From 4a16314843e764476f83cec6058cebe6bb7bd4d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Erik=20Bergstr=C3=B6m?= <berra@sunet.se>
Date: Wed, 17 Jan 2024 16:04:51 +0100
Subject: [PATCH] added oidc stuff for test proxy

---
 .../eidas-proxy/se/cfg/idpdisco.properties    | 13 +++++++
 .../etc/eidas-proxy/se/cfg/oidc-rp.properties | 28 ++++++++++++++-
 .../se/metadata/oidc/bid-op-jwks.json         | 21 +++++++++++
 .../se/metadata/oidc/bid-op-metadata.json     | 35 +++++++++++++++++++
 4 files changed, 96 insertions(+), 1 deletion(-)
 create mode 100644 eidas-test-proxy/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-jwks.json
 create mode 100644 eidas-test-proxy/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-metadata.json

diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties
index 64210276..ae614929 100644
--- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/idpdisco.properties
@@ -20,6 +20,19 @@ idp.freja.deriveDob=false
 idp.freja.privateSpSupport=true
 idp.freja.index=0
 
+idp.bankid.entityid=https://oidc.test.bankid.com
+idp.bankid.name.sv=BankID
+idp.bankid.name.en=BankID
+idp.bankid.logo.uri=https://www.bankid.com/assets/logo-bank-id.svg
+idp.bankid.logo.height=150
+idp.bankid.logo.width=159
+idp.bankid.loapolicy=natToEidasNotifiedMapping
+idp.bankid.consent=false
+idp.bankid.deriveDob=false
+idp.bankid.privateSpSupport=true
+idp.bankid.index=1
+idp.bankid.protocol=oidc
+
 #idp.mobIdp.entityid=https://midp.svelegtest.se/idp
 #idp.mobIdp.name.sv=Legacy Test ID Tjänst
 #idp.mobIdp.name.en=Legacy Test IdP
diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties
index c8c2057c..54fa3b4f 100644
--- a/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/cfg/oidc-rp.properties
@@ -1 +1,27 @@
-oidc-enabled=false
+oidc-enabled=true
+
+# OIDC client metadata
+client-metadata.client-key[0].alias=oidc-rp
+client-metadata.client-key[0].key-store-location=file://${proxy-service.path.prefix}/keystore/oidc-rp.jks
+client-metadata.client-key[0].password=S3cr3t
+client-metadata.client-key[0].supported-jws-algos=ES256
+client-metadata.preferred-userinfo-signed-response-algs=ES256,PS256,RS256
+client-metadata.redirect-uris[0]=${proxy-service.domain.prefix}/oidc/return
+client-metadata.redirect-uris[1]=https://test.proxy.eidas.swedenconnect.se/oidc/return
+client-metadata.subject-type=pairwise
+client-metadata.default-acr-values=http://id.elegnamnden.se/loa/1.0/loa3
+
+# OIDC config
+oidc-config.op.bid-op.client-id=digg-eidas-proxy
+oidc-config.op.bid-op.op-metadata-location=file://${proxy-service.path.prefix}/metadata/oidc/bid-op-metadata.json
+oidc-config.op.bid-op.op-jwks-metadata-location=file://${proxy-service.path.prefix}/metadata/oidc/bid-op-jwks.json
+oidc-config.return-url=${proxy-service.domain.prefix}/oidc/return
+
+# HTTP configuration
+http.connect-timeout=1000
+http.read-timeout=5000
+
+# User messages
+user-message.default.sv=Sveriges internationella nod för e-legitimering
+user-message.default.en=Sweden Connect - Cross-border Digital Identification
+
diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-jwks.json b/eidas-test-proxy/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-jwks.json
new file mode 100644
index 00000000..709ad0e6
--- /dev/null
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-jwks.json
@@ -0,0 +1,21 @@
+{
+  "keys" : [ {
+    "kty" : "RSA",
+    "e" : "AQAB",
+    "use" : "sig",
+    "kid" : "FU06ji53d1xJVy4BhUXw3pWSe3SpDZwZdsetIL8qh1Q",
+    "n" : "gClrCXP5Ff9ON-Hfkqp9fZiK_OUWfz4ERWlKZUq54bswJml4oTywhLHdzIf2BK8oHMYUPzAM4uTmf2p37lkgsHHkZUCDbb5UT3TKHmbbtvRbJ7StWea9kmDXRcG0RW_FjfRbFNCrwuc1Z7gzILOXVGcE5nc1-WXSz-6XYAd84U562uTkbZIlolMSVXr_ZHkYAKNNGRyESfsU34kj3SXN9eJmooFUUGXRikskHEDE1otWC8Hds8DmnDcZXmH_MaioJGbJpK3OA6dpkeT5K55ygegO7ADkjWrbmuzPOhIHBovQGhMmkTJGCSJmwX82jZWgT8jEr8JgWc6dsSnPTg91NOqIFegiYyS-4UrlXOcf9h9OHftiPgysHqemAaFS_S_NYEWEcnKoPsPnE2dUxf7OjQuWESknjgqy8N6Jm4Y8srj5fE_4fXKV7ept8tsSFS2Fc3g4Wqpd4XYuiKUYeq8JDISf15jqWw4p129X1nRTskMKrF0FjhMCgWCJDOnD57one6sGsXz9toQ4AKJRjC2O0zylD0cFfmuWN1T5e4dGEiu5Q8nJEyXbQaiOneD1kC5x2pFIEUMuvZ2YRkbVLTzEieyOELbdwegMA6vkiU4IMLSUB3ondIz5IuqaLnp4T0OnWU-d9sdelw_liHA9n__188zrnktvSge5bf8B-SuhLsc"
+  }, {
+    "kty" : "RSA",
+    "e" : "AQAB",
+    "use" : "sig",
+    "kid" : "Cez4Zz2YANA6d9JfVFHzADqsWw_RWqdQ7_L1CPy7dFE",
+    "n" : "nu4CC39I0lwnm6qV1ZSb3lHqpOOiS5XOZGPnszxWqLCPU6K1eFjL62vO2pIN9EC5cKVbJMjSA9-XCJYlLufHm7C80INlyuBOzKYqS7WP6dKc3KX2jsTzvhJpPiBNxyUEm760YpiKB3cHAf7NNa_V0EGnWToTc_jbRTG8GZSgv8lCNNgpBFlJ0LcDTAlB8oau-yKNY4s5Ik3RktVy5IkhO2cXIFSpzYVB3N8I9RD_yeWMrzPv2j_GVHL4wSoaXIZbEz-LVw2VpbKBEzcO-SGSaXpbE58doW15kdj6EipuPxOQKH81Lmi-CTz3D91tQUPjTaACqe_M7_ny3I-gIomhlw"
+  }, {
+    "kty" : "RSA",
+    "e" : "AQAB",
+    "use" : "enc",
+    "kid" : "fF5EqLffTfFXPAoKlwS1m8FxE55jvrjTaAd7H_R41xs",
+    "n" : "yHQ9rcmfPjvHw1MGKb0X56nF5_s3b7FAtH_3XgZP71j_Qf3ez6Go_RuCob74oN-jlUdSNmilYda2w40uYB49J3ZbpIoH9GcPz6KC3qyZjg17Rk2m7_SnERNvZxjn_nd5uC-qfcpRXS2_I7Zu3VPg4TvjU8Zxe5Z6U9a0zmQoco0DLYMbt1mi707EkCjMooTILDKZR9uk_QWGBQKxwmMs8pNag0s9kLzWX1CD7bToWR1637wDv-NjSz3_kHkws0nLEWBYm0cmtXuU51R6OrcOif5Lh9j38P8MQUUC72dv8LwMgT_42DxAyZsbVXn5n-xwjeyVvtZVLfInU8rgdHXmcQ"
+  } ]
+}
diff --git a/eidas-test-proxy/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-metadata.json b/eidas-test-proxy/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-metadata.json
new file mode 100644
index 00000000..d8bd5cfe
--- /dev/null
+++ b/eidas-test-proxy/overlay/etc/eidas-proxy/se/metadata/oidc/bid-op-metadata.json
@@ -0,0 +1,35 @@
+{
+  "issuer" : "https://oidc.test.bankid.com",
+  "authorization_endpoint" : "https://oidc.test.bankid.com/authorize",
+  "token_endpoint" : "https://oidc.test.bankid.com/token",
+  "userinfo_endpoint" : "https://oidc.test.bankid.com/userinfo",
+  "jwks_uri" : "https://oidc.test.bankid.com/jwks",
+  "scopes_supported" : [ "openid", "profile", "https://id.oidc.se/scope/naturalPersonNumber", "https://id.oidc.se/scope/naturalPersonName", "https://id.oidc.se/scope/authnInfo", "https://id.oidc.se/scope/sign" ],
+  "response_types_supported" : [ "code" ],
+  "response_modes_supported" : [ "query" ],
+  "grant_types_supported" : [ "authorization_code" ],
+  "acr_values_supported" : [ "http://id.elegnamnden.se/loa/1.0/loa3" ],
+  "subject_types_supported" : [ "public", "pairwise" ],
+  "id_token_signing_alg_values_supported" : [ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512" ],
+  "userinfo_signing_alg_values_supported" : [ "RS256", "RS384", "RS512", "PS256", "PS384", "PS512" ],
+  "request_object_signing_alg_values_supported" : [ "none", "RS256", "ES256", "PS256" ],
+  "request_object_encryption_alg_values_supported" : [ "RSA1_5", "RSA-OAEP", "RSA-OAEP-256" ],
+  "request_object_encryption_enc_values_supported" : [ "A128CBC-HS256", "A128GCM", "A192CBC-HS384", "A192GCM", "A256CBC-HS512", "A256GCM" ],
+  "token_endpoint_auth_methods_supported" : [ "client_secret_post", "client_secret_basic", "private_key_jwt" ],
+  "token_endpoint_auth_signing_alg_values_supported" : [ "RS256", "ES256", "PS256" ],
+  "display_values_supported" : [ "page", "popup", "touch", "wap" ],
+  "claim_types_supported" : [ "normal" ],
+  "claims_supported" : [ "sub", "name", "given_name", "family_name", "txn", "auth_time", "https://id.oidc.se/claim/personalIdentityNumber", "https://id.oidc.se/claim/userCertificate", "https://id.oidc.se/claim/userSignature", "https://id.oidc.se/claim/credentialValidFrom", "https://id.oidc.se/claim/credentialValidTo", "https://id.oidc.se/claim/deviceIp", "https://id.oidc.se/claim/authnEvidence", "https://id.oidc.se/claim/age" ],
+  "service_documentation" : "https://oidc.test.bankid.com/about",
+  "claims_parameter_supported" : true,
+  "request_parameter_supported" : true,
+  "request_uri_parameter_supported" : false,
+  "require_request_uri_registration" : false,
+  "op_policy_uri" : "https://oidc.test.bankid.com/about",
+  "op_tos_uri" : "https://oidc.test.bankid.com/about",
+  "introspection_endpoint" : "https://oidc.test.bankid.com/introspect",
+  "code_challenge_methods_supported" : [ "S256" ],
+  "https://id.oidc.se/disco/userMessageSupported" : true,
+  "https://id.oidc.se/disco/userMessageSupportedMimeTypes" : [ "text/plain", "text/markdown" ],
+  "https://id.oidc.se/disco/authnProviderSupported" : false
+}