 2024. Das Land Schleswig-Holstein vertreten durch den
+ * Ministerpräsidenten des Landes Schleswig-Holstein
+ * Staatskanzlei
+ * Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+ *
+ * Lizenziert unter der EUPL, Version 1.2 oder - sobald
+ * diese von der Europäischen Kommission genehmigt wurden -
+ * Folgeversionen der EUPL ("Lizenz");
+ * Sie dürfen dieses Werk ausschließlich gemäß
+ * dieser Lizenz nutzen.
+ * Eine Kopie der Lizenz finden Sie hier:
+ *
+ * https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ *
+ * Sofern nicht durch anwendbare Rechtsvorschriften
+ * gefordert oder in schriftlicher Form vereinbart, wird
+ * die unter der Lizenz verbreitete Software "so wie sie
+ * ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+ * ausdrücklich oder stillschweigend - verbreitet.
+ * Die sprachspezifischen Genehmigungen und Beschränkungen
+ * unter der Lizenz sind dem Lizenztext zu entnehmen.
+ */
+
+package de.ozgcloud.fachstelle.security;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.apache.commons.io.FileUtils;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.opensaml.core.config.ConfigurationService;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
+import org.opensaml.core.xml.io.UnmarshallerFactory;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.Attribute;
+import org.opensaml.saml.saml2.core.AttributeStatement;
+import org.opensaml.saml.saml2.core.EncryptedAssertion;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.impl.ResponseUnmarshaller;
+import org.opensaml.saml.saml2.encryption.Decrypter;
+import org.opensaml.xmlsec.encryption.support.DecryptionException;
+import org.springframework.core.io.ClassPathResource;
+
+@ExtendWith(MockitoExtension.class)
+class Saml2DecrypterTest {
+ private Saml2Decrypter saml2Decrypter;
+ private String samlResponse;
+
+ @BeforeEach
+ void init() throws NoSuchFieldException, IllegalAccessException, InitializationException {
+ saml2Decrypter = new Saml2Decrypter();
+
+ var privateKeyLocationField = Saml2Decrypter.class.getDeclaredField("decryptionPrivateKeyLocation");
+ privateKeyLocationField.setAccessible(true);
+ privateKeyLocationField.set(saml2Decrypter, new ClassPathResource("mujina-test.key"));
+
+ var certificateLocationField = Saml2Decrypter.class.getDeclaredField("decryptionCertificateLocation");
+ certificateLocationField.setAccessible(true);
+ certificateLocationField.set(saml2Decrypter, new ClassPathResource("mujina-test.crt"));
+
+ saml2Decrypter.init();
+ }
+
+ @Nested
+ class TestInit {
+ @Test
+ void shouldHaveDecrypter() {
+ assertThat(saml2Decrypter.getDecrypter()).isNotNull();
+ }
+ }
+
+ @Nested
+ class TestGetDecryptedAttribute {
+ private static final String ATTRIBUTE_NAME = "testAttributeName";
+
+ @Mock
+ private UnmarshallerFactory unmarshallerFactory;
+
+ @Mock
+ private ResponseUnmarshaller responseUnmarshaller;
+
+ @Mock
+ private XMLObjectProviderRegistry providerRegistry;
+
+ @Mock
+ private Response response;
+
+ @Mock
+ private EncryptedAssertion encryptedAssertion;
+
+ @Mock
+ private Decrypter decrypter;
+
+ @Mock
+ private AttributeStatement attributeStatement;
+
+ @Mock
+ private Attribute attribute;
+
+ @Mock
+ private Assertion assertion;
+
+ @BeforeEach
+ void init() throws IOException, UnmarshallingException, DecryptionException {
+ samlResponse = FileUtils.readFileToString(new File("src/test/resources/SamlResponse.xml"), Charset.defaultCharset());
+
+ when(decrypter.decrypt(encryptedAssertion)).thenReturn(assertion);
+ when(attribute.getName()).thenReturn(ATTRIBUTE_NAME);
+ when(assertion.getStatements()).thenReturn(List.of(attributeStatement, attributeStatement));
+ when(attributeStatement.getAttributes()).thenReturn(Collections.singletonList(attribute));
+ when(response.getEncryptedAssertions()).thenReturn(Collections.singletonList(encryptedAssertion));
+ when(response.getAssertions()).thenReturn(new ArrayList<>(Collections.singletonList(assertion)));
+
+ when(responseUnmarshaller.unmarshall(any())).thenReturn(response);
+ when(unmarshallerFactory.getUnmarshaller(Response.DEFAULT_ELEMENT_NAME)).thenReturn(responseUnmarshaller);
+ when(providerRegistry.getUnmarshallerFactory()).thenReturn(unmarshallerFactory);
+
+ saml2Decrypter.setDecrypter(decrypter);
+ }
+
+ @Test
+ void shouldDecryptAttribute() {
+ try (var configService = mockStatic(ConfigurationService.class)) {
+ configService.when(() -> ConfigurationService.get(XMLObjectProviderRegistry.class)).thenReturn(providerRegistry);
+
+ var attribute = saml2Decrypter.getDecryptedAttribute(samlResponse, ATTRIBUTE_NAME);
+
+ assertThat(attribute).isNotNull();
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/Saml2ParserTest.java b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/Saml2ParserTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..461e99ebdbe7de270a76e18a3839944014040ac8
--- /dev/null
+++ b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/Saml2ParserTest.java
@@ -0,0 +1,131 @@
+/*
+ * Copyright (c) 2024. Das Land Schleswig-Holstein vertreten durch den
+ * Ministerpräsidenten des Landes Schleswig-Holstein
+ * Staatskanzlei
+ * Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
+ *
+ * Lizenziert unter der EUPL, Version 1.2 oder - sobald
+ * diese von der Europäischen Kommission genehmigt wurden -
+ * Folgeversionen der EUPL ("Lizenz");
+ * Sie dürfen dieses Werk ausschließlich gemäß
+ * dieser Lizenz nutzen.
+ * Eine Kopie der Lizenz finden Sie hier:
+ *
+ * https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ *
+ * Sofern nicht durch anwendbare Rechtsvorschriften
+ * gefordert oder in schriftlicher Form vereinbart, wird
+ * die unter der Lizenz verbreitete Software "so wie sie
+ * ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+ * ausdrücklich oder stillschweigend - verbreitet.
+ * Die sprachspezifischen Genehmigungen und Beschränkungen
+ * unter der Lizenz sind dem Lizenztext zu entnehmen.
+ */
+
+package de.ozgcloud.fachstelle.security;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+import java.io.File;
+import java.io.IOException;
+import java.nio.charset.Charset;
+
+import org.apache.commons.io.FileUtils;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Mock;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.opensaml.core.config.ConfigurationService;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistry;
+import org.opensaml.core.xml.io.UnmarshallerFactory;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.core.impl.ResponseUnmarshaller;
+import org.w3c.dom.Element;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@ExtendWith(MockitoExtension.class)
+class Saml2ParserTest {
+ @Nested
+ class TestGetParserPool {
+ @Test
+ void shouldHaveParserPool() throws ComponentInitializationException {
+ assertThat(Saml2Parser.getParserPool()).isNotNull();
+ }
+ }
+
+ @Nested
+ class TestGetResponseUnmarshaller {
+ @Mock
+ private UnmarshallerFactory unmarshallerFactory;
+
+ @Mock
+ private ResponseUnmarshaller responseUnmarshaller;
+
+ @Mock
+ private XMLObjectProviderRegistry providerRegistry;
+
+ @Test
+ public void shouldHaveResponseUnmarshaller() {
+ when(unmarshallerFactory.getUnmarshaller(Response.DEFAULT_ELEMENT_NAME)).thenReturn(responseUnmarshaller);
+ when(providerRegistry.getUnmarshallerFactory()).thenReturn(unmarshallerFactory);
+
+ try (var configService = mockStatic(ConfigurationService.class)) {
+ configService.when(() -> ConfigurationService.get(XMLObjectProviderRegistry.class)).thenReturn(providerRegistry);
+
+ assertThat(Saml2Parser.getResponseUnmarshaller()).isNotNull();
+ }
+ }
+ }
+
+ @Nested
+ class TestParse {
+ @Mock
+ private UnmarshallerFactory unmarshallerFactory;
+
+ @Mock
+ private ResponseUnmarshaller responseUnmarshaller;
+
+ @Mock
+ private XMLObjectProviderRegistry providerRegistry;
+
+ private String samlResponse;
+
+ @BeforeEach
+ void init() throws IOException, UnmarshallingException {
+ samlResponse = FileUtils.readFileToString(new File("src/test/resources/SamlResponse.xml"), Charset.defaultCharset());
+
+ when(responseUnmarshaller.unmarshall(any())).thenReturn(mock(Response.class));
+ when(unmarshallerFactory.getUnmarshaller(Response.DEFAULT_ELEMENT_NAME)).thenReturn(responseUnmarshaller);
+ when(providerRegistry.getUnmarshallerFactory()).thenReturn(unmarshallerFactory);
+ }
+
+ @Test
+ void shouldParseSamlToken() {
+ try (var configService = mockStatic(ConfigurationService.class)) {
+ configService.when(() -> ConfigurationService.get(XMLObjectProviderRegistry.class)).thenReturn(providerRegistry);
+
+ assertThat(Saml2Parser.parse(samlResponse)).isNotNull();
+ }
+ }
+
+ @Test
+ void shouldCreateXmlDocument() throws UnmarshallingException {
+ try (var configService = mockStatic(ConfigurationService.class)) {
+ configService.when(() -> ConfigurationService.get(XMLObjectProviderRegistry.class)).thenReturn(providerRegistry);
+
+ var xmlElementArgumentCaptor = ArgumentCaptor.forClass(Element.class);
+
+ Saml2Parser.parse(samlResponse);
+
+ verify(responseUnmarshaller).unmarshall(xmlElementArgumentCaptor.capture());
+ assertThat(xmlElementArgumentCaptor.getValue().getTagName()).isEqualTo("saml2p:Response");
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/SecurityProviderTest.java b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/SecurityProviderTest.java
index 3dbfe472ca80840612b02f2aba5f23947736e58e..0fb4eb070216a1ff7dddd51cc79e68f9117c3e86 100644
--- a/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/SecurityProviderTest.java
+++ b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/SecurityProviderTest.java
@@ -42,7 +42,6 @@ public class SecurityProviderTest {
@Nested
class TestAfterPropertiesSet {
-
@BeforeEach
void init() {
Security.removeProvider(BOUNCY_CASTLE_PROVIDER_ID);
diff --git a/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/UserAttributeProviderTest.java b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/UserAttributeProviderTest.java
new file mode 100644
index 0000000000000000000000000000000000000000..6e9f3432d2b1edfe09b45cd7f2d20d596167b882
--- /dev/null
+++ b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/UserAttributeProviderTest.java
@@ -0,0 +1,163 @@
+/*
+ * Copyright (c) 2024.
+ * Lizenziert unter der EUPL, Version 1.2 oder - sobald
+ * diese von der Europäischen Kommission genehmigt wurden -
+ * Folgeversionen der EUPL ("Lizenz");
+ * Sie dürfen dieses Werk ausschließlich gemäß
+ * dieser Lizenz nutzen.
+ * Eine Kopie der Lizenz finden Sie hier:
+ *
+ * https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ *
+ * Sofern nicht durch anwendbare Rechtsvorschriften
+ * gefordert oder in schriftlicher Form vereinbart, wird
+ * die unter der Lizenz verbreitete Software "so wie sie
+ * ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+ * ausdrücklich oder stillschweigend - verbreitet.
+ * Die sprachspezifischen Genehmigungen und Beschränkungen
+ * unter der Lizenz sind dem Lizenztext zu entnehmen.
+ */
+
+package de.ozgcloud.fachstelle.security;
+
+import static de.ozgcloud.fachstelle.security.UserAttributeProvider.*;
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.Mockito.*;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.extension.ExtendWith;
+import org.mockito.InjectMocks;
+import org.mockito.Mock;
+import org.mockito.Spy;
+import org.mockito.junit.jupiter.MockitoExtension;
+import org.opensaml.core.xml.XMLObject;
+import org.opensaml.saml.saml2.core.Attribute;
+import org.springframework.security.saml2.Saml2Exception;
+import org.springframework.security.saml2.provider.service.authentication.DefaultSaml2AuthenticatedPrincipal;
+import org.w3c.dom.Element;
+
+@ExtendWith(MockitoExtension.class)
+class UserAttributeProviderTest {
+ private static final String UNKNOWN_ATTRIBUTE_KEY = "UnknownAttributeKey";
+
+ @Spy
+ @InjectMocks
+ private UserAttributeProvider provider;
+
+ @Mock
+ private Saml2Decrypter saml2Decrypter;
+
+ private DefaultSaml2AuthenticatedPrincipal principal;
+
+ @BeforeEach
+ void setup() {
+ Map<String, List<Object>> attributes = new HashMap<>();
+ attributes.put(UserAttributeProvider.MUK_FIRMENNAME_KEY, List.of(UserTestFactory.COMPANY_NAME));
+ attributes.put(UserAttributeProvider.MUK_RECHTSFORM_KEY, List.of(UserTestFactory.LEGAL_FORM));
+ attributes.put(UserAttributeProvider.MUK_RECHTSFORM_TEXT_KEY, List.of(UserTestFactory.LEGAL_FORM_TEXT));
+ attributes.put(UserAttributeProvider.MUK_REGISTERNUMMER_KEY, List.of(UserTestFactory.REGISTER_NUMBER));
+ attributes.put(UserAttributeProvider.MUK_REGISTERART_KEY, List.of(UserTestFactory.REGISTER_TYPE));
+ attributes.put(UserAttributeProvider.MUK_EMAIL_ADRESSE_KEY, List.of(UserTestFactory.EMAIL_ADDRESS));
+ attributes.put(UserAttributeProvider.MUK_ADRESSE_KEY, List.of(UserTestFactory.ADDRESS));
+ attributes.put(UserAttributeProvider.MUK_VERTRAUENSNIVEAU_KEY, List.of(UserTestFactory.TRUST_LEVEL));
+ attributes.put(UNKNOWN_ATTRIBUTE_KEY, List.of(UserTestFactory.USER_ID));
+
+ principal = new DefaultSaml2AuthenticatedPrincipal(UserTestFactory.USER_ID, attributes);
+ }
+
+ @Test
+ void shouldGetCompanyName() {
+ assertThat(provider.getCompanyName(principal)).isEqualTo(UserTestFactory.COMPANY_NAME);
+ }
+
+ @Test
+ void shouldGetLegalForm() {
+ assertThat(provider.getLegalForm(principal)).isEqualTo(UserTestFactory.LEGAL_FORM);
+ }
+
+ @Test
+ void shouldGetLegalFormText() {
+ assertThat(provider.getLegalFormText(principal)).isEqualTo(UserTestFactory.LEGAL_FORM_TEXT);
+ }
+
+ @Test
+ void shouldGetRegisterNumber() {
+ assertThat(provider.getRegisterNumber(principal)).isEqualTo(UserTestFactory.REGISTER_NUMBER);
+ }
+
+ @Test
+ void shouldGetRegisterType() {
+ assertThat(provider.getRegisterType(principal)).isEqualTo(UserTestFactory.REGISTER_TYPE);
+ }
+
+ @Test
+ void shouldGetEmailAddress() {
+ assertThat(provider.getEmailAddress(principal)).isEqualTo(UserTestFactory.EMAIL_ADDRESS);
+ }
+
+ @Test
+ void shouldGetAddress() {
+ var addressNode = mock(Attribute.class);
+ var strasseNode = createMockXmlObject(SAML_XML_STRASSE_NODE_NAME, UserTestFactory.STREET);
+ var hausnummerNode = createMockXmlObject(SAML_XML_HAUSNUMMER_NODE_NAME, UserTestFactory.HOUSE_NUMBER);
+ var plzNode = createMockXmlObject(SAML_XML_PLZ_NODE_NAME, UserTestFactory.POSTAL_CODE);
+ var ortNode = createMockXmlObject(SAML_XML_ORT_NODE_NAME, UserTestFactory.CITY);
+ var landNode = createMockXmlObject(SAML_XML_LAND_NODE_NAME, UserTestFactory.COUNTRY);
+ var attributeValue = mock(XMLObject.class);
+
+ when(attributeValue.getOrderedChildren()).thenReturn(List.of(strasseNode, hausnummerNode, plzNode, ortNode, landNode));
+ when(addressNode.getAttributeValues()).thenReturn(List.of(attributeValue));
+ when(saml2Decrypter.getDecryptedAttribute(anyString(), anyString())).thenReturn(addressNode);
+
+ assertThat(provider.getAddress("")).isEqualTo(UserTestFactory.ADDRESS);
+ }
+
+ @Test
+ void shouldHaveNullAddress() {
+ var addressNode = mock(Attribute.class);
+ var attributeValue = mock(XMLObject.class);
+
+ when(saml2Decrypter.getDecryptedAttribute(anyString(), anyString())).thenReturn(addressNode);
+ when(attributeValue.getOrderedChildren()).thenReturn(Collections.emptyList());
+ when(addressNode.getAttributeValues()).thenReturn(List.of(attributeValue));
+
+ assertThat(provider.getAddress("")).isNull();
+ }
+
+ @Test
+ void shouldHaveNullAddressDueToException() {
+ when(saml2Decrypter.getDecryptedAttribute(anyString(), anyString())).thenThrow(new Saml2Exception("Decryption error"));
+
+ assertThat(provider.getAddress("")).isNull();
+ }
+
+ @Test
+ void shouldTrustLevel() {
+ assertThat(provider.getTrustLevel(principal)).isEqualTo(UserTestFactory.TRUST_LEVEL);
+ }
+
+ @Test
+ void shouldGetUnknownAttributes() {
+ assertThat(provider.getUnknownAttributes(principal)).hasSize(1);
+ }
+
+ private XMLObject createMockXmlObject(String nodeName, String textContent) {
+ var node = mock(XMLObject.class);
+ var element = mock(Element.class);
+ var elementQName = mock(QName.class);
+ when(elementQName.getLocalPart()).thenReturn(nodeName);
+ when(node.getElementQName()).thenReturn(elementQName);
+ when(element.getTextContent()).thenReturn(textContent);
+ when(node.getDOM()).thenReturn(element);
+
+ return node;
+ }
+}
\ No newline at end of file
diff --git a/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/UserTestFactory.java b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/UserTestFactory.java
index 8e6951d90a030ff4205b2d99de1b97dd4734cf57..6b032e0ffaf8a46666eb1374d2eb1e3fc9001986 100644
--- a/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/UserTestFactory.java
+++ b/fachstelle-server/src/test/java/de/ozgcloud/fachstelle/security/UserTestFactory.java
@@ -33,7 +33,12 @@ public class UserTestFactory {
public static final String REGISTER_NUMBER = "123";
public static final String REGISTER_TYPE = "ABC";
public static final String EMAIL_ADDRESS = "paul.panter@test.com";
- public static final String ADDRESS = "Musterstraße 1, 11011 Berlin, DE";
+ public static final String STREET = "Musterstraße";
+ public static final String HOUSE_NUMBER = "1";
+ public static final String POSTAL_CODE = "11011";
+ public static final String CITY = "Berlin";
+ public static final String COUNTRY = "DE";
+ public static final String ADDRESS = String.format("%s %s, %s %s, %s", STREET, HOUSE_NUMBER, POSTAL_CODE, CITY, COUNTRY);
public static final String TRUST_LEVEL = "substantial";
public static User create() {
diff --git a/fachstelle-server/src/test/resources/SamlResponse.xml b/fachstelle-server/src/test/resources/SamlResponse.xml
new file mode 100644
index 0000000000000000000000000000000000000000..d28738585aa627bc0bd4e6b7288ff3346ea4029e
--- /dev/null
+++ b/fachstelle-server/src/test/resources/SamlResponse.xml
@@ -0,0 +1,128 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ ~ Copyright (c) 2024.
+ ~ Lizenziert unter der EUPL, Version 1.2 oder - sobald
+ ~ diese von der Europäischen Kommission genehmigt wurden -
+ ~ Folgeversionen der EUPL ("Lizenz");
+ ~ Sie dürfen dieses Werk ausschließlich gemäß
+ ~ dieser Lizenz nutzen.
+ ~ Eine Kopie der Lizenz finden Sie hier:
+ ~
+ ~ https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
+ ~
+ ~ Sofern nicht durch anwendbare Rechtsvorschriften
+ ~ gefordert oder in schriftlicher Form vereinbart, wird
+ ~ die unter der Lizenz verbreitete Software "so wie sie
+ ~ ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
+ ~ ausdrücklich oder stillschweigend - verbreitet.
+ ~ Die sprachspezifischen Genehmigungen und Beschränkungen
+ ~ unter der Lizenz sind dem Lizenztext zu entnehmen.
+ -->
+
+<saml2p:Response xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol"
+ Destination="https://deep-touching-condor.ngrok-free.app/login/saml2/sso/bayernid"
+ ID="_d75103771f4e3869ca4bf743efb51320" InResponseTo="ARQf371368-b6eb-4708-b90d-e8a9c5fc0ffd"
+ IssueInstant="2024-02-07T10:27:18.456Z" Version="2.0">
+ <saml2:Issuer xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">https://infra-pre-id.bayernportal.de/idp
+ </saml2:Issuer>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
+ <ds:Reference URI="#_d75103771f4e3869ca4bf743efb51320">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
+ <ds:DigestValue>y8O2/uKwgap3hb7Ym/sn+v0e3l+w0Z+wIFe11xXkSHU=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>
+ G4fZCUS7Z+7PwDF7J+ZwXssM+iHBgxt34Uf4U3PWrbaYROrCZFD3hlVwCj35Z7RlQkDBi4q1m9RW6XGGVx2vpUDjT9dTkfbF7tB9PXa6l4mq3RyxuRELMwRpcbnamfe02qwtp0N7n9+gdjTVPb2xTMhp7FVG3OZ46OKwwJIm6jNLE+zVbKkNmxnv8XqGK+FgDS82CCG6Zi8nIZZkR80vHuRnSwrpStiInWSURoIYvG8nQfJ6u6IxbtMkDPtLrQHP6th9NMEyODe4RrjNwH8ERkbBl+rvtz406y3hngOW4uxNSTdQGOWj68t7LSn78S+Zc+5g/8up8gRIY6FWB5QxTl+GINIskcoWEfpyQcY932Jh9jGKFRBj2bcP0xALOeP+LTAz1O3hY0EZD0HpjILNhjp4/4Ki6SSeoVrp4UdEZGPpfFAMXdA9unjQGf5DqT3los5mH+KgkpAQoIU0725tIJuGojigXDIKgbNftB1oXjepcqcWvdnbRZlE9Kk4iU2YcVKGxHtEGi03+Qr2M37SqnooXw94Q0LxOQHU0jaOuw+nA8JbcvbpmHVbh7Qyg6OfrI/g+1pwhaQWrL6zEDDlgF3Fj6QxZGhMviCf43WJd8nPPwLIp0dFxXmbX5yBnpAPC4txJkf4idH8gze054O0Zf9G35vFH8oxELrA+d3qbPY=
+ </ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIFbzCCA1egAwIBAgIJAPdFXXarkBN2MA0GCSqGSIb3DQEBCwUAME4xCzAJBgNVBAYTAkRFMQ8w
+ DQYDVQQIDAZCYXllcm4xETAPBgNVBAcMCE11ZW5jaGVuMQ0wCwYDVQQKDARBS0RCMQwwCgYDVQQL
+ DANJRE0wHhcNMjAxMDI3MTMxODQxWhcNMjUxMDI2MTMxODQxWjBOMQswCQYDVQQGEwJERTEPMA0G
+ A1UECAwGQmF5ZXJuMREwDwYDVQQHDAhNdWVuY2hlbjENMAsGA1UECgwEQUtEQjEMMAoGA1UECwwD
+ SURNMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAzDtWAEdC3J9FD+ti1exRhN1lzNgK
+ WqO2gQNdJvlt7KGHA2VGGO7tqRogTuoqi/ydtiHJ8+lhp4kcWqyfv7i9HXOncvcsRRmRdZjUY2Iu
+ i6ozJqD5LVm/vP5YfdP7vQPdbqyyfpoJhf3mbMEtdNDdGRnGIPUfDn+CFbo37f9tPwMgf3jgh4gx
+ aujtLIhhr9gevVTEeZAFu9EvzLNd3kEtRb7MuXqIOdu1rW8HlGYFwwVLqEyBn8XG0QAIfhMmGjFM
+ G7z+Kco2quwOmmZVzWQfeH/3AlN2KbcPt7j+pl+6Bew2AAivP7O+95YKORqQjTu3rPWMF4txPId3
+ 7MSjoytwBRyd5EACTvhQBOGrDFKQUOx6fTtRc8+7XGVz8MdQaZQWQXXh1ByU783twNdnRSrSVIyL
+ djiy1uCbjvsSAtbzGBygPIvDo3skCNLNFXsChtHIfFFDK20KPGb0ghEDf2q3hDbFG3ZDGGynZmJc
+ ZKuZhJqodJ/++sAXADyTJNAPVYDjKCF4ypELp2Eu/p1gaQPJEb74L/ZFZVOEJFyXIiaqB9J+fcn/
+ biqHHOmcCi8n9aIiNt1fatr1Z4lQRWoGtKaGU0+bzUSH4Bgs2EG4u1CI2MKDWqK2aEsHrtu8tbS9
+ LrUmDVKtaEUOeul8xWVa036vp/YUIdiJNZSxZG4iTmSOATECAwEAAaNQME4wHQYDVR0OBBYEFFYe
+ ltslkaolOmcINXQeSe7nURwpMB8GA1UdIwQYMBaAFFYeltslkaolOmcINXQeSe7nURwpMAwGA1Ud
+ EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAKqAlXoO41SAiycYUOrR90pfwTCysmbtHF5RWSCM
+ jF2aCG8URJ7bXwC0lBH8E5zCetFZwdqZziQtxzRkIOfhS5uWbH0RDhwuxZG+5RTPyaHPAZI6e5xH
+ Du8vHl/VbC3lnL/6K8l+Purr/yo8qkJqrPgThZRL9jBQyYRhDSsJUyIw5zcKKUQC/JWtMQAQcopb
+ jekCs6xDT1HqIN90Sc/gOfYjNo0dGMNmro9mxcw82Iow18KNVdtEexfD+/6x4NPD61pzuQEe09TR
+ +Cv3XyzBoGQ/2arijcPnGvth79ffVFtRSf3fSs7wEKV9g3mEWXFDtPBhDj6K0kKU/kJfEZixkXl9
+ 2MY+bmugrtTIrazjtfrgMglIAHu9XCYWd/gef0J+PNfHsxgbTEr3XSC+5/xoFKPQSw3PgV8lkUDq
+ 4mJUKy/q4YmA37XQxourFR5pWvF03YACdtq6zPjtVeI7Cvkte6k0YW5S3cx9RmPv6YZhlaZ5ERpW
+ Niv6IjokLsvNeemf2PApjO7Q2EDBIoHBYH31wwJSsyRDrSVmbaqLFI15fLXeh2A4YbaBDZdGvDiL
+ OAk+dG1wdZ2aGw/uNBzMtc8VeKqI1HPcqIluBA3uUPpyLLA+9hDPf6Pp4j0gkXxBikz+/h22bFxE
+ 1HmDiOSkEn+2NmOHuEFeA+D8jsCAL5VJ3emK
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <saml2p:Status xmlns:saml2p="urn:oasis:names:tc:SAML:2.0:protocol">
+ <saml2p:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </saml2p:Status>
+ <saml2:EncryptedAssertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion">
+ <xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="_baed1174200b81b1bff3856cb4e6365c"
+ Type="http://www.w3.org/2001/04/xmlenc#Element">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"/>
+ <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <xenc:EncryptedKey Id="_5a164760d15a61d269e1f7fdd9872a10" Recipient="https://antragsraum.ozgcloud.de/"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p"
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
+ </xenc:EncryptionMethod>
+ <ds:KeyInfo>
+ <ds:X509Data>
+ <ds:X509Certificate>
+ MIIDsTCCApmgAwIBAgIUdw/27be5+2vj+MhGtoJjDsMsdDEwDQYJKoZIhvcNAQELBQAwaDELMAkG
+ A1UEBhMCREUxDzANBgNVBAgMBkJheWVybjERMA8GA1UEBwwITXVlbmNoZW4xDzANBgNVBAoMBm1n
+ bSB0cDEkMCIGCSqGSIb3DQEJARYVamVucy5yZWVzZUBtZ20tdHAuY29tMB4XDTI0MDExNjEyMjI0
+ OVoXDTI1MDExNTEyMjI0OVowaDELMAkGA1UEBhMCREUxDzANBgNVBAgMBkJheWVybjERMA8GA1UE
+ BwwITXVlbmNoZW4xDzANBgNVBAoMBm1nbSB0cDEkMCIGCSqGSIb3DQEJARYVamVucy5yZWVzZUBt
+ Z20tdHAuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/HBBWBDSrEgdwXkSy15V
+ 00EaVTyLgc4vh/JcDiGIYZSqmcMwBd+B1u36xbdBf/duEtCUymMNP48OMjgFZtR6xn0meuR4NR6Y
+ kn9mYGdU/GhldGuGv9XLAEAkVuTlo0H1QYyBS/6JwKQoSsHDkJ3YwDwKcyOt7QtpSadRZjQEN3gD
+ vWoRYjgXTxj2I1ovllmi0zOHsFi5PBIuiPWUdJvBrHxpD/XVS9R/qzJpHPu3bjQ6UVRmhiZCUF7H
+ 5F/PQNwk+qXvjV0ooBeSWWO5hywhk4OP4QEgbYMOSo20YukYX8TJEsum1pwIcQrw7kW4GyKaAycy
+ Rsa1fbM3tEkj+TiBKwIDAQABo1MwUTAdBgNVHQ4EFgQUfDL/6R33SJodsONCvxKy96AtU18wHwYD
+ VR0jBBgwFoAUfDL/6R33SJodsONCvxKy96AtU18wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+ AQsFAAOCAQEA+PCnvSwKU+bArTCIg5lfrwONbzKkjvPUymDNYX3oj1wVEN75hNf0RD7Rr0//ZYT3
+ Rt0G193gjDcH1gbGIYhMLeGGkxEous2l3O+pRIQRR+hprjr6HzF8IphaJy1RbDwyGsXyLcyOylPL
+ 4cX9IjUdhklHiLZusBq95LSyw7hsCOAL2+vn816O7yv+28EWXXbnP2XEUjW36nxcZvR6oTJUplXy
+ HRuuJJTsOxGRNuXA3UVgNbkdm1HnoSGpnsGdUKsUFoEmEJkcSdQRwxeH21WzYGOZmKMcvx2gObaS
+ P8tafWh5z4Jx+Z7z5WP72Jt44/lnVjaV8aGo0KHXwgqQOtYftQ==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </ds:KeyInfo>
+ <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <xenc:CipherValue>
+ ffr9pG/yL4QGQ4o1z/t6HH5XRG8pMHHjzlVTq6uC4eRpVvaNMz8XpUXqNAFGiB0Xbpkm++qOhGsOuz5Wffq5Qo78fMBfU95L1Lk9cVH1pUFfYyz5GV1LqlhStAZrCGHUdv5d0O7JLKgbi45JxxTc7ErAwPlOMqKLs95ZJuhl8Fp9XcYrdzW9IjuwmkB/HyPyjBWV066gaCMLImeBdCzBZc0pxuvH9jq8eX7h1B1eCd5F1LIoj35YDeU3PA/P/E6tLBxdGLFws+nYqNU3B5R2FPPoW+LP9zM7Q+SR20ti1Uh6TEMha05sJjWXFJU78PpJAtEl978ifqqO/23lYXYCrA==
+ </xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedKey>
+ </ds:KeyInfo>
+ <xenc:CipherData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+ <xenc:CipherValue>
+ YvHcO5br8vWMo/vreVcU8MQylgUmU6vxmvEoUJ07+8kSV0prHD46TtuXHXsLnsYKQMs+SM6bnTWMooNxIy8b0/BvIG4lg/l3m+SwoP56+lOMx26mTEwz9dJT+4BTFH25i3GbWQd86AbD4wT2X9juExE1t6uq1bhACqgeA1erhy/fjTS+1fKKbOTdC0DF35idejruc/YFyV/BNRMHncfj5BnFQFUmXT0b2Fg+WyUAIzflqwXmUhdzmQNl2uqZDL2Vaw4vQp1a9S0ePD3t+QCSGtCYcmqvg+FhooS1KfhqITNinzi07KaQNW6sY0uXpnq3/BGWxXrU58rmU24AQ5ozAgwPfpmOnZhyUURSikvKmvcpD8DPy8jMOxi+rd/tYlxokjPjFSV8ixh0fGZl+7mDAt/YvxBOSSln3nUEMVoKMNgUT3ax6cyUTBXOxt1EMLYuAcHRIBpF2R9MYasmaaR1RntlkKPiomaPdGqIgh1HtkmuwkS6npAH68d0ObD/SpRqu+vPuu++RxHPlbIjShbJWYUJIqPJlhtG7/p9VkC3514t/H1cgxALKstC95OXNH8S6b4m+atl1Wf4PELfHD7lT/QgYHwZk2/xhoWduKc18nauB4kc3v3FZ8nIO3iCgBkXT8qq+/1wJgOnVqAEFWs8w8AC99gHoTgm04q+JUw9XramIXEOdJ10/2Y8HW97XCt53KG+kbaJZe7DISx+2eh79ed3BxEzwgqcXlsrIVcezXWJAl2myFxUggn3c/N1ckgOWFwENOSDFXS6WAtSo/8dlXYvgZTYyKVvVO7l5oq5al2ESrFkHqB3WKu0q9LaWEKw7jMy6FnOawSOjJ2t5o43hfqs9+Wg3J7bgM8YjDuuNZIJ55SO7NIdeeFOkkgGMgcmF0svsxGKbHhdkvqa0t0BLtase7dNIgfWY5laXU7xBn+HEhrz9ZR1xnk8gK28KZwR1wO72rpcV9igsbek5cxEJ/hAk9NSHw7VXAgXZJ6VKZapJfoOqanE50FfK8z0TaoKBUbc1kfOAFnB0n9nUKpUXyyqfiu12w4n3lAs3tBB2S4w3UW5Mef1ZGdF8dqs/T0GUs819vrwYENVUM8u1usP44MnMdTw2i3eo6/VYrCOo1tsa31t46BbLEnercEdGDgpOOBjuda+C3G4NtlDEFzM8rN2FspLS5wphCvKiTB867Q9nrsXOQdDTiwXs2wOpVq1utASdV82Yam1ucVVfriDWlLlhFsFpZnUmwG4zwCPqah2t8inSwx9jramTbJnXpihRw75mFGFC5QAalnV/EAtZ58ecIz4PVTRq4zP7OKtwnN+qIOMm//8AOl6e5H/At7qWB5/dVjw8BUdIxaUF+e33NdQG6x8IEbMhlGFTGCjv5E0h27D/AbqCBU6PKrkGZowZHtKNtz7nITysa0hpyefM0rQkFHwf4NmR8uSHZ9YoT8VLStTtrF6daHSYlUT45EDXkiSA7NCAX8BIDbZNGxPGNCWR3reZxtQoJ89YPPdQngyqMn7sB1T4sP+euWpnAOOF5VDA2xyM2WtPzuKDZFD0XH5r3AqKf2jl+E1/jSBlhW1Y677WVLTLJm7+lMYYLK6YVaSsKQp10lOdhcNSoNF2iWUwmdCTfkrYIqM6Dz6FiYSrg1TTlOJb7Mg/z54eO6utHzIRFepBTL+pu9qP38Y21NtpUWu//jh0vpniXu1rzGQvuiuoNGIiqYA/dL39cpLB5JIwEVWNsnlHvzRcYQnqg2mhdkFMNZPhZwb3f+BV3GNA/dTziazHEgUN5G0esGl85PlZM7oLrPkXe1mYKh3pVRVHx9bScTQ/KR/Dll0NI1d5ul2SZa80Pmj29voelfMUa5Ml5q4zHzXK6N1E70ujMzWWJB025gLIb3e7aE9eN/5SJegL2ctob8uNQCTSouel6ko+Ykw/pstPL8IYWgsAwrckmzNJHasZi9MB9re639Zf+bDvflpigNboH6Jgzs7us5C2dozH1s5IzGP4XzgeALu8XP/T2coQxhj9xfaAJFrtqWRse9MM9gKIWCBEIzzIPeMa0+S7QAKAd7XRS/oZSDeqUFK2jRkrpbEnUxRErfX6lmHWlaY4CU8XKbSYU13LkuJcyzCm9EN/BU7f5cOwaVwSLMfOQeOx0GwJ5KRF4F30pVQIKfQmXt627TEmrutHr2mIgBLcte+S052JdumcRFMnlNLlmpl/rnOrU0bBeNDtXHQuYCWwfgiyZ47J2OZ+R68v0lA8mSdHFtJ81mbGnYQZn6PnZ/gbKz8uTu5WZE6CQ+n8IY6uvd8B0EYOjaoJK/FTQRjnYe6cBWTQFfmFzH441Ao3vcfKh6co4d5Ec1L9PXQWXidhCv4aJw1G06zgOTIcLCqvE3rbBpYOFUOmKlQbBmaIiKWqG+Xqk34jbQgzfHmcFO96sqh6B64/OzjPdjQupzCTM9hBNwSUABWoOAb9Yn0wtCUU5tRMTXf2DessFKbm5Jygvbh7KrBIQX3SGLQ1sHY+MYVbDpRTyi6/cATCCSWcekyT08mEh52KDKbrTR4CFdu2B7wsIqKxoiW4XiHOOc7DGtgVaCXgoce0nd9YXrtXbIjriMddx7wo/A5xvQbTOyaBuL/j3893Ny6eU10c18p8tZCzdBO1VOWH+R+8TkdvhkA995xzrdvjw7RoSdO7eqdyiOqkHBJGAp+OVSMWf0+/kHKRQf3LTT+CcwYN+7mx+Qz6Uw6Squ6/9JsxsEfIQ3VRsa84hUjcmmKf4QTpzy54RIteqPZc0kNQPobpKmvyWUUjldV0jgYi98XfErrdLQF3gyU/TG0kOsEPjuskIHoLEEka+nGXOjbtxj7HZe7onJ54kIluMkHeKfLWOMoZ2Qx9tqYMoGtbvLf6RrKh7METcaenirAS0waZfYWbIKS/XQQnlG0kWmK2VbUtKpKwAkjlEFEkYo8NtYRTqB1gYp7iyOhOcYT8Hdd6y+276P+sF+FuuXBAd1WJ8GWosOGcBOSMlvbxOyuaa58K10CUcBu3UNYMXfbifsNunrPPaJClyHK279gtweail/SVEc9XoyUh2uP/sL2eU3edeOBnscRj+0TXCkr+8auzW2BlMHrzDniQBXnFQelm94yDB4Ue3BfqKlkPmfC9QO+X/Jsjl6RtIQ6kqvwz9ZQ9uzFi4ZS5xd0I/IBp621GEXFkqIZhx13ohoiGa1KlhXS1AkDSRptzy7DlkW/ZDR3rh4WKGYsIF7/09WGtSPzicF8E3Mc9BS1OBksTuDuC1ayo6o0qxgEED0s3tNKE4GMQ5Kr9glfvoTbkMtgJst2R+Tq0/HozNCp5Dr4cqTcOZwOTtyPtZbdmzmdfT66mkdC4P1e8JPGugtHv+5HC8u0PSyBQGEewIo7g417mxC/5mf84Cp+1a/TLTe5mb4xqycaUexYM8+jLy4YdStpvR0NuTcx3ZzTwsi357S3NfACfLnU2BnD5WyvID9Y3uNd7Mawa4b+631WfuMdFWBOa3qQYifzdnzo98CpkpatCn5HSse87LqTxZ8Cm8ziu42g/uKcHuvGJXDzcFSD4wk0qclvpcdrSfhRZfU9H/YFK4JuW6q9aAvL24DgdD9mBDI2Gz94xFwu7u9iMivTQXEC5vgHD2lvdH9XtnpHxElqTBN4whFTujk9ZhjcEY50ntoaplQOs0N3S9XhQhLMjNz+g6CvY77jTq+3pdoGffuoecbD/hOWZqebdqaC5Oa7ytnH/YY2J6L3tCTaFloqNOetWvre3uaz5aNh4i6F4f4Z4CkTWGksHPcKdukMQDMNb0gm+JiWt9Wa2bHhQ1KmK+XQHZEIEM6GAhzIDCk0kMeKiyyE3zOwIJomqjHZVb5O4GmpJ1oONZzBSyvdBusaRYl1r8MT5BWgh0f8l34wc5pMxmvZUT11hZPDzawPfKLYCqHDAPvAEOR7JDkOBb3X8ILMRUIGslzzu17y0gP9qiOOuwadoyTcTHxvPJaEc6lQYn3j9E44C3TxDGpNOHl9rgT0EkRT4o2QNLNXXAoKPl2lFw/8goob9s73dMqtzeRwVVJdoC9kGv7TBzDJcs6yIXMM9EvExeuotANi99JdL4xLUZiRrtcv3+fJnIsJPdgczGYV/9ScODFIsa8N3fNFiIOe9b+5gPDwutGVYoSf2Fs+mzsbrxLv7/D+7vRAQxlya9WCvWtw8YjkTaBTEX+y8FUOHtHDBczu4XXEHaznZ1chnV/Pb5FkX78BiEO86ai1dB6v5+F2J/MLdEWhqEvEW8QYAPB6AYwfdEeVZX5igCF17mqbCqS/sg3z/hdW0iLSnjVeYqHXwTHbuFWM/c0MLCddnqvO49vZacWzXHk86wRyghbQTJUx3HUa/mJDGACZysvHLGzv2qjmlsKviokYLWA/Wsg2G1UV3eAmVq7VXt9s3v8nFvTRyqeWeHIkBpw45NFOR/H1sUjWAklBWOdiT/db0y6SOCvaTxVWqnk/6nL+/7vhhF3Zp9HrImt8+lk2vpeAS12YD8mHS/LJPWY+nLBWu1t0yI4aca70gJsBGJI5NvZbDGGe6f5SGfxbVHCr5NS/cBOUMOo+Oh87/IYv2XGZPwvD+7S9b84VnZVXdj9lQh0Et+v+zbaRkB4lquJMoGnF5UwcLtV0/RQybThfIpOYjNMs1LuW/6jPS6PCKlxeUGNwDvlKDCQlDhZkAQ1PPVPMlhA7QlMceaSYXnRLzI+IHJBQb6freSwWF6zBHYFI9H39CxxUUjIiR5sv5ViOi8tO5RgHtF3bsj3i8yQS43SdFTe0C4cxIuBuQMuSz7laE8/gZl3yGo7Wjgy/3RknSjla2sUt0d6PLQ2QQndxcWHKCNt19i6sYTttLqrywCHrjSyYwEBlWEC2nioEDONieaFc3iticbgSD/a5xzW9aefnQVFZWCRWkP0wVtBkf/tGtHl9PXau4+TV66rTq5X9aY3jEeU83OCnsuY5zBHFm3S5blMlvA+ebCcEWhyHDVwLfI7FAQ7fmcz3xO9cQf0waI6CK70yV+poRFAKDiCD1HELm6ij1KR/y2uWPF3LZ5P3pMGTr2W5hnC7Kvh+yqGvaID2L1athALmORgJHv1CDQzx0AzxfGMvUkgtQq8bCdjf0XvX1H4SKiPylc/2AwFM1PwS8eR429YnIMwJ6yyAQ68u5VyEGaFMdyrXX3I/vYStWcuUBrsN4oheWxIcNVKO1fFC0f6O0N5bRf8Kjyz9siRZK3z+vsU/zD1l6ShheQdoDeiXQKYgv91C7X3dJEx7fo60lRHVurySIUq1J5omLBMSl8b8F7Eqw1jTmZlVvSHcgzulhNYbv88MA1reVj6RQOfRA8LfaNID/RA89xAPYuEadd92uAjbQqExObqj5ELcNmhqOX/JrB+hn2aef3pWzSJmy98C9FdJuvF2l2XnZ5sDS25I9hnuCRAHeyHoAk4/VfjqEIjTN8BG1b0sTjSwJFBlHJCwBsKaaJviwXl5qynN1Z2f0IjoZ4gzwl9QDtcZDqYxk+qxbWDFqc9Nz/dhFLjGYTpX8VNEedNaa4/c/wTOpq7KioMEzASNlfwoIk9Ha6Xpph4PDoumFoeE6ONFEHNK3LgPDzEDfjj8HykTkq/VZIA7uN4BaaGFAi5Ah66FuVFFT7Mp9vUMvCfSH/Wdx/AYijS5WNBULlDpLJeLQ79oJfZ1ItrBOfD7oBSt5hIK7qoVM2aCMXwdOVSE6M34SJfgMPC9MCfcJudvQjDvYX31ZA42ZGGDgD4Iab75KMOXMdOR4aqlxCTb6FoLqqahzFTh6bMWtHEdqCz4uTVeHcH/FGUC/2j1BQE5FEKg3EIKl0uja5ztpSZa+3e59cmOHAPcyhlYE9ov+tU6GVzThHqBGs9Wd4zw6oNMvBt+YbbepNJotoU7YtuST1Z5mZIjpJaD+kDHqmmLyDYxlpWaHJFsPETkRsGj1Ko6lzgz1NYVMuejwOw2EwUtWQ+YKy7c3Y54dVk0hWD8oRaqOo8HNQ9YKURUjeIXXZ8OGst6WE5KtvoV/ga8VZQ8gE8SRc/XEWdXGrdDKc8tMxnVN03pSJQGIYquLQGU7QwUUftlJ6MYA8jgQFpGcW0FVBmsxl03zyxSL+FemGrtEoVwAOlfAiLaHuLV2QZ84j+dJAoWjdOFIF+uXwOzyeQNMPTwFg+ivSAkE9D23HFQJOnC34NYENFHBLCZfK+oICubzmXnFKHbLJrlNvlvbCONp+LiFK2iXMda3p8oGojI5o/92vlxF4mn5ZH4JZ8jRX6Xalj18Cw6H6j8UzO6w4cI5OV0RvFEKOwKmGvN/W7OvdHPMBMmg1oxFhAX6p8KdyULTdU+1C4JkX7mBND+Y5mjLv4/M3GIzyEcwyL6sxVTz0aqkKSCltyedUU/g9JmiuEp11d2Pk0skRo1o/gqPdJ5lbVG/fJXGcvxG6sIhAGcCOLIjHG873yWf2rJY7RRWk0W8lX5IjgvmDIWY9Tf8W8dNUWoRTbJ8IzAqL9YtYyOKDt4W8fdXKSRP+cljxQhmHmXTzyJ9mQkGpy0TWsf7VE96ki5aAhbRikjQ5mYN6xLyiLC1YKz8c/tZOb0bPH897bhFgjRHOtfzRbRm9p/Sqk4AMsStChqcVkZDM2bz3WOjNpBLI0/K8OCd+PDT+xg9ehjzBcM2WNjspKmch9rK6T58YRulEmbQbc9QT1+A2lPTnb2aXccptRrP+CwkQ2bsT/OMbUnE3NHvw0/G5Z3pSU0Qy6L10+lJ8SXzFGf4XTPoLuK+fNKj05IWFxJiHINtjo3WbwLdKZp8Kd97X+TW+z7XpP2qKqaRMfeYwzoc56y7w1NnOGzH48qicaC+DXipszT5mYmW6e1bxjwqNpo+E1JmXZQR/LeFi84XEGUYNxaaAciQfRX/6jO4b81TmdvWjyADWHwMonDXXHjO4YoSbh1M6pRKR2Psuw066/O/WvJh+WrIhlsJC6D9W2HtDK8gIU2F8SrpXOxd3hlntVFYsMo37s6kPAtFm2hu+eWN+NtX9/EO8psgAdiXvMNczCSFxV9cdEEXfDHHbQBmH/g+XilwtXYcjoZas9LqLS4xBSU4vLMnCqrtQ0qauh2g52wDFz6mAj7Z6OydXcVDwjK4QD2P2zfAYsfOqIhhg7xEzDJoumTy+eRbkGbFHraOet+LF5N8lKKplstYqiVamzJ56geEsZ6QP1NYv/KXdKk+OjtRC/KdoOZjrBXsoR8/CS8Az6JV/DyGqbTkwlo9gA5hnKaVKtRy9q7uNASl9asjj82WN/0VYIhMfLoR1CbW+vUrOSbAh/ilqbcq3HJ8c5+E2HuhKIbYRJRMQrfJrxKk7xKTRAgeSbA5dRzQACm31Ch2FSvoS5KnIpYXyqm4828lGGNApJiZ1aU0Q2mLUI/ZHAHrzMacshZtckhWG9n9MKIcDc8ld0gl7Tl5QFMOswgHvWyzuEqgTnuBxJqfhTprv6tbLJ4xcpNz2/v4fHE743YuVN5/lJG0SEfwUUq53MtXUqII9PRcjnTAN4TT3Y+cz6QWaW/l/tW0uSvniLha36gw3WlfA5qWdBuwE2uR0XMyYXE5d7WEkHUnAYzzJsRqrvhkqNwQO0V1jF14ApnUltMxqK3pbyWO3tw1o5+PIjcvKFeOFYCUucRa2lS0h4peA8FdiOcMkUabgHdtsAJuUrlxa+Vi39Y6PVg24XRyupLFIy80QmIF5H4GUY/aW5Ig687karDPyHVnr9M6PEJ3q3acV4yKwZSMBvlxqlvUFYgLm8NELucYtQvyI7CYRDl6LvSpdro+FK9IJSaOLXFghk90IlcJz4Ic74UY8a8+l+8tQKEjhVzFeYbLvrHGTv5A0OAs43fxIxAe5q/iqRFZUAXE+h0PUfky5af3xo/7zZXGhnzfz1Um8L58WUa5hTavUhbD0+zRqiajkJ7nyqIKj5b6nRTzHwG+lr7bxs5P5SPYycAoDdEqjT3TUqY3dz2tONxBh1lU7WX3BTxfO/WSqi0Zz+sEAOrvGu8io4SmIM4/Ka5RTXQscbG1I04g28x0fTm6KSXDFhAcNsNw0Mw8o2u5Lxa42szqPdapNqo6lrOP2N6RQ0pzOUJ6d/f/4Yqt1/r6XtoTqCPE70IwyZvaAWjqTX1XoLmvQ4uajXSpxDA84kZ1fFNd96Y892wh4ygX6RMg6vUd67kkRKcrmAckL8UmAklWAJryol61L8fPBt8o32hDuVCE2itZBjVn/4vEZVMARe0U7X/NOb6NDdrbP8TCM4g4+XeV7Jej+MnqvdA0c19fSUqxU1fhrSQL4cuNcdPKbdPSyPzptcmrxngxL9Yotv6/Ah2c4kL8dt1m7uQE8cdunn3qMB176itdJQu6lEF3p/gg/kuBO70VtY6gVISN1cNPnv8EiKYKzLhCf89np5f/fCDWOhciRKDwWRzULf3jZvHDJ8cd25p5JA3UppQIqy/8C9g6UrJwmYWZ8f8z0+sGCY25gGwsQs5UREaq9GQKE//vFneh09XAVdDhzDkqspkWjL6RmLDWdIpttc0N5NTdX2DdqR9JVikvEkg9OBHpYxkxYr0RQMp5bphj0ee6KsYcbZ4x06gbJFeGSgKZjuR4EpDJ8yPJXFFxldxmUtsrCMr/z9NA9olxU7+l4OD+dXd0AEAfMtpIK+g98cuLM0HNfslZ5/YgWBxFF2zmKJFunA9bb/agMyUR9AGAVr/HER9lxJEwdbwKtHQy9vwiMF8G+452JLK/t0/j0mvspENFA9z2ZJPL9jFbSRuF34ppQ3mV/E14IZeGP29NIv2uOHOxL1uzKwNydi1YbLIJRDE25zm0Zh/ulUBJWEnMqUfmzDqo1V8qy4VxfXeym4xccedSOiEyyLna/lP08giG6hUmQLxnvzrMHK2AEe+ggm3RGoS8Rown66LX+See1iohZqnbqxISRf6rNBpM45XPvxph3Q3pKcjDvoeq9eaUFSA92VfxpnVBO/tXtiQGBLYuBSZpqxTWd6G4RP/PFdrmUOhVkRsUXBufoj2MKSgNx6Ab+KMUg5qY52yrkYGKt8O6CubJt0/GJnIlCRODd3ZdcuCNaVWx2PN5+LK6Jy4jEFKtw/f+Ub+piXcpBL02TiO1SCI7qU0MznFxbs5CYrYOo5uQe/CaxWIN8Pq57WuPJ4UT+FHcRW6eiVYxa5hQTAf/ai3XsH5xP2LT/CWdWB175xA8uN8iZ6ai3yJysIENsHcRD6bpGEZ6gc+IIFu+JEhm4zMxIhu9CqjscKnyUIIzasUxdo2Ioa6hZaq4exO0dC/5gQbL4vR23nf5/PfxEzggWNQyDhM+UupTXtBIO2yqV6/wotUPibw5rOcqU+Amua0hAt+7RVXHwvfnFVfCo8E6mdD8wv8xSK2i1mElL9KiW/eVZWBRNE8gSBYQ8DpaNF193CPDyWKxPHz3Hg/aehKa5P4GPE7ugkqhjsYVMUo9Pvq7wXrjAs6U8EKDEh9zsRfFyg91RJaRSqSMNaUbuTkqKYq7KalV3WErKQRL6SxCZa3xGwJ8H5t5bYU+J3lCbtQjtDZ8O66PwKPPvyx1zuiiMjQcwv+JNGNIlFraoEgz5MlGkrBEgIRGXZDuS6ZVAa8L8lqE+/en4pHcj6HNlKtriDeosSDduttT+zi45k4bkgXWgO0a8d7gdqZ3UJR29T2KFIOSrm2Eqat9SF4S8lc33+LUUePfo82x/nQilk3+Eu+HhupyjfM5PGq1dglQ4wG/lJYazW0LlJ774pf/fwHYuPGjVC0CgsOjDzN8o2F6koQV+o90KCDPNkmqpGuAx8+43UGbtxxZGt0OpiFwi3tp8JyYExjdfni19OpI6SI48mM4pZCQXpkhvbZnbvD9hHigF+ERZJfzZZRGExPctz5QL8eQNAFI/KuL4DC23teZmSi1RNxU26PZTrfmtXwgciXXMyvm8j2ACq5n3+x4PyKdvh+SAVEvOQpc1SO7JDZf4+1L+fmB31RWMENRock5xOJ6H2UdMncn+nU9plECElvoLRnImET+mfWHT1fAfrR6iA1Yks9UXu3F2KHIc/wAeChopbz8RCkHQGxOQEVSbujBdd/Hjod1X8g4kF4MsefT+gd4n0UGoUgd30zeGmabC7h7W29PhizM8IZvfZbzVFdLPLU5X8s+wmdN65Woyld4B+BVEQ+w1GA4J4K6WVcSki7AeL4Gv6v3DXYBgdHl5aHXI1epDe0MxtdxvyPhHxoO3pHodmCkdJ1udrGu1167EDHXzknCB5r5U9cxI/UFt54Xxr5LPwrfONSxhMj3DqfGLSQQfxf2cSWWFig3jGf2mOfQ+XzH62mfn3Dv0KSS2M12rilop/c5iFK5ApaiFse2g==
+ </xenc:CipherValue>
+ </xenc:CipherData>
+ </xenc:EncryptedData>
+ </saml2:EncryptedAssertion>
+</saml2p:Response>